Thursday, April 5, 2012

What do March Madness and Cyber Security have in common?

(this blog was originally posted by Bryan Owen on the vCampus Blog and is copied here for wider distribution)

OSIsoft User Conference 2012: Cyber Security Line Up
March Madness is a wrap, did your picks do well? You can consider the Pwn2Own competition at CanSecWest as a cyber security version of March Madness.

In continuation of a global trend, this year signaled a change in the 'sport of hacking'. Move over undergrads. Pwn2Own has become a professional contest. It was Vupen's dedicated exploit team versus Google's Chrome security team (both declared victory but Vupen's story won better news coverage).

So yes, cyber security is a team sport. It is complete with talented athletes, coaches, and trainers. Let's not forget the fans, institutions, regulators, media and the rest of the eco system. Do you have PI System security superstars on your team?

I'm very pleased to call out a strong cyber security line up for User Conference 2012:

Day Zero
1:45 PM - ISA 99 Workshop sponsored by WBF. Learn about the ISA 99 standard approach for cyber security - Graham Speake (Yokogawa), Joel Langill (SCADAhacker)

Day 1
12:45 PM - Product Expo PI System Security Booth: "Open topics like: Architecture, Firewalls, Compliance, Windows Server Core, Services" - Bryan Owen, David Casazza, Gary Seifert, Jim Davidson, John Stawiarski, Martin Bryant

3:55 PM - "Have you done enough with Cyber Security?" (vCampus Live! 2011 encore presentation)
Bryan Owen (OSIsoft), Joel Langill (SCADAhacker)

Day 2
9:40 AM - "Secure, Manageable Application Integration at Detroit Water and Sewerage Department" - Biren Saparia (Detroit Water) and Andrew Ginter (Waterfall Security Solutions)

5:00 PM - Keynote closing panel "Data-Driven Decision Making" - Panelist Marty Edwards, DHS Control System Cyber Security Program Director

Product Evaluation Day
8:30 AM - PI System Security Workshop - Jed Haile and Jonathan Gray (Idaho National Lab) with Anthony Tang, Dario Amiri, and Omar Shafie (OSIsoft). Panel from the field: What works, what's challenging, and what can be done to save time and effort. - Panelists (TBA)

In summary, OSIsoft User Conference 2012 is the place to be if you are charged with cyber security for the PI System. We will make a best effort to share these materials with those who can't attend but contributing in person is the way to get the most benefit from these highly professional resources.

If you are a vCampus member but aren't the 'security guru' - please let them know the place to be and people to meet for PI System security are at the UC.

Your teamwork makes a difference with Cyber security!

Bryan Owen


  1. How to secure SCADA system? What are security requirements you should remember by designing SCADA? Problems with penetration testing on SCADA... Learn some hints which will help you deal with them.
    You can find it out in new PenTest Auditing & Standards

  2. You sum up exactly how security works! If you’re an office building with a lot of free time, what’s to stop you from pushing a ceiling tile out of the way in hopes that you can get on the other side of a door.

    1. On behalf of all "office buildings with a lot of free time" I would have to answer we have no need. For office buildings are already both sides of said door.
      (Ps. sorry for going off-topic.)