Loading…
Industrial 4.0 IOT/OT Security, Threat Detection and Mitigating Cyber Impact on Safety Systems

Log in to bookmark your favorites and sync them to your phone or calendar.

Presentation [clear filter]
Tuesday, September 18
 

10:00am

Keynote Presentation: Consequence-driven Engineering for Critical Systems
It won’t come as a surprise to anyone in the room that if you are attempting to secure your systems by maintaining good cyber-hygiene alone you are fighting a losing battle. The rise and continued evolution of the industrial internet of things along with a growing overt threat to connected critical infrastructure from top tier, sophisticated attackers, calls for new approaches to security that take into account increased attack and response surfaces and throw out any notion of being able to simply isolate the network.
One approach is to accept that an attacker may get in, but to engineer resiliency into your systems, arming users with the strength in depth needed to detect and respond to any type of attack. Consequence-driven engineering (CDE) has gained traction as a way of providing organisations with the steps needed to identify high-consequence risk within ICS of critical infrastructure, to engineer out cyber risk from the things that must not fail and to stop potentially catastrophic attacks in their tracks.
  • Identify devices and components that facilitate risk, determine critical functions and high-consequence events then prioritise what cannot fail based on the consequences
  • Think like an attacker to illuminate specific, detailed attack paths, access, information and action to have an effect and highlight system vulnerabilities in networks and the supply chain
  • Engineer out the prioritised cyber-risk with controls, tripwires, mitigations and backstops to interrupt high-consequence risk
  • The importance of collective resilience, collaboration and information sharing to combat high-consequence risk across the supply chain

Speakers
avatar for Zach Tudor

Zach Tudor

Associate Laboratory Director, National and Homeland Security, Idaho National Laboratory
Mr Tudor is responsible for Idaho National Laboratory’s (INL) National and Homeland Security (N&HS) mission. N&HS is a major center for national security technology development and demonstration, employing 500 scientists and engineers across $300M in programs at the lab. He is responsiblefor... Read More →


Tuesday September 18, 2018 10:00am - 10:30am
Citizen Hotel 926 J Street Sacramento, California 95814

10:30am

Networking Break
Tuesday September 18, 2018 10:30am - 11:00am
Citizen Hotel 926 J Street Sacramento, California 95814

11:00am

Understanding and Responding to the Global Threat Landscape
  • What characterises threat actors and their motives?
  • What strategies can be employed to effectively detect and respond to their attacks?
  • How can we move beyond signature-based detection and blocking known threat?

Speakers
avatar for John Bryk

John Bryk

Cyber and Physical Threat Intelligence Analyst, Downstream Natural Gas-ISAC
John Bryk (pronounced BRICK) retired as a colonel from the United States Air Force after a 30-year career, with early assignments that included Intercontinental Ballistic Missile Combat Crew Commander, and launching the Space Shuttle and unmanned rockets.  As a senior officer, he... Read More →


Tuesday September 18, 2018 11:00am - 11:30am
Citizen Hotel 926 J Street Sacramento, California 95814

11:30am

Getting a grip on Tactics, Techniques and Procedures (TTPs)
To effectively plan an incident response strategy, it is essential to know how attacks happen, how to know that you are being attacked and how to act when you realise you are. This presentation will highlight specific paths used to attack ICS, vulnerabilities that can be exploited and methods of remediation referencing some of the TTPs Dragos has seen threat actors use in the wild.

Speakers
avatar for Daniel Michaud-Soucy

Daniel Michaud-Soucy

Principal Threat Analyst, Dragos, Inc
Daniel Michaud-Soucy is a Principal Threat Analyst, Threat Operations Center at the industrial cyber security company Dragos, Inc.. Daniel is focusing on threat hunting and assessment services within a variety of industrial environments. As well, Daniel conducts research on a variety... Read More →


Tuesday September 18, 2018 11:30am - 12:00pm
Citizen Hotel 926 J Street Sacramento, California 95814

12:00pm

Vulnerability Assessments for Operational Technology
  • Learn about core components for a vulnerability assessment for industrial control systems.
  • Learn why asset and configuration change management are crucial to a vulnerability assessment in an OT environment.
  • It is very likely that one tool will not solve your Cybersecurity concerns.

Speakers
avatar for Karl Perman

Karl Perman

Cyber and Physical Security/Critical Infrastructure Protection SME, Energy Sector Security Consortium
Karl Perman serves as a management consultant to the critical infrastructure sector. As a former law enforcement officer and well-respected security professional, Mr. Perman brings over 30-years of critical infrastructure, business protection, compliance, risk management and law enforcement... Read More →


Tuesday September 18, 2018 12:00pm - 12:30pm
Citizen Hotel 926 J Street Sacramento, California 95814

12:30pm

Detecting Industrial Network Anomalies without the Risk of Disruption
Many asset owners have seen firsthand that becoming proactive about cyber protection for industrial systems in their plants is becoming a requirement. Yet at the same time, production processes cannot be disrupted, even for reducing cybersecurity risk in some cases. Key security controls that can address high risk areas such as secure remote access for employees and third party vendors/supply chain partners, and continuous monitoring of plant assets for threats and vulnerabilities are essential to deter cyber threats which can disrupt process controls and production.

