Cleantech Market Intelligence
Your Tax Dollars at Work
Shame on you for reading that title and expecting an attack on government agencies. Far from it. I encounter many civil servants in my research – mostly U.S. civil servants – and they uniformly impress me with their knowledge and diligence.
The Industrial Control Systems Joint Working Group (ICSJWG) conference, hosted by the U.S. Department of Homeland Security (DHS), was of course well-attended by civil servants. This is my fourth ICSJWG and I return from each event freshly encouraged that intelligent people are working long hours and thinking deeply about threats to critical infrastructures – that the servants, well, serve.
The ICSJWG conferences are among my favorites. DHS’ sponsorship means that I hear speakers at their events that I will hear nowhere else. Likewise I meet attendees there that I meet nowhere else. Keynote addresses are entertaining and informative – something that I never take for granted. There is a convergence of industry and academia at these events that somehow works. Best of all, registration is free.
One compelling example of commitment came from the U.S. Navy. The Navy’s next generation destroyer, the USS Zumwalt, will carry 50% fewer crew than previous destroyers, achieved largely via increased automation. A destroyer is essentially a self-contained town, so that automation includes many industrial control systems (ICS), most of them IP-enabled. ICS increases productivity but also increases cyber attack points of vulnerability dramatically. So in designing the ship’s cyber security, the Navy uses a triage approach to cyber threats in different scenarios. One sobering scenario: during combat, the ability to complete a mission has greater priority than protection of human life. Try to think of another ICS where protection of human life is not top priority. That’s commitment.
I leave every ICS JWG conference reassured that the U.S. government is taking action, urgently, to protect critical infrastructures. Yes, we need more and better regulations. But the people I see at ICSJWG aren’t waiting around for a set of regulations. They are taking action when action is needed: now. They are well-aware of today’s threats, from hacktivists or from hostile nation-states. Hacktivists are by nature unpredictable, making defense a challenge. And nation-states only have to be hostile part of the time to threaten our infrastructure. Those two threats are at nearly opposite ends of the spectrum, yet DHS considers each equally. Each can wreak havoc if left unchecked.
For all the utilities that are waiting for NERC CIP v5 before funding cyber security or hiring lawyers as compliance officers, here’s a tip: the United States government is way ahead of you. Watch and learn. Then do!