Thursday, November 1, 2012

Joe Weiss' 2012 ICS Security Conference Highlights

The twelfth ICS Security has come and gone, and it sounds from the tone of Joe's write-up that whatever progress there's been to date in awareness and/or improved capabilities has been frustratingly slow and incremental.

After twelve years, I guess we can call that a trend.  Nevertheless, the best parts often seem to involve drama related to actual events in the field. Here are Joe's notes on two of them:

An international utility was prepared to share information dealing with a recent cyber security assessment of their nuclear plant control-systems performed by third parties. However, because of a threat by their vendor, they did not present. This decision also affected Ralph Langner's decision not to present. This international utility's assessment and analysis program is more comprehensive than existing US Nuclear Regulatory
Commission (NRC) guidance. This raises questions concerning the adequacy of NRC cyber security guidance and therefore the adequacy of cyber security programs of all US nuclear plants. It should be mentioned that NRC attended the conference.

A water utility described a disgruntled insider compromise. It took them a period of time to get the FBI to even respond. When the FBI finally responded, they took the utility's hard drive and the replacement hard drive did not work. It took a number of days to get a hard drive that would work. Fortunately, the utility had mirrored hard drives and was thus able to continue operation despite the loss of the one hard drive.

Joe and I stay in touch in between bumping into each other at conference, and most recently discovered the disproportionate amount of security scrutiny one ICS vendor has been getting, agreeing that products from all vendors need to be vetted more carefully (as covered HERE).

And click HERE for Joe's full conference write-up.