The SCADA Security track had four presentations on day two:

1. PCSF: Mike Torppey, Mitretek

Mike focused on the projects going on in the Working Groups and Interest Groups. See www.pcsforum.org for info on this work.

2. My SCADA Honeynet presentation

3. NERC CIP: Scott Mix, KEMA

Scott knows more about NERC CIP than anyone I know. NERC is now officially the ERO (and the only company to apply) and moving forward with trying to get the NERC CIP standards approved by FERC with a target of the fall. The presentation focused on how to identify critical cyber assets and design electronic and physical security perimeters. These are key early steps towards compliance.

I found the discussion on enforcement to be interesting. The general NERC approach is to be positive towards helping entities comply and a reluctance to fine or even threaten to fine. The money for NERC comes from the companies that comprise the bulk electric systems, the same people the ERO (NERC) is suppose to insure are compliant with the standard. Furthermore, audits are typically performed by representives from peer entities in the region, rather than a group at NERC.

It will be years before we find out if this effective because audit is years away, but it will be interesting to watch if this unique approach can be effective. Will the ERO get tough when necessary? Will a consistent level of audit be applied?

4. Passive Monitoring: Ron Gula, Tenable Network Security

It is often dangerous to do widespread active scanning on control systems, so the concept of passive technologies, that don’t block or alter data, is very applicable to this industry. We recognized this early on and was one of the reasons we focused on adding SCADA intelligence to network IDS. Identifying systems and potential vulnerabilities by looking at the traffic and logs is an interesting approach. Probably a topic we will blog on in more detail later. (Full disclosure: Tenable is a Digital Bond client).

Day Three

I eagerly got up to attend a 7:45 information sharing keynote panel. It was all Government and law enforcement (disappointing) and focused on how they shared information amongst themselves. Clearly an important topic, but InfraGard was created for public / private information sharing as well as sharing between communities of interest. This type of information sharing has been almost a universal failure, not only at InfraGard but in numerous other efforts. There are research $$$ trying to solve this problem, but to date it is hard to point to a real success story, at least in the control systems space.