We feel we have been a bit remiss in providing our coverage of User Group meetings this past month.Partly this is becaues of our travelling and attendance at the ISA Summer Leaders’ Meeting in St Louis (MO US). Here we give some comments and links from the Siemens Summit and later in the week we plan to have something on the Honeywell User Group #HUG meeting in Phoenix (AZ US) later in the week.
“Navigating the World of Automation” was the theme of the Siemens US 2011 Automation Summit held last month in Orlando Florida.
That security was one of the topics is of little surprise given that the Stuxnet problem was first discoivered in their equipment just one year ago. (Indeed an article by Nick Denbow of IAI “Stuxnet – not from a bored schoolboy prankster!” has proved to be one of the most visited articles on our site and we have continued to add links to other articles on Stuxnet & Security issues on that page).
“They walked into the Lion’s Den and came out unscathed. Two security experts went into the 2011 Siemens Automation Summit and talked about lessons learned during the Stuxnet affair” so starts Greg Hale in his Summit Report, Analyzing Stuxnet with Siemens. See more on the Summit from the 30th June’11 issue of his publication The Shield.
Siemens were fortunate indeed to secure Eric Byres of Byres Security and Joel Langill (SCADAHacker)to address this summit. But as Byres himself comments in part 1 of their Siemens Cyber Security Report Card (which includes his presentation, ” (they) avoided any mention of the WinCC vulnerabilities that were announced the day after the summit closed (and the Friday before a long weekend). They also did not mention the S7-300 and S7-400 Password Security vulnerabilities that were announced today (6th July’11).” Some hours prior to publising this he had tweeted, “S7-300 and S7-400 Password Security vulnerabilities are finally admitted: http://t.co/bMmIAiZ Why not at #automationsummit? Too Bad!”
Renee Robbins Bassett from Automation World was also there, “in the land of Micky” as someone called the venue and one of her posts concentrates on Siemens permiation of Disney World’s Orlando site as she says that Siemens is “Almost Everywhere” in Walt Disney World. Nevertheless as a further report from the same source says the first-day announcements seemed all about process industries and Siemens’ process instrumentation and analytics offerings (Siemens Targets Process Industries in a Big Way!).
Walt Boyes of ControlGlobal also looks at the Disney aspect when he reported on David Van Wyk’s keynote, sharing the Disney Imagineering project management process, he’s the boss of this area at Disney’s. We like the word “Imagineering” too! In Stacey Jarlsberg Points the Way, Walt reports on the Siemens DCS offering. “Whither PCS7?” he asks. He concludes this article with “Last, but most importantly, there are significant improvements in cybersecurity in PCS7.” In view of Eric Byres comments of the 6th July mentioned above, one wonders how credible this view may be.
One of the many tweets on the summit says “Most important result was the highly motivated proactive holistic response to the challenge posed by Stuxnet. Dunno if they would have without the impetus of Stuxnet but they appear to have leapfrogged the competition.” This is strongly rejected by Dale Peterson in his blog. In “Siemens Security Tap Dance or Reality?” he rather scathingly asks, “Leapfrogged the competition? I don’t think so. Proactive holistic response? That seemed to be one of the buzz phrases at the event.” and then he adds rather provocatively, “In fact right out of the keynote address.” He concludes, “Too often we hear this isn’t a Siemens problem or security is not just a vendor problem. True if you discuss the overall effort to secure ICS. There are, however, many issues that are just Siemens problem. They should have been a focus at a Siemens User Group event.”
Siemens took this opportunity to publicise their recently launched Measuring Success blog It delivers weekly articles from process instrumentation and analytics specialists, and is designed to allow feedback from end users. They say that “at Siemens Process Instrumentation and Analytics, we believe ‘to measure is to know’. How do you measure success? Let us help you find the answers.”
It appears that for some the answers appeared to arrive too late at least for this particular event!