I attended my first ICSJWG since 2011 last week in Indianapolis. It was an ok event with some interesting talks and a chance to reconnect with familiar faces in the ICS industry. It is however a far cry from the must attend DHS event back when it was called PCSF. I rate a few other similar events, such as WeissCon and the SANS Summits, as much better. The main thing ICSJWG has going for it in its current form is the price — it’s free.
This is disappointing because there is a place for a premier US government event in ICSsec. Below are recommendations for the next ICSJWG.
1. Have the best, can’t miss government sessions
a) ICSJWG should be the event where DHS and other USG organizations make the most important, can’t miss ICSsec announcements of the year. I don’t believe there was any news at ICSJWG … and little or no press.
b) Throw in a big government name speaker each day. The Indy ICSJWG had Governor Mike Pence, DHS Assistant Director Touhill and NCCIC’s Larry Zelvin. This hit the mark and should be continued. These presentations often lack new information, but the audience likes to see the names.
c) It also should be the event where the government explains in detail the most important programs. The Indy ICSJWG had a big miss on the NIST Cybersecurity Framework, arguably the most important USG ICS initiative. A NIST representative read a dry speech to the audience that included little new or helpful information. The DHS speaker on the subject was a no show so she read his speech as well. An attendee could reasonably draw the incorrect conclusion that now that the document is out the effort is over.
ICS vendors, asset owners, consultants and other ICS security professionals should feel ICSJWG is where important USG information will be revealed and explained in detail. This is the most important and easiest improvement for DHS to make. (And just to be clear, this does not mean more presentations explaining the bureaucratic organization structures in the USG)
2. Hold a professional event
This is a hard criticism, because I know some of the organizers worked hard on ICSJWG Indy. If that truly is the best that can be done due to USG limitations then don’t hold ICSJWG.
- Publish the agenda earlier, two months before the event
- Have some basic refreshments at the breaks. There is no coffee or drinks or snacks or even tap water at the breaks. This may seem petty, and a fancy lunch or party is not necessary, but it’s common courtesy and a bit embarrassing that there are not basic refreshments.
- Find a quality venue. The main auditorium had a very poor projector, strangely inconsistent air con, and no power for laptops. The break out rooms had problems as well. I know they like to move ICSJWG around, but perhaps they should stick with a quality government venue in DC. The possibility of holding the next ICSJWG in Idaho Falls would be another big mistake. (The Indy area was great and well received; walk to everything)
3. Only one ICSJWG event each year
Based on the agenda, there is not enough content to hold two events a year, and they would be better served placing all the effort on one quality event each year. It also would draw a bigger crowd and more buzz.
4. Something special
There should be something new each year. The classified briefing may have qualified this year. I don’t have a clearance so I’m not sure if it provided helpful and new information, but it is something that other events could not offer.
I’m rooting for ICSJWG. With all the advantages they have, and admittedly some bureaucratic challenges, it should be a great event and an important way to move forward the public / private partnership that is often touted as being so important. If it is no longer a priority and can’t be significantly improved it should end.