Alright, that’s enough!
I cannot pick up a news feed or peruse a blog about operational technology (OT) or industrial control security (e.g. securing the electric power grid, water, transportation, intelligent health care systems, etc.) without reading yet another story about how life as we know it will end any day now once mysterious governments and other dark elements of the Underworld wreak havoc on our comfortable lives. They will hack into nuclear power plants and cause meltdowns, they will control transportation systems and airport control towers and cause wrecks to occur and planes to crash, they will pollute the rivers and shut off the power, they will etc. etc. etc.
As an analyst covering OT security at Gartner and in previous lives as a worker in the electric utility industry, I recognized long ago that (a) there IS a threat that these things can happen; (b) many OT systems (and what my colleague Hung LeHong calls the “Internet of Everything” to denote Internet connected intelligent devices) are vulnerable to these threats; (c) steps must be taken to minimize the risk that these threats will be successful. I’m not trying to minimize the seriousness of this issue or to challenge the level of threat.
What I AM doing is making a plea for the media and my industry colleagues to bring more of a balance in writing between (a) what the nature of the problem IS with (b) what IS being done today to mitigate the risk and what should be done. I know it is more sexy and exciting to talk about doomsday and the destruction of civilization. I’ve read my share of post-apocalypse books and seen the movies. We get the picture. However, it is the less sexy act of PREVENTING apocalypse and how it is being done step by step, inch by inch, that also deserves air time.
I had a manager once when I was young that gave me some valuable advice. One day, as a newly appointed supervisor, I was in his office complaining about something. He held up his hand and said something that I remember to this day: “no more b-m-w! Enough already with the b-m-w! I want the SOLUTIONS. When you have a solution, THEN you can come back in here and b-m-w all you want, just end with the solution.” For those who are scratching their heads, b-m-w in this case meant b******g, moaning, and whining. I never forgot that advice.
So I offer a challenge to the reporting community at large– For every scary story you feel compelled to publish about the end of life through scary OT security stories, have a balanced part of the same story put aside to describe what is being done TODAY to mitigate the risk of threats. I will help you with those use cases, as I’m sure most of the professionals in the OT-centric industries will– if you just ask. Try some solution writing along with the b-m-w.
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.
Comments are closed
3 Comments
100% agree. No, make that 1000%. See post on Earl’s post here: http://smartgridsecurity.blogspot.com/2012/04/april-is-cruelest-month-for-critical.html
Here is my solution writing: http://www.digitalcommunities.com/articles/Smart-Grid-Security-Challenges-and-Change.html .
why solve problems when you can bmw?
Hopefully, smart grid will be implemented slowly, unfortunately way too slowly to cause economic recovery, but just at the right speed to make sure that security issues are dealt with effectively.