Monday, July 07, 2008

Confusion? I'll show you confusion!

What year is it? What year did I first get involved in various control systems standards efforts. 2003 was it? Hell, I even co-chaired an SP-99 subcommittee. And in one (or probably a lot more than that) of the many quite entertaining CIAG Ops review how too many hours each week were "defining common terms so that everyone could work together."

That probably would have been 2004. And halfway through 2008, they are still at it

Three years ago, I helped establish the first International Standards Coordination Meting on Control Systems Cyber Security for DHS. As part if the effort, I was requested to give a presentation on definitions to demonstrate the lack of clarity and consistency and the need to more succinctly define terms for control system cyber security. I examined the terms "SCADA", "control systems", and "security" and compared the definitions in Wikepedia, Webopedia, AGA-12, NERC, ISA, IEEE, CIGRE, and CIDX. It was fascinating to see not only the lack of consistency, but
even more interesting was that some of these terms were not even defined. It seems like there is a need to resurrect this effort for the August Control System Cyber Security Conference.
Oh no, let's spend hundreds of more man hours on this obviously impossible-to-solve problem. And given the bill rate of a lot of the folks involved in this, think about what you could buy with the the time that has been spent in these groups trying to define terminology.

Give it up guys. Chalk one up for the bad guys.

Oh yeah, and another classic SCADASEC-L Apology. But at least this time, nobody got called an idiot (or a drug dealer) so they are making progress.

Dollar's to Doughnuts I bet it was some of the Canadian subscribers that complained, although quite honestly I found the "happy birthday America" post a bit sappy and out of place, but I've got bigger fish to fry.

No comments: