Welcome to the Interactive Agenda for the 2016 ICS Cyber Security Conference! (View the full ICS Cyber Security Conference website here)  This agenda is currently a work in progress, please check back often as our team is making upates DAILY. (You can register for the conference here)
Tuesday, October 25 • 4:15pm - 5:00pm
Achieving a Cyber Security Architecture for the OT Systems of Oil & Gas, Power, Chemicals, and Other Industrial Environments

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This presentation provides a view of a target cyber security architecture made for industrial control systems – for the Operations Technology (OT) of the oil and gas, power, chemicals and other industries.

It would seem a straightforward idea. There is a cyber risk to vulnerable OT systems so why not cyber-secure the process control networks (PCNs) by integrating layered security (a defense-in- depth security architecture) in the same manner as the IT enterprise is made secure? Sounds simple. Yet a deeper understanding of the OT - the technology, business and operational requirements – makes it clear that simply adding an IT defense-in-depth security is not so straightforward. In some cases, it can even run counter to the safe operation of the plant.

There is no question that OT systems need to be hardened against cyber adversaries. The threat is real. The vulnerabilities and lack of protections against cyber attacks is alarming. Incidents are cropping up in growing numbers, ever more consequential. But the PCNs in OT systems have significant differences from IT systems. The security architecture must fit to the purpose and conditions of OT systems currently deployed in plants and remote locations - systems that are not easily replaced, enhanced or patched.

This is the challenge – to achieve a suitable security architecture for OT systems that provides needed defense-in-depth protections against cyber attacks while still meeting business requirements and safety functions.

This presentation delivers an architectural overview – first to reconcile the differences between OT operational requirements of reliable, real-time operations and safety with the cyber security requirements for identity and access control, asset management, segmentation, configuration and network management – just to name a few. Second, the presentation will discuss ways to achieve a target security architecture – one that can work within the reality of legacy (installed) PCNs with limited resource capacity constraints for computing and network flows.

How it is currently relevant to the industry: There is increasing concern within ICS industries (including Oil and Gas) about cyber threats at the same time that the industry becomes more aware of the existing exposures / vulnerabilities in its process control networks. The industry needs the right security answers – the kind that would work within a security architecture that is fit-for purpose in an OT environment with its constraints and business demands.

What objectives will be covered?

  1. Defines the challenges to implementing cyber security in an oil and gas OT environment
  2. Defines what would be the target OT-suitable (fit-for-purpose) cyber security architecture
  3. Defines a three-step progression to achieve this target security architecture within the realities of PCN system and operational constraints

Intended audience: Engineers and Architects charged with security for OT/ICS 

avatar for Carlos Solari

Carlos Solari

CIO, Mission Secure, Inc.
Carlos Solari is an internationally recognized information technology and cyber security expert. He has been involved in some of the most sensitive roles in the U.S. federal government as well as in large multinational corporations. As the former CIO of The White House, Carlos was... Read More →

Tuesday October 25, 2016 4:15pm - 5:00pm EDT
Breakout 1 (Salon 1,2,3)