CONFERENCE SUMMARY:2009 Control Systems Security Conference
Applied Control Systems (ACS) recently held the Ninth Control Systems Cybersecurity Conference in Bethesda, MD. The conference, which focuses on industrial control systems in a range of applications, was attended representatives from US and International water and electrical utilities, control systems and IT suppliers, gas/oil and chemical companies, universities and government agencies. The conference agenda is viewable here.
Topics included the need for a technical curriculum addressing control system cybersecurity as well as control system-specific IT for engineers. The conference also had sessions discussing actual control system security breaches, with engineers from multiple utility companies describing their cybersecurity incidents, one of which actually shut down the plant. Both engineers agreed that, unfortunately, suppliers were of little assistance in supporting the cybersecurity of their control systems, highlighting the need for more advanced, integrated, security solutions in industrial control systems.
The conference came to a close with training sessions provided by the National Institute of Standards and Technology (NIST), covering two of their major guidelines for cybersecurity in the control system setting:
"SP800-53: Recommended Security Controls for Federal Information Systems and Organizations," and "SP800-82: DRAFT Guide to Industrial Control Systems (ICS) Security."