This man’s passion is serious. IT Sec and OT Sec is two completely different animals. DDOS across a business disrupts BizContinuity. DDOS in OT Disrupts HUMAN SECURITY. This is a serious convo, Superb presentation🧘🏾♀️🍿
Enjoyed the presentation. You can tell from the comments that people with OT experience, who live critical infrastructure security issues get Joe's message.
"Because you (universities) are turning out really, really smart people - but they are DUMB in this world." Sums it up nicely. I've been in the ICS field since the first generations of PLCs and the second of DCS in the O&G/Manufacturing/W&WW sectors - and it hasn't gotten any better than when I started out in the '80s. There exists as much a disconnect between academics and the real world as there is between OT and IT folks.
Joe did a very good presentation, but those audience seems Silly, the questions they asked or some statement they rised is not sound reasonable.... i don't understand who were those guys....?
Me not an expert but me thinking...why on earth cant these PLC units just have an old fashioned fire wall? I think I have a possible answer. Because 15 companies have delivered millions of control systems to the whole world for decades and its simlpy to mountainous of an attempt to go in and change them all. They cost a fortune and the entire induatrial world uses them. And ifeven if you did. There are no current alternative products from Siemens and ABB that can to the job
That is not the case. Manufacturers are now providing and supporting separate firewalls for network segments (for at least 5 years). There has always been the ABILITY to protect traffic, on a network segment, but this is not generally implemented due to overall system cost. Maintainability, systems training and the cost have been the main considerations for 2 generations of systems engineers already. Yes, it is time to move forward, but frankly, the ideal would be having a virus scanner incorporated in addition to individual device firewalls. However, PLCs and local controllers require rapid scanning rates (often less than 100 ms) to ensure capture of an input event, transfer of a function to an output and so on. So, it's a risk, but it's been a considered risk not to have virus scanners, firewalls locally incorporated because of their additional resource overhead. For completeness, security policies should include the physical, procedural, and information management. It has to be holistic and not a band-aid on a single area. If you do have the time, take a read of ISA99, NIC-CIRP Best Practices, NISTR 7628.
This man’s passion is serious. IT Sec and OT Sec is two completely different animals. DDOS across a business disrupts BizContinuity. DDOS in OT Disrupts HUMAN SECURITY. This is a serious convo, Superb presentation🧘🏾♀️🍿
I work with SCADA systems used for Power Systems. This video is a must watch for anyone working in this type of industry.
Enjoyed the presentation. You can tell from the comments that people with OT experience, who live critical infrastructure security issues get Joe's message.
This video is a value proposition to Stanford folks to take up Industrial Cyber Security Topic seriously. Nothing else. Speaker is a gem thought.
Best talk I watched sofar in 2022
Excellent presentation. Thanks Joe.
This piece actually emotionally moved me as an IT professional. Much respect to the presenter.
Awesome content
Informative and Good to have
Could you please share the slides!
i wonder if anything changes now over 10 years from this speech
yes, people take ICS cybersecurity seriously. But it's still interesting to see this real engineer talk.
"Because you (universities) are turning out really, really smart people - but they are DUMB in this world." Sums it up nicely. I've been in the ICS field since the first generations of PLCs and the second of DCS in the O&G/Manufacturing/W&WW sectors - and it hasn't gotten any better than when I started out in the '80s. There exists as much a disconnect between academics and the real world as there is between OT and IT folks.
thanks for sharing Stanford
Anybody know what book he is referring to?
His own book.
Good video!!!! :)
Thanks
Joe did a very good presentation, but those audience seems Silly, the questions they asked or some statement they rised is not sound reasonable.... i don't understand who were those guys....?
Me not an expert but me thinking...why on earth cant these PLC units just have an old fashioned fire wall? I think I have a possible answer. Because 15 companies have delivered millions of control systems to the whole world for decades and its simlpy to mountainous of an attempt to go in and change them all. They cost a fortune and the entire induatrial world uses them. And ifeven if you did. There are no current alternative products from Siemens and ABB that can to the job
That is not the case. Manufacturers are now providing and supporting separate firewalls for network segments (for at least 5 years).
There has always been the ABILITY to protect traffic, on a network segment, but this is not generally implemented due to overall system cost. Maintainability, systems training and the cost have been the main considerations for 2 generations of systems engineers already.
Yes, it is time to move forward, but frankly, the ideal would be having a virus scanner incorporated in addition to individual device firewalls. However, PLCs and local controllers require rapid scanning rates (often less than 100 ms) to ensure capture of an input event, transfer of a function to an output and so on. So, it's a risk, but it's been a considered risk not to have virus scanners, firewalls locally incorporated because of their additional resource overhead.
For completeness, security policies should include the physical, procedural, and information management. It has to be holistic and not a band-aid on a single area.
If you do have the time, take a read of ISA99, NIC-CIRP Best Practices, NISTR 7628.
+dobiem1 It is actually NISTIR* 7628; your welcome guys.
I AM SYSTEM ENGINEERING BUT OFFLINE 😏
@cpu hehehe..Don't you think his voice is look like Steve jobs voice!
let the man speak for gods sake. everyone wants a spot light...smfh
real world problems vs academia ;D