Tuesday March 22nd, the US Government’s National Coordination Office for Networking and Information Technology Research and Development (NITRD) held an invitation-only Assumption-Buster workshop on cyber security defense-in-depth. There were approximately 60 attendees, though only two had ICS ties – myself and a representative from the Sandia National Laboratory. There was a free flow of ideas but most were focused on IT issues. As there was a representative from the oil/gas industry (IT security), I raised the issue of separation of control and safety because commingling control and safety can defeat defense-in-depth. I was asked to make a presentation on ICS cyber security. There were many questions as it appeared the technical and cultural ICS issues were not commonly known to most attendees. Hopefully, there are now more mainstream cyber experts aware of ICS concerns and willing to work with the ICS community.
Joe Weiss