“Come Together” Theme for S4x17 ICS Community
The theme for S4x17 is Come Together. And we felt it was perfect for this year’s event for very positive reasons and to address an increasingly negative trend.
Positive: We are at a time where other areas of study and commerce are highly interested in getting involved in ICS / Industrie 4.0 / Industrial Internet / IIoT or whatever you choose to call it. This is a fantastic opportunity to bring a lot of talent, money and other resources to the issue of having more robust and secure ICS, as well as increasing automation and making the underlying processes dramatically more efficient and businesses more profitable.
While the majority of the sessions at S4x17 will still be the top talent in ICS cybersecurity and OT presenting leading and bleeding edge material, we worked hard to bring in related field experts to expose the thought leaders to what is coming and what is possible. Some examples:
- Machine Learning — Kathryn Hume of FastForward Labs is part of a team that shows businesses and sectors the benefits, algorithms, strategies of machine learning as applied to their environment and business needs.
- Psychology — How do you detect the malicious insider. Security controls are often ineffective because the insider administers those controls. Eric Shaw of Stroz Friedberg is a Clinical Psychologist and former intelligence officer. I found the technique they have developed amazing and the effectiveness numbers are impressive.
- Political Affairs — Richard Clarke, Special Advisor on Cyber to President Bush and a host of other high level USG positions, will bring us into the world of how governments are thinking in offensive and defensive terms in ICS.
- Economics — Alvaro Cardenas has a fascinating case study on how economics drove attacks on the Colombian power grid and a couple of other related cases. I would say that Economics is also likely to come up in the insurance session and ransomware sessions, and the economics is one of the big impediments to II0t security.
- Workforce Development — We are putting a high school class through two days of innovative ICS training, and you will see the results on Thursday.
These are just some of the examples. Don’t worry we still have the uber technical hacking and latest defensive techniques as well as talks on ICS certification, ExxonMobil’s open effort and more.
We believe, and it is our hope, that S4x17 will bring new ideas and foster new relationships that will help the ICS community come together and welcome outside experts and fields of study.
Negative: There is knee-jerk reflect in communities that have been typically small and required specialized skills to put up barriers and exclude new participants if they have a different background or do not fall in line with what the community has been saying for the past decade.
Simple examples in the ICS community are getting dogmatic about terms like SCADA vs DCS vs ICS, Unsolicited Response vs. Report By Exception, differences in industry sectors, etc. It’s not that these are unimportant or shouldn’t be clarified, but when they are used to shut down a different point of view it hurts the community.
Ad hominem attacks on new participants who may have different experience than a 10+ year member of the community are not helpful and will discourage a lot of the people we need in this industry. Like many small, specialized communities, the ICS community can be insular and static … we tried that and it didn’t work / OT is different than IT / we don’t have the money, people, etc.
Our hope is that the S4 attendees, who represent some of the smartest and most forward thinking people in the community, will help reverse this trend.
Background: Digital Bond’s S4 Event every January in Miami South Beach draws the top technical talent and thought leaders in ICS Cybersecurity and Operations Technology (OT). It’s grown from ten years ago being 40 people in a two day conversation to 300+ people watching and participating in events on 3 Stages over 3 Days plus a ICS CTF, parties, sponsors and more. We set the bar high to get on the agenda because the typical attendee is someone who speaks at other events and definitely knows OT & SCADASEC 101.