SANS ICS Cybersecurity Summit 2024 – Selected Notes, Reactions and Reflections
Andrew Bochman
Not an AI | INLer & Atlantic Council Global Energy Center Non Resident Senior Fellow | Speaker, Author, Advisor | Views are my own. ???? ????
Situational Awareness - June 2024
SANS Founder and wonderful-beyond-measure human being Alan Pallor’s gone but SANS goes on. Similarly wonderful and indispensable SANS ICS founder and Allan’s likely heir apparent Mike Assante is also gone. But his voice still haunts the halls here. Pardon the cliché, but these two were the giants upon whose shoulders the entire edifice still stands.
Mike’s wife Christina and their 3 kids go on. And one, the eldest son Alex Assante, was an attendee this year and administered an award I'll describe below. Tim Conway goes on as does his globe-trotting, Pelican-case toting family comprised of wife Ellen and 3 junior Conways ... one of whom is summer interning on ICS cyber at INL at this very moment.
Rob Lee has since become a titan of global industry, but back in 2013 he showed a zest for living and a certain finger, figuratively speaking, to a multi-starred USAF general with his seminal paper, “The Failing of Air Force Cyber,” which included truth-to-power tough-love zingers like:?
“All of the personnel wear the badge and identify themselves, some cynically so, as part of the cyber community. This faux community creates problems when trying to identify the personnel needed for a mission.”
Rob too is doing his best to organically grow the OT security population with 2 offspring sprung already, and a third eager to arrive.
Meanwhile plenty of others from the inaugural SANS ICS gathering 19 years ago are gone as well, both from the community as well as from SANS itself. It’s everyone remaining’s great good fortune that Tim and Rob endure and lead with an alchemical mix of charisma, humor and humility. And Dad jokes.
Zach Wins the Award of a Lifetime
Zach Tudor was honored this year for the very many things he’s done (and continues to do from his lofty perch as an INL associate lab director. In my early days (ten years or so ago) at the lab I was a regular at the SANS ICS Summit, but in recent years drifted. But thanks to getting pre-notice of Zach receiving SANS ICS Lifetime Achievement Award this year, I felt I had to attend and am so glad I did.?Now no one, and particularly me, is calling Zach old, and Rob and Tim emphasized that advanced age is not a prerequisite for this LIFETIME achievement award. But scan Zach’s LinkedIn page, or talk with someone who’s known him for a while and you’ll get a sense for how many OT Security mountains he’s moved in the interstices of government, industry and academia, and you’ll begin to sense the gravity of what he’s accomplished and as well as what he still might yet accomplish.
Full Disclosure re: “Exposure to Closure”
One of my earliest and best SANS ICS Summit memories was arriving on a pre-conference Sunday afternoon in 2014 in time to catch a play by the ICS-not-ready-for-primetime players called “Exposure to Closure.” Buried in the actorial ineptitude were some gems of cyber and public-private information sharing insight, and I believe - though the series was discontinued before Netflix could pick it up - it always had a happy ending, aka closure.
?Playwright and Dragos’s first hire, erstwhile NERC E(S)-ISACer Ben Miller was director, Tim Roxey was narrator/emcee/action translator, Mark Fabro played a Russian cyber Dr. Evil, and a younger Rob Lee was ... an FBI agent? Bill Lawrence was in the house (on the stage) too I recall. Plenty of others too had their moments on and behind and beside those Sunday night stages.
领英推荐
SANS ICS Summit Roll Call
Please allow me to wallow in a moment of (perhaps Disney inspired) nostalgia conjuring up all the fine folks I’ve had the pleasure to meet, sometimes work with, and always learn from in the house that Allan and Mike built. In addition to those already named above, and in no particular order they are:
Justin Searle (my ICS 410 trainer and falconer par excellence), Marty Edwards, Art Conklin, Bryan Owen, Andrew Ginter, Jeff Shearer, Lior Frankel, Eric Byers, Chris Sistrunk, Paul Forney, Chris Blask, Monta Elkins, Mark Bristow, Jason Christopher, Jason Dely, Brian Proctor, Dean Parsons, Joe Slowik, Mike Hoffman, Ted Gutierrez, Ron Fabela, Nadya Bartol, Derek Harp, Tomomi Aoyama, Kai Thompson, and still some others whose names I apologize for not recalling at this moment.
