Keep Your Friends Close
Information Management Systems Can Grant Your Stakeholders Access to Critical Information While Also Restricting Access to Proprietary Business Information
The nuclear industry today has redefined security for modern collaboration. In the old days the practice of restricting access was fairly straightforward. You kept your secrets secure from the bad guys and made sure that the good guys had access to absolutely everything that might help them succeed.
Things were as simple as an old black & white John Wayne Western. There were the good guys and the bad guys. The good guys wore white hats and the bad guys wore black hats. Who needed a color TV for these classics? Today, things are a bit more complicated. In the digital age there are sneaky bad guys who want to get a hold of your digital assets, and it can be surprisingly easy to do now that we’re not talking about pieces of paper in locked filing cabinets. There is also a third group. There are the good guys that we cooperate with in some areas and directly compete with in other areas, so they’re only allowed to see certain things.
As I mentioned in an earlier blog, nobody beats the nuclear industry when it comes to sharing knowledge. This environment of sharing makes things safer, more compliant, and more efficient for everybody every day. And for that I am quite comforted. But how do you protect your cyber assets from the bad guys while still sharing them with the good guys…inside or outside your organization?
Making matters more complex (because clearly they are not complex enough yet) is the fact that nuclear companies from different nations are now cooperating, sharing knowledge, competing, and developing new technologies. So corporate espionage concerns get to mix with actual espionage concerns.
Think that’s the worst of it? Nope. Because all that data is constantly changing, so even if the good guy has the file, you need to be sure it’s the most up to date and accurate file.
Welcome to the junction of big business, nuclear safety, and cyber security. The fact is that we are combining multi-billion dollar projects with nuclear fission. Peoples’ lives, businesses, and national security are literally at stake here so we need to get this access to information thing right on our first try. Share too little and safety margins are reduced for everyone. Share too much and you lose your job or give away secrets to the bad guys.
What to do?
Fortunately there is a really good vehicle to solve all of these problems. Comprehensive information management systems give nuclear industry professionals the ability to precisely configure access to sensitive information. This ensures that the information can be accessed easily and efficiently by those who have the authority to do so, while sensitive cyber assets can still stay safe and secure from inquiring eyes.
The good news is that some of these systems can be configured right out of the box to provide scalable security and access control parameters. Others can be customized for added layers of access control when special needs arise.
Sensitive information can be tracked as it evolves, changes, and/or correlates to other data. Companies can keep track of who accessed what information, when it was accessed, and where it was accessed from. As information is reclassified it can be flagged and proactively organized. Specific users can be dynamically alerted when important changes are made. This can be anything from a design change to a regulatory change.
Keep in mind that access control is not just about keeping unauthorized people from seeing sensitive data. It can be just as important to make sure that the right people have easy access to the information that they need to do their jobs. This is why we call it access control and not access restriction. Again, the difference between sharing too much and sharing too little can be significant. Just putting everything into a steel box and putting a padlock on it could pose as much risk as posting information on the internet. It all depends on the information and who needs to see it and who can’t have access to it, regardless of what color cowboy hat they may be wearing.
Check out this NuStart Energy Case Study and Cyber Security White Paper from Bentley…they’ve got a configurable system that will help you make keep track of your cyber assets and the guys in the white hats.
*This post orginially appeared on PennEnergy. Distributed with permission of the author.
Stephen Heiser has been writing about nuclear power and related topics since 1990. He has presented at major industry events, provided industry commentary for broadcast events, and written for a number of energy focused publications. His blog is sponsored by Bentley Systems.