Unsurprisingly the largest category of submissions to S4x25 CFP have been AI related. Almost all of these submissions could have been written by generative AI.
A paragraph or three on how AI is an important, fast growing technology that will have a major impact on OT & ICS security. The concluding sentence … in this session we will present lessons learned, how AI will be used by ICS defenders and attackers, and what actions you should be taking.
These presentations aren’t wrong or bad. It’s just that I’ve attended so many conference sessions and webinars, listened to podcasts, and read articles that provide this big picture view. I imagine many readers and certainly the most S4 attendees feel the same.
We had the same issue this year, and I was pleased with the session gems we were able to pull out for S4x24 from numerous proposed sessions.
- Autonomous AI in OT by author Kence Anderson
- AI in Production in OT, Right Now, Not in the Future
- Pulling Data From Drawings Using AI
The bar is raised every year at S4. Despite the deluge, we haven’t accepted one AI focused session for S4x25 yet. We have some maybes that are the best of what’s been received, and we have numerous requests out for more specifics from submitters. I expect one or two of the submissions will eventually result in a S4 session as we get more information and focus the content.
It’s time for a different approach to get AI related sessions for S4x25. Here are some questions I have and am looking for answers to:
- How does an asset owner evaluate a vendor’s AI claims? (And how does an asset owner determine if the vendor’s AI strategy and implementation will be right for the next 1 – 3 years?)
- How should an asset owner be using AI for OT & ICS Security today? (with specific examples, and a preference for anything besides a security product that is enhanced by using AI)
- Will AI substantially change ICS (the thing we are trying to secure)? If so, how and what does this mean for our security program?
If you can answer these please submit to the CFP. If you don’t want to speak at S4, tag me in your article or podcast or webinar.