Saturday, December 29, 2012

Retirement and Opportunity - A Personal Note Going into 2013

Friends and family gathered last night to wish my wife and I the best during a Nebraska Public Power District retirement party.   My retirement, effective October 31st, wraps up a twenty-one year career with a large, vertically integrated public power utility company.   Also invited and present were some of my prior Behlen Mfg. Co.  colleagues, where my career first focused on developing and supporting engineering and manufacturing solutions across a wide range of platforms and technologies.

Career and Technology Perspective.     Those of us that have been in the information technology and security fields for several decades can easily look back at our own experiences and appreciate incredible advancements.     When I started with Behlen Mfg.,  the systems were distinct and independent:  mainframe for business  (IBM 3400 series), mini for engineering design and schematics production (Synercom Technology's flavor of DEC's PDP 11/70), and a sprinkling of dedicated, often proprietary end user systems that ranged from graphics stations, word processing stations, to dumb terminals (aka tubes).    Behlen offered a great opportunity to work a wide range of challenges from programming engineering and manufacturing focused solutions (generating bill of materials, etc. based on parametric inputs on the mainframe) to eventually include "downscaling" some of mini-computer building steel frame design/iteration programs to engineering PCs.  This allowed the engineering team to further enhance, optimize frame building designs by speeding up an iterative process, permitting more than one design to be analyzed at a time, without huge additional spend.    I also had the neat infrastructure challenge to directly support Mainframe VM and mini-computers.. planning, performing key upgrades (OS, DASD storage, core to digital memory with salvage parts, etc)    Behlen was also where I helped bring on the PC revolution with computer aided design systems (CAD) including some useful CNC (computer numerical control for manufacturing automation) and more broadly used office productivity software, establishing networking (3COM, Banyan Vines), while coding up some very useful Turbo Pascal applications.

After five years with Behlen, joining NPPD offered additional opportunities to bring on server and PC local area networking "LAN" advancements, and seeing a very large commitment to mainframe based computing continue scaling up before being rapidly phased out of the organization with a Y2K focused large ERP (Enterprise Resource Planning) implementation on mini computers.      Networking during this time frame eventually transitioned from distinct architectures and implementations to the now ubiquitous TCP/IP protocol.  The Internet opened up with the first killer app being email, followed by continued world wide web and search engines advancements to help access rapidly improving capabilities while also making the Internet broadly more accessible and useful.

Over the years we have seen the rising flood of information technology increasingly encompass everything we know and care about:  smaller, faster, decreasing cost and increasingly connected.  Computing power that used to take a building with dedicated staff from the early commercial days now fits in the palm of our hands, a thousand times faster; representing over a billion-fold price/performance improvement.  All this change articulates an exponentially paced advancement that is continuing and further accelerating according to some ...more.

Increasing connectivity, capability, and dependence on information technology dynamically and dramatically ramps up real world risk considerations.    Today, a solid grasp of the security issues, including compliance, must be factored into technology strategy and decisions for organizational success.
  
Cyber Security Focus.   Since 2002, my focus at NPPD centered on cyber security in corporate and increasingly operational settings, e.g., fossil, nuclear.   While this work with colleagues was rewarding, an opportunity emerged after reaching retirement eligibility mid-2012 to join the ES-ISAC (Electricity Sector Information Sharing and Analysis Center), supported by NERC (North American Electric Reliability Corporation).  I have accepted the challenge, directly supporting the ES-ISAC at NERC in Washington DC.

The focus on mandatory standards and compliance enforcement dominates much of what electric utility entities think of NERC since the Energy Policy Act of 2005 and ERO (Electric Reliability Organization) designation by FERC (Federal Energy Regulatory Commission).  The challenge for the ES-ISAC is to continue building capabilities and trust with the industry, federal partners, and regulatory bodies while also striving to be increasingly forward leaning in anticipating and appropriately addressing key security challenges using automation and more traditional methods, such as NERC Alerts.  The key industry security focus areas for the ES-ISAC looking forward into 2013 include building out operational capabilities under development and further bolstering core programs  (e.g., assessments, exercises) and outreach (e.g. webinars, workshops).

Federal bodies remain acutely interested and inquisitive about what the electric power industry is doing to address security concerns even as related standards advance and compliance enforced footprints scope rapidly expand across the industry with FERC and NRC (Nuclear Regulatory Commission) driven oversight, auditing, and inspection.

I expect cyber security to continue being a challenging and rapidly evolving critical infrastructure arena.  This is an exciting time to be engaged with critical infrastructure protection!