Vicki Knott, CEO and Co-Founder of CruxOCM, Canada, considers pipeline cybersecurity in 2022 and argues that promoting your IT head to ‘CSO’ is a recipe for disaster.
H
ow are cybersecurity, control systems, and digital transformation related? Spoiler alert – they are the only way our industry will make it into the future and they require innovation. Times, they are a-changing. Let’s start with the ultra hot topic: cybersecurity. I will say this upfront and repeat it over and over again: please do not promote your 20+ year IT veteran employee to Chief Security Officer (CSO). Think about it from this perspective – how much have cell phones changed in the last 20 years? Do you think the same engineers that built the 1990s old school car phone built the iPhone? It’s unlikely. So, why are we expecting our engineers and IT professionals that have epic amounts of organisational-specific business acumen to also learn how to build cybersecurity capabilities that evolve at an unprecedented pace every year? Doesn’t it make more sense for them to keep the core business running and pass down critical operational knowledge to new team members? Based on what I have seen in the industry, promoting internal folks to unrealistic roles is far too common. Not only are we setting up tenured, loyal employees to
fail, but we are also hurting the business’s bottom line by wasting time and money implementing non-optimal solutions. As an industry, when we set employees up to fail, we unknowingly contribute to a culture of risk aversion. Risk aversion is important in our industry, but not to the point where employees cannot discern between business risk and safety risk – a line I see people in the industry blurring more and more these days as the market plunges us all into a scarcity mindset. Risk adverse employees who have been set up to fail by leadership are then asked to be innovative? Doesn’t sound like a working recipe to me. Bottomline, it’s critical to hire the experts. Hire the firms that have a team of coders who set up honey pots to lure in the hackers and learn their behaviours. They exist, we just have to look beyond the walls of our pipeline organisations. And I’ll repeat, this is not something your in-house team can learn.
Control systems What seemed far fetched and down right questionable 30 years ago is now very much an operational norm. I had a control room operations lead look at me once
Vicki Knott.
10
