Sector based security efforts – a good thing
On August 7, eWeek Security reported the following:
Chemical Industry Giants Zone in on Cyber-Security
…”CIOs at leading chemical companies know how important security, both physical and cyber, is within our industry. And we believe that the industry as a whole has much to gain by sharing security information and practices,” said Neil Hersh-field, director of the CSCSP and cyber-security director at Dow, in Midland, Mich….
http://www.eweek.com/article2/0,1759,1998047,00.asp
I believe sector based initiatives like this one are a good thing. The article goes into some detail describing the similarities in security requirements for all players in the chemical industry.
Their arguments can be applied to most industries. Collaboration helps distribute the cost and effort involved in coming up with best practices. It can reduce exposure to Federal regulation, and it can enable the industry to achieve a level of security across the board that might not be attainable by a single company’s effort.
But there are some caveats. We’ve all watched excellent effort in standardization fail when a big player pulls out of the talks because they aren’t getting what they want.
Success here may be best achieved by a representative group of the industry working to find a true set of best practices and wrapping them up in a standard, with a certification and recertification practice. This would be analogous to what we have with the American Bar Association.
Companies that do not want to take part risk the stigma of not receiving a certification. Then we just have to tie some sort of incentive to being certified. How do we convince a manufacturer that using an uncertified chemical supplier is detrimental?
The economist in me can only dream. The optimist would really like to see significant cooperation in different industrial sectors to achieve high standards for security.
Bill