Welcome to the Interactive Agenda for the 2016 ICS Cyber Security Conference! (View the full ICS Cyber Security Conference website here)  This agenda is currently a work in progress, please check back often as our team is making upates DAILY. (You can register for the conference here)
Workshop 2 (Salon 4) [clear filter]
Monday, October 24

9:00am EDT

OT Security – The Big Picture.

OT Security, Control System operation and system administration management often focuses on the technology, overlooking the people, process and politics side of the equations.  Through this presentation explore the soft underbelly of the cyber challenges in the ICS Domain.  As the former CIO of a System Integrator and Workforce Development Co-Chair for the ICSJWG Mike offers a wide angled view of why securing critical infrastructure is so difficult, and doesn’t need to be.  Creating a comparison of the contrasting view of the need from the inside of several different organizations within Critical Infrastructure Mike breaks down the difficult to talk topics about and takes an honest approach to understanding the issues. 

This discussion will shed light on how internal politics drive top down policies and ultimately fail in accomplishing anything but contradiction and conjecture.  This sets up the event horizon for loss of intellectual property through well intentioned trusted insiders, applying “best practices” that actually hurt your organization and loss production due to fear and a lack of establishing ownership to the problem. 

Security does not solve problems, it does not make money and the security paradox is that it rarely provides a more secure environment.  Lack of true situational awareness is the most dangerous part of our Nation’s infrastructure.  The problem is most people do not understand that we are missing a key data point to provide a well-rounded awareness…

Let’s explore though questioning the assumptions and talk about the tough topics.

avatar for Michael Glover

Michael Glover

Vice President of Industrial Control Systems Strategy, TDi Technologies
Michael Glover is Vice President of Industrial Control Systems Strategy at TDi Technologies and has over twenty years of information technology management and eight years of industrial control systems security leadership experience. Prior to TDi, Mr. Glover was the Managing Partner... Read More →

Monday October 24, 2016 9:00am - 9:45am EDT
Workshop 2 (Salon 4)

9:45am EDT

Improving the Industrial Cyber Security Ecosystem

The presentation will be an open and general discussion on why there is still such a reluctance at the corporate level to take responsibility for cyber-security. This talk will address topics including: 

  • Classifying attacks as “Incidents” when they are actually “Cybersecurity attacks” and the underreporting internal threats and violations of policies.
  • How vendors and cybersecurity professionals need to do a better job at educating end customers with greater details to the risks, benefits, costs associated with cybersecurity management
  • Where do we typically focus on cyber security measures and why they are not adequate? Examples of ICS cybersecurity breaches that were avoidable if ICS architecture was designed with OT policies and procedures, instead of IT.
  • Value in regional deployments for “simulated honeypots” on their own infrastructure networks to share findings

With increasing attacks on critical infrastructure networks that have become more frequent and consequential, more effective operational cyber solutions are required that aggregate, analyze and correlate various sources of data and across multiple platforms into a near-real time visualization that depicts the potential threats emerging. Organizations have to look beyond their own perimeter to collaborate and assess the impact of a cyber-attack on their corporate partners, suppliers, and vendors. With complex systems of interacting devices, networks, organizations and people to facilitate the productive sharing of information; this is quickly becoming as much of a benefit as it is a threat.

The U.S. Department of Homeland Security (DHS) has identified three core principles for developing cyber ecosystems: Automation, Interoperability and Authentication

Maintaining the integrity of the ICS requires thorough understanding of the communications standards used between all the various ICS components, so that we maintain safe and efficient operations. In this cyber-physical layer, it can be difficult to spot communications errors, cyber security threats, and poor network health problems. The symptoms are obvious; sluggish HMI updates, unexplained shutdowns, and precarious failures of ICS components. A robust and healthy OT network is key to preventing these failures. This discussion mentions the tools and techniques used by professional cyber security firms including Network Security Monitoring (NSM), Intrusion Detection Systems (IDS), and manual analysis techniques are used to find and isolate problems on OT networks before they cause harmful impacts, or worse found by your adversaries.

The take away for the attendees will be to demonstrate why all facets of the cybersecurity industry must work together to improve end customers cyber-security processes and understanding from the basic framework to how their resources and organizational structure grow over time to result in a stronger security posture. An acknowledgement from our sector that a lot still needs to be done with standards, collaboration and awareness.

This presentation will also provide end users with a roadmap to start or improve their cyber- security processes through a basic framework and how to develop their resources and organizational structure over time to result in a stronger security posture.

avatar for Anil Gosine

Anil Gosine

Anil Gosine has over 17 years of construction management, operations and engineering experience within the Industrial Sector with primary focus on Electrical, Instrumentation and Automation process issues in US, Canada and Caribbean. He has been involved in the Water/Wastewater industry... Read More →

Monday October 24, 2016 9:45am - 10:30am EDT
Workshop 2 (Salon 4)

11:00am EDT

Surprises in a Decade of Evolving SCADA Security Advice

Over the last decade, Industrial Control System Security has risen to a prominent role in our lives. Much has been said and written to offer our community guidance and structure over this time. Join us for a sometimes humorous, sometimes encouraging, and sometimes pitiful look back at some of the highlights and lowlights from SCADA Security research, advice, and regulation over the past 10 years.

avatar for Michael Firstenberg

Michael Firstenberg

Director of Industrial Security, Waterfall Security Solutions
Mike Firstenberg is the Director of Industrial Security for Waterfall Security Solutions. Mike brings almost two decades of experience in Control System Security, specializing in Control System Cyber Security. With a proven track record as a hands-on engineer - researching, designing... Read More →

Monday October 24, 2016 11:00am - 11:45am EDT
Workshop 2 (Salon 4)

11:45am EDT

Security or Communications Problems: How to tell the Difference

A significant part of implementing security is identifying that there really is a security problem. This discussion will include a discussion of Polling Strategies, and communications integrity checks that can be done online. It can trigger alarms in the SCADA system if they detect real security problems. Furthermore, it can help telecommunications staff detect performance problems earlier.

