The great divide still exists

April 21, 2009
Tomorrow, Jon Stanford, the Chief Information Security Officer from BPA, and myself will be holding a session at RSA on “Why We need Both IT Security and Control System Expertise to Secure Control Systems”.  RSA bills itself as the largest Information Security Conference in the World. Our session was originally not accepted – it didn’t fit. The only reason we are presenting is because two weeks ago, another presenter dropped out. Moreover, our session is in the Physical Security Track – there isn’t a better fit.

"
Tomorrow, Jon Stanford, the Chief Information Security Officer from BPA, and myself will be holding a session at RSA on “Why We need Both IT Security and Control System Expertise to Secure Control Systems”.  RSA bills itself as the largest Information Security Conference in the World. Our session was originally not accepted – it didn’t fit. The only reason we are presenting is because two weeks ago, another presenter dropped out. Moreover, our session is in the Physical Security Track – there isn’t a better fit. Yesterday, I had a chance to walk the halls and talk to IT exhibitors about control system cyber security. Many had no idea what I was talking about other than the Wall Street Journal article. A very interesting discussion was with ISC2 – the organization that offers the CISSP certification. They didn’t know about control systems, that they were different than IT, and that the CISSP does not address the issues of legacy field devices. They now want to get back to me about what can be done about certification. Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.