Woz's Bluebox (image by mwichary)

Last week was EnergySec’s 2012 Symposium.  EnergySec is a group with a lot of great energy.  The conference was attended by a mix of hackers, former phone phreaks, energy sysadmins, auditors, and executives.

The theme this year was, “Stop being depressed.”  With all of the network intrusions and legislation failure of the last year, it’s easy to be in a funk about energy security.  There’s a lot going right, though, and EnergySec highlights The Good.

Richard Clarke keynoted the conference, giving a refreshing powerpoint-free talk on the importance of energy security and who the big threat actors are for our space (and what they’re after), rolling into a line of questions that utilities should be asking themselves (and their executives) right now.

The EnergySec 2012 Symposium had some nice technical presentations this time around as well.

Jeff Bryner stood out, giving a talk on using OpenIOC XML indicator files with his own client-server compromise detector.  Host-based IOC becomes a little tricky if host rootkits are in place, but the biggest threat du jour are remote access trojans dropped via email (the trick attempted against Digital Bond, EnergySec, and apparently successful against Telvent).  Jeff’s tool looks to be a nice way to inspect lots of systems for p0wned boxen on your network without a lot of effort, and without the use of antivirus or other expensive scanning software, and it fits well with a popular NESCO theme: Information Sharing Wins.

Tools from the trenches were a popular theme in the conference’s technical tracks, with Jacob Kitchel speaking to managing ports and service lists, and Chris Sistrunk talked about securing substation remote access (a talk I unfortunately missed for a powwow on Telvent’s compromise).  These are all practical tricks and techniques to manage security in the field, and it’s great to see people talking about what they’re up to in a forum like this — it gives the community a great board from which to teach and learn.

If new friends from the conference are any indication, the Symposium certainly succeeded at getting the technical crowd refreshed and ready to get back to work…

Image by mwichary