Underscoring the importance of data security in manufacturing, Amit Yoran, the Director of the National Cyber Security Division of the U.S. Department of Homeland Security, gave the keynote address at the recent Chemical Industry Data Exchange (CIDX) meeting, held in May in New Orleans. “You could say the glass is half empty, or half full, but we’re making progress, especially as compared to two or three years ago,” said Yoran in his opening comments. He urged the audience to integrate physical and cyber security issues, from both a threat and a protection standpoint.
CIDX is a chemical industry trade association focused on two major initiatives—cybersecurity and e-manufacturing standards based on eXtensible Markup Language (XML). Its members represent leading chemical manufacturers, such as BASF, The Dow Chemical Company and DuPont, and software suppliers, such as Aspen Technology, Microsoft, Oracle, OSIsoft and SAP.
Yoran, who is a graduate of the U.S. Military Academy at West Point and holds a Master of Science degree in computer science, is a former executive with Symantec, a security solutions provider based in Cupertino, Calif. His considerable expertise will promote cybersecurity solutions on two parallel paths—long-term research and near-term tactical methods.
The department’s long-term research focuses on three major areas. The first area is in the creation of large data sets and virtually distributed networks to test and distribute cybersecurity solutions. Second is the creation of new economic models to justify the investment in cybersecurity solutions. And third is the advancement of high-quality software development solutions and assurance methods.
In the near-term, Yoran’s group has created a national cyber alert system and is working with multiple government departments, such as the Departments of Energy (DOE) and Defense (DOD), to collaborate and share information with the public sector about cybersecurity offenders.
Asked about proposed legislation and future regulations, Yoran replied, “There may be a role for regulations and new legislation. It’s one arrow in our quiver. That said, we need to clearly understand the impact of legislation,” including any unintended consequences, he added.
