Air Force Cyber Security Symposium

I attended and spoke at the 2009 Air Force Cyber Security Symposium in Shreveport, LA. It was a VERY high-powered conference. Speakers included Major General William Lord, the Honorable Lauri Almann from Estonia, Lt. General William Shelton, Vice Admiral Denby Starling, Richard Schaeffer from NSA, George Kurtz from McAfee, Lt. General Robert Elder, John Stewart from Cisco, Dr. Thomas Celluci from DHS, Brig. General Vakhtang Kapanadze from the Republic of Georgia, Rhonda Dunfee from DOE, Jeff Moss from Black Hat, Major General Richard Webber, Dr Greg Hanson, Lt General Harry Raduege (retired) from Deloitte and co-chair of the CSIS committee, Major General Dale Meyerrose (retired) from Harris, and myself. Most of the presentations were focused on IT. My observations were:
- The unique issues of industrial control systems were new to almost all.
- Many in the audience were aware of the Australian hack (Vitek Boden) but were unaware of US control system cyber incidents.
- Even “secure” IT networks had many unknown computers attached. (The ICS world is not alone in that aspect.)
- In an off-line conversation, Jeff Moss mentioned a friend had hacked into a power facility by knowing the default password. When he told me the password, it was evident his friend had hacked into substation relays.
- Russian attacks against Estonia and Georgia were IT attacks against the Internet and web defacement.
- I was approached about supporting education outreach and possible certifications.
- There is a definite concern within DOD about the cyber security of the critical infrastructure supporting their bases.
- The CSIS Select Committee will continue to meet – I believe they will now consider giving the control system community a seat at the table.

Joe Weiss

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

  • <p> "The unique issues of industrial control systems were new to almost all." </p> <p> Eh... time to remind everybody that the very beginning of SCADA security research was in the military (though not Air Force). Check Capt. Barry Ezell's Thesis "Risks of cyber attack to supervisory control and data acquisition for water supply" which was published ELEVEN YEARS ago. Guess what, Barry even thought about metrics. Although pretty much without precursors, his work contains more substance than the bulk of what was published on SCADA security later on, which leads me to believe that our discipline still is in a pre-scientific stage. </p>

    Reply

  • <p>My God, Ralph, you're right. I hadn't realized that Barry's thesis (to which I contributed in a small way) was written all that long ago...time certainly flies. He did terrific and seminal work, which, I fear was not recognised by either the Army nor the government, nor the SCADA community. </p>

    Reply

RSS feed for comments on this page | RSS feed for all comments