Further Information On September 20-23 ACS ICS Cyber Security Conference

July 26, 2010

ICSs are designed for performance and safety, not security. The recent Siemens Programmable Logic Controller (PLC) and VxWorks (real time operating system for ICS field devices) vulnerability disclosures lay bare significant security gaps in ICSs. Moreover, the differences between IT and ICSs led to the conflicting recommendations on the Siemens PLC vulnerability by Microsoft and Siemens. The Siemens and VxWorks vulnerabilities coupled with the Hatch Nuclear Plant cyber incident demonstrate we are still learning what is unique about ICS cyber security.

ICSs are designed for performance and safety, not security. The recent Siemens Programmable Logic Controller (PLC) and VxWorks (real time operating system for ICS field devices) vulnerability disclosures lay bare significant security gaps in ICSs. Moreover, the differences between IT and ICSs led to the conflicting recommendations on the Siemens PLC vulnerability by Microsoft and Siemens. The Siemens and VxWorks vulnerabilities coupled with the Hatch Nuclear Plant cyber incident demonstrate we are still learning what is unique about ICS cyber security. Despite the perception that ICSs look like IT systems, they are not and need to be addressed accordingly. This has enormous implications for the Smart Grid, nuclear plants, and other critical infrastructures.  ICSs must continue to operate – cyber security mitigation cannot be allowed to impact their mission. Yet, as of today there have been little discussions between the ICS domain experts and cyber security experts to try to prevent the unintended consequences that CONTINUE to occur to these critical systems. Consequently, like last year’s conference, here is a peek at what to expect at this year's ACS Conference:

- Presentations by end-users providing first-hand experience on actual ICS cyber incidents.
- Input and participation from the Navy and Air Force as ICS cyber security also directly affects them.
- Presentations by the Nuclear Regulatory Commission (NRC) and FERC
- Demonstrations of ICS cyber vulnerabilities.
- Significant time allocated for open discussions on how to address the problems. And lastly, because this subject is so important to them, at least one member of Congress and the Chairman of FERC are adjusting their schedules to speak to the Conference.

We are finalizing the contract with the hotel early this coming week, You will be notified when the website will be open for registration. As with previous ACS Conferences, the presentations will only be available to Conference attendees.

PS - The next meeting of the ISA 67 joint working group on nuclear plant cyber security will be Monday Morning September 20th at the hotel. Additional activites in conjunction with the Conference are being finalized.

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.