November 27-28, the Georgia Tech Research Institute and the US Office of Naval Research Global held the TransAtlantic Cyber Security Summit in Dublin, Ireland. The agenda can be found at http://www.siliconrepublic.com/events/event/2927-transatlantic-cyber. There were approximately 60 attendees from Europe and the US. The presenters were some of the top cyber security people from the academic and defense communities. As is so often the case, I was the only speaker from the industrial control systems (ICS) community. Again, as usual, much of what I had to say was new as most of the attendees only knew of ICS through the amorphous term "SCADA". There were a number of points I felt were important:
- Georgia Tech gave a very interesting presentation on malware. They stated that there are immense numbers of malware created daily (hundreds of thousands). Not all of it is new, but repackaged or simply recompiled. They showed that many anti-malware products can identify the initial malware, but once it is recompiled, the existing anti-malware software doesn't recognize it. This is consistent with a presentation at last year's ICS Cyber Security Conference about malware (in this case Conficker) on a control system network that was not identified by the up-to-date McAfee Anti-Virus software.
- The level of understanding of ICS was not very high. One of the attendees who was responsible for performing vulnerability assessments of his facilities told me he did not address SCADA as he assumed SCADA was "an isolated system in the corner". Another Compusec manager said SCADA was not yet in scope for his organization.
- The second World Cyber Security Technology Research Summit - Belfast 2012 (http://www.csit.qub.ac.uk/News/Events/Belfast2012/) had no ICS attendance. When I asked why, I was told the ICS organizations they contacted were not interested. This is similar to the lack of ICS organizational attendance at the 2010 East-West Cyber Security Summit.
Following my presentation, there appeared to be a new appreciation and significant concern about the state of critical infrastructure protection.