2010 ACS Conference

The 2010 ACS Conference is September 20-23, 2010 with NIST holding a follow-on session September 24. The Conference will be held in Rockville, MD (Washington DC Metropolitan Area).

Based on the testimony of the the chief electronics technician aboard the Transocean-owned Deepwater Horizon, the BP Oil Spill disaster was a control system cyber incident. Discussions will include the cyber aspects of the BP incident as they mirror those of the Bellingham, WA gasoline pipeline rupture 11 years ago.

The Draft Conference Agenda is available for review.

The Presentations are available for download. Contact Joe Weiss for access.

The Current list of Conference Sponsors is available for review.

The Hotel Information and directions are available for use.

The Registration Process is up and ready for use.

Weather:
Highs in the low to mid 70’s, Lows in the high 50’s to low 60’s, with a chance of rain during the conference.
It should be glorious weather to view our Nations Capital and the surrounding country side.

Conference Background:

ICSs are designed for performance and safety, not security. The recent Stuxnet worm affecting Siemens Programmable Logic Controller (PLC) and VxWorks (real time operating system for ICS field devices) vulnerability disclosures lay bare significant security gaps in ICSs. Moreover, the differences between IT and ICSs led to the conflicting recommendations on the Siemens PLC vulnerability by Microsoft and Siemens. The Siemens and VxWorks vulnerabilities coupled with the Hatch Nuclear Plant cyber incident demonstrate we are still learning what is unique about ICS cyber security. Despite the perception that ICSs look like IT systems, they are not and need to be addressed accordingly. This has enormous implications for the Smart Grid, nuclear plants, and other critical infrastructures. Moreover, Stuxnet demonstrates that a sophisticated nation-state attack on ICSs will most likely not be discovered by the ICS community - the IT community is critical to discover these types of attacks.

ICSs must continue to operate – cyber security mitigation cannot be allowed to impact their mission. Yet, as of today there have been little discussions between the ICS domain experts and cyber security experts to try to prevent the unintended consequences that CONTINUE to occur to these critical systems. Consequently, like last year’s conference, here is a peek at what to expect at this year’s ACS Conference:

  • Presentations by end-users providing first-hand experience on ACTUAL ICS cyber incidents.
  • Input and participation from the Navy and Air Force as ICS cyber security also directly affects them.
  • Presentations by the Nuclear Regulatory Commission (NRC) and FERC
  • Demonstrations of ICS cyber vulnerabilities.
  • Significant time allocated for open discussions on how to address the problems.

    • And lastly, because this subject is so important to them, at least one member of Congress and the Chairman of FERC are adjusting their schedules to speak to the Conference.

    As with previous ACS Conferences, the presentations will only be available to Conference attendees.

    Additional notes:
    - The ISA 67 Joint working group on nuclear plant cyber security will meet Monday morning September 20th at Rockville Hilton.
    - NIST will hold a session Friday on Smart Grid and the NIST Risk Management Framework (SP800-53, NIST SP800-37, and SP800-39) at the Rockville Hilton.