With the recent flurry of discussions dealing with legislation, Smart Grid, etc, I thought I should update the information that will be discussed at the October ACS Control System Cyber Security Conference:
March 19th, I testified to the Senate Committee on Commerce, Science, and Transportation chaired by Senator Jay Rockefeller. Consequently, it is expected that other Congressional representatives and senior regulators will also appear. Cyber security in general, and specifically industrial control system (ICS) cyber security, is also of great concern to the US military. Consequently, there will be a discussion of DOD concerns and initiatives focused on ICS cyber security. Additionally, there will also be discussions on the Estonian cyber war as it may have affected control systems. The Conference will also address recent events and incidents. As an example, December saw two electric utilities complete DCS upgrades from two different control system suppliers with the most modern, secure systems available. Each utility has already experienced cyber incidents that could, and in one case did, shut down the plants. Moreover, the logging was not adequate to identify the “who” and “when”. This opens up an entire discussion area concerning cyber forensics of industrial control systems.