This year also brought new friends and colleagues into view, but for brevity will just name two. NREL’s Anthony Wallace, with whom I roamed EPCOT and who gave an outstanding preso titled “Hacking the Power Grid in a Virtual City at Scale,” and Gabriel Agboruche of Jacobs nee Accenture who held forth with “Answering the Big Question: Has my OT been Compromised?” I thanked Gabe for hearing me out on the book I’m working for a 2025 publication: Defending Civilization – Notes from the Front Lines, and in particular for sharing what could be shared and not sharing what could not be shared about a certain pipeline incident he was proximate too.?Tuesday morning saw these two perform stellar talks back-to-back and set the content and delivery bars high for the rest of the day.
Walking and Talking Around the World
Re: roaming with Anthony Monday night, the gang that formed also included: Alex and his sig other, marketing super genius Kate Bould, Kylie McClanahan, and the Conways: Tim, Helen, daughter Viv, son Jake, and last and really first if you think about it, Lucy, Tim’s mom. We sipped a few things, ate a few things, bought a few things, and one got her face painted. Found a decidedly non-French group pic (thanks Kylie) ...
And here’s a shot of 3 of us following procurement of legendary croissants (possibly overhyped, though infinitely better than so-called “pretzel croissants” we were subjected to the next morning).
Looking Ahead with Hope in Our Hearts
It’s always great to know the time and place of the next event even before you walk out the door, and such was the case this year – great job SANS business and logistics folks! Same dates (nearly), same place, and though this year’s attendance with 400-500 in the seats and 4 or so thousand on-line was a high-water mark, the next one, given that we mark the passing of time according to our Base 10 numbering system, Monta ;) will be an even bigger deal for sure. INL’s lone speaker, Megan Culler presented brilliantly this year, but for next year, the BIG 20th ANNIVERSARY SHOW, I vow to return, along with Zach, Megan and bring a herd of INL ICS cyber researchers with us ... just like the good old days. Hope you can make it too!
La Fin
?
?
?
?
Senior Manager/Specialist Leader at Deloitte
8 个月Great to see you there this year, as always, my friend…
Managing Director, BCG Platinion North America | Better cybersecurity starts with honesty and accountability, enabling business and a safer cyber world | Tech and cyber transformation | NIST & ISO co-author
8 个月Andrew, what a beautiful piece. And thank you for the honorable mention! I miss this community!!!
VP of Policy and Standards at Gretel
8 个月Very nice piece Andy
Product Marketing Manager - SANS ICS Security Curriculum
8 个月What a nice reflection on this year's event. It was great to see you there in your "10th Annual ICS Security Summit" shirt too... we'll be sure to have some "20th Annual" shirts ready for next year ??
SVP, Cybersecurity & DX | Venture Capital | ICS/OT Security | Shaping a Resilient Energy Sector
8 个月The addition of our last "E2C" (a decade ago?) was a nice touch to look back on how much has changed-- professionally, personally-- across friends & family alike. My road to (and then "in") SANS ICS is entirely thanks to Mike & Tim, but it's the community & evolution over the years that has consistently energized me. We grew from dozens to thousands (including online) & each year is a mix of old friends, familiar faces, and new ones. I was particularly "wow"ed by the workshops this year-- a unique in-person experience for Summit attendees that brought mini-SANS classes & tracks to the conference. This week, hundreds of students are still in Orlando taking multi-day ICS security classes-- something we did not have when SANS ICS first started (trivia point for EPCOT next year). Mike, Tim, and Rob really paved the way for a one-of-a-kind curriculum that continues to grow (like our community). All this echoes the quote from Mike in the conference hall: “The only defense against well-funded nation-state attacks on power systems (and the rest of the critical infrastructure that keeps us and the economy alive and free) are people with extraordinary cyber talent and skills.” Thank you for the trip down memory lane, my friend!