14 May, 2007

Control System Cyber Security Conference Registration Information

Joe Weiss is putting on a control system cyber security conference August 13th - 16th.

Here is his announcement.

The website for the August 13-16th Annual Control System Cyber Security Conference to be held this year in Knoxville, Tennessee is ready for registrants at http://realtimeacs.com/. (Please go to www.realtimeacs.com and click on Register for the Conference on the right toolbar.). The host hotel for this exciting event is the Knoxville Marriott.

The Conference is focused on industrial control systems. There is more commonality between control systems, control system suppliers, and control system communication protocols between different industries than the IT infrastructure within a company. This was the rational for ISA establishing SP99 to address cyber security on an industry-independent basis. Common control system policies, procedures and cyber vulnerabilities apply to electric power, water, oil/gas, chemicals, manufacturing, etc. Focusing on any one industry diminishes the value of information sharing.

The term “cyber security” is an IT artifact that does not reflect the need to assure control system reliability and availability. Generally, the term cyber security refers to protection against attackers. For this Conference, the term cyber security refers to all electronic communications that could impact the performance of control systems. This definition includes intentional events (eg, viruses and worms), malicious events (eg, hackers), and unintentional events (eg, inappropriate policies and testing). Based on the data I have collected, there have been significantly more unintentional events than intentional ones. Some of these unintentional events have caused significant damage. I believe there will be significantly more unintentional events than intentional events until appropriate awareness, policies, procedures, technologies, training, and testing are in place. Consequently, the Conference will focus on the need to maintain control system reliability and availability in the age of interconnected systems and modern communications.

The draft agenda will continue to be updated. As in the past, the agenda will remain flexible enough to address recent issues of interest. Two topics that I believe will be of interest to all are:
(1) The detailed analysis of a cyber incident that directly contributed to a gasoline pipeline rupture resulting in significant environmental damage and deaths, and
(2) A discussion of a recent broadcast storm at a commercial nuclear power plant affecting plant equipment that significantly reduced power production and resulted in a manual scram of the plant.
In addition, there will be a poster session of current industry and standards organizations efforts on control system cyber security. These are just a sampling of some of this year’s instructive and enlightening topics that you won’t want to miss.

The Kingston Steam Plant Tour promises to be one of the many highlights of the Conference, but since Kingston is an operating power plant and August is a power-hungry month, we must limit the number of attendees to the first 40 interested registrants. Consequently, when you fill out your registration form, please indicate if you wish to take the tour by checking the appropriate box and filling out the corresponding TVA forms.

We would also like to get an accurate count for the Monday afternoon training session and the Thursday afternoon - Friday morning NIST workshop. Again, please check the appropriate box on the registration form to assure your space.

If you have any questions on the technical content of the Conference, please let me know. If you have questions concerning the Knoxville Marriott Hotel or other administrative questions, please contact MaryAnn Gerst at
maryann@atfab.com or (505) 822-1705.

I look forward to seeing you in Knoxville,

Joe is a good guy and quite enthusiastic about the field.