Alright, that’s enough!
I cannot pick up a news feed or peruse a blog about operational technology (OT) or industrial control security (e.g. securing the electric power grid, water, transportation, intelligent health care systems, etc.) without reading yet another story about how life as we know it will end any day now once mysterious governments and other dark elements of the Underworld wreak havoc on our comfortable lives. They will hack into nuclear power plants and cause meltdowns, they will control transportation systems and airport control towers and cause wrecks to occur and planes to crash, they will pollute the rivers and shut off the power, they will etc. etc. etc.
As an analyst covering OT security at Gartner and in previous lives as a worker in the electric utility industry, I recognized long ago that (a) there IS a threat that these things can happen; (b) many OT systems (and what my colleague Hung LeHong calls the “Internet of Everything” to denote Internet connected intelligent devices) are vulnerable to these threats; (c) steps must be taken to minimize the risk that these threats will be successful. I’m not trying to minimize the seriousness of this issue or to challenge the level of threat.
What I AM doing is making a plea for the media and my industry colleagues to bring more of a balance in writing between (a) what the nature of the problem IS with (b) what IS being done today to mitigate the risk and what should be done. I know it is more sexy and exciting to talk about doomsday and the destruction of civilization. I’ve read my share of post-apocalypse books and seen the movies. We get the picture. However, it is the less sexy act of PREVENTING apocalypse and how it is being done step by step, inch by inch, that also deserves air time.
I had a manager once when I was young that gave me some valuable advice. One day, as a newly appointed supervisor, I was in his office complaining about something. He held up his hand and said something that I remember to this day: “no more b-m-w! Enough already with the b-m-w! I want the SOLUTIONS. When you have a solution, THEN you can come back in here and b-m-w all you want, just end with the solution.” For those who are scratching their heads, b-m-w in this case meant b******g, moaning, and whining. I never forgot that advice.
So I offer a challenge to the reporting community at large– For every scary story you feel compelled to publish about the end of life through scary OT security stories, have a balanced part of the same story put aside to describe what is being done TODAY to mitigate the risk of threats. I will help you with those use cases, as I’m sure most of the professionals in the OT-centric industries will– if you just ask. Try some solution writing along with the b-m-w.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.