In this session, Dave Weinstein, Claroty VP of Threat Research shares use cases from the field that demonstrate “zero-impact” deep packet inspection to precisely profile and dissect communications between assets in complex and sensitive industrial networks which can often indicate hidden cyber risks.

These passive techniques can identify misconfigurations, vulnerabilities, and anomalies plus provide operational security gaps and context so that plants can now have visibility into what’s happening and what to do about it without downtime, manual labor or having to become industrial cybersecurity experts overnight.


Speakers
avatar for Dave Weinstein

Dave Weinstein

VP of Threat Research, Claroty
Dave Weinstein is the VP of Threat Research at Claroty. Prior to joining Claroty, Dave was the Chief Technology Officer of New Jersey. He began his career as an operations planner at U.S. Cyber Command, where he served for three years. Dave holds a Bachelor's degree from Johns Hopkins... Read More →


Tuesday September 18, 2018 12:30pm - 1:00pm
Citizen Hotel 926 J Street Sacramento, California 95814

2:00pm

The path to Implementing Anomaly Detection
  • How did we come to a decision to implement specific anomaly detection solutions?
  • Developing a thorough understanding of your asset and commensurate monitoring requirements
  • Implementation challenges  and solutions
  • What impact has non-intrusive monitoring and detection had on efficiency?

Speakers
avatar for Tim Sanguinetti

Tim Sanguinetti

Industrial Control Systems Cyber Security, Northern California Power Agency

Panellist
avatar for Andrea Carcano

Andrea Carcano

CPO and Co-founder, Nozomi Networks
Andrea Carcano is an expert in industrial network security, artificial intelligence and machine learning, and has published a number of academic papers on the subject. His passion for cybersecurity and solving the unique challenges around ICS became the focus of his PhD in Comp... Read More →


Tuesday September 18, 2018 2:00pm - 2:30pm
Citizen Hotel 926 J Street Sacramento, California 95814

3:00pm

Information Sharing Vs Intelligence Sharing
  • Differentiating between "information sharing" and "intelligence sharing." 
  • How to create effective intelligence requirements and why they're important.

Speakers
avatar for John Bryk

John Bryk

Cyber and Physical Threat Intelligence Analyst, Downstream Natural Gas-ISAC
John Bryk (pronounced BRICK) retired as a colonel from the United States Air Force after a 30-year career, with early assignments that included Intercontinental Ballistic Missile Combat Crew Commander, and launching the Space Shuttle and unmanned rockets.  As a senior officer, he... Read More →


Tuesday September 18, 2018 3:00pm - 3:30pm
Citizen Hotel 926 J Street Sacramento, California 95814

4:00pm

Demonstrating Level 0 and 1 device Vulnerability
We don’t need to look very hard to find recent reminders of either the fact that ICS have become a prime target and the sophistication of those who seek to attack them. We now face threat actors developing means of attacking specific components that are all but ubiquitous across connected ICS in certain critical infrastructure. Many level 0 and 1 devices are designed to allow two-way data exchange with SCADA or cloud systems. Recent attacks have demonstrated how vulnerabilities could be exploited to send false information to operators or directly manipulate processes leading to loss of safety, economic loss and possibly cause catastrophic damage. This presentation will highlight current vulnerabilities in OT devices and demonstrate the ways in which they could be exploited by an attacker.
  • Examples of key OT vulnerability and demonstration of potential attack paths
  • Why context matters – Identifying IoT devices, the applications they support and how they could be vulnerable to understand the severity of the risk
  • How anomaly detection in raw process data could provide an additional layer of security

Speakers
avatar for Andy Kling

Andy Kling

Director of Cyber Security and Architecture, Schneider Electric
Andy has over thirty-five years of software development experience. He has worked in the Industrial Control Systems (ICS) development organization at Schneider Electric since 2001. Andy has ushered the Schneider Electric Process Automation Development team to the first in the world... Read More →


Tuesday September 18, 2018 4:00pm - 4:30pm
Citizen Hotel 926 J Street Sacramento, California 95814
 
Wednesday, September 19
 

9:10am

Industrial Control System Security- Enabling Business with Digital Infrastructure
The World is Changing for Industrial Enterprises
There Will Be Winners and Losers
Cryptographic Zoning
ISA99 Architecture
Plan to Embrace ---Digital Innovation

Speakers
avatar for Chris Blask

Chris Blask

Director, Industrial Control Systems Security at Unisys, Chair US ICS ISAC, Unisys
Chris Blask has been involved in the industrial control system and information security industries for more than twenty five years.Mr. Blask’s career spans the breadth of the cybersecurity spectrum. He invented one of the first commercial firewall products, built a multi-billion... Read More →


Wednesday September 19, 2018 9:10am - 9:40am
Citizen Hotel 926 J Street Sacramento, California 95814

9:40am

Leveraging the Virtual Power Grid Testbed to Develop Cyber Resilience Strategy
·        How can we help develop new resilience models and drive innovation?
·        Better understanding systems vulnerability without affecting safety or availability
·        Bridging gaps in workforce ICS cyber capability
·        What role does the testbed play in assurance activities?

