Training Alert: ICS / 2 Control Systems Security Sessions Coming Up

SGSB readers: first a brief housekeeping note. Due to a dose of awareness I just received yesterday, I'll no longer be including live links in posts. When I want to recommend a web page for you to visit I'll give you the full URL, which you can paste into the browser of your choice (see below).

OK moving on. SANS is developing an ICS & utility focused security practice with NIPSCO's Tim Conway assisting.  And this effort is already bearing fruit, with training classes coming up next month.  Here are the deets for you:

• When: June 11, 2013 (Saturday)
• Where: Westin Houston Memorial City, Houston, TX USA
• What: two courses:

1) SCADA Security Training 

2) Pen testing ICS and Smart Grid

For more info and to register, do what you need to do with the following URL: 

http://www.sans.org/event/scada-training-houston-2013

Special SGSB Offer: use the code SmartGrid2013 when you register and you'll receive $150 off the Pentesting ICS or the Smart Grid or the SCADA Security Training course.

How SCADA/ICS Security Sausage is Made

And like regular sausage making, the process is not always pretty to behold. The company whose computers were targeted by the Stuxnet worm has been working hard on solutions that will better protect its customers going forward. But as in any arms race, it's up to antagonists to show the company is question hasn't done enough yet, or isn't moving fast enough, or both.

In the cyber security business, fortunately, some of the best opponents are faux opponents. Such seems to be the case with NSS Labs' Dillon Beresford (LinkedIn profile). This from today's darkREADING Advanced Threats page, on a presentation that didn't happen in Texas:

In posts to the SCADASec security mailing list, Beresford noted that while he is free to give his presentation at any time, he'll wait until it's safe to do so given the potential ramifications. He said in a post today that "until the products are fixed and the patches have been carefully validated the presentation will remain out of the public domain. As for a definitive timetable on patches, who knows..."

The full article is HERE. Thanks to the established dynamic of this industry, with crack penetration testers challenging suppliers to show they've made necessary security fixes, the truth will out. And eventually, sooner or later (hopefully sooner), utility asset owners will have SCADA/ICS systems that are harder to hack.