Does Biden’s executive order provide you clarity on implementing new cybersecurity compliance frameworks at your organization?

This order doesn’t give me the granularity that I need, either as a vendor, a buyer of technology or even as an analyst. For data on the production floor of a manufacturing facility—and this is very apropos to the pipeline incident—is each Programmable Logic Controller (PLC) in each piece of equipment what you have to protect? Do you start at the physical device, the silicon, and then go up to a layer of firmware and then data? And if it's binary, do you focus on how the data is being created or how the data is being captured for use? There are a whole set of parameters around that. As professionals, I think the powers that be need to give us more.

Anonymous Author
This order doesn’t give me the granularity that I need, either as a vendor, a buyer of technology or even as an analyst. For data on the production floor of a manufacturing facility—and this is very apropos to the pipeline incident—is each Programmable Logic Controller (PLC) in each piece of equipment what you have to protect? Do you start at the physical device, the silicon, and then go up to a layer of firmware and then data? And if it's binary, do you focus on how the data is being created or how the data is being captured for use? There are a whole set of parameters around that. As professionals, I think the powers that be need to give us more.
1 upvotes
Anonymous Author
I come from a pharmaceutical background where everything is run by Standard Operating Procedures (SOPs). Half my job was sitting in audits, talking to auditors that know nothing about IT, and I have to explain how it all works to them. So I can pass any checkbox audit but that doesn't mean I'm secure or protecting my environment at all. Name the acronym—I’ve passed all those audits a million times over the last 15 years or so.
2 upvotes