If you are a carpenter – round 32

July 15, 2009

May 21, 2008, we had a session at the Connectivity Week Industrial Track on cyber security of the Smart Grid. There were approximately 5 attendees including presenters. None were industrial or power plant end-users. Rather than hold such a poorly attended session, we spent the afternoon creating what would become the NIST Industry-to-Grid (I2G) Working Group. The I2G’s focus was to be large industrials and central station power plants as they were not represented by any other working group. The I2G started in the August 2008 time frame and has been holding weekly conference calls since.

One obvious need for I2G was participation from large industrial and power plant end-users. I went to several colleagues from large industrials to get participation. They were not interested. To this day, the I2G has ZERO participation from large end-users or power plant personnel. Rather, a number of the I2G participants are from those working on price signals for residential and commercial applications. Which brings me to the title of this blog – if you are a carpenter, everything looks like a nail. If you are a demand-side expert working with residential and commercial applications, everything looks like that. Those are not the primary needs for large industrials and power plants interfacing with the Smart Grid. Those are also not the primary needs to make large industrials and power plants more efficient and environmentally friendly. Since those needs don’t look like price signals (ie, nails), they were brushed off as not applicable. Why would any large industrial or power plant end user buy into a “standard” where they had no input or participation?

Since the Smart Grid is moving toward IP communications, a similar situation occurred at the IEEE P2030 meetings in Santa Clara. The IT community sees Windows, Internet, and IP communications (looks like a nail) and tries to tell the power system experts how to run the grid. The same situation is occurring with the NIST Security Working Group with IT “SCADA security” experts seeing Windows, Internet, IP communications, and cyber security (looks like a nail again) and tries to tell control systems people how to secure systems they know nothing about.

Rhetorical question - how can we keep “experts” who know nothing about the domain and its needs from continuing to speak as “experts” because they think it looks like a nail?

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.