Welcome to the Interactive Agenda for the 2016 ICS Cyber Security Conference! (View the full ICS Cyber Security Conference website here)  This agenda is currently a work in progress, please check back often as our team is making upates DAILY. (You can register for the conference here)
Advanced Workshop [clear filter]
Monday, October 24

8:00am EDT

Automation Exploitation [8AM-5PM]

Learn how attackers reverse engineer, compromise, and backdoor, control systems.

Brought to you by the Senrio research team (formerly Xipiter) whose custom developed trainings have sold out at Blackhat five years running, this intense hands-on Automation Exploitation workshop is meant to provide an introductory basis to the unique security challenges in the world of Automation.

Participants will learn how attackers reverse engineer, tamper with,and exploit all parts of an industrial control network. Since Automotive technologies have their roots in Industrial Control and Building Automation (CAN bus) this course will also include "Car Hacking" content. Participants will learn about threats to those systems, perform hand-on attacks themselves, and learn how these insecure design patterns are found throughout the world of Automation (and automotives!).

Who Should Attend:

  • Field Service Engineers, Safety Engineers, Automation Engineers,"Makers", Tinkerers, Developers, IT Professionals, Mobile Developers, Hackers, Penetration Testers, Forensic Investigators, reverse engineers, software security auditors/analysts, software exploitation engineers, jail breakers, and anyone interested.

Student Requirements:

  • Understanding basic computing.
  • Some programming experience a plus.
What to Bring:


  • A laptop (running their favorite OS) capable of connecting to wired and wireless networks. Laptop must also have several available and operational USB Ports
  • Installed and valid VMWare workstation (with working access to USB Ports and network card bridged or NATed)
  • Three button external mouse.

avatar for Stephen A. Ridley

Stephen A. Ridley

Founder and CEO/CTO, Senrio
Stephen A. Ridley is Founder and CEO/CTO at Senrio. He has more than 10 years of experience in software development, software security, and reverse engineering. His original research on embedded device vulnerabilities has been featured on SecurityWeek, NPR, Wired and numerous other... Read More →

Monday October 24, 2016 8:00am - 5:00pm EDT
Workshop 4 (Salon 5)

8:00am EDT

Cybersecuring DoD Control Systems [8AM-5PM]
Class is limited to 40 students, additional fee required. Register to confirm a seat

This workshop is open to registrtion for all conference attendees, not just DoD employees 

Over the past several years, the nation’s communities have seen an increasing shift to “smart buildings” that use internet-enabled wireless technology to control building-related systems. Such trends also are being seen in U.S. military facilities. In early 2015, following the release of a Government Accountability Office (GAO) report that called attention to building-related cyber risks, the House Armed Services Committee approved legislative language requiring the U.S. Department of Defense (DoD) to perform a cyber-vulnerability study as part of its fiscal year 2016 defense authorization bill.
The Cybersecuring DoD Control Systems Workshop is geared to help architects, engineers, contractors, owners, facility managers, maintenance engineers, physical security specialists, information assurance professionals—essentially anyone involved with implementing cybersecurity in the facility life cycle—to learn the best practice techniques to better protect DoD facilities.
Department of Defense Instruction (DoDI) 8500.01 and DoDI 8510.01 in-corporate Platform Information Technology (PIT) and PIT systems into the Risk Management Framework (RMF) process. PIT may consist of both hard-ware and software that is physically part of, dedicated to or essential in real time to the mission performance of special-purpose systems (i.e., platforms). PIT differs from individual or stand-alone IT products in that it is integral to a specific platform type, as opposed to being used independently or to sup-port a range of capabilities (e.g., major applications, enclaves or PIT systems). A Control System (CS) is a specific type of PIT that consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an objective (e.g., transport matter or energy, or maintain a secure and comfortable work environment). 
The Cybersecuring DoD Control Systems Workshop will include hands-on classroom exercises and labs to footprint a CS as a hacker would do; use the Cyber Security Evaluation Tool (CSET) to establish a risk baseline and create a System Security Plan; and use the enterprise Mission Assurance Support System (eMASS) to load projects using the new DoDI 8510.01 RMF process. Attendees will gain in-depth experience on using the Committee on National Security Systems Instruction (CNSSI) 1253; National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 R4; NIST SP 800-82 R2; the Joint Staff Mission Assurance Vulnerability Benchmarks 2015, the J-BASICS Advanced Cybersecurity Instructions Tactics, techniques and Procedures 2016, and other key publications and tools to load and manage a pro-ject through the six steps of the RMF.

avatar for Michael Chipley

Michael Chipley

President, The PMC Group LLC
Dr. Chipley has over 30 years of consulting experience in the areas of Program and Project Management, Cybersecurity, Energy and Environmental (LEED, Energy Star, and Carbon Footprint); Critical Infrastructure Protection and Analysis; Building Information Modeling (BIM) Technology... Read More →

Monday October 24, 2016 8:00am - 5:00pm EDT
Workshop 3 (Conference B)
Filter sessions
Apply filters to sessions.