Highlights from the 13th ICS Cyber Security Conference #pauto #NERC-CIPS #cyber #security #ICS

Jan. 1, 2000

Highlights of the 13th ICS Cyber Security Conference including global attendance, Kaspersky's new Cyber Security Game, report of a major cyber incident in a utility, an ICS Honeypot, and "loss of integrity" incidents.

13th ICS Cyber Security Conference Highlights

More than 180 attendees from electric, water, oil/gas, chemicals, transportation, food, manufacturing, governments, and academia attended the 13th ICS Cyber Security Conference. Attendees were from North America, Europe, Asia, and the Middle East. 

Highlights to date included:

Attendees at 13th ICS Cyber Security Conference play KIPS

   Monday Kaspersky introduced KIPS- Kaspersky Industrial Protection Simulation – essentially a “Monopoly” game for maximizing revenue of a water utility that falls under cyber attack. More than 40 attendees actively participated in the game in groups of 4 per team.  Each team’s water utility generated $200,000/day of revenue and had $20,000 for cyber security protection. The game lasted “5 weeks” which meant each team should have generated $1,000,000 in revenue. However, the winning team generated approximately $850,000 in revenue because of cyber attacks and were celebrating their victory. The losing teams generating approximately $600,000 in revenue because of cyber attacks. None of the teams realized until the game debrief the cost of the cyber attacks – ranging from $150,000-$400,000. Amazingly enough, $12,500 of the $20,000 in cyber security funding spent wisely could have prevented almost all of the damage. It was truly eye-opening and a number of the participants asked about using this game at their companies.

-        Tuesday, Samara Moore, from the White House gave the Keynote. She was a refreshing change from most government speakers, and she mentioned that the cross functional cross industry amd nulti-national attendance is what she has been looking to address. She talked about Executive Order 13636 and how much the White House wants to implement a workable cyber security framework.  

Also Tuesday, a utility representative led a discussion of a major cyber incident – the loss of view and control of a turbine. The ramifications of this event were far-reaching.  As the participants actively questioned the utility, the utility wondered if this were simply a one-time incident that only affected them.

One of the Conference attendees spoke out and mentioned that they had been part of a similar situation where fossil plant burner balance data was lost for more than 3 weeks because of operating system issues – dropping of DCOM from supported communication protocols.

Following that session, Kyle Wilhoit from TrendMicro gave a presentation on the ICS honeypot. His discussion demonstrated how easy it would be for a malicious hacker to create a loss of view/loss of control incident.

Kaspersky’s Roel Schoenberg discussed recent incidents including “loss of integrity” incidents. It became evident to the attendees the potential impact this could have on ICS operation. It was truly eye-opening.

One other issue was raised – the concept of the traditional CIA triad – Confidentiality, Integrity, Availability. The ICS community feels the triad is reversed but until yesterday there wasn’t a mention of what was actually missing – O – Operational Controls. ISA99 and others should push to expand and re-order the CIA triad to be AIOC. 

More tomorrow.

Joe Weiss