We barely squeezed the August edition of This Month In Control System Security in before months end. Two interviews in this edition.
Joel Langill, The SCADAHacker on Network Access Control (NAC) in ICS
In an earlier twitter discussion on Siemens, Joel advocated the use of NAC as a significant step forward in securing ICS. We have not yet seen NAC in ICS, and NAC has had a rocky road in IT security. So I was curious to get Joel’s view on why and where an owner/operator should consider NAC.
It ends up being a bit of a debate, friendly of course, with the closest thing to an agreement is that NAC may be best applied to a switch in a DMZ. I encouraged Joel to report back when he has some real world case studies of NAC in ICS.
I actually believe we don’t have enough debate or frank discussions in the community. It is refreshing to see Joel take a different tack and defend it. After all, this is the same community that thought technical security controls like anti-virus and firewalls could never work in ICS.
Patrick Miller of EnergySec on what people at conferences are talking about
Patrick and the EnergySec crew have been attending a huge number of events lately as part of their outreach effort. Patrick and I talk about the top three items getting attention (I found #3: Detection to be the most interesting), surprises at the events, what vendors are asking for, and the EnergySec annual conference.