CISA ICSJWG Event – A Lot to Look Forward To

Picture of Waterfall team

Waterfall team

The first face-to-face CISA / JCDC ICSJWG event is running in Salt Lake City May 9-11. I am a big fan of the event and I recommend it highly to everyone who can attend. In short:

  • There is no charge to attend, and as long as the room block lasts,
  • the hotel is cheap,
  • The cross-industry steering committee ensures that no one person’s or group’s perspectives control the agenda,
  • The attendees are a who’s who of industrial / OT cybersecurity, and they attend as much for the networking as for the agenda, and
  • Waterfall is again arranging a Tuesday night mingle to encourage said networking, since the government agency running the event is not able to buy us free beer, no matter how much they think it might further the nation’s cause.

And I am very pleased to announce that this year one of my speaking proposals was selected to contribute to the agenda. Greg Hale and I will be releasing our joint 2023 threat report at the meeting.

ICSJWG – A Bit of History

I have been a fan of the ICSJWG event ever since I first attended over ten years ago. Historically, the event would run face-to-face in a different city almost every time, twice a year – once in the spring and once in the fall. Attendance at the event in recent years was around 175-225 people, though this time with the first post-pandemic ICSJWG, I think we will see closer to 300. Attendees are a mix of government representatives, product and service vendors, people from education, and of course end users – representatives of owners and operators from a very wide range of industries. Owners and operators in my experience are maybe 40-50% of attendees. And while this is nominally a national event, we do tend to see a few more people from the local community – because the event is so easy to get to for them – and we always see people flying in from out of country and overseas (I’m flying in from Canada and my boss is flying in from Israel).

In the early days of industrial security, the ICSJWG and the then ICS-CERT were very influential. They ran this conference – which was maybe the second-biggest industrial security conference in the world, behind the Industrial Control System Security conference that Joe Weiss ran (now owned and operated by SecurityWeek). And certainly, the ICSJWG was the biggest free conference, which was important to me as an independent consultant during the few months I spent between my Industrial Defender and Waterfall Security engagements. That said, the ICSJWG event was not the first government event for industrial security – there was a predecessor, but I never attended any of those events, my apologies. I’ve forgotten even what that event’s name was.

ICSJWG Virtual During the Pandemic
ICSJWG Virtual During the Pandemic

And during the pandemic like so many other meetings, the ICSJWG events went virtual. They were much better than nothing, but not the same experience as the face-to-face events. I’m very happy to see the event face-to-face again.

Speakers & Content

Speakers at the ICSJWG have historically been from a mix of public sector, private sector, academics and vendors. Historically, over one half of these presentations were chosen as part of a competitive call-for-proposals process. A steering committee reviews submitted speaking proposals and chooses the ones they think would be most useful to attendees. The committee includes a wide cross-section of end users, vendors, academics, US and allied government representatives, and others. The beautiful thing here is that there is no one perspective or bias that colors the agenda. And – the committee is tasked with selecting the topics that they believe industry and the nation most need, not the topics likely to attract the most people and bring the most profit to the conference organizers.

Now – I have not seen this year’s agenda, but I look forward to, most likely, CISA, JCDC and ICSJWG government representatives talking about government strategies, funding, programs, and tools that are available to industry. I look forward to end users standing up and talking about what they’re doing, what they’ve learned doing it, or about what they think entire industries should be doing going forward. I look forward to vendors telling us what they’ve learned recently. Note: vendors are carefully selected to avoid sales pitches – this is not the first time the members of the steering committee have interacted with vendors. And we often see a few academic presentations mixed in – not the peer reviewed kind, but presentations from researchers who have been working closely with industry on different kinds of very applied research projects.

Networking Opportunities and the Waterfall Mingle

Most years, the opening session starts with the question, “A show of hands please, for which of us here is this our first ICSJWG meeting?” Historically, maybe 60-70% of attendees were first-timers, with the rest being old-timers I guess. And in my experience of the event, pretty much everyone is willing to talk, willing to share what they’re doing and what they’re learning, and interested to learn what others are up to. For the old hands like me, I look forward to the chance to re-connect with people I have not seen for years. I also look forward to meeting face-to-face many of the new faces in CISA, JCDC, the ICSJWG and even other bodies like NIST and Mitre that I have been interacting with only remotely for these last many years.

And to grease the wheels of networking just a bit, Waterfall Security is again organizing a mingle the evening of the first day of the conference, Tuesday May 9. All ICSJWG attendees and their partners / significant others are invited to attend. This year’s mingle is at the Marriott a block away from the venue (the Radisson), because the Radisson was booked solid for the size of room that we needed on the Tuesday night, sorry.

At the mingle we will have appetizers, beer & wine available. If you can attend, I encourage you to drop by, grab a snack and a drink, and say hello to someone you know, or don’t know. Ask them what they thought of the conference thus far. Ask them what projects they’ve been working on lately or are looking forward to starting. Ask them what they learned lately that they thought was interesting. I know when I started to attend these events, I had no idea how to mingle / network. But it’s not rocket science – start by asking questions and people will talk to you.

ICSJWG Make a Croissant not a Donut
Make A Croissant, Not A Donut

Pro tip: when you talk to people at the mingle or even in the hallway at the event, make a croissant, not a donut. As Kate Jones points out, a donut is a circle – closed. Don’t face straight into the person or group you’re talking to – twist your shoulder away and welcome new people into the conversation. There’s little more annoying at a mingle than coming back from the bar with a fresh beer only to find everyone in the room jammed shoulder to shoulder into circles that you have to elbow your way into, if you want to join a conversation.

And, legal disclaimer: Neither CISA, JCDC, the ICSJWG nor any other government or agency is associated with, nor endorses the Tuesday night mingle, nor any of the vendors involved in organizing that event.

That said, I do hope government representatives can join us at the mingle. Government, industry, vendors, academics and others need to coordinate our efforts and we need to learn from each other – informal events like the mingle can help enormously with relationship building. 


Stay up to date

Subscribe to our blog and receive insights straight to your inbox