ICSJWG – recharging industrial cyber security

Submitted by Eric Byres on Thu, 2010-10-28 15:42

The Industrial Control Systems Joint Working Group (ICSWJG) Fall 2010 Conference just wrapped up today. For the first time, I was glad I attended. It was three days well spent.

If you haven’t heard of ICSJWG, you are not alone. It is a US-Department of Homeland Security initiative to give vendors, researchers and end-users a chance to network and explore the issues that make securing SCADA and industrial control systems difficult.

Unfortunately after the Spring meeting I was ready to write it off. I wasn’t alone – at that meeting the lack of researchers from key government agencies had many people wondering if ICSJWG was on its last legs.

This time ICSJWG was very different.

Stuxnet energy

Certainly Stuxnet has helped. The energy in the room was very different – people were no longer talking about theory – there is a real worm causing real havoc to someone’s control system (we still don’t know who). And there is no doubt that copy cat worms attacking other control systems will follow at some point. (I have yet to see a piece of revolutionary malware like Stuxnet NOT get reused by others.) So end-users really want security solutions now.

The other thing that was different were the people in the room – at previous ICSJWG meetings, it felt like an old-boys club. This time there were lots of new faces and new ideas. New ideas are what we need.

Finally the program was much better. The opening government talks were insipid and best missed, but after that the meeting really heated up. The session talks were professional, focused and (except for one glaring example) non-commercial. Discussion was heated and constructive. The Stuxnet afternoon was very interesting, especially the talk by Eric Cornelius of INL (Idaho National Labs).

Missing: Power Transmission & Distribution crowd

One group that seemed to be missing was the Power Transmission & Distribution crowd. Tim Roxey from NERC did a great job, but where were the 1900 or so NERC members? Maybe they are too busy trying to comply with NERC-CIP to bother about securing their control systems. More on that later…

Industrial Control System security is now a top priority

If you are an automation engineer who has not prioritized security projects to date, likely your organization is prioritizing it now. One way to get on top of this topic is to follow and gather information from meetings like ICSJWG. I will be at the next one, and I suggest you consider it too.

 

RSS Feed Subscribe to the "Practical SCADA Security" news feed

Add new comment