1. Home

How can we secure our systems when we can hardly communicate

Jan. 27, 2009
I had some recent experiences with very knowledgeable people that demonstrate how little we really communicate with each other. Yesterday I had a discussion with an IT security vendor who has a security solution for endpoint devices. This was a very knowledgeable security expert who is working with control system vendors and control system end users as well as the IT community. He felt their endpoint security solution was directly relevant to industrial control systems. When I asked him what he considered an endpoint it was cell phones, PDAs, laptops, etc.
I had some recent experiences with very knowledgeable people that demonstrate how little we really communicate with each other. Yesterday I had a discussion with an IT security vendor who has a security solution for endpoint devices. This was a very knowledgeable security expert who is working with control system vendors and control system end users as well as the IT community. He felt their endpoint security solution was directly relevant to industrial control systems. When I asked him what he considered an endpoint it was cell phones, PDAs, laptops, etc. When I told him what we consider endpoints are for industrial control systems, he was stunned.  I just had a weekly telecom dealing with Smart Grid, specifically Industry-to-Grid (I2G). Industry is defined as power generation and large industrials. When ISA POWID was mentioned, one of the more loquacious participants asked first what was POWID and secondly what was ISA. For a specialized group such as this, how can that be? Lack of communication is not a recent issue. Several months ago, I attended an Infragard meeting in San Francisco on securing the critical infrastructure. At the beginning of the meeting, the FBI mentioned IEDs. To the people attending the meeting representing physical security the term IED meant Improvised Explosive Devices. When I mentioned that we have a different meaning for IEDs- Intelligent Electronic Devices (eg, smart relays, etc), the vast majority of the attendees had never heard that term. The terminology used by the different organizations often has different meanings, even if the words are the same. Several years ago at the first International Standards Coordination Meeting on Cyyber Security of Control Systems I put together a list of common terms such as "control systems", "SCADA", and "security" and showed how different the definitions were for different organizations - ISA, NIST, IEEE, NERC, etc. There are many more examples I could provide to prove the point that we need to make sure we are truly communicating. It seems like I will have to do this again for the October Control Systems Cyber Security Conference. Joe Weiss

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

Latest from Home

shutterstock_2514594583
shutterstock_2471042165
shutterstock_2290151309

Most Read

Sponsored