Just a few items left to mention:

- Mike Lombard, Director of CIP/Cyber Security Strategic Issues in the National Cyber Security Division of DHS retired. Mike was an active proponent and participant in PCSF and other industry efforts. A loss to DHS, but best wishes to Mike in his retirement.

- A couple of pilot projects were discussed. Peoples Energy will be piloting Thales AGA-12 encryptor soon, and PGE is piloting the Natis field security device.

- Eric Byres gave information on BCIT’s latest research named Project Achilles. It is a platform designed to test PLC’s and other field devices for vulnerabilities in a QA lab. It is much too effective to test systems in production environments, and there is concern about this code getting out into the wild.

Two interesting points in the presentation. First, many PLC’s run on OS-9, but the PLC vendors do not inform their customers that an OS-9 vulnerability will affect the PLC. Second, early testing has found 9 critical vulnerabilities and 28 warnings. Will a testing program like this eventually be required by industry or by individual asset owners in RFP’s?

- An impressive job by the InfraGard national team to pull together this inaugural conference in three months with all volunteers. Equally impressive was getting both the FBI Director and Secretary of DHS to speak.

- I have posted my InfraGard presentation on the Digital Bond presentation page. A lot of the same information from previous presentations. You may want to look at the last couple of slides to see two examples where getting data from IDS, firewall logs, SCADA logs and other sources can help tell the difference between a normal action and a cyber attack.

If you are hungry for interesting statistics, come back in two weeks to look at my KEMA presentation. I have fresh statistics from Counterpane, Lurhq and Symantec including the first statistics coming from the Modbus IDS signatures.