[SCADASEC] Understanding Operations

[Brodsky, Jake]

You're basically making the argument that if an operator doesn't
understand the entire workings of the internal combustion engine and the
automatic transmission, that they'd never want to use a car by my logic.


It's really not that way.  Operators pride themselves in knowing what is
supposed to happen next and what causes that to happen.  That's what I
meant by understanding.  

It's sort of like a pilot who knows how the autopilot is configured and
what waypoints it is supposed to be aiming at.  Does the pilot know how
the autopilot works?  Do they know about the damping constants?  The
math for processing the GPS signals that provide guidance?  No.  They
probably don't.  

That's what this is about.  That's what we need to sell.  The "Trust me,
I'm a certified professional" line doesn't mean much to these guys.
It's all about performance measures and sensible backup plans for
various failures.

Jake Brodsky

-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Myrcurial
Sent: Wednesday, February 13, 2008 10:42 AM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] IBM is offering 'SCADA security best
practices'...
Importance: Low

Jake,

You say this: "They don't trust automation in general unless they can
see, touch, and understand what they're getting in to.  Senior operators
don't like having voodoo happen on the plant."

And yet, you make the argument in favour of the IT folks being involved.

At the other end of that automation in which they're placing all of
their faith due to the extreme level of understanding they have of
8-bit microcontrollers which can be simulated on paper -- they attach
a never-to-be-sufficiently-damned Windows machine running Wonderware.