Earlier this week I presented at the Critical Infrastructure Conference in Calgary. Over the last few years cyber security has become more of a mainstream topic in this arena in addition to existing topics like physical security, survivability, operational integerity and so on. While data security is a bit of a newer topic for this group, there was plenty of interest.  In fact, following my presentation, several organizations approached me about applying security to:

• B2B Web portals
• Customer self-service Web portals
• Fat/Thick Client monitoring
• Data protection for control-system specific solutions such as "data historians"
• Web application and database security and audit for their corporate networks

Photo - North East Blackout in August of 2003

A lot of people ask me if organizations with control systems have turned a corner when it comes to cyber security. This is a bit of a loaded questions because not every group has the same level of risk, budget, government mandates, etc. However, based on this year's critical Infrastructure conference I feel that data security is no longer being thought of as a nice-to-have; people get it, it's a must have. And, many of these organizations have security postures that rival the most forward thinking enviornments in other verticals such as finance.