Earl Perkins

A member of the Gartner Blog Network

Earl Perkins
Research VP
5 years at Gartner
32 years IT industry

Earl Perkins is a research vice president in the Security and Privacy team at Gartner. His focus areas include identity and access management (IAM), including user provisioning, role life cycle management… Read Full Bio

Coverage Areas:

Enough Already with the End of the World Stories in OT Security!

by Earl Perkins  |  April 20, 2012  |  4 Comments

Alright, that’s enough!
I cannot pick up a news feed or peruse a blog about operational technology (OT) or industrial control security (e.g. securing the electric power grid, water, transportation, intelligent health care systems, etc.) without reading yet another story about how life as we know it will end any day now once mysterious governments and other dark elements of the Underworld wreak havoc on our comfortable lives. They will hack into nuclear power plants and cause meltdowns, they will control transportation systems and airport control towers and cause wrecks to occur and planes to crash, they will pollute the rivers and shut off the power, they will etc. etc. etc.

As an analyst covering OT security at Gartner and in previous lives as a worker in the electric utility industry, I recognized long ago that (a) there IS a threat that these things can happen; (b) many OT systems (and what my colleague Hung LeHong calls the “Internet of Everything” to denote Internet connected intelligent devices) are vulnerable to these threats; (c) steps must be taken to minimize the risk that these threats will be successful. I’m not trying to minimize the seriousness of this issue or to challenge the level of threat.

What I AM doing is making a plea for the media and my industry colleagues to bring more of a balance in writing between (a) what the nature of the problem IS with (b) what IS being done today to mitigate the risk and what should be done. I know it is more sexy and exciting to talk about doomsday and the destruction of civilization. I’ve read my share of post-apocalypse books and seen the movies. We get the picture. However, it is the less sexy act of PREVENTING apocalypse and how it is being done step by step, inch by inch, that also deserves air time.

I had a manager once when I was young that gave me some valuable advice. One day, as a newly appointed supervisor, I was in his office complaining about something. He held up his hand and said something that I remember to this day: “no more b-m-w! Enough already with the b-m-w! I want the SOLUTIONS. When you have a solution, THEN you can come back in here and b-m-w all you want, just end with the solution.” For those who are scratching their heads, b-m-w in this case meant b******g, moaning, and whining. I never forgot that advice.

So I offer a challenge to the reporting community at large– For every scary story you feel compelled to publish about the end of life through scary OT security stories, have a balanced part of the same story put aside to describe what is being done TODAY to mitigate the risk of threats. I will help you with those use cases, as I’m sure most of the professionals in the OT-centric industries will– if you just ask. Try some solution writing along with the b-m-w.

4 Comments »

Category: Uncategorized     Tags:

4 responses so far ↓