By Derek Harp, (CS)²AI Founder, Chairman and Fellow
September, 2021
Of course, we all want to mitigate risk in our environments. It goes without saying. However, HOW we do that does not. There are so many different products, services, approaches, guidance, regulations and frameworks. Some are broad and some tailored to specific types of asset owners and operators. And then we have to ask ourselves, “Is what we have been doing working?”
Are we effectively mitigating or “Knocking Down” the risk to our OT systems?
It is believed that Albert Einstein said “Insanity is doing the same thing over and over and expecting different results”. Not to paint that broad of a brush stroke against all that we are doing as clearly there is far more new work to be done than just repeating old. However, there are old methodologies and thought processes that plague our consciousness and leak into our plans for improving cyber security.
As we prepare for our next Symposium focused on Cyber Security Risk to Operating Technology - an idea emerged to bring together authors who are writing about consequence-based cybersecurity methodologies that we all can learn from. These are methodologies unique to OT networks and physical operations – approaches that don’t make sense on enterprise networks or in the cloud, and approaches that are robust, even in the face of a constantly-evolving threat landscape.
I personally am fired up to learn from Andrew Ginter author of Secure Operating Technology, Andy Bochman and Sarah Freeman authors of Countering Cyber Sabotage (Introducing Consequence Driven Cyber informed engineering) and Jim McGlone co-author of Security PHA Review (for consequence-based Cyber Security) Each of these authors are collaborating to make this (CS)2AI Symposium a valuable education opportunity by opening our minds to new ways of thinking about HOW we address our collective OT cyber security challenges.
For me, adding even more industry veterans and true pioneers, Dr. William (Art) Conklin, Bryan Owen, and Mark Fabro to an event closeout panel at the end of the day is icing on an already great cake. I think about the years that some of these very people have been working on the unique challenges to cybersecurity in operating technology systems and am in awe of the persistence I know it required of them.
We are only just now entering a time where a broader segment of industry and business leadership is taking the threat to OT systems seriously. Now that this is occurring, HOW we go about mitigating risks or “Taking them down” is everything.
Per our mandate and commitment to support the entire control system cyber security workforce everywhere we can, this event has no cost and due the generous support of our Symposium title Sponsor, Waterfall Security Solutions, we are able to give away a copy of each of these authors’ books to 12 winners who participate in our Quality Question submission raffle the day of the event. In addition, this time we are also able to give each of the first 400 attendees to register a copy of Andrew Ginter's book Secure Operating Technology, a super useful pen and a practical gift that I think everyone will find useful instead of taking up space we don’t have on our desks 😊
Stay safe and be well my friends and colleagues,
Derek Harp
