We have three authors presenting on the S4x19 Main Stage, and they all will be signing and giving away free copies of their latest books.
Solving Cyber Risk … The non-technical handbook for cyber security in the insurance industry
Eireann made his first appearance on the S4 stage back in 2012 when he introduced the ICS community to Shodan and Internet connected ICS. (which should give you an idea of how far ahead of the curve both Eireann and S4 are). In recent years he has focused on cyber insurance for critical infrastructure while at Cambridge University Centre for Risk Studies and RMS, as well as his own company Concinnity Risks. He was part of the team working with Lloyd’s Emerging Risk Paper, Business Blackout: The insurance implications of a cyber attack on the US power grid.
Eireann and his two co-authors, Andrew Coburn and Gordon Woo, have a book (perhaps THE book to date) on cyber insurance and critical infrastructure coming out at the same time as S4x19. So we are pleased to have Eireann back on the S4 Main Stage to present Risk, Utility and the Public Good during the Wednesday keynote block.
Then on Wednesday afternoon Eireann will sign copies of his book at the Cabana Sessions.
H. James Wilson
Human + Machine … Reimagining work in the age of AI
I read an article James wrote in MITSloan Management Review that described new human roles of trainers, explainers and maintainers in AI. It was a unique way of presenting a future, and it seemed highly applicable to the ICS world. Then I learned that James and co-author Paul Daugherty were expanding this to a book, and immediately asked James to come speak at S4.
After reading what is a very optimistic book, there are even more important and applicable ideas, particularly in the middle or interface between humans and machines. He actually expands the trainers, explainers and maintainers to three more capabilities where machines will lead the interaction with humans. We are pleased to get James on the S4x19 Main Stage on Wednesday. And he will also be signing copies of his book at the Cabana Sessions.
Secure Industrial Networking
Our third author presenting at S4x19 is a long time contributor to the ICSsec community and S4, Andrew Ginter of Waterfall. This is actually Andrew’s second book, following up and doubling down on SCADA Security: What’s Broken and How To Fix It. In Andrew’s words:
Thoroughly-secured industrial control system sites practice Secure Industrial Networking (SIN). Most other sites still secure their industrial control systems with minor variations of methodologies that are used to secure IT networks. Practitioners of each discipline disagree fundamentally with each other.
SIN practitioners observe that important industrial sites always have physical and cyber perimeters and that every information flow past those perimeters is an attack vector. SIN therefore prioritizes thorough physical and network perimeter protections and relegates conventional IT protections to secondary roles. Most IT security practitioners though, and many OT practitioners as well, regard SIN principles as archaic in an era where Internet connectivity and cloud-based decision making is reaching into even the most sensitive industrial components. SIN practitioners counter that all software can be hacked, even secure-by-design, secure-boot, root-of-trusted IIoT software, and further argues that IT-style intrusion detection takes time and that environmental catastrophes, human lives and damaged turbines cannot be restored from backups, the way compromised IT assets can be.
Andrew will be providing a 10 minute overview on SIN, and then sitting down with Dale Peterson for 20 minutes to address common questions and challenges on whether SIN is practical in a modern and future ICS.
Andrew will be signing free copies of his book in the Main Lobby on Tuesday at S4x19.