Speakers
avatar for Tim Yardley

Tim Yardley

Senior Associate Director of Technology and Workforce Development, Information Trust Institute, Information Trust Institute at Illinois
Tim Yardley is the Senior Associate Director of Technology and Workforce Development and a Senior Researcher at the Information Trust Institute at the University of Illinois Urbana-Champaign. His primary duties focus on defining the vision and direction for applied research through... Read More →


Wednesday September 19, 2018 9:40am - 10:10am
Citizen Hotel 926 J Street Sacramento, California 95814

10:10am

Case Study: Using the few to Attack the Many – Lessons Learned from Recent Attacks
  • How are attackers increasingly able to leverage weaknesses in 3rd party products and services to launch attacks on the many using the few
  • What characterises Advanced Persistent Threat actors, their capabilities and techniques?
  • How did the sector co-ordinate a thorough response and what lessons have been learned?

Speakers
avatar for Andy Bochman

Andy Bochman

Sr. Cyber and Energy Security Strategist, Idaho National Laboratory
Provides strategic guidance to senior USG and industry leaders on topics at the intersection of grid and critical infrastructure modernization and security. Previously was Global Energy & Utilities Security Lead at IBM and Senior Adviser at the Chertoff Group in Washington, DC. A... Read More →


Wednesday September 19, 2018 10:10am - 10:40am
Citizen Hotel 926 J Street Sacramento, California 95814

11:10am

Cyber Incident Response and Communication Planning
While much can be learned during a response to a significant Cyber incident, proper preparation in advance of an incident can lead to a more effective response effort.  The execution of a meaningful table top exercise can identify the players and their associated actions most effective in resolution as well as to develop effective communication strategies necessary to appropriately engage the broader organization in the response effort.  Furthermore, the possible impacts can be better understood across the organization and suitable protections can often be identified to improve the possibility of avoiding the necessity for a response.
  • What has been learned through our experiences in Cyber Incident Response?
  •  Exercises involving diverse cross-functional teams referencing Cyber Storm VI, conducted through the DHS
  • Achieving preparedness, with communications (conventional as well as progressive)  
  • The implications of the NIST CyberSecurity Framework. 

Speakers
avatar for Randy Woods

Randy Woods

Senior Manufacturing CyberSecurity Specialist, The Dow Chemical Company
Randy has over 30 years of experience in networks, industrial control systems, and Cyber Security.  With corporate computer networking on a local and global basis as the launch point of Randy’s career at The Dow Chemical Company in 1985, Cyber Security has been a career long study... Read More →


Wednesday September 19, 2018 11:10am - 11:40am
Citizen Hotel 926 J Street Sacramento, California 95814

11:40am

Results from Analyzing Real-World ICS Malware in an ICS Network Sandbox
TRITON and CrashOverride showed us the potential of autonomous, purpose-built malware that enumerates and subsequently hijacks ICS devices using their native protocols. What if we could detonate ICS-specific malware in an "ICS Network Sandbox" that detects and analyzes purpose-built ICS malware before it even gets deployed? Current malware sandboxing technologies are designed for IT protocols and devices rather than OT protocols and devices; as a result, ICS-specific malware such as TRITON is undetected because IT malware sandboxes are unable to flag ICS-specific activities such as OPC scanning, overwriting of PLC configuration files, calls to ICS-specific libraries and ports, etc. CyberX's research team has built ICS-aware malware analysis sandbox that simulates a complete ICS execution environment in a virtual or offline state, and also instruments the execution environment to detect ICS-specific behavior. During this session, we'll describe the results of analyzing known ICS malware (Stuxnet, Industroyer, TRITON)  in the sandbox as well as data we've collected about the prevalence of ICS-specific malware "in the wild." Attendees will learn about ICS malware characteristics and ICS attack vectors so they can be better prepared to detect and respond to ICS security incidents in the future.

