The other week we had our annual conference on industrial security – our fifth: our first jubilee. Hurray!
This year it was a truly international event, with many of the speakers giving their presentations in English (since they knew no Russian:). In all there were ~300 participants from 170 companies! Thanks to all sponsors and partners, especially:
- SAP – general partner
- Rostelecom – IoT partner
- MARSH – cyber-insurance partner
And thanks to everyone else too whose names you can find at the above link.
Most interesting bits: how matters lie regarding vulnerabilities in industrial systems (on SCADA soft and hardware) of the main vendors (no names – but you know them already). Last year the number of these kinds of vulnerabilities uncovered: ~300, of which a third (105 of them) were dug up and informed about to the vendors by our experts. Good for them! For example, here.
All this only reminded us: vulnerabilities in industrial systems is, like, oh my grim! We’re talking power plants, electricity grids, railroads, heavy industry, various urban digital systems, and medicine. Some of it cyber-vulnerable? Yikes.
Right, I’ve come up with a message for industrial vendors:
Such numbers of vulnerabilities in industrial kit… – it’s just not good enough. Something’s got to be done. But it’s not so daunting a task; there’s a precedent:
In the early 2000s, after a flurry of internet worm outbreaks, many companies (including international vendors) adjusted their development processes and started to pay more attention to the security of their systems and applications. As a result, the number of vulnerabilities in new software fell multifold, and virus pandemics became a thing of the past.
Colleagues! We just need to copy all that – simple! If we don’t there’s a lot of pain on the horizon, followed by a lot of shame.
Ok. Lecture over :)
What else is worth mentioning?
The conference took place in a very swish recently-built business center near St. Petersburg’s Pulkovo Airport.
And it goes without saying there were plenty of entertainments after all the serious pow-wowing…