January 11-13, 2017, Texas A&M held the first Cybersecurity of Critical Infrastructure Summit for Energy and Manufacturing - https://cybersecurity.tamu.edu/cybersummit2017. I was a panelist in the Technology session. My observations were as follows:
- The attendees represented a broad swath of government, industry, and venture capitalists. However, most speakers were from, or discussing, primarily IT network security issues. Consequently, the focus was on Information Assurance as opposed to Mission Assurance which unfortunately is very typical. That is, the focus was on cyber vulnerabilities not overall system impact. Additionally, most of the statistics presented were from IT not ICS applications.
- There was lively discussion about ICS issues and I believe attendees started to appreciate the difference between IT and ICS and the need to address ICS issues. This included not only industry but students as well.
- One point that caught my eye was a chart that Rhonda McLean brought up about the perception of the Boardroom. She mentioned that anecdotes are perceived as of little value to Boards. However, when I brought up the impact of the Bellingham, WA Olympic Pipeline Company case including the bankruptcy of the Olympic Pipeline Company, her expressions changed.
- Ironically, Thursday morning January 12th, the EPA accused Chrysler-Fiat of violating emission standards by installing “cheat” software on control systems in about 104,000 pickups and SUVs similar to the Volkswagen scandal.
- Based on the Conference discussions, Texas A&M is considered coordinating many of the various Texas A&M centers of excellence to address the overarching issues associated with ICS cyber security.
I believe this Conference showed that, with understanding, there is a desire to address ICS cyber security issues. The Conference proceedings will be available at the Texas A&M website - www.cybersecurity.tamu.edu.
Joe Weiss