SCADA--Where Are The Liabilities?

The regulatory environment is placing increased demands on SCADA systems, driving data capture and retention, documentation, training, security, policy, and reporting requirements.As a result, operators and vendors are taking steps to incorporate the impact of regulatory and legal issues (sometimes referred to collectively as "compliance" issues) into the design and use of the systems.

Legal requirements and trends have placed new emphasis on maintaining compliance, because compliance issues are subject to increasingly aggressive enforcement.Compliance is of great significance in any incident where SCADA systems may be a core component of an investigation, lawsuit, or regulatory enforcement action.Compliance failures have resulted in large fines, jail time, injunctive relief and bad press.

Threats to operators also include the potential for misinterpretation and misuse of data.Knowledge of the data, and the obligation to understand what it means or implies, will be imputed to operators and management.This means responsibility and punishment will reach into the highest levels of management.Operators and management are now facing the potential of charges of negligence being changed to allegations of willful misconduct.In addition, they are confronted with the possibility of criminal liability and increased civil exposure.

Businesses with any form of SCADA-controlled operations must be aware of potential liabilities and take prompt and appropriate actions to minimize them.Personnel with the responsibility and expertise to manage SCADA for and in these businesses are the first line of defense against charges of noncompliance violations and lawsuits.They should be able to recognize the various exposures faced by the company if the SCADA system (or an operation controlled by SCADA) fails operationally, suffers a security breach, or is in violation of compliance issues.

The following scenario illustrates the types of issues that can flow from a failure in an operation, especially a failure where an incident occurs.

If an operation fails in any way that is significant outside of the company, then it usually follows that agencies and other outsiders will become involved."Significant outside of the company" can mean an adverse economic impact on a third party ("the pipeline went down because of a leak, resulting in gasoline supply disruption"), injury or damage to the environment, or injury or death of any person (including an employee).

The outsiders will look at the failure and the company, either because they have the public charter to do so (the FTC at supply disruption, DOT at pipeline safety issues, OSHA at injuries or deaths of employees, law enforcement or injury or death of third parties, the EPA at environmental issues, etc.), or because they see an opportunity to make money (plaintiff lawyers).The outsiders will look at operations with 20/20 hindsight and, depending on the incident, may look deep into records, security, policies and procedures and the decisions of the company.

Although a failure may be SCADA related, the cause of the problem is usually external to the SCADA system.Provided the SCADA system is integrated correctly (incorporating the Holistic model consisting of operations, security, and compliance), it can actually help supply the answer to what caused the problem.

The SCADA records likely will have a critical place in the midst of the scrutiny.The first hurdle facing the company is ensuring that the records can be produced.There are certain requirements in regulatory schemes for records retention (for example, see 49 CFR 195.404 regarding liquid pipelines in the United States).Failure to produce the required records may not only be a violation, but may also raise a presumption that the company destroyed the data because it has something to hide.If a civil lawsuit is filed, rules regarding evidence preservation may come into play, along with issues regarding records that are part of common law requirements as well as regulations like Sarbanes-Oxley in the United States.

Assuming the records and data are available, they will be dissected to find any "problems" in operations.The scope of the investigations will not end there.Regulators and plaintiff lawyers will look at compliance, training given to operator personnel, the manuals and policies underlying training, the age of the system, physical security of the system, the ergonomics of the SCADA control room and system, and many other factors to find fault with the company.Even if the incident resulted from a security breach caused by a criminal act of a third party, the company will be held responsible on the theory that its security, because it was breached, was obviously insufficient.

Vendor exposures are also multi-faceted.During the course of an investigation, vendors will be subject to subpoena and discovery by regulators and plaintiff lawyers seeking information about the activities of the vendor on behalf of an operator.Vendors will need to have maintained their working files in accordance with the requirements of the operator's contract.Although contracts normally require the vendor to provide prompt access to its records and files, such access is predicated on auditing by the operator of the vendor's work, rather than seeking to preserve records that may become important during an investigation or litigation.

In the best of circumstances, vendors can plan on having their business disrupted if their client has a problem.In worse cases, the vendor can plan on being a defendant itself.In this scenario, the vendor may face the choice between accepting some liability or blaming its customer for the failure.The latter action may result in the vendor crippling its business prospects with not only the customer involved, but other operators in the industry.

About the Author

Click on the links provided for more information on scada, scada security and risk management.

Relaited Links:

• What is an Internet Auction
• Surviving Financially After Losing Your Job
• Could Trading Make You A Living In These Uncertain Times?

Yes, You Really Need Internet Marking Education

How long did it take you to learn your current job?How about your previous job?Did they give you a manual and say, "Here's your training?" More than likely your answer is "no." Well, if it didn't work then, how do you think it will work now?I'll answer the question you've been asking yourself: Yes, you really do need Internet marketing education to become successful.That doesn't mean that you can't earn a few bucks here and there just by doing what you're doing now, nor does it mean that you have to take a four-year college course to gain the experience needed to be a serious Internet marketer, but I will tell you that if you think you can do it without any instruction or with the help of a 10-page e-book, you're dead wrong!

Why Can't I Get the Information From an E-Book
E-books are great.
They're informative, some show you step-by-step instructions, and some even offer free CD as a bonus.If that's all the information you need to get going, and if your dream was to run affiliate ads on the free advertising sites, you're all set.

However, many times people think they have the knowledge to succeed until they get stuck.It's when they dig themselves into a deep hole of frustration that they realize they need help, and Steps 1 and 2 of the e-book probably won't tell you anything about what to do if you've made a mistake.

The problem with e-books is that they do just want the author wants them to do, leave you wanting, or in some cases, needing more e-books to fill in the areas that were missed from the first one.

Learn from the Best How to Be the Best

If you want a solid Internet marketing education, turn to people who can offer it.

Now, I'm not saying that you can't learn anything from an e-book, who hasn't purchased at least one or two of them, but when I say a solid education, I mean you want to learn the right ways to do things so you don't make the common mistakes and have to backtrack; losing time and in some cases money.If you want to learn from experienced marketers, consider getting a mentor or a business coach.They do charge for their services, but how much have you spent on "get rich quick" schemes or DVDs filled with broken promises?

I Can't Afford to Hire Someone

If you're starting out on a shoestring budget, that's okay.

There are other options available to you, a few of which I will list here:

1.

Free tutorials, Google Adsense, Pay pay click, free website builders...All of these have free tutorials, so take advantage of them.Google provides an excellent source of information in terms that you can understand, and many of the free website builders offer step-by-step instructions to make building a website a breeze even if you have no experience.

2.Forums, A great place to meet people, build relationships, and seek advice.One of the great things about forums is that people don't mind sharing information, and most are willing to help their fellow Internet marketers get started.You can also share your products, offer your services, and get some extra work if you have a sought-after skill.

3.Free Research Centers, Many of these websites offer keyword tools, tutorials, and marketing strategies at no cost to you.You can certainly benefit from learning about the many marketing tools available today.

The world of Internet marketing has made it possible for stay-at-home moms to make some extra money, even allowing some working folks to quit their day jobs.It doesn't happen overnight, and you certainly can't get everything you need to know from an e-book, so stop waste your money and start investing your time in getting your Internet marketing education.

About the Author

Turnkey Mentors is an online marketing course taught by proven leaders in the internet marketing and online business community at a fraction of the price of all the other guru courses on the net.

www.turnkeymentors.com

Relaited Links:

• Creating Marketing For An Online Business
• Understanding The Term “Real Estate Or Property Management”
• A Quick Guide To Paid To Read (PTR)