Who do you think would be attracted to an event titled “SCADA Security and Controls”? It would have to be people who know enough of SCADA to understand that it presents security risks to infrastructure. That is precisely why people like me wanted to attend, to find out what mitigation steps we can take, what others are doing, what new developments are happening, etc.
It turns out that the speakers were mostly stating the obvious. The obvious things that we all already know. The necessary steps to improved security that are so generic that they really apply to any environment, nothing even remotely SCADA specific. I’m quite surprised by the lack of substance. Can you imagine trying to teach IT security professionals the fundamentals of patch management, network partitioning, etc.
I suddenly realized I could label myself an expert in SCADA security. I don’t really need to know anything about SCADA. I just need common sense. Can someone pay me to fly all over the world to tell people the obvious?