Digital Instrumentation and Control (I&C) and cyber-physical systems are becoming more prevalent in modern information system landscapes. Along with the many benefits of digital I&C systems, challenges arise that stem from the delta in maturity between modern information systems and I&C systems.
This presentation covers the intricacies and effects of securing digital instrumentation and control systems. David Spehar and David Altman from Westinghouse will discuss the application of security controls to industrial systems, challenges presented by common and proprietary protocols, indicators of compromise, and culture management for industrial scenarios.
David Spehar currently serves as a Senior Information Engineer at Westinghouse Electric Company advancing cyber security for Westinghouse and our nuclear power customers. In his current role he is responsible for performing all functions required supporting day-to-day data security operations, supporting and maintaining a broad suite of information security infrastructure, accountable for security and networking infrastructure component availability and integrity, and monitoring compliance with IT. He performs various security-engineering roles with a focus on engineering administration of various appliances, migrating current on premise cyber security appliances to the cloud, and aids in the design and development of new cyber security projects.
Upon joining Westinghouse in 2016 he was responsible for the design and review of Westinghouse’s cyber security systems; configuration, testing and implementation of cyber security systems for various global nuclear power plants; he also designed and reviewed network architecture. Prior to joining Westinghouse, he served as a Security Analyst at NTT Security, Inc. David began his career and as a Cyber Security Analyst at Mine Safety Appliances, Inc.
David joined Westinghouse in August 2016. He earned a Bachelor’s of Science in Information Technology from Excelsior College of Albany, New York, specializing in Cybersecurity. He holds several certifications that include:
● SANS GIAC Certified Intrusion Analyst (GCIA)
● SANS GIAC Certified Incident Handler (GCIH)
● SANS GIAC Security Essentials (GSEC)
● ISC2 Systems Security Certified Practitioner
● CompTIA Security+