We released the S4x18 Agenda on September 25th, one week before registration opens on October 2nd. I’ve always felt it’s important that we provide potential attendees with detailed information on the event before asking for your time and money.
The agenda includes details on 41 of the 48 Main Stage and Stage 2: Technical Deep Dive Sessions. Plus there are 16 Sponsor Stage sessions that will have details added shortly (let’s go sponsors). 3 days, 3 stages, 64 sessions plus the S4 ICS CTF, great social events, and Miami South Beach in January. Be ready to register on October 2nd to get the S4x07 price of $995 + tax (the original S4x07 price) for tickets 1-50. Check out this page for subsequent ticket prices.
We have plans for the remaining 7 sessions, including some big name keynotes, that are awaiting final confirmation. And we have 8 standby sessions identified for any that don’t happen or drop out.
We received over 100 quality session submissions. By quality I mean sessions that we would have accepted at S4 events in recent years. It is gratifying to see the industry grow and so much good work being done in multiple fields and aspects, but it lead to some tough choices. A few comments on the population of session proposals:
- The number of worthy offensive sessions was way down. Of course we got a number of “I found a vuln”, “this device is insecure by design”, and “I can modify or control the process with access to the ICS zone”. However, the number of novel and important offensive / attack sessions was smaller than in past years. It may be that it is still so easy to attack ICS that it doesn’t warrant more advanced research.
- The number of secure ICS protocols session proposals was up significantly. In recent years it was finally accepted that insecure by design is a problem and can be addressed. So we are seeing secure Modbus, secure EtherNet/IP, OPC UA trying to move into IoT, quantum key distribution and more. We had to say no to some quality ICS protocol talks to prevent the program from being too protocol heavy.
- There were many proposed sessions on lessons learned / my experience talks from highly skilled professionals and organizations. These were the hardest to decline, but unless they had experienced something new in the last 12 months or something that was contrary to conventional ICS good security practice we did not put them on the agenda. The S4 attendee we are targeting knows ICS good security practice. Although I do expect that many of the Sponsor Stage sessions will include this type of information if you are interested.
- ICS Threat Detection … loyal readers know I’ve been tracking this new and hugely competitive market with over 20 competitors. There were many proposals from detection vendors, but only 3 detection sessions were accepted in the Main Stage / Stage 2 sessions, and these were selected because they provided detail on a new detection technique or helped asset owners select a detection solution. 2 of the 7 slots we are holding are related to detection sessions we are actively pursuing. Stay tuned.
- IoT / Industrie 4.0 … one of the valid criticisms of S4x17 was it was light on IoT sessions. This was largely due to the fact that most of the submissions simply showed IoT had the same insecure by design / missing SDL issues that ICS had in the past. We hunted for important IoT talks and have 5 on the agenda this year, and are hoping to add one more.
When you look at the S4x18 agenda you can view it by stage or by topic. For example, you can quickly view all sessions for each day on “Attacks and Attackers”, “Iot/Industrie 4.0”, “Protocols”, or “Stage 2: Technical Deep Dives”. If you have any questions on the agenda or registration process contact firstname.lastname@example.org.