Welcome to the Interactive Agenda for the 2016 ICS Cyber Security Conference! (View the full ICS Cyber Security Conference website here)  This agenda is currently a work in progress, please check back often as our team is making upates DAILY. (You can register for the conference here)
Wednesday, October 26 • 3:30pm - 4:15pm
Know Your Industrial Networks Better Than Your Adversaries

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Results and observations from joint IT/ICS projects

The hallmark of this year’s attack on the Ukrainian power grid was the extensive reconnaissance, performed by attackers on their target’s control networks, used to maximize system disruption.  Situational awareness, incident response and recovery all depend on an accurate understanding of control system inventories, including normal process behavior.  The Ukrainian attack has led our community to a key question; do we know our industrial control networks as well as our adversaries?

Despite the emergence of technologies that monitor data flows of industrial control networks, ICS operators consistently cite inadequate real-time views to control system the topology, devices, and behavior as a fundamental obstacle to securing their operations.   Historically, gathering and maintaining this information has proven incredibly labor intensive and disruptive to economic operations of industrial operations. 

Dr. Carcano’s talk will explore case studies in which emerging technology and process-centric analytics have facilitated more automated, passive methods of inventory collection, network monitoring and characterization of normal process behavior of industrial control systems.  These emergent technologies have enabled operators to baseline normal operational processes and measure network loading.  Dr. Carcano will discuss the operational and safety benefits of automated inventory technologies such as improved visibility to misconfigurations and early detection of zero-day attacks, device failures, and other anomalies. While improving operability, these technologies also hold the promise of expedited detection of adversaries’ reconnaissance activities and improved recovery times.

avatar for Andrea Carcano

Andrea Carcano

Chief Product Officer, Nozomi Networks
Andrea Carcano received the Ph.D. degree in computer science from the University of Insubria, Italy, in February 2012. During his PhD had the chance to collaborate with international research groups and with important industries in the field of energy. From 2011 to 2013 was entitled... Read More →

Wednesday October 26, 2016 3:30pm - 4:15pm EDT
Breakout 1 (Salon 1,2,3)