ICS Lab for Grid Security Research, Training and Demonstrations

In case you're not already tuned into this community, but might want to be, I submit for your review the contents of an email I received yesterday.  It goes like this:

Greetings ICS-ISAC Members and partners! 

The ICS-ISAC and MS-ISAC are partnering with several key Members to create an ICS Security Lab as a shared asset for research, training and demonstrations. Physically hosted in Livermore, CA by Robot Garden the Lab is now in Phase One of procuring equipment and establishing the virtual capabilities that Members can have access to. 

If you are interested in participating in this activity or have equipment that would be of benefit to this endeavor please send a note to ICS-ISAC Chair Chris Blask at chris@ics-isac.org
There is also a LinkedIn group for collaboration at http://www.linkedin.com/groups?home=&gid=4932821&trk=anet_ug_hm&goback=%2Emyg

Acronym Legend:

ICS-ISAC = Industrial Control Systems Information Sharing and Analysis Center

MS-ISAC = Multi-State Information Sharing and Analysis Center

That's all I got.

Electric Utility Silo Busting Strategies Emerge from Smart Grid Security Summit West

One theme kept surfacing across panels at the conference this year. It was that as Smart Grid projects increasingly lead utilities' cybersecurity professionals, most often reared in the IT world, to wade into non-IT business divisions, there are better and worse ways for making connections across organizational silos or stovepipes.

In one case, a senior security professional cited the responsiveness he gets from being a direct report to the COO. Some said top-down power can spur instant movement, though it's likely not helpful for creating and maintaining sustainable good will over time.

Another, less senior guy said that at first he used to try to impress folks in operational organizations with his technical and security credentials up front.  And man, did that approach bomb.

He reported quickly learning that a more humble approach was far more effective. These days, this same guy simply begins with something like, "Hi, I'm John from IT, and I'd like to learn more about your business" and gets better cooperation every time.

Remember the embedded journalists in Iraq? They lived/slept/ate/worried/celebrated and sometimes were wounded or killed alongside the soldiers they were closest to. I think one approach a large utility might employ to infuse more security awareness and capability into its different business units might employ something like this approach.

I suggest that trust is the industrial-strength, organizational-stovepipe-dissolving solvent of first choice. And that  other forms of soft power will go much further in bridging the cultural divides required to foster a most security conscious climate, enterprise-wide. OK, I'll leave it at that for now.

Image credit: CStreet360 on Flickr.com