OWASP AppSec USA 2013

Researchers and practitioners have not historically addressed sufficiently the fact that software engineers responsible for IT systems have very different approaches from those who design and build industrial control systems. When Web-facing and distributed information systems are interconnected with legacy industrial control systems, which usually do not include effective security requirements, two major issues arise: one is the possibility of someone gaining access to control systems via Web applications and public networks, and the other is the potential for the transfer of fallacious information from the control systems to the information systems, as ostensibly occurred with Stuxnet. In this presentation we take a new approach to processes and technologies for mitigating the threats and hazards that impinge on, or result from, systems such as the smart grid. The presentation is based in part on the author's book Engineering Safe and Secure Software Systems (Artech House, 2012).