Educating the narod on cybersecurity…control systems ARE different

Nov. 16, 2007
The need for education for the "vast unwashed" is still extreme. Last Thursday and Friday, DOE sponsored the GridWise Interop Conference in Albuquerque. Generally, there are few common participants between security and interoperability discussions. It is not clear if the final rule on cyber security will impact the interoperability considerations being developed for GridWise. This past week, the San Jose Mercury-News published a three part series on cyber security. The author has been writi...
The need for education for the "vast unwashed" is still extreme. Last Thursday and Friday, DOE sponsored the GridWise Interop Conference in Albuquerque. Generally, there are few common participants between security and interoperability discussions. It is not clear if the final rule on cyber security will impact the interoperability considerations being developed for GridWise. This past week, the San Jose Mercury-News published a three part series on cyber security. The author has been writing on cyber security for years. Until I called him this past Monday, he didn't know there were technical differences between IT and control systems that affected cyber security. On Tuesday, I was on a panel at the National Association of Regulatory Commissioners with the President of NERC, a utility executive, and a representative from INL. NARUC is predominantly lawyers. They had little understanding of the technical issues of control system cyber security, but appear to be getting more interested. It should be noted that NERC is still publicly maintaining that the NIST standards were not available when the NERC CIPs were being prepared. Thursday and Friday, I attended the St. Mary's University Center for Terrorism Law Conference in Washington. This was predominantly lawyers with few exceptions. The lawyers were all involved in some form of terrorism and critical information protection. The lack of understanding about control systems was also apparent. There was a representative from a large water utility. On an off-line discussion, he is trying to determine how to set up a networking organization vis-à-vis how Operations and IT should interface.  I had the opportunity to talk to Congressman Michael McCaul who is co-chair of the Blue Ribbon Cyber Security Panel. He was not aware of the impact of the lack of control system expertise on the panel and will take that under advisement.

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.