As you may know, Industrial Defender spent the last few days down in sunny Savannah, Georgia at the Industrial Control Systems Joint Working Group Spring Conference. For your reference, the Department of Homeland Security established the ICSJWG to facilitate information sharing and reduce the risk to the nation’s industrial control systems. At this conference, Industrial Defender organized and participated in a panel session entitled Key Take-Aways from S4 and Project Basecamp.
This session was moderated by Bob Lockhart of Pike Research and also featured panelists from leading automation system OEMs and security vendors. Conversation focused on the multiple vulnerabilities found by researchers at this year’s S4 conference and discussed ways to fix these problems. According to Greg Hale of ISS Source, the ultimate solution is that “end users need to demand security from their suppliers and when there is an issue with a product, the lines of communication need to be open.”
Jacob Kitchel, senior manager of security and compliance for Industrial Defender, was one of the researchers from Project Basecamp and also a panelist on this session. He was ready to take on the pressure and questions from the audience about the found PLC vulnerabilities from S4. As quoted in Greg Hale’s article, Jacob said “I still think there are tools to use to eliminate risk before you patch your system. If you still feel you can’t eliminate risk, then talk to me.”
To learn more about the debate, discussion and conclusion of this ICSJWG panel session, please read the full ISS Source article here: ICSJWG: Users Must Demand Security.
Have any feedback or questions about the “Key Take-Aways from S4 and Project Basecamp?” Leave us a comment!