Speakers
avatar for Daniel Shugrue

Daniel Shugrue

Senior Director, Industrial Cybersecurity, CyberX


Wednesday September 19, 2018 11:40am - 12:10pm
Citizen Hotel 926 J Street Sacramento, California 95814

12:10pm

Developing a Common Language for IACS Cybersecurity Harmonization with ISA/IEC 62443
An overview of the ISA/IEC 62443 family of standards
Understanding the IACS life-cycle context to clearly define the responsibilities of product suppliers, systems integrators and asset owners
Establishing commonality of vocabulary, concepts and models to facilitate meaningful conversation

Speakers
avatar for Andre Ristaino

Andre Ristaino

Managing Director, ISCI
Andre Ristaino is the Managing Director of the ISA Automation Standards Compliance Institute (ASCI) based in Research Triangle Park, N.C. He provides staff leadership for ISA’s conformance certification programs, including the ISASecure IACS certification program managed under the... Read More →


Wednesday September 19, 2018 12:10pm - 12:40pm
Citizen Hotel 926 J Street Sacramento, California 95814

1:40pm

Cybersecurity & a Risk Based, Value Adding Approach
·      Cyber threat is a worldwide phenomenon that crosses national, regional and international borders. 
Cybersecurity therefore requires an integrated approach at all of these levels.
·      The cyber threat to technical systems is wide ranging.
The cybersecurity response needs to be system-wide.
·      Each technical system is different but all technical systems are greatly similar.
·      Understanding the system, identifying the high value and high vulnerable points, and implementing the appropriate level of response, is key to an efficient and cost effective cybersecurity solution.


Speakers
avatar for David Hanlon

David Hanlon

Secretary of the IEC Conformity Assessment Board, IEC
In his current role as Secretary of the IEC Conformity Assessment Board, based in Geneva Switzerland, David liaises with many international organizations and presents at international events on various topics including cybersecurity. David holds a Bachelor in Electrical Engineering from... Read More →


Wednesday September 19, 2018 1:40pm - 2:00pm
Citizen Hotel 926 J Street Sacramento, California 95814

2:00pm

Standards-based Cyber Security Seat Belts
  • Seat belt analogy description: seat belts= security capabilities/mechanisms, seat belt adoption=security adoption
  • Summary of security capability standards: secure product development processes, product security capabilities, secure installation and maintenance, secure operation
  • Overview of each of these standards
  • Certification to these standards
  • Conclusion: Standards provide roadmap to secure systems, certification provides assurance of proper implementation, and seat belt analogy tells us that as vendors add security to their products, end-users need to begin a long term program for adopting them. Failure to do so will result in regulation and increase the potential for successful attacks



Speakers
avatar for Lee Neitzel

Lee Neitzel

Cyber Security Consultant, IEC
Lee Neitzel is a cyber security consultant who has been involved in security and network standards for more than 30 years. He is currently the convenor of the working groups that are developing the IEC 62443 security standards and their associated conformance assessment programs within... Read More →


Wednesday September 19, 2018 2:00pm - 2:20pm
Citizen Hotel 926 J Street Sacramento, California 95814

4:30pm

Working Group Presentations and Wash Up
Speakers
avatar for John Bryk

John Bryk

Cyber and Physical Threat Intelligence Analyst, Downstream Natural Gas-ISAC
John Bryk (pronounced BRICK) retired as a colonel from the United States Air Force after a 30-year career, with early assignments that included Intercontinental Ballistic Missile Combat Crew Commander, and launching the Space Shuttle and unmanned rockets.  As a senior officer, he... Read More →
avatar for David Hanlon

David Hanlon

Secretary of the IEC Conformity Assessment Board, IEC
In his current role as Secretary of the IEC Conformity Assessment Board, based in Geneva Switzerland, David liaises with many international organizations and presents at international events on various topics including cybersecurity. David holds a Bachelor in Electrical Engineering from... Read More →
avatar for Lee Neitzel

Lee Neitzel

Cyber Security Consultant, IEC
Lee Neitzel is a cyber security consultant who has been involved in security and network standards for more than 30 years. He is currently the convenor of the working groups that are developing the IEC 62443 security standards and their associated conformance assessment programs within... Read More →
avatar for Andre Ristaino

Andre Ristaino

Managing Director, ISCI
Andre Ristaino is the Managing Director of the ISA Automation Standards Compliance Institute (ASCI) based in Research Triangle Park, N.C. He provides staff leadership for ISA’s conformance certification programs, including the ISASecure IACS certification program managed under the... Read More →
avatar for Tim Yardley

Tim Yardley

Senior Associate Director of Technology and Workforce Development, Information Trust Institute, Information Trust Institute at Illinois
Tim Yardley is the Senior Associate Director of Technology and Workforce Development and a Senior Researcher at the Information Trust Institute at the University of Illinois Urbana-Champaign. His primary duties focus on defining the vision and direction for applied research through... Read More →


Wednesday September 19, 2018 4:30pm - 5:00pm
Citizen Hotel 926 J Street Sacramento, California 95814
 

Twitter Feed