DHS Cyber Security Seminar in Ann Arbor, MI
Today, Eastern Michigan University’s Information Assurance program worked with the local technology company Compsat to bring together students, businesses, and government employees to learn more about the evolving landscape of information security in the United States.
This month is National Cybersecurity Awareness Month but the rally-cry of this event and others like it is that idea of being proactive on our computing infrastructure should be year-round, without exception. As one of the presenters stated early on into the day, “This is not an event, it’s a lifestyle change”.
A majority of the event was framing security around Industrial Control Systems (ICS). ICSs represent technology in our elevators, amusement park rides, energy systems, and other relevant components to the modern life of all people. Much of the content throughout the day was relating ICS installations to that of typical information security with computer networks. ICS deployments have themselves a massive amount of protocols, interfaces, and other technical aspects that make the comparison between general IT and ICS fairly obvious. That said, it was presented that the real differences come in at an operational level.
Much of the discussion regarding ICS security was presented by Bryan L. Singer, whose company Kenexis deals heavily in this space for industries all over. Through his original backgrounds in both the military and information security, Bryan understands better than most the relevant differences of ICS vs. general information security of computer networks. While an information security specialist may want to throw an IPS into a situation, Bryan speaks to the fact that false positives that may shut down ICS deployments, even temporarily, is unacceptable in most cases. While much traditional IT thought applies, it doesn’t always apply in a direct way.
In ICS, milliseconds matter more than easily deployed security systems. For instance, password-protecting a safety shut-off control may risk lives. In IT security, password-protecting everything is common. This and other examples showcase where the overlap ends and business needs begin between IT security and ICS security.
The Department of Homeland Security also has created a tool called CSET which helps organizations examine their security for control systems. More so, they will come help do free assessments for organizations who want to be proactive to security.
The event was a success for many reasons. Foremost, many students got to enjoy technical presentations on topics they may of not otherwise had any clue about. Secondly, the university was able to network with businesses to help place students for internship and co-op positions. Lastly, the event was a great place for networking with other people in the industry and share experience and make new contacts.
