I attended and spoke at the 2009 Air Force Cyber Security Symposium in Shreveport, LA. It was a VERY high-powered conference. Speakers included Major General William Lord, the Honorable Lauri Almann from Estonia, Lt. General William Shelton, Vice Admiral Denby Starling, Richard Schaeffer from NSA, George Kurtz from McAfee, Lt. General Robert Elder, John Stewart from Cisco, Dr. Thomas Celluci from DHS, Brig. General Vakhtang Kapanadze from the Republic of Georgia, Rhonda Dunfee from DOE, Jeff Moss from Black Hat, Major General Richard Webber, Dr Greg Hanson, Lt General Harry Raduege (retired) from Deloitte and co-chair of the CSIS committee, Major General Dale Meyerrose (retired) from Harris, and myself. Most of the presentations were focused on IT. My observations were:
- The unique issues of industrial control systems were new to almost all.
- Many in the audience were aware of the Australian hack (Vitek Boden) but were unaware of US control system cyber incidents.
- Even “secure” IT networks had many unknown computers attached. (The ICS world is not alone in that aspect.)
- In an off-line conversation, Jeff Moss mentioned a friend had hacked into a power facility by knowing the default password. When he told me the password, it was evident his friend had hacked into substation relays.
- Russian attacks against Estonia and Georgia were IT attacks against the Internet and web defacement.
- I was approached about supporting education outreach and possible certifications.
- There is a definite concern within DOD about the cyber security of the critical infrastructure supporting their bases.
- The CSIS Select Committee will continue to meet – I believe they will now consider giving the control system community a seat at the table.