Monday, July 11, 2011

Smart Grid Security Manifesto

No sooner do I find and post on what I think is the definitive statement on Grid security-related compliance (a couple of weeks ago, HERE), then I immediately find its companion piece, related not to compliance but to critical infrastructure security.

Of this one, (most) hyperbole aside, I'm saying this is our call to arms, a manifesto for how not to be overwhelmed and wimp out in the face of big complexity, evolving risks, and the hysteria of the press.

You'll have to wade through a few prefatory remarks about the NESCOR workshop and some other stuff, but soon you'll be hitting the good stuff, like:
Watching the various engines of civil society warm up and set to addressing the daunting task of critical infrastructure cybersecurity is very interesting, like an episode of Build it Bigger. Some would say it is also very depressing or even very frightening. I would disagree with those folks. We have managed to rise to the challenge of securing the Internet so far; I think we will rise to the challenge of securing our physical infrastructure as well.
In addition to our first talk at NESCOR, I got to spend some time on the phone with author Chris Blask today and we covered some of this ground. It's clear the man has spent a lot of time thinking through issues that still have many of us in the community perplexed. To whit:
The cognitive and physical efforts of many people are being applied to industrial control system security today, and the workforce is expanding. The process will be flawed and the recommendations revised and the standards complained about. Public criticism of all or parts of the process will wax and wane. It will go on forever and incidents will occur and, yes, due to unforeseen or unaddressed issues these will almost definitely include incidents that cost human lives.
Even if things go well, there will be blood. And that might get some folks worked up and anxious, except for this wrap-up:
But the work will get done.
This is the clear anti-Smart Grid Security fear, uncertainty and doubt (FUD) voice I've been seeking. Titled "Winning the Critical Infrastructure War," you can read the whole piece by following THIS LINK to InfoSec Island. I recommend you do.

No comments: