Reflections on Physical Security and Critical Infrastructure Track at RSA


Posted on

Now that the RSA Conference is a pleasant memory, I wanted to reflect on the newly renamed Physical Security and Critical Infrastructure Track.  In response to growing interest in maintaining the security of power plants, chemical facilities, pipelines, transportation systems, and many other industries dominated by industrial control systems and related equipment, RSA Conference organizers added “Critical Infrastructure” to the title of the Physical Security track, which had previously been the home for this field.  There were also more sessions about the NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) standards and Smart Grid as well as traditional physical security topics.  Additionally, the session I moderated, called “Hacking the Smart Grid,” found its way to the Hackers and Threats Track, while the Governance, Risk, and Compliance Track hosted CIP Take 2, led by well-known control system and cyber security professionals Joe Weiss and Jon Stanford.

The message from the attendees seemed to be that they wanted interesting and provocative sessions that taught them something new and gave them something to take home with them.  Few were attending sessions just because they worked in that industry or needed to “study up” on a particular issue.  While control systems have some unique traits in that they manipulate more than ones and zeros, it quickly became clear that information technology and operations technology are well on their way to merging.  The electronic attacks for each are surprisingly similar, and while the consequences can be more severe for the latter, we all are better served by developing a strong understanding of both.  So, perhaps for future RSA conferences, we need more of that balance.  On the one hand, we absolutely need to see the newest advances in cryptographic research and vulnerability exploits, but on the other, we need to see that there are real human consequences when attacks are launched or even attempted.  When someone decides to create some mischief by messing with a pressure valve or a breaker, you can’t just restore from a backup tape and be back to normal.  More often, malicious hackers aren’t just playing games; they’re playing with lives.

critical infrastructure data security

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs