“Just when it seemed as though we were finally getting people at the top of corporations and government to listen about the differences between IT and industrial control system ICS security, the Obama Administrations executive order mandating improved cybersecurity for critical infrastructure seems to have taken us all back five years.
What do I mean? Its all about the money.
At the same time as the executive order was issued, it was revealed that critical infrastructure security would be exempt from sequester cuts. There is an entire industry, nicknamed “the Beltway Bandits” for the fact that these companies are mostly located inside the Washington D.C. beltway and, therefore, very close to the seats of power, that has smelled blood—or rather money.
These Beltway Bandits are the people that regularly consult for the Department of insert name and have contracts that amount to billions of dollars.
But they dont know anything at all about manufacturing or about cybersecurity in the industrial control system environment. So we have people saying, once again, that there is no difference between IT cybersecurity best practices and what we should be doing for critical infrastructure cybersecurity.”