Kenexis presented the keynote speech at the S4x15 conference last week. During our presentation, we detailed the many ways in which a process or process equipment, such as a distillation column is designed to protect the operators, itself, and the environment. We believe that all systems that can potentially cause harm of any sort, should assume that they will have a cyber security event (or at least a network communications problem). Consequently, we demonstrated how incorporating cybersecurity threats into a hazards analysis, can turn cybersecurity threats into solvable engineering problems, thereby increasing the overall safety of the system.
We also joined a panel discussion regarding possibly adding an alarm panel with cyber security information for operators. We took the position that operators should continue to focus on production, quality and safety and not be distracted by cybersecurity alarms. The only alarm that would be appropriate for operators would be one that required exact and immediate action, such as placing the process in a safe state or shutdown.
On the last day of the event, we hosted ICS defenders (blue team) and attackers (red team) for a day of exercises designed to raise awareness of ICS defense. During these exercises, the red team tried to attack portable ICS systems that we had built for the conference while blue team defended the same systems.
Once the content from these events is available on-line, we will post a message in our blog on our website.