Submitted by: Daryl Haegley Director, Mission Assurance & Cyber Deterrence at the DOD and (CS)²AI Fellow
Original Source: https://www.hackthebuilding.tech/control-systems-cyber-conference/
At the November 17 conference businesses will present their solutions for addressing critical infrastructure cyber challenges.
Hack the Building is a cyber exercise and technology showcase that includes a conglomerate of offensive and defensive teams from across the military, government, academia and industry.
For the conference event, there will be presentations on a broad range of ICS/SCADA topics including security of SCADA systems, building automation systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
Presentations on cyber standards that address building automation and facilities cyber as critical infrastructure are important to our audience to include ideas on how facilities architecture and construction, including manufacturing facilities can be designed with cybersecurity in mind and not an after thought.
Buildings are critical infrastructure. Assessing vulnerabilities in crucial government and commercial facilities is a labor intensive and often filled with gaps due to the expansive nature of some facilities and the myriad of IoT and control systems technologies that are involved in the building’s management and safety and security. Reducing the labor involved in conducting assessments while yet increasing the visibility of assets and their configurations continues to be a challenge. In addition there remains a mostly legitimate fear that and challenge encountered that some of the facility related control cyber systems (FRCS) cannot not be scanned for known vulnerabilities because the FRCS cannot support the scanning, as it would lead to the FRCS malfunctioning and result in an impact to the facility that could also introduce a safety risk.
IoT Cybersecurity threats are increasing – many of the technologies available today, cannot detect or defend against vulnerabilities and attacks that leverage the lack of IoT cyber defenses. A typical facility has its installed base of IoT, but the tenants in a facility also install and operate IoT devices that could pose a threat to the facility and its tenants.
Detecting and defending against malicious AI based cyber attacks. While AI has many positive capabilities and continues to evolve, there is a trend line developing that indicates AI cyber based attacks could be devastating and there is little in the way of tools.
Counterfeit technology continues to be an active threat to US critical infrastructure, detecting vulnerabilities in devices and verifying their true origin could provide some degree of fidelity to facilities infrastructure. A methodology or solution that provides best practices and solutions for ensuring that as a building’s critical systems are being selected and prior to installation as part of the design and construction process, could reduce vulnerabilities facilities cyber threats.