What does it take for people to understand CONTROL SYSTEM cyber security?
I received the following message from Ron Southworth on my blog on nuclear power.
â€œâ€¦ The â€œNeed to Knowâ€? ethos is very much part of the culture and understandingly so. Still, as you say there are common frames of reference within control systems regardless of the process that can benefit from sharing between verticals and lessons that can and should be learned from reading any incident synopsis.Out in the open, there are always going to be issues with discussions in sensitive to national and global or even local interest process control systems and this too may be part of the reluctance or resistance you are coming across? I struggle with every word I type to try and discuss what we can without creating a disadvantage for â€œmy teamâ€? and to convey my meaning, perhaps this is also behind the issue of uptake as wellâ€¦â€?Ron raises a fundamental quandary I have been struggling with for almost 7 yearsâ€“ how do we inform the â€œgood guysâ€? without leaving a roadmap for the â€œbad guysâ€?.(This is the real reason I havenâ€™t yet written a book despite many industry people and publishers asking.) The overall issue of control system cyber security is the macroscopic issue of disclosure as opposed to vulnerability disclosures which to me are the microscopic issues. Until the good guys understand the real problems, and it is VERY evident they donâ€™t (see all of the fluff on