Regarding Joe Weiss' "Unfettered" blog post of Jan. 19, I agree that compliance does not mean security. Cybersecurity is a technology problem that can only be addressed by technology. When machine actions are in milliseconds, your cybersecurity technology must be able to react in real time during data in motion in that microseconds window to be effective.
People can't think or work in microseconds, but technology can. So throwing people and compliance at cybersecurity with the acceptation of a complete review and knowledge of your control system processes will have little effect in securing the power grid. Cybersecurity is a technology problem, and can only be addressed by knowing your processes and using technology to authenticate, view, audit, analyze and block anomalies in real time in microseconds.
Good subject and don't let up on this. We need to be secure, not just compliant.
