I attended the East-West Institute (EWI) First World-Wide Cyber Security Summit May 3-5 in Dallas. There were approximately 500 attendees from 40 countries represented. The stated goals of the Dallas Summit were to:
- launch a comprehensive international cybersecurity awareness campaign by governments and businesses about the growing cyber-threats to the digital economy
- facilitate representatives of the “Cyber 40” to identify the problems with particular emphasis on those that pose a common threat
- facilitate joint action and new agreements through intensive working group interaction on working groups focused on the critical sectors of finance, energy, telecoms, transportation, essential government services, and defense.
There have been a number of articles on the Summit so I will focus on my observations. It was extremely interesting, particularly with the level of attendees. What was just as interesting as who attended was who wasn’t there. There was no representation from any electric or water utilities – even the local Dallas utilities. Additionally, there was no representation from any ICS vendor. After pointing this out to the conference organizers, I was asked why they didn’t attend and what should be done to get them to attend the next Summit schedule for next year in London. Like many other IT and policy conferences, the focus was on policy which many industrial end-users feel is the purview of the government. The name “Cybersecurity” implied IT not operations. The focus was on the Internet and IT/telecom/defense infrastructures - none of the keynote speakers addressed safety or reliability. Finally, none of the key leaders or keynotes was from the industrial community. Consequently, ICS issues did not directly fit in the agenda.
Tuesday afternoon and Wednesday morning were breakout sessions. There were a total of eight breakout sessions with one session on Energy that was to be focused on “Smart Grid” and one on Transportation. We had approximately 15 people in Energy breakout. The Tuesday discussions were further broken into discussions about Smart Grid, Nuclear Power, and Oil/gas. On Wednesday, the Energy breakout discussions were more general focusing on why senior management and politicians did not consider control system cyber security to be of significant importance - sound familiar. On Wednesday morning, I went to see what the Transportation breakout had identified. Two of the major representatives were American Airlines and BNSF Railroad. Their focus was primarily on data – control systems and safety were not explicitly addressed. I mentioned the issues of the Air France crash and the DC Metro train crash. When the Transportation Group gave their breakout summary Wednesday late morning, they did mention control systems and safety.
The next Summit is scheduled for a year from now in London. I have been asked to help in terms of trying to get more industrial control system participation. As an aside, IEEE was one of the sponsors – ISA was pretty much unknown to most attendees.
Joe Weiss
