We encourage passionate disagreement and promotion of new, maybe slightly crazy concepts at S4 through Unsolicited Responses. Attendees can submit their idea for a 5 minute talk, with or without slides, at the event. Some are serious; some are funny.

Normally we don’t release the Unsolicited Response videos, but we wanted to show those who haven’t attended S4 an example. With his permission, this Unsolicited Response from Darren Highfill is related to an answer Eric and I gave at our SCADA Apologist/SCADA Realist argument the day before (at 25:56 in the video).


Of course I don’t have to agree with Darren. I still believe my answer that a start-up/small company will not lead the change to rid us of insecure by design in ICS, but I’d add that the progress is not being impeded or delayed by a lack of technical solution. The challenge of addressing security in high availability, low bandwidth, low power environments has been solved in numerous other fields. We just need to take proven security algorithms, protocols and techniques into the ICS space. It is a matter of will, not technology.

I would add the example of Jim Bidzos at RSA to Darren’s example of Ed Schweitzer. Jim was mostly a solo act in the early RSA years. It took Jim, with the assist of Rivest, Shamir and Adleman, years to explain public key and convince large vendors it was not voodoo, but like Ed, Jim did it. So agree wholeheartedly that a small, startup with an innovative and incredible solution can succeed in even changing a stodgy ICS community. Just disagree with Darren that it will be the path to addressing getting rid of insecure by design features and protocols.

But as you can see we welcome heartfelt disagreement at S4.