GridSecCon 2013 is a wrap, hold Oct 14-15-16 for next year’s conference.
The GridSecCon sessions were excellent and I expect NERC will post them soon on the GridSecCon home page.
In the meantime I’d like to offer a few general observations and opinions.
The level of participation was impressive with about 300 in attendance. Q&A for each session was active. It's clear the electric sector is continuing to invest in dedicated cyber security resources.
I expected GridSecCon to be full of buzz on version 5 of the CIP standards. Not so much. The general vibe remains that a FERC order on the new standard (warts and all) is imminent.
Subjectively, compliance doesn’t seem to be generating the attention it once commanded.
These keynote snips from sponsoring executive Paul McElroy (CEO JEA) and Terry Boston (CEO PJM) seem to buoy the message:
- Regulations can't rescue us, we need smarter and better implementation for security
- It’s not a matter of if, it’s a matter of when – be prepared
Notwithstanding enlightened executives above, the NERC CIP auditor panel issued a fundamental caution:
- We are still finding really basic stuff
NERC CSO, Tim Roxey, makes a case that the CIPs bootstrapped meaningful and constructive conversations about security. Concepts like electronic security perimeter are now baked into the OT lexicon for the electric sector. Tim’s observation seems on the mark and his vision is to amplify the effect through crowdsourcing approaches.
“Year of the Substation” seems apropos as the overall GridSecCon 2013 theme. From critical research on clock master failure modes to vulnerabilities in popular DNP3 implementations and a chilling tale of snipers targeting Metcalf station; electrical substations have ‘arrived’ as a security priority (critical asset or not). To paraphrase a speaker, if you are struggling with copper theft you probably aren’t doing enough to defend more advanced threat actors.