2011 RSA Security Conference Observations

Feb. 22, 2011

I attended the big 2011 RSA Security Conference in San Francisco. This is billed as the biggest cyber security conference. The term "Stuxnet" was heard often and many people recognized the term "SCADA" even if they didn't know what it meant. This is an improving situation because the IT community is becoming more aware of critical infrastructure.  Many vendors had signs stating they were secure against all threats.  Facetiously, I felt secure.

I attended the big 2011 RSA Security Conference in San Francisco. This is billed as the biggest cyber security conference. The term "Stuxnet" was heard often and many people recognized the term "SCADA" even if they didn't know what it meant. This is an improving situation because the IT community is becoming more aware of critical infrastructure.  Many vendors had signs stating they were secure against all threats.  Facetiously, I felt secure. That is until I asked about control systems.  Most answers were we don’t do that.  I did talk to one security vendor whose director of consulting services told me he knew all about “SCADA security”. In fact, he said he just finished a penetration test of a “SCADA network”. According to him it was successful except the penetration test shut the “SCADA network” down. A minor point not worth quibbling about, or is it? There were no control system sessions.  However, there were several Smart Grid sessions that were supposed to be the same.
Finally, there were many vendors at the show that provided patch management software and services.  I wonder how they would address what happened with the manufacturing company that just went thru Patch Tuesday and now things on the production line are not working as well as before.
Joe Weiss