The Secret Sauce, Please!

A few years ago I overheard a group of security professionals at a conference discussing the difficulties of implementing security solutions within control networks. One person stated that the operations staff at his organization was incorrigible and didn’t have a clue about what they were doing. Another stated that he was overruled by the plant manager when trying to implement IPS in their Distributed Control System environment. This pontification and outrage of how the electric sector was doomed because the security teams were being crushed by the ignorance of various mucky-de-mucks went on for quite a while. About the time I was convinced sanity was lost forever, a young lady spoke up and said, "Well, my company has implemented a robust security program with all the bells and whistles at all our control centers and plants. We did it in 6 months with the full cooperation of the operators, their technical support staff and the plant managers."

[insert dead silence here]

Then...the barrage of disbelief began.

"I bet you didn't establish role-based access management in their EMS." Yes we did.

"You couldn't have possibly locked down the ACLs on the firewall properly." Ratcheted down to only two necessary ports.

"I'm guessing you don't have a functional security logging system." Guessed wrong.

"They won't let you scan for vulnerabilities though." Yes they do. Multiple times a day as a matter of fact.

After exhausting their list of couldn't-have-happened remarks, there was a sigh and then someone asked. How'd you do it?

Her answer: I used the secret sauce. To my chagrin, she let that just hang there. Obviously she was enjoying this banter as much as I was.

What was the secret sauce? None other than a powerful mix of ingredients designed to open up the communication channels between IT and operations. The magic was in listening, talking, finding common ground and listening some more. She was a master of encouraging people to be open to new ideas and different ways to accomplish what was perceived to be impossible. She insisted that each department participate in job shadowing so that they could spend time first hand in the "world" of the other group. A lexicon was agreed upon that bridged the gap in understanding. And the list went on.

Bottom-line: Continued conversation and determination to solve a problem led to success.

It isn't important about the details (to be frank, I can't recall them anyhow), what is important is that walls can be broken down and that solutions can be reached by way of learning about each other’s working environments and not just concluding that the others are jacked up on some new drug.

Posted on Wed, February 16, 2011 by Stacy Bresler

4 comments (Add your own)

1. Add website for sale wrote:: That was a great article! I like it very much. Keep posting like this. Thanks!
Thu, August 11, 2011 @ 2:36 AM
2. Radial Truck Tyres wrote:: Radial tires have different characteristics from those of elasticity, radial tires, as well as varying degrees of slip while steering
Wed, April 11, 2012 @ 11:29 PM
3. China Led Lights Manufacturer wrote:: Here are several benefits of LED light and a very useful tool that can be used as a decorative light too. Using solar lights are affected every day. The good quality of China led light.
Sun, April 15, 2012 @ 11:05 PM
4. Printer Parts Suppliers wrote:: there are many printer parts suppliers, but you can make printer parts at cheap prices from China.
Tue, April 17, 2012 @ 11:05 PM

Add a New Comment

Your Name:

Your Email/URL (Optional):

Your Comment:

Enter the code you see below:
code

Comment Guidelines: No HTML is allowed. Off-topic or inappropriate comments will be edited or deleted. Thanks.