The US government has been struggling to pass comprehensive cyber security legislation to protect critical infrastructures from a long time, but so far, the implicated actors haven’t been able to come to an agreement.
One of the reasons might be the fact that all the legislative and regulatory conversations are always held in the absence of industrial control (ICS) security experts.
Joe Weiss, a renowned ICS security expert that’s often called in to testify in such matters, has told Norman ASA that the Cyber Security Act of 2012 failed to pass in Congress partly because industrial control experts weren’t “at the table.”
Instead, IT professionals who don’t specialize in SCADA are coming up with solutions without precisely comprehending the concept.
Weiss explains that all the involved entities – such as the Department of Defense, the Federal Energy Regulatory Commission, the Nuclear Regulatory Commission and national research labs – must communicate with one another in order to get things right.