Spotlight on Industrial Security – Wednesday, 7 October

Earn Professional Development Hours (PDHs) at these security events, open to all attendees (Room 301).

Industrial Security Keynote Presentation – 9:00 a.m. – 10:00 a.m. 

Sean McGurk
Director, Control Systems Security Program (CSSP)
U.S. Department of Homeland Security

Securing the Nation’s Industrial Control Systems Infrastructure

In May of 2009, the U.S. President pledged to make securing the Nation’s vital digital systems more secure stating, “Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient.” The Department of Homeland Security (DHS) answers this mission through the National Cyber Security Division’s (NCSD) Control Systems Security Program (CSSP). The CSSP was established in 2004 to increase the security, resiliency, and reliability of the control systems used to monitor, control, and safeguard processes within critical infrastructures and key resources (CIKR), such as Energy, Chemical, Banking and Finance, Dams, Water Treatment Systems, Postal and Shipping, Information Technology Telecommunications, Commercial Nuclear Reactors, and many more.

Sean McGurk, the Director for the CSSP, will discuss the current threat landscape, common vulnerabilities and security issues facing critical infrastructure control systems, and the mitigation strategies being developed to address these challenges. He’ll discuss current program efforts including how you can become directly involved in securing the Nation’s critical infrastructure control

Industrial Security Featured Presentation – 12:30 p.m. – 1:30 p.m.

Greg Garcia
President, Garcia Strategies, LLC  
Former Assistant Secretary
for Cyber Security and Communications (CS&C)
U.S. Department of Homeland Security

Industrial Security and the Political Control System: A View from Washington

The Obama Administration and the U.S. Congress now understand the kinetic relationship between cyber security and physical security.  Indeed, President Obama declared the nation's digital infrastructure a "strategic national asset".  What do those loaded words mean for how government will engage with the private sector to ensure that critical infrastructure operations -- and hence public safety and economic security -- are safeguarded from cyber attack?  What new regulations could we be facing on top of those already in place?  How should infrastructure owners and operators engage with the government in a collaborative initiative to share expertise and strategy?  Garcia will discuss the policy and political environment in Washington, DHS do's and don'ts, and Congressional oversight in this complicated homeland security imperative.

Garcia served as the nation’s first Presidentially-appointed Assistant Secretary for Cyber Security and Communications (CS&C) for the U.S. Department of Homeland Security, from 2006-2008. During Garcia’s tenure, DHS affirmed the urgency of cyber security across the nation and embarked on a comprehensive cyber initiative that will measurably strengthen the security of our nation’s networks against domestic and international threats.

He established the Office of Emergency Communications, which collaborated with stakeholders across the country to develop a first-ever National Emergency Communications Plan and 56 state and territory plans to drive interoperable emergency communications for our federal, state and local first responders. Finally, he worked to integrate the Nation’s overall cyber and communications security strategy to align with the evolving architecture and risk profile of our national information infrastructure.

Prior to joining the Department, Garcia served as Vice President for Information Security Programs and Policy with the Information Technology Association of America (ITAA), where, among other accomplishments, he worked with the Department of Homeland Security to co-found the National Cyber Security Partnership.

Before joining ITAA in April 2003, Garcia served on the staff of the House Science Committee where he was responsible for industry outreach and information technology and cyber security policy. Garcia had a lead role under Chairman Sherwood Boehlert (R-NY) in drafting and shepherding the enactment of the Cyber Security Research and Development Act of 2002.

Today, Garcia is President of Garcia Strategies, LLC, a strategic business and government affairs advisory services firm and serves on a number of Advisory boards for leading companies such as Wurldtech Security Technologies, Finjan, and Triumfant who are working to improve the safety, security and reliability of our nation’s critical infrastructure.

Never-Been-Done Before Live Demonstration & Tutorial

Hacking and Defending Industrial Wireless Systems - 2:00 p.m. – 3:30 p.m.

This red team vs. blue team live demonstration involves a moderated wireless battle between those are tasked with breaking the wireless systems (the Red Team), and those tasked with the responsibility of defending the wireless systems (the Blue Team).  This session promises to be one of the most exciting at ISA EXPO 2009, and will give attendees the chance to learn techniques about breaking and defending wireless systems, as well as ask questions from the experts.

ISA Industrial Security Lounge – Tuesday through Thursday

Come meet and greet industry professionals, visionaries, leaders in standards and regulatory initiatives, and practitioners with everyday experience and insight into the unique challenges of protecting industrial processes against cyber security threats.  This is your opportunity to hear about the latest in industrial controls security related issues, straight from the source!  The ISA Industrial Security Lounge will be featured on the ISA EXPO show floor in Booths # 2816 & 2817, and is a cornerstone of this year’s security related topics at ISA EXPO.  The Security Lounge offers meet and greet opportunities with keynotes, industry leaders, recognized professionals, presentations, and running demonstrations of cyber security related topics of interest featured during the technical conference. 

Come meet and hear from industry notables such as Greg Garcia, former Cyber Czar to President Bush and Sean McGurk, program director for the US Department of Homeland Security’s Control Systems Security Program, experienced professionals from major asset owners, leaders from standards and regulatory efforts, and other daily practitioners that deal with industrial cyber security on a daily basis.  This is a great opportunity to gain practical insight into the challenges, possible impacts, and industry leading solutions to cyber security threats.  The ISA Industrial Security Lounge is a small venue where you can learn, share, discuss, or just relax for a bit.  The focus is on the topic of industrial cyber security rather than products or vendor solutions, so this is a terrific opportunity to increase your exposure or find out how to get involved in various activities that are leading industry to safe and efficient operation of industrial processes.

Some features of the ISA Industrial Security Lounge:

• Speak with team members from the ISA EXPO’s first red-team/blue-team live demonstration of wireless security attacks and defenses, and get a chance to see for yourself the security challenges in wireless networking.
• Meet with leaders and key contributes to the ISA99 security committee, and understand the latest in the continuing emergence of these standards documents. Hear about first hand experience in deploying these standards, and how the ISA99 series addresses your challenges.
• See demonstrations of open-source intelligence collection techniques against industrial processes using public information sources, social networking, and other sources.  These techniques are applied by  hackers daily to find ways into live systems, and understanding these techniques is vital to protecting your organization!  See how quickly an expert can find out information about you and your organization in a live setting, and discuss ways to protect yourself.
• Discuss some of the latest trends in the industry and future security challenges, such as SmartGrid, and hear from insiders where technology, security, and regulation is going, and what it means to your company.
• Hear from industry experts and leaders practical insights into implementing many of the current regulations and standards, such as NERC CIP, 6 CFR 27 CFATS, ISA-99, IEC, etc.
• Learn more about ISA and other related resources, such as the Automation Federation, the Automation Security Compliance Institute, ISASecure, etc.

Drop by and take a short survey**, and qualified attendees will be entered into a drawing to receive two hours of personal guidance from an industrial security professional plus a free copy of the industry leading Control Systems Cyber Security Self Assessment Tool (CS2SAT) produced by the U.S. Department of Homeland Security’s Control Systems Security Program (DHS CSSP).  The security professional will discuss your security concerns with you and provide key insight and guidance into your security program, and help you maximize the effectiveness of the CS2SAT tool.  This tool is a valuable addition to any asset owner working to address cyber security threats to their business operations.

**Survey responses are anonymous and will only be used as feedback and guidance into future ISA Security activities