The article last week on Information Sharing – What Do You Want? generated some interesting discussion on and off the site. Info sharing proponents named some of the information they wanted.
I’m tempted to use the overused analogy of “rearranging the deck chairs on the Titantic” for the information sharing effort, but there is some value in the information loyal blog readers proposed. A more apt analogy is information sharing efforts are like going through email that has piled up rather than working on your important project. Yes, there is some value in doing it, but it isn’t what you should be focusing on now.
Even President Obama voiced this in his Op-Ed. After discussing information sharing he wrote, “Yet simply sharing more information is not enough. Ultimately, this is about security gaps that have to be filled.” Yes. We know the security gaps so why not focus on this? There is great room for improvement on communicating these security gaps and the need to close them that does not require any secret info from the government or industry.
Even if you believe that information sharing has more value than I do, the return on time invested in information sharing is quite low. Proponents believe that if they can create the right structure with the right safeguards than information will be shared. There are numerous examples, in ICS security and information security in general, this is just not the case because of the first truth of information sharing.
Let me share this information; your SCADA and DCS has no integrity. Do something about it.
Image by IvanWalsh.com