DOD Critical Infrastructure Cyber Security Conference

I just returned from the San Diego Chapter of the Armed Forces Communications and Electronics Association (AFCEA) C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) Symposium – "Tools and Technologies for Protecting Critical Infrastructures". The conference website is at www.http://symposium.afcea-sd.org/ - however, it has not been updated to reflect the actual agenda. The term “critical infrastructure” was thrown about liberally but it was referring to the IT infrastructure. As an example, the presentation before me was given by a lawyer discussing the different policy and regulation issues affecting critical infrastructure and DOD. Hard as it was for me to believe, his examples of critical infrastructure did not include electric, water, oil/gas, etc. The Conference reminded me of the Cyber Leap Year Conference last August in that many of the advanced techniques being presented may be a panacea for IT systems but could be lethal to legacy control systems. There was agreement there is a need for interdisciplinary activities which is great. Because of the IT-focus, my presentation on cyber security of control systems was new to many and generated significant interest and questions. It was very evident that more education and training are needed. Hopefully as DOD takes control system cyber security more seriously, industry will also.Joe Weiss