Thoughts on the ACS Conference

2008 Applied Control Solutions Conference Overview August 4-7 marked the Eighth Control System Cyber Security Conference. Times have certainly changed. When this Conference began in 2002, it was the only conference dedicated to control system cyber security, and conferences like Black Hat did not address control system topics. This year’s attendance was impacted by the proximity of other conferences such as Black Hat (slightly) and PCSF (significantly). However, there were still approximately 100 attendees from eight countries (Finland, Sweden, Israel, UK, Brazil, Singapore, Japan, Canada, and the US). Conference participants came from electric power transmission, distribution, generation, and nuclear power; oil/gas; chemicals; pipelines; water; and IT. In this age of vendor dominated conferences, more than 80% of the attendees were NOT vendors - end-users, government, universities. The Conference begun with a video keynote message from Congressman James Langevin, D-RI, the Chair of the Committee on Homeland Security’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology. Congressman Langevin made a plea for cooperation and coordination. We did have representation from FERC, NRC, DOD, NERC and the FBI. Ironically, there was no attendance from either DHS or DOE. In order to get end-users to discuss actual control system cyber incidents, the groundrules for the Conference are that presentations are only available to Conference attendees. In the same vein, to get more interesting discussions, the details of discussions will not be made public either.  Consequently, only a capsule synopsis for each day will be prepared. As Alan Paller of SANS would do, here are some selected comments from Conference attendees: “It was slightly out of my field of expertise (power system protection), but nonetheless of considerable interest”.  “It’s difficult to find a conference that follows exactly the control system cyber security issues and this Conference achieved the aim.” “Conference covered a lot of topics, not only computer security. Point of view of different sectors (not only electric) is very useful.” "I was surprised and pleased at the meatiness of the presentations, and the knowledge of the participants. These are serious people, with serious stroke, coming together to discuss a critical topic." Joe Weiss