Thoughts on the Ohio SCADA Security Symposium

Tuesday, November 15, 2011

Brent Huston

E313765e3bec84b2852c1c758f7244b6

Recently, I had the distinct pleasure of playing MC at the 1st annual Ohio SCADA/ICS Security Symposium.

The event was held in Columbus Ohio and offered a variety of speakers from federal, state and local government, as well as panels on controls that work and projects that have failed to succeed that included representatives from power, gas, water and manufacturing.

These were powerful discussions and the content was eye-opening to many of the participants.

First, I would like to say thank you to all who were involved in the symposium. Their efforts in organizing, executing and attending the event are greatly appreciated. Feedback about the event has been spectacular, and we all look forward to participating again next year. 

That said, one of the largest identified issues among the conversations at the symposium was the idea that cooperation and coordination between control network operators and engineers and their peers on the traditional business-oriented IT staff is difficult, if not nearly impossible.

This seems to be a common conundrum that many organizations are facing. How do you get these two sides to talk? How do you get them to participate in conversations about best practices and technology advances in their respective areas? 

It seems, that even though these two camps share similar architectures, common dependencies and often similar skill sets, that those things are still not enough to bring them together.

In the spirit of the symposium, and in the conversation openness that we identified and encouraged, I would like to ask for your input on this topic. What does your organization do to facilitate open communications between these two groups? What works for your teams? 

If you haven’t had success, what have you tried and why do you think it failed? Please feel free to discuss in the comments, on the OhioSCADA group on LinkedIn or even reach out to me personally on twitter (@lbhuston).

As always, thanks for reading and I look forward to the conversation that follows. Maybe together, we can identify some strategies that work and potentially bridge the gap between these two stakeholding groups.  

Clearly, from the discussions at the symposium, if we can fix this we can go a long way toward helping ourselves better the security posture and operational capabilities of our environments. 

Cross-posted from State of Security

Possibly Related Articles:
12650
Network->General
Information Security
SCADA Network Security Infrastructure Conferences ICS Industrial Control Systems
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.