Securing Cyber-Physical Application Software

Presented at AppSec USA 2013, Nov. 20, 2013, 11 a.m. (50 minutes)

Researchers and practitioners have not historically addressed sufficiently the fact that software engineers responsible for IT systems have very different approaches from those who design and build industrial control systems. When Web-facing and distributed information systems are interconnected with legacy industrial control systems, which usually do not include effective security requirements, two major issues arise: one is the possibility of someone gaining access to control systems via Web applications and public networks, and the other is the potential for the transfer of fallacious information from the control systems to the information systems, as ostensibly occurred with Stuxnet. In this presentation we take a new approach to processes and technologies for mitigating the threats and hazards that impinge on, or result from, systems such as the smart grid. The presentation is based in part on the author's book Engineering Safe and Secure Software Systems (Artech House, 2012).


  • Warren Axelrod
    40 years as an IT professional, mostly in financial services with the past 17 years in information security. Spent time at Mobil Oil in IT planning. Actively involved in cybersecurity at industry and national level. Testified before Congress in 2001. Honored by Computerworld (Premier IT Leaders Award and Best in Class Award), ISE (Luminary Leadership Award) and ISACA (Best Paper). Published five books, three on information security. Published more than 200 articles and columns. Presented at about 100 conferences and seminars, including two OWASP meetings.


Similar Presentations: