Joe Weiss Reviews Wednesday Session at ACS Conference

Aug. 12, 2008
2008 Applied Control Solutions Conference Blog - Wednesday Enclosed is the Wednesday agenda:
  • Operations Data Network: How We Did It!
  • Patching Issues with Modern and Legacy Control Systems
  • Zoning Principals in a Production and Distribution Environment
  • AMI Standards and Cyber Security
  • Secure Network Architecture for Control Systems
  • Cyber Security in the Chemical Sector: Implications for Process Automation
  • Reboot Issues
2008 Applied Control Solutions Conference Blog - Wednesday Enclosed is the Wednesday agenda:
  • Operations Data Network: How We Did It!
  • Patching Issues with Modern and Legacy Control Systems
  • Zoning Principals in a Production and Distribution Environment
  • AMI Standards and Cyber Security
  • Secure Network Architecture for Control Systems
  • Cyber Security in the Chemical Sector: Implications for Process Automation
  • Reboot Issues
  • Considerations for Security of Integrated Safety Instrumented Systems (SIS): A live Demonstration of a SIS Security Compromise
  • Facility Control System Cyber Security and Control System Firewalls
  • Control System Cyber Security Network Impacts-Sonnet
The Wednesday highlights included a plea by several end-users for an “open” test bed that didn’t have the non-disclosure limitations associated with National Lab test beds. Patching (or inability to patch) issues unique to control systems were discussed. Automated Metering cyber issues and inconsistent approaches by vendors were discussed. Inadequate design and policy issues that caused the Hatch Nuclear Plant cyber incident and other similar incidents were addressed. The demonstration of the safety system hack was based on well-known cyber attack scenarios and was not stopped by a firewall. This led to a discussion that firewalls are becoming less effective as attackers move from attacking the firewall to “bypassing” the firewall. Case studies were presented including a regional blackout that could only be alleviated by sending crews to the substation to manually disconnect. These slides were not allowed to be made available to Conference attendees because of legal restrictions which obviously generated even more discussion. A discussion was held on telecom since telecom is critical to control system operation and can easily be an attack vector. One of the events described a telecom cyber event that affected substation protection devices. This is VERY important since the NERC CIPS specifically exclude telecom. A senior executive from NERC attended the Conference – hopefully, he will get the message back. Joe Weiss