There are times for finesse and then there are times for blunt force. Determining which is which is often the defining characteristic of success in any endeavor. The ongoing efforts to address cybersecurity risks and threats to industrial systems have for many years been a period where finesse and patience rule as we slowly accrete the requisite components from which a solution can be constructed. The time has come, however, to swing some hammers.
Crosposted from the ICS-ISAC Blog
The Situational Awareness Reference Architecture (SARA) is what the ICS ISAC was created to foster, and to itself be a part of. It has been clear to us since 2006 that there is a critical need for a basic agreement on how facilities can determine the three questions of situational awareness – Identity, Inventory and Activity – and how they can appropriately share knowledge of those with external parties to create broader situational awareness. Until this year, when evolutions in many areas have come together to provide the necessary foundations, there has not been any value in trying to drive to a final specific definition of SARA. Today, however, evidence that the stage is set for the final act is everywhere.
Years of legislative, technical, organizational and sociological evolution have produced the environment in which an operable solution can be created. From STIX 1.0 to PPD-21 “Implementation” section 4, NERC CIP 5.0 to Qatar’s National ICS Security Standards, from advances in security products to growth in the motivations of asset owners and integrators, the major building blocks of the shared solution have been placed together in the Assembly Area.
While enjoying Erich Gunther’s Brandy Barrel Porter on the Enernex veranda this Monday I related a story that sums up the times we are in. Back in 1990 at GE Power Generation we were assembling the first 9000F turbine prototype. After years of development and billions of dollars the 100-ton rotor of what would become the world’s most powerful fueled motor hung inches above the casing. A tense crowd of executives and luminaries watched anxiously as it crept downward. With less than an inch left before the finned marvel of science and engineering nestled onto its mirror-smooth bearing journals the harness supporting it went unexpectedly slack.
It didn’t fit.
With corporate masters fainting into the waiting arms of acolytes a group of four engineers and operators gathered and talked for a few minutes. With a mutual nod the largest of them – a Paul Bunyan of a man – strode over to this pinnacle of engineering and proceeded to beat the living tar out of it with a massive wooden mallet and an enthusiasm which would have made Wiley E. Coyote blush with envy. Finally satisfied, he gave a gesture to the crane operator and stepped back to watched the rotor snuggle perfectly into place.
We fired the 300,000 horsepower monster a few months later and went on to beat Mitsubishi for a billion-dollar installation at Tokyo Electric Power Company. That 9000f’s descendants went on to become the dominant fuel turbines in power generation worldwide to this day.
To solve the challenge we face in our community today we must establish a Global Knowledge Network. We must create an environment where industrial facilities: are able to have and maintain knowledge of their systems; where they can appropriately share some of that knowledge with the rest of us; and where they are capable of effectively using knowledge shared with them. The architecting, engineering, machining and component assembly of the Global Knowledge Network has been done. After it has been bolted together we will be tuning and tweaking it for many years to come. But now we need to seal the casing, install the support equipment, roll the bloody thing out to the test stand and fire it up.
It’s Hammer Time.