This session will use DNP3 in this example, but other protocols have similar features.

avatar for Jake Brodsky

Jake Brodsky

Control Systems Engineer, Washington Suburban Sanitary Commission (WSSC)
Having spent nearly 30 years of his Control Systems Engineering careerat the Washington Suburban Sanitary Commission, Jake Brodsky has a lotof hard won experience (making mistakes), learning to live with his creations. He has eagerly shared this experience with various standards committees... Read More →

Monday October 24, 2016 11:45am - 12:30pm EDT
Workshop 2 (Salon 4)

1:30pm EDT

Securing Connections for Industrial Control Systems

Securing OT traffic is a fundamental component of improving OT security. There is no question that OT systems need to be hardened against cyber adversaries. The threat is real and incident rates are increasing in number and severity. This presentation explains how a proposed authentication and authorization architecture secures industrial control systems by blending TLS to secure existing OT protocols, extending X.509 digital certificates with Industrial Certification Authority.

This presentation will cover the key challenges that need to be overcome in order to introduce a digital certificate-based industrial authentication authorization concept, as well as a proposal for a secure Modbus protocol.

What will be covered?

  1. The challenges to implementing security for OT-specific protocols; an overall authentication authorization architecture for protocols and devices
  2. How to implement a role-based access control system that does not require a centralized server to be online for communication

Intended audience: General public in charge of cybersecurity for OT/ICS 

avatar for Evgeny Bugrov

Evgeny Bugrov

Lead Cyber Security Architect, Schneider Electric

Monday October 24, 2016 1:30pm - 2:15pm EDT
Workshop 2 (Salon 4)

2:15pm EDT

Critical Infrastructure Attacks | Preventing the Kill Chain in Industrial Control Systems

Industrial Control Systems are surrounding every aspect of our life. Our water or electric supply are fully dependent on reliable operation of those systems. The same goes for our medicine production or a chemical facilities. 

Are those systems fully secured? Is your OT network immune against cyber-attacks?

Stay one step ahead of the threat actors by learning from the experience of your sector counterparts. In this interactive discussion explore: how to segment, secure and prevent various attack vectors on your OT networks. The conversation will examine  using most advanced discovery and detection techniques.

avatar for Mati Epstein

Mati Epstein

Global Sales Manager, Industrial Control Systems (ICS), Check Point Software Technologies
Mati Epstein is the Global Sales Manager of Security solutions for Industrial Control Systems and Critical Infrastructure in Check Points’ Government and Defense sectors division. With over 20 years’ experience in sales and business development positions in the areas of communication... Read More →

Monday October 24, 2016 2:15pm - 3:00pm EDT
Workshop 2 (Salon 4)

3:30pm EDT

Understanding the Role of Privilege in ICS Cyberattacks

The Industrial Control System – Cyber Emergency Response Team (ICS-CERT) has highlighted the increased frequency of attempted attacks against Industrial Control Systems (ICS). According to a DHS/FBI/NSA joint publication “Seven Steps to Effectively Defend Industrial Control Systems,” of the 295 breaches reported in the previous year, 98 percent could have been prevented if certain basic security protocols had been in place.

As evidenced by the Ukraine Power Grid Attack and other recent breaches, privileged accounts are on the attackers critical path to success 100% of the time in every attack. Let’s elevate the conversation and talk about how this attack vector is taking the industrial world by surprise. In this session, Alex Leemon will present the case studies of two companies that have put in place proactive controls to safeguard industrial control systems from malicious insiders or external threats by implementing privileged account security controls as recommended by the DHS/FBI/NSA publication.

Attendees will also learn how to mitigate the risks associated with the increased connectivity between IT and OT through the implementation of controls that can be used to isolate, control and monitor interactive remote access sessions which connect to ICS.

With cyber-attacks posing an increasing threat to critical infrastructure, a change of mindset is needed – one that presumes an attacker will inevitably infiltrate the network. It only takes one vulnerable system to be exploited for an attacker to cause significant damage that could compromise system performance and even their operation. It is therefore essential that industrial organizations proactively safeguard their systems with a practical set of steps that includes securing all privileged accounts existing in their networks.

Learning Objectives:

In this session, attendees will learn how organizations have applied the steps recommended by the DHS/FBI/NSA publication to safeguard industrial control systems. Attendees will learn how to lock up the “keys to the kingdom” through the implementation of a privileged account security solution while safeguarding critical assets from potentially malicious activity.

Attendees will also learn how to:

  • Reduce the attack surface area
  • Help prevent the spread of malware to critical systems
  • Implement Secure Remote Access
  • Monitor and  Respond

avatar for Yariv Lechner

Yariv Lechner

Senior Product Manager, Operational Technologies (OT), CyberArk
Yariv Lenchner is the Senior Product Manager, Operational Technologies (OT), for CyberArk Software. Over the past 15 years he has served in various product marketing, product management and system engineering capacities in the fields of Security, VoIP, IP networking and enterprise... Read More →

Monday October 24, 2016 3:30pm - 4:15pm EDT
Workshop 2 (Salon 4)
Filter sessions
Apply filters to sessions.