Overall ACS Conference Observations

After a grueling week, I had a chance to collect my thoughts and have the following observations:
- The attendees felt the Conference was a major success and want it to continue.
- People will come if they think there is information of value. Despite the plethora of conferences including PCSF being 3 weeks away and Black Hat being the same week, there were almost 100 attendees representing 9 countries. Industries present included water, electric transmission,...

2008 Applied Control Solutions Conference Blog - Thursday

Here is the Thursday agenda:

• Lessons Learned from Vendor Implementations
• Control System Forensics
• Cyber Threats to Critical Infrastructure-A Different Perspective
• Nuclear Plant Cyber Security Issues

The Thursday highlights included the FBI presentation that included the “Cone of Silence”. This led a very lively discussion on whether the FBI was actually a help or a hindrance as they go a...

2008 Applied Control Solutions Conference Blog - Wednesday

Enclosed is the Wednesday agenda:

• Operations Data Network: How We Did It!
• Patching Issues with Modern and Legacy Control Systems
• Zoning Principals in a Production and Distribution Environment
• AMI Standards and Cyber Security
• Secure Network Architecture for Control Systems
• Cyber Security in the Chemical Sector: Implications for Process Automation
• Reboot Issues

2008 Applied Control Solutions Conference Blog - Tuesday

Here is the Tuesday agenda:

• Congressional Welcome
• Industry Status
• Enabling Control System Security and CIP through Trusted Partnership Between Industry and Government
• Towards a CERT Coordination Center for Control Systems
• Cyber Security Issues with IEDs
• Status of REID Relay for Aurora
• Renewable Energy Power Systems Awareness
• Malicious Control System Cyber Secu...
  

2008 Applied Control Solutions Conference Overview

August 4-7 marked the Eighth Control System Cyber Security Conference.

Times have certainly changed. When this Conference began in 2002, it was the only conference dedicated to control system cyber security, and conferences like Black Hat did not address control system topics.

This year’s attendance was impacted by the proximity of other conferences such as Black Hat (slightly) and PCSF (significantly).

However, there were still approximatel...

Congressman James Langevin, (D) Rhode Island, keynotes the 2008 ACS Cybersecurity Conference....

Congressman Jim Langevin, (D) Rhode Island, because he does not travel much, recorded his keynote on video.  Langevin is the first quadriplegic to serve in the U.S. House of Representatives. At the age of 16, Langevin was injured while working with the Warwick Police Department in the Boy Scout Explorer program.  A gun accidentally discharged and a bullet struck Langevin, leaving him paralyzed.  The tremendous outpouring of support from his community inspired Langevin to give something back and ...

so am I, ...and I’ll be blogging about it for the next couple of days, but I’ll be simul-blogging on SoundOff as well.

The over 100 attendees of the conference heard a video keynote from Congressman James Langevin, (D) Rhode Island. Congressman Langevin urged the attendees to take back to their CEOs and managers his message: cybersecurity is an important issue and must be treated that way. “I hope that we can all get our egos out of the way and work together on this,” he said.

Ironically, as C...

San Francisco and SCADA

Jake Brodsky brought up the following, "Do management and law enforcement types have any clue as to how one might regain control of a SCADA system after a rogue employee has secured everyone out of it?"

I had planned on saying something at the Conference next week but I will bring up now.

There are two aspects of the Terry Childs’ situation, the San Francisco IT Administrator who locked out his Department from the City WAN, that have interesting implications for SCADA/...

IT and Operations Differences

I received an e-mail this morning from a Conference attendee wanting to know if I would give Continuing Professional Education (CPE) credits for the CISSP certification. I didn’t have an answer so I called the organization responsible for CISSP accreditation – the International Information Systems Security Certification Consortium (ISC2).

I explained the reason for the call and explained a little about control system cyber security and what makes it different than...