Here are a few more thoughts and observations from ICSJWG…

• We taught our Using and Customizing SCADA Security Tools course on the Monday prior to ICSJWG. Seeing the students in the class use and customize Bandolier was exciting and, for me, helped set the tone for the next couple of days. Dale already covered some other Bandolier notes from the conference. The only thing I want to add is that I think control system vendors like AREVA and Telvent using the Bandolier audit files at FAT and SAT is a huge security win for the industry.

• The term “information sharing” became a little frustrating in the day 1 subgroup meetings. Perhaps we should be more specific about the type of information we wish to share and the direction of that information. Examples: sharing threat and vulnerability information from government to industry, sharing meetings and plans between ICSJWG subgroups, etc… I think it would help keep things clear for people who may be new to the conference or industry.

• The number of people there made the side conversations really interesting. Also, the number of tweets and tweeters probably set a record for a SCADA/ICS security conference. It’s nothing like the back-channel live chat at S4, but does add some fun.