Even experts don't understand"¦or we haven't done a very good job of making the issues known and understandable
I had the opportunity for formal and informal meetings yesterday with some very influential and knowledgeable people in Washington. One of the two individuals I want to focus on is Jim Lewis from the Center for Strategic and International Studies (CSIS). Jim provided the membership list for the Blue Ribbon Panel on Cyber Security.
I had the opportunity to explain the control system cyber security issues and why traditional IT approaches may not be appropriate for non-Windows-based field devices.
I also had the opportunity to state that the industrial control systems community needs to be "at the table" when issues involving control systems are discussed - IT should not be speaking for us. As a result of this discussion, we may get a seat on the Blue Ribbon Panel.
On the flight home, I sat next to Francis Harvey. Francis is the ex- Secretary of the Army and managed among other organizations the Westinghouse Science and Technology Center. He is very knowledgeable about IT and security. He is obviously in the senior decision making ranks. However, control system cyber security issues were new to him and why IT is not directly relevant to field devices took him by surprise. He was also stunned that control system networks are not isolated and there is Internet-connectivity to control system networks.
Until people at these levels and influence understand the message, we are pushing against jello.
Joe Weiss
