I am pleased to announce the 2008 Applied Control Solutions Control System Cyber Security Conference will be held August 4-7, 2008 in Burr Ridge, IL (Chicago area). Argonne National Laboratory, one of the national laboratories working on critical infrastructure protection, will co-host this year's event with a focus on interdependencies. The Marriott Burr Ridge, the host hotel, is located approximately 19 miles from Chicago's O'Hare International Airport, 13 miles from Chicago's Midway Airport, and five miles from the Argonne National Laboratory. There have been a number of plusses and minuses since last year's conference in Knoxville. On the plus side, testing continues at INL, PNNL, and selected end-user sites; vulnerabilities are being identified and rectified (though not always publicized); procurement standards are being established for the HMI (Windows and Linux interface); more people are talking about "SCADA security", and standards are being written. On the minus side, there continue to be control system cyber incidents including some with very significant impacts; vendors are continuing to build new instrumentation and control systems with built-in cyber vulnerabilities; there is a lack of procurement specifications for control system field devices; there is a lack of security test specifications for control systems; local and state governments are specifying cyber vulnerable systems (AMI and programmable thermostats); there continues to be a need for an "open" test bed where information would be shared with all participants, not just the vendors; and there continues to be a glaring lack of understanding of control system cyber security. Consequently, a sampling of subjects that should be of great interest includes:
- Technical issues affecting Intelligent Electronic Device (smart breakers and relays) security- Procurement specifications for a secure DCS retrofit-
Control system and IT organizational interactions including network engineering- Field testing results from control system cyber security technologies-
Control system network intrusion detection data analysis- Evidence gathering and potential impacts on control system restart-
Nuclear power plant control system cyber security licensing issues- Interdependencies including impacts on securityAs with the previous conferences, there will be demonstrations of hacking control systems. There will also be presentations and demonstrations of security technology being installed in actual control system networks.
Details on hotel, registration, and agenda will be forthcoming. As in Knoxville last year, there will be a full-day devoted to NIST-sponsored efforts on control system cyber security standards including NIST SP800-53 and NIST SP800-82 following the Applied Control Solutions Conference, Thursday afternoon to Friday noon.
Sponsorship opportunities are available and specific details will be forthcoming.
Please call if you have any questions. I hope to see you in Burr Ridge.