October 26th at 8:30am, I will be giving one of the keynote presentations at the 12th Cyber Security Summit in Minneapolis - https://www.cybersecuritysummit.org/. This will be my first in-person presentation since the start of the pandemic (more than 2 years).
The title of my presentation is “Narrowing the Gap - A Unilateral Understanding of Engineering and Network Security” or “The risks of cutting corners to put a square peg in a round hole”. The presentation will address the gaps in control system cyber security, the recent Moody’s Heat Map that identifies critical infrastructures to be at VERY HIGH RISK, and a proposed approach to make control system field devices inaccessible to IT/OT network cyberattacks while improving reliability, safety, and productivity. The singular OT network-centric focus has ignored a cyber path that offensive cyber attackers have used to cause physical damage - the cyber insecure control system field devices.
The reason for the alternate title of square peg and round hole is that IT and OT organizations that use inappropriate IT/OT network security technologies, pen testing, and security policies have impacted control systems – the cure being worse than the disease.