Amphion Conference – what the IT community still does not understand about ICS cyber security

I attended the Amphion Conference December 12th in San Francisco. The Amphion Conference is focused on end-point devices, particularly mobile devices. The agenda can be found at Even though there were numerous sessions on the Internet of Things, there was very little attendance from the ICS community. There were two sessions I thought would be of interest to the ICS Community. The first was by AJ Shipley from Wind River. His presentation was titled: “IOT Security: Evolution Not Revolution”. The point of the presentation was that for end point devices, specifically including ICSs, existing IT technology was available (evolution) and new technology specific to control systems was not necessary (revolution).  Unfortunately, this doesn’t address ICS-unique issues such as Stuxnet and Aurora. I also gave a session on ICS cyber security. As usual, the session was not well-attended as ICS was not viewed as germane to most of the attendees. Also, most of the attendees were surprised that IT solutions would not be the panacea. I thought the following blog of one of the attendees in my session would be of interest as I believe he is representative of the non-ICS community hearing about ICS cyber security for effectively the first time -

Joe Weiss