Joe Weiss on the Tuesday activities at the ACS Conference

Aug. 11, 2008
2008 Applied Control Solutions Conference Blog - Tuesday Here is the Tuesday agenda:
  • Congressional Welcome
  • Industry Status
  • Enabling Control System Security and CIP through Trusted Partnership Between Industry and Government
  • Towards a CERT Coordination Center for Control Systems
  • Cyber Security Issues with IEDs
  • Status of REID Relay for Aurora
  • Renewable Energy Power Systems Awareness
  • Malicious Control System Cyber Secu...
2008 Applied Control Solutions Conference Blog - Tuesday Here is the Tuesday agenda:
  • Congressional Welcome
  • Industry Status
  • Enabling Control System Security and CIP through Trusted Partnership Between Industry and Government
  • Towards a CERT Coordination Center for Control Systems
  • Cyber Security Issues with IEDs
  • Status of REID Relay for Aurora
  • Renewable Energy Power Systems Awareness
  • Malicious Control System Cyber Security Attack Case Study - Maroochy Water Services Australia
  • Refining Security: Process Control System Protection, Misuse Protection, and Incident Response Trustworthy Cyber Infrastructure for Power (TCIP): Challenges and Opportunities
  • SCADA Testbed in a Box
  • State of the SCADA Industry- A Water Users Perspective
  • Cryptography 101
The Conference was opened by Congressman Langevin (via video). The Tuesday highlights included a discussion on the need for a CERT for Control Systems and the lack of information sharing. Ironically, the groundrules for this conference reinforced the lack of overall information sharing.  The discussion on IEDS focused on the work of IEEE-1686 which is developing information to be used in IED procurement specifications (the existing procurement specification efforts are not adequate for these systems). The Aurora discussion pointed out how compartmentalized the details still are, even after DHS provided CNN the tape last October. Most attendees did not know the details or even more important why it was so critical to address this issue.  A discussion of renewables provided a unique view of the delicate balancing act for grid reliability and what cyber could do to upset that critical balance. The Maroochy (Australian) wireless hack was presented in context of NIST SP800-53 and also similarities to the recent San Francisco city LAN cyber event. Finally, a presentation was made on control system patching issues in the water industry including several cases where patching caused cyber impacts on control system performance. Joe Weiss