Wednesday, February 06, 2008

The 2008 S4 Scada security conference

We recently atteded the S4 conference in Miami, USA, facilitated by Dale Peterson and the good people of Digital Bond. 

S4 is the SCADA Security Scientific Symphosium, a yearly event held in the end of january.

S4 is a rather small and intimate event that makes you feel that you are on the first row in the conference room and at the same time really have first hand access to the worlds technical expertise to the professionals in the SCADA Security arena. It is amazing to realize that there are only a few handful of people qualifying for that title.

The symposium had eight invited speakers, some very good, some less scientific or relevant. Both keynote speakers where really good. Day one Steve Lipner the Microsoft’s Senior Director of Security Engineering Strategy gave a talk on security with regards to systems and software development. If only SCADA vendors and other in the automation business would start to work according to this methods, things would certainly look a lot better.

Day two, Dave Aitel described the way a serious security researcher or a skilled attacker works when he (she?) reverse engineers executable code and proprietary and unpublished communications protocols. I just hope that this is the eye opener that many people really need. They all should know Shannons maxim and the Kerckhoff principle. The enemy knows the system. And the security should really depend on other factors that obscurity.

One of the better speakers with a really interesting topic, security in wireless systems, was Denis Foo Kune (depicted above) of Honeywell Research. His talk on ISA 100, Zigbee, WLAN and radio systems security was really nice.

For those of you not attending the symphosium, now there is a new opportunity for you to order the conference proceedings from Digital Bond.

According to Dale, Digital Bond plan to run S4 2009 again. The same dates and the same place. Mark your calendars.

1 comment:

guimms said...

We are working on a SCADA security project.

Although our web site is still only available in Spanish, soon it will be in English and German.

Web page: redes industriales