A distinction with a difference in SCADA security
When you're talking about cybersecurity in the process industries, there are only two issues that matter. The first is how much security you need to be really secure....
Control Global, April 9, 2009
A Distinction with a Difference in SCADA Security
"When you're talking about cybersecurity in the process industries, there are only two issues that matter. The first is how much security you need to be really secure. The second isn't all that obvious, but in many ways defines the first—and it's one people aren't thinking about. What's the difference between “compliance” and “security?”
To find out, we consulted experts on the ground—security consultants, regulations experts, vendors, systems integrators and end users. Not surprisingly, their answers covered a lot of territory, but zeroed in on a central theme: security and compliance are not the same thing. And, while it's tempting to think that compliance to existing regulations is “good enough” (and the most cost-effective) security, that's a strategy that can come back to bite you—hard...."