I am in Israel as an invited speaker at NISA’s SCADA Security Conference. Yesterday at the open session, there were a number of vendors speaking about their SCADA security solutions. All were very smart cyber security experts. However, none had control system experience or expertise. At the end of the day, there was an open panel session with all of the speakers. I pointed out the inadequacies of what had been discussed:
- vendors didn't really know what a SCADA (control system) really was
- vendors had extensive logging capabilities without knowing what to log
- vendors discussed training without having any knowledge of control systems
- vendors discussed R&D without knowing what was needed by control systems
This was a SCADA Security Conference with minimal control system expertise. Dies this sound familiar to so many SCADA Security and Smart Grid Security conferences?