I will be blogging on Joe Weiss’s Industrial Control System Cyber Security Conference in Knoxville the next three days. I’ll be focusing on what is new and interesting rather than give a play by play account. Here is the full agenda if your are interested.

I also brought the mobile podcast rig and will try to grab some audio interviews. If you have a question for a speaker, email it to me.

Check Back Often

9:00AM – Joe Weiss provided his State of the Industry address to the slightly over 100 attendees. Attendance is down from two years ago when I last attended Joe’s event, but I believe about the same as last year. It is a reflection of the proliferation of events such as PCSF, SANS Summits, ISA, UTC, …

Joe definitely is conservative when it comes to control system security. He hit a lot of the traditional arguments – - differences between control systems and IT systems, culture clashs, and myths.

I did think the budget issue Joe brings up is huge. Why is SCADA/DCS such a small percentage of the IT budget for the organization when it represents the process that is the raison d’etre for the organization exists? Why does the asset owner willing spend more for SAP or a storage network than for a SCADA upgrade? The community has been so resistant to change that we have not developed the skills to sell to management the budget requests required to get the resources to maintain SCADA systems in the proper manner.

In a precursor to future presentations, Joe mentioned that NERC CIP has been approved by industry but not by Government who has the last word. As he was describing his theory on what is happening, Mike Peters of FERC jumped in and stated factually that FERC has issued a NOPR and wants everyone to read and comment on the NOPR. After the NOPR results are in FERC will make their decision. Mike’s presentation on Thursday should be interesting.

10:00AM – Wayne Manges with Oak Ridge National Lab and Chair of ISA100 presented on wireless in control systems.

The nuclear industry is actually an early adopter of wireless. Wayne gave the example of a $14M 802.1b sensor network at Comanche Peak nuclear power plant.

The drivers for wireless will not go away and will carry the day in the end. A Committee of President Advisors determined that there will be a “10% savings in energy and a 15% reduction in emissions with wireless sensors” and “only 10% of the useful measurements are made today”.

3% jitter will cause a problem in a PID control loop. Performance is an issue.

400 members on the ISA100 committee. How many people are working 10 hours a week on the standard? 40 people and 6 are working 40 hours a week. A lot of effort on this set of standards.

ISA100.11a will be monitoring and soft (>100ms) control coming out in draft form in late 2007.

3:40PM – We had a number of sample implementation presentations on Dust Network, Apprion and SEL’s wireless solutions. There is neither the time nor the audience to get into the technical details on these solutions at this event. There was an interesting discussion about the need for centralized key management so keys can be changed when an engineer becomes disgruntled and leaves.

5:00PM

Now Jake Brodsky, a frequent commenter, is talking about wireless in the water sector. Lots of interesting information on interference, antennas

Here is my presentation on SCADA Honeynet Results from the event.

Eric Hjelmvik from Vattenfall is talking about secure remote access, but his first slide is very interesting. Vattenfall funded a proof of concept deep inspection firewall for the IEC 60870-5-104 build around iptables. They are hoping a vendor will take this work and turn it into a product. I’ve already blogged on my skepticism if there is a market for this.

Eric’s presentation is actually quite interesting on CIGRE and a NERC CIP-like audit that couldn’t be completed in two days – - which he knew going in.