I'm back and catching up
I had an interesting time in Detroit. I heard some great presentations, some interesting perspectives, and gave two very brief talks. The insider threat talk went well; I like watching the operational security guys nodding their heads in agreement. The managerial guys also nod their heads but it's more of a "the would be nice if it didn't cost money" type of nodding. Regardless, I met some cool folks who definitely want the smart grid to be built securely. A few of them were vendors which is always cool, I love it when a vendor looks past the bucks and purposes to do things the right way. The second, unrehearsed, talk was to start up a new task force within OpenSG for network security. The group I am currently part of has been re-writing several of the DHS Catalog of Control Systems Security recommendations in an attempt to make them more actionable. In some cases this involves combining, in others controls are expanded. Either way, the group is coming up with some great verbiage that should definitely help folks in the future when they know "what" they are supposed to do and need the "how" to do it portion. Our new document should produce the "how", and the network security TF should be able to continue that work and pass it on as other groups continue to develop standards and requirements. This should provide a good foundation for the collaborative efforts that have been on going for quite some time and help to provide a common language and framework with respect to security.It's a privilege to be included in this effort, and I am getting to work with a number of exceptionally brilliant people that are teaching me a lot.