Howdy and welcome to the inaugural post of our InSecurity Culture blog posting! We have been working hard to try and stay abreast of the various developments and trends within industrial cyber security circles and we see some pretty interesting things going on. And like an old ranch hand who has seen and heard a lot we still can’t help but shake our heads sometimes at the way things turn out and how people behave. So we thought we would share some of those observations with you and see how you feel about them. I mean sometimes things makes sense until you shed a different light on them. And sometimes the most basic view can appear to be the most enlightened. But the most amusing thing to me is that “common sense” just isn’t always so common and thus we discover much of our content for this venue. So join us as we share our thoughts, observations, anecdotes, and opinions in our effort to drive greater sharing and general discussion amongst our industries and peer groups in this ever-evolving space.

We will attempt to cover as much of the spectrum of emerging technologies and regulations as we can while still staying relevant to our community. For now this will mean a heavy focus on NERC CIP as a source for learning lessons but we also will look at other standards such as CFATS. Non-industry specific content like ISA and NIST will also be on the menu and of course anything of interest our friends in the various governmental and regulatory bodies have to say like DHS or the ICSJWG will likely be discussed here. We don’t promise to always be popular or embraced whole-heartedly but we do promise to provide some food for thought and to stimulate discussion.

On that note, one of the most interesting and hot topics out there right now is the pending 4th iteration of the NERC CIP standard. This is a biggie because a lot is at stake in terms of solidifying the language and applicability of the standard. To that end we have managed to corral one of the authors who has contributed to all 4 versions for a Q&A as part of an overall timeline review and Q&A of the NERC CIP standards and the latest draft. To read more or view the recorded webcast click here.

That’s it for now. Looking forward to seeing y’all back here soon. Happy trails!