2009 Control System Cyber Security Conference - Mark Your Calendar


The 9th Control System Cyber Security Conference will be held October 19-22, 2009 in the Washington DC area. Congressman James Langevin, former Chair of the US House Committee on Homeland Security’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology is expected to repeat his plea, made at last year’s conference, for concerted public-private efforts to secure the industrial critical infrastructures, this time in-person. It also is expected that other Congressional representatives and senior regulators will also appear.

Control systems operate the industrial critical infrastructures of electric power, water, chemicals, pipelines, and manufacturing. Going “green”, Smart Grid, and other productivity and environmental demands are increasing the cyber vulnerabilities of control systems on a global basis across all industries. These uncertain times with the faltering economy are creating knowledgeable, disgruntled ex-employees in addition to the increasing threats from terrorists and nation-states. Control system vulnerabilities already have been intentionally and unintentionally exploited resulting in more than 100 critical infrastructure control system cyber incidents worldwide causing impacts from trivial to significant equipment and environmental damage to deaths. Many control system cyber incidents are not caused by traditional IT security vulnerabilities such as buffer overflows but because of inadequate training, policies, procedures, and testing – “people” issues. If personnel are not adequately trained and an appropriate culture established, even the best mitigation technologies can be defeated.

Conference Agenda
The agenda will address control system cyber security topics such as:
-    Telecommunications impacts on control system security
-    Smart Grid and renewables, with concentration on identifying and remediating security vulnerabilities in the control systems necessary to make a smarter grid a reality
-    Nuclear power issues including the cyber security Regulatory Guide,
-    Security in the chemical industry, including CFATS regulations which may expand beyond chemical plants to water and other types of industrial facilities including power plants
-    Security in the oil, gas, and refining industries, including the convergence of safety and security
-    Security in the water and wastewater industries, including strategies to deal with security for older infrastructure and systems that are not expected to be replaced in the near future
-    Applicable industry and academia R&D
The Conference will also address recent events and incidents. As an example, December saw two electric utilities complete power plant DCS upgrades from two different control system suppliers with the most modern, secure systems available. Yet both electric utilities experienced cyber incidents that could have shut down the plants. This type of information provides Conference participants with guidance to improve their security while maintaining system reliability. As with past Conferences, there will be control system hacking demonstrations and discussions of actual control system cyber incidents. Additionally, there will be a tour of a working wastewater storage facility with emphasis on its control systems.

If you have any questions or for more information including sponsorship opportunities, please contact me at (408) 253-7934 or joe.weiss@realtimeacs.com.
Joe Weiss