The US Industrial Control Systems Joint Working Group (ICSJWG) 2012 Spring Conference was held last week (May 7 – 10, 2012) in Savannah, Georgia. The purpose of the 4 day conference was to “provide control systems stakeholders from industry, government, academia, international, vendor, and research and development communities with an opportunity to network and engage in discussions related to securing control systems.”
The first day consisted mostly of working meetings, the next two focused primarily on presentations covering a wide range of topics, and the last day consisted of a training session: “Introduction to Control Systems Cybersecurity.” The agenda and conference details can be found here.
Bayshore Networks was an active participant at the conference, and we think there are several key takeaways from this conference that should be considered going forward.
First, awareness of the increasing threat to industrial and infrastructure controls security is up; attendance at this conference alone was up over 30 % according to one estimate.
Second, as debate continues around who is responsible for industrial control security, it’s becoming clear that industrial control equipment vendors need to do more and they are, now, stepping up their efforts to add security features to their products. But an important question needs to be asked: What are the roles of pure-play security companies?
Most enterprise security companies do not understand industrial control protocols, and therefore their roles are limited. Bayshore Networks supports multi-protocol, and our Layer 7 SCADA Firewall (which supports Modbus, DNP3, IEC 61850, and others) is at the right place at the right time.
We think DHS is already playing a very constructive role. “Smart” regulations will drive pervasive adoption of next-generation industrial control security technologies and, in effect, secure our nation’s critical infrastructure. Deputy Under Secretary Weatherford, in his speech on Wednesday, emphasized that the private sector will drive the security standards and requirements but that DHS will help enforce the requirements.
We here at Bayshore Networks believe this is the right approach.