SCADA and ICS for Security Experts: How to avoid Cyberdouchery

Presented at Black Hat USA 2010, July 28, 2010, 1:45 p.m. (75 minutes)

The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. Suddenly, every consultant is an expert and every product is loudly advertising how it solves SCADA SECURITY AND COMPLIANCY ISSUES!!! And because they don't know what the hell they're talking about -- 'fake it till ya make it' doesn't work -- they're making all of us look stupid. Let's sit down for a little fireside chat and discuss all things SCADA and ICS with an eye towards increasing our knowledge to the point where we can confidently say: "I'm not an expert at everything, I can help some, may we work together on a solution?" It's time to stop being a CyberDouche and start being a positive contributor. Learn some truth, look behind the curtain, bust some FUD, Oh - and make government agents have kittens. That's fun for everyone.

Presenters:

Links: