TransAtlantic Cyber Security Summit - Observations

Nov. 30, 2012
November 27-28, the Georgia Tech Research Institute and the US Office of Naval Research Global held the TransAtlantic Cyber Security Summit in Dublin, Ireland. The agenda can be found at http://www.siliconrepublic.com/events/event/2927-transatlantic-cyber. There were approximately 60 attendees from Europe and the US. The presenters were some of the top cyber security people from the academic and defense communities. As is so often the case, I was the only speaker from the industrial control systems (ICS) community.

November 27-28, the Georgia Tech Research Institute and the US Office of Naval Research Global held the TransAtlantic Cyber Security Summit in Dublin, Ireland. The agenda can be found at http://www.siliconrepublic.com/events/event/2927-transatlantic-cyber. There were approximately 60 attendees from Europe and the US. The presenters were some of the top cyber security people from the academic and defense communities. As is so often the case, I was the only speaker from the industrial control systems (ICS) community. Again, as usual, much of what I had to say was new as most of the attendees only knew of ICS through the amorphous term "SCADA". There were a number of points I felt were important:

  • Georgia Tech gave a very interesting presentation on malware. They stated that there are immense numbers of malware created daily (hundreds of thousands). Not all of it is new, but repackaged or simply recompiled. They showed that many anti-malware products can identify the initial malware, but once it is recompiled, the existing anti-malware software doesn't recognize it. This is consistent with a presentation at last year's ICS Cyber Security Conference about malware (in this case Conficker) on a control system network that was not identified by the up-to-date McAfee Anti-Virus software.
  • The level of understanding of ICS was not very high. One of the attendees who was responsible for performing vulnerability assessments of his facilities told me he did not address SCADA as he assumed SCADA was "an isolated system in the corner". Another Compusec manager said SCADA was not yet in scope for his organization.
  • The second World Cyber Security Technology Research Summit - Belfast 2012 (http://www.csit.qub.ac.uk/News/Events/Belfast2012/) had no ICS attendance. When I asked why, I was told the ICS organizations they contacted were not interested. This is similar to the lack of ICS organizational attendance at the 2010 East-West Cyber Security Summit.

Following my presentation, there appeared to be a new appreciation and significant concern about the state of critical infrastructure protection.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...