A quick heads-up to mark your calendar for the 12th ICS Cyber-Security Conference. It will be held the week of October 22, 2012 in Norfolk, VA hosted by the Virginia Modeling, Analysis and Simulation Center (VMASC).

As with previous editions, the conference will address current relevant ICS cyber-security issues.

I gave a presentation on May 10th at the High Tech Crime Investigation Association Meeting (HTCIA) in Menlo Park, CA on Industrial Control System (ICS) Cyber Security. As with most presentations, the unique ICS issues were new to most of the attendees but I wanted to share two tell-tale reactions from that day.

There have been numerous articles, white papers, and webinars on securing industrial control systems (ICSs). Almost all have focused on securing the IP networks.  This is certainly part of the solution, but NOT the entire solution. ICSs are engineering systems with cyber-sensitive systems that include network components as well as engineering components.

According to LIGHTS (http://www.infosecisland.com/blogview/20649-Shining-LIGHTS-on-ICS-Cybers...), "Large asset owners have vastly complex operations and accordingly stringent requirements. The process of assessing their current security status and doing anything about it is similarly resource-intensive. Making a significant improvement in realized security at these organizations often occurs over the long term.

I have been informed I will be receiving the 2012 ISA Power Industry (POWID) Division Service Award at the June ISA POWID Symposium. ISA POWID is the international standards organization for power plant instrumentation and control systems.

@ABBAPWorld: An Unsecure Plant is Not a Safe Plant: Hacking SCADA Systems

Jonathan Pollet, of Red Tiger Security, an extremely well known Industrial Control System and SCADA security authority reprised the lecture he gave in March at SANS. Marcus Braedle of ABB, the session host, was at some pains to assure the listeners that the point of the talk was to illustrate what could happen to anybody, not to trash any of the companies whose equipment was used as examples.

The  linked-in site, Cyber Security Forum Initiative, has the following thread: “Unfixed SCADA security holes are growing.

Earlier this week, DHS Secretary Janet Nepalitano came to San Jose State University to recruit college students for a career in cyber security. She mentioned that DHS has been hiring computer scientists, analysts, etc but didn’t mention control systems. This afternoon I sat in on a call with the Navy with a similar conversation.  In both cases, the intent was to get to kids early to get them interested in a career in cyber security.

The annual report of the Repository for Industrial Security Incidents (RISI) has been released by the not-for-profit Security Incidents Organization, which produces the report annually. Here's the press release from John Cusimano at SIO:

2011 REPORT ON CONTROL SYSTEM CYBER SECURITY INCIDENTS RELEASED

In April's Control: Remote Access Goes Mainstream. Find out why it's one of the fastest-growing and accepted technologies to hit the process control industries; plus, how an upstate New York brewer saves $230,000 a year with a flow controls upgrade; what's new in SCADA; and the story of Southern States Chemical's new sulphuric acid plant, built with a combination of recycled equipment and the latest in processing technology. Also, don't miss this month's Control Talk, featuring Greg McMillan and Stan Weiner's column "New Paradigms for Lab Control Systems."