S4 2008?

Our primary goal in creating S4 was to significantly raise the bar on the level of detail and excellence in published SCADA security research. The community needed and still needs to move from generalizations, hand waving and FUD to rigorous, fact based research and peer review. The authors definitely did this, and the attendees raised the level of discourse. This is something we could claim would happen prior to the event, but we all have heard this before. Now the 11 papers in the S4 Proceedings Book speak for themselves.

Will we do S4 next year? We hope to. Our plan is to issue a call for papers, actively recruit leading edge research to write papers, and if we get 10 high caliber papers there will be a S4 2008. Ideally, the bar will be raised again each year, and papers will need to be even better to get a slot.

Virtual Attendee Program?

From a financial standpoint the Virtual Attendee program was a clear loser. That said it was very cool to have participants from all over the world watching the simulcast and participating in the Q&A session. Some asset owners had three or four people watching the simulcast in a conference room which seems to be an affordable way to participate.

Technically it was a big success. We learned lessons in sound (not all researchers are good with microphones) that will be improved. And there were other lessons learned, but the virtual attendees evaluations indicated it worked well and let them participate when travel was not possible. So we will probably repeat the Virtual Attendee option.

SCADA Security Research Community?

Anyone who attends KEMA, ISA, PCSF, SANS, Distributech, UTC, … will know there is a SCADA security community. However since there was little actual hard technical detail published it was hard to claim a SCADA Security Research Community outside of the National Labs who talk with each other and their sponsors.

The focused technical conversations in the Q&A and the hallways during breaks clearly are start to creating this needed community. It was encouraging to see virtual unknowns in the mainstream events such as Ralph Langner, Lluis Mora and a student from Univ. of Milan share their ideas, tools, and sometimes startling results with the audience. We like the fact that anyone with some great research, regardless of reputation or organization, can claim a spot in S4 and even be named best paper on many attendee evaluations.

On a related note - - we were probably harder on the usual suspect speakers, such as Eric Byres and Matt Franz. Their paper proposals could not be warmed over presentations given at other venues. They needed to be new and with significant technical meat.

Keep It Technical?

Some of the evaluations requested best practice or process presentations. Our approach going forward will be to continue to focus on the technical, and a paper that could be presented at another venue probably isn’t right for S4.

The example I gave after preventing the lure of getting sidetracked on vulnerability disclosure in Day 1 was to say that this is a great topic for PCSF, ISA, …, but not for S4. Now a S4 paper might discuss research on how to use some derivative of a digital rights management (DRM) algorithm to determine who could see selected gradients of vulnerability disclosure information.

S4 Proceedings Book

The S4 Proceedings Book will be available for sale on our site later this week for those of you unable to attend S4.