It is with great sadness that we announce there will be no SCADA Security Scientific Symposium [S4] this January. This would have been the fifth year of S4.
The reason is unfortunate and simple. There was not enough quality research out there to fill the two-day event. While I’m sure we could have filled the program with papers, we did not want to disappoint the stellar S4 attendees with a sub-par program. The fact we needed 2.5 Digital Bond papers and an open debate session to fill last years program was a harbinger. Even if we could get every research effort we wanted to participate in S4 the program would not have met past levels.
Some of the people we notified early about the cancellation thought Stuxnet could carry the program, but I think Stuxnet will be old news by then. Plus Symantec and Ralph have released the most interesting info on this already, and then we have ICSJWG and other conferences to pick up the remaining bits.
Why has there been a decrease in the quantity and quality of public research? Here are some educated guesses:
- Smart Grid and NERC CIP have sucked up a large portion of the talented potential researchers. There is a dearth of professionals in this field, and they are overwhelmed with billable hours.
- Funding for owner/operator control system security, while still low, has increased. The majority of control systems are still dealing with basic issues like securing the perimeter, patching, log monitoring, recovery, … It is still horrifyingly easy to compromise a control system if you can ping it, so focusing on advanced attack techniques or protection is not a priority.
- Some of the coolest research is locked behind classified walls, or done by vendors or owner/operators who do not want the information to be public yet.
- Control system security research is more welcome at other venues such as Smart Grid events and security conferences of every hat color. I don’t think this is a driving reason based on the presentations and abstracts, but there are more venues to provide a technical control system security research paper than five years ago. This is a positive development.
We will continue to look for ways to promote research in the control system security field, and hope to launch a few ideas in January.