Misplaced priorities

Wednesday, April 14, 2010 @ 08:04 PM gHale

Corporations need to embed security into their culture, said Michael Youness, a Microsoft manager in the manufacturing sector during a Tuesday webcast.

“We found that many customers care more about having their systems up and running 24×7 than care about security, actually,” said Youness, the worldwide industry technical strategist, manufacturing operations and process manufacturing at Microsoft.[private]

The hour-long webcast began with Dow Chemical’s Christine Adams, chemical sector cyber security program director, discussing the Chemical Facilities Anti-terrorism Standards (CFATS) enacted in 2009, and pending legislation likely to affect chemical plants in the near future.

“What’s new is the landscape that we’re operating within,” Adams said. “New, in the past five years, has been the regulations that have emerged from the Department of Homeland Security, and emerging legislation.”

There was a standard, CFATS, authorized by Congress last year, but it is now undergoing revisions, so that means everything is in a state of flux.

After Adams, Daniel Rozinski, global manufacturing solutions executive for the chemical industry at CSC discussed evolving cost models for enterprise security.

Youness, the last speaker, endorses embedding security into corporate culture, and discussed some common weak-spots: Update management, the failure to isolate legacy systems and applications, failure to harden plant floor systems against games and USB drives. One commonly overlooked security measure? Companies often fail to routinely audit security logs, missing the opportunity to promptly identify problems.

‑ Bob Felton


Leave a Reply

You must be logged in to post a comment.