Applied Control Solutions and Control announce the eighth in a series of conferences focused on cyber vulnerabilities of industrial control systems. The next event in the series will take place August 4-7, 2008, in the southwest Chicago suburb of Burr Ridge, Ill.
Due to recent cyber-related blackouts and plant trips, along with the five-year anniversary of the Northeast blackout, potential cyber-related incidents and their prevention are now the main focus of the conference agenda. The focus of cybersecurity has been on traditional issues, including passwords, firewalls and compliance, not system reliability. Reliability of industrial facilities (power plants, substations, chemical plants, refineries, water systems, pipelines, etc.) has focused on control system challenges, not cyber vulnerabilities. This conference addresses the intersection of control system vulnerabilities and reliability of industrial control systems and processes.
Presentations and the areas of interest of the conference include:
- The recent Florida cascading outage, which shines a bright spotlight on cybersecurity of relays, switches and other remotely accessible field devices. A session will be devoted to inherent cyber vulnerabilities of these devices, lack of appropriate logging and the associated IEEE standards efforts to protect these devices.
- A recent nuclear plant automatic shutdown, resulting from a software change, brings up new questions concerning the unintended consequences of workstation and PLC reboots. With IT security, NERC CIP, NEI-0404, and other regulations pushing to patch control system workstations in the most expeditious way, attendees will discuss if the proposed cures are worse than the disease. They will also consider the broad implications and potential solutions. Possible explanations for previously unexplained trips in fossil, chemical and other process operations will also be explored.
- End users will discuss impacts and issues unique to the application of firewalls for control system networks.
- IT practices that have affected control systems will be discussed, including Microsofts recent disclosure about Excel calculation errors, unintended consequences of patching control system workstations and scanning of control system networks.
- Case histories of control system cyber events, control system cybersecurity forensics (or lack thereof), demonstrated control system cybersecurity technologies, control system cybersecurity R&D and the status of government efforts on control system cybersecurity will be explored. This will include regulations and best practices for nuclear power plants.
- Control system hacking demonstrations using actual control system devices, not emulations. One demonstration will be the hack of a typical process control safety system. The attack will traverse a firewall, causing a fault in both a typical controller and safety system without any indication at the HMI (operator displays) until it is too late (i.e., the process under control fails in a non-fail safe condition).
This conference should be of interest for utility and other industrial end users, regulatory, university and business professionals responsible for or dealing with control system security, and IT security and control system operations and maintenance.
The conference will be held at Marriott Burr Ridge, Burr Ridge, IL. For further information, see www.realtimeacs.com.