2014 Silicon Valley Cyber Security Summit – no ICS focus

Aug. 13, 2014

August 12th, the Silicon Valley Leadership Group hosted the 2014 Silicon Valley Cyber Security Summit. The attendance was very high level with 2 US Senators, 2 US Representatives, senior leadership from McAfee, Symantec, RSA, etc. There was almost no ICS focus or discussions though there were discussions about the need for information sharing. I did show the Senators and Representatives the relevant declassified DHS slides on Aurora. They were surprised that information is public and have asked for further discussions.

August 12th, the Silicon Valley Leadership Group (SVLG) hosted the 2014 Silicon Valley Cyber Security Summit at HP in Palo Alto. The attendance was very high level with 2 US Senators, 2 US Representatives, senior leadership from McAfee, Symantec, RSA, etc. The agenda can be found at http://svlg.org/wp-content/uploads/2014/08/2014-Cybersecurity-Summit-Agenda-DRAFT-41.pdf.  The theme of the Conference was the importance of cyber security and that it needed more attention. I was told the SVLG invited PG&E, Santa Clara Valley Water District, and other large industrial companies. However, the only participation from the industrial control systems community was one water company and an industrial control system software vendor. As can be seen from the agenda, the focus was on privacy, industrial espionage, and traditional IT security - there were no sessions devoted to control system cyber security.  Consequently, there is a “chicken and egg” scenario that continues to be played out. If there are no sessions that are of interest to industrial companies, why attend? If the industrial companies won’t attend, why have the sessions?

The discussions on critical infrastructures were focused on finance and even doctor’s offices. There were just a few mentions of industrial critical infrastructure such as power grids but no detailed discussions. There were many discussions about information sharing with DHS being the lead. One wonders what will happen with industry’s desire to share information with DHS after the recent declassification of the Aurora information. DHS’s Bobbie Stempfley stated to me the release of the Aurora information was OK as it had been requested since 2009. This despite the fact there is yet to be an installed base of Aurora hardware mitigation by the electric utilities.

I did show the Senators and Representatives the declassified slides on the targeted facilities that were declassified. They were surprised that information is public and have asked for further discussions.

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.