By Gregory Hale
Security is all about, communication and understanding the language.
“Just look at SCADA,” said Joe Weiss, managing partner at Applied Control Solutions during today’s keynote address at the Control System Cyber Security Conference in Washington, DC. “There is no good single definition. Definitions of terms are different in people’s minds.”
Denial of service, fail safe, IED, redundancy, SCADA, all have different meanings, he said.
Even reliability/safety/security have different meanings, Weiss said. “Theoretically, they should be complementary. Unfortunately they are not. Security and safety should go in the same direction. They don’t. That is the problem; they should be tied together like a glove.”
In the “old days” safety was always separated from control, but now they are on the same system “and if you integrate safety and control you have a problem,” he said.
“It is incumbent upon us in the industrial control area to come up with terms we all can work with,” Weiss said.
The IT side of the equation has their terms, but they often differ from the engineering side.
That ends up being part of the problem as both sides, while having to work together, often work in a vacuum and not with each other.
“You have people talking about where control systems are going sitting in one room and you have people talking about security in the other room,” Weiss said. “Both of those discussions need to be in the same room. They are not talking to each other.”
The communication issue and security enlightenment overall will change if chief executives across the board start acknowledging and forcing the issue.
“Until CEOs mandate people’s salaries and bonuses are tied to security and availability, we are not going to get anywhere.”