Security Depends on People Not Policy

Wednesday, May 4, 2011 @ 12:05 AM gHale


By Gregory Hale
A manufacturer can have all the technology in the world, but if the people don’t use it and apply it, then it is useless.

That is the idea Steve Parker, vice president at the National Electric Sector Cybersecurity Organization (NESCO), conveyed today during his talk entitled “Security from the Ground Up” at the ICSJWG conference in Dallas. “The wisdom to secure control systems comes from boots on the ground,” he said.

With that in mind, Parker said the top down approach to security, is just not a good way to go. Instead, security ends up being a very subjective area. “In security, it is more art than science. We are more subjective.”

He talked about regulations and policy compared to actually getting down and getting the job done. “Regulation is like socialism, proponents blame its failure on poor implementation rather than its inherent flaws.”

Policy wonks, he said, do bring something to the table, but they often lose sight of what the true big picture is all about. Security, he added, is all about attitude. You have to go in there and say no one is going to break into my system.

“Attitude matters,” he said. “Policy collects nail clippers at an airport; attitude drops Navy SEALs in and comes back with a body.”

Another aspect to managing security is to find the right people that can create a security solution.

“You have to find the right people that are able to secure your systems and then get out of the way. You have to remove obstacles,” Parker said.

At the end of the day Parker reiterated that people are the force behind any kind of change management that leads to a security endeavor.

“The power to change comes from the people,” he said.



Leave a Reply

You must be logged in to post a comment.