2016 ICS Cyber Security Conference

OT Security, Control System operation and system administration management often focuses on the technology, overlooking the people, process and politics side of the equations.  Through this presentation explore the soft underbelly of the cyber challenges in the ICS Domain.  As the former CIO of a System Integrator and Workforce Development Co-Chair for the ICSJWG Mike offers a wide angled view of why securing critical infrastructure is so difficult, and doesn’t need to be.  Creating a comparison of the contrasting view of the need from the inside of several different organizations within Critical Infrastructure Mike breaks down the difficult to talk topics about and takes an honest approach to understanding the issues. 

This discussion will shed light on how internal politics drive top down policies and ultimately fail in accomplishing anything but contradiction and conjecture.  This sets up the event horizon for loss of intellectual property through well intentioned trusted insiders, applying “best practices” that actually hurt your organization and loss production due to fear and a lack of establishing ownership to the problem. 

Security does not solve problems, it does not make money and the security paradox is that it rarely provides a more secure environment.  Lack of true situational awareness is the most dangerous part of our Nation’s infrastructure.  The problem is most people do not understand that we are missing a key data point to provide a well-rounded awareness…

Let’s explore though questioning the assumptions and talk about the tough topics.

The presentation will be an open and general discussion on why there is still such a reluctance at the corporate level to take responsibility for cyber-security. This talk will address topics including: 

• Classifying attacks as “Incidents” when they are actually “Cybersecurity attacks” and the underreporting internal threats and violations of policies.
• How vendors and cybersecurity professionals need to do a better job at educating end customers with greater details to the risks, benefits, costs associated with cybersecurity management
• Where do we typically focus on cyber security measures and why they are not adequate? Examples of ICS cybersecurity breaches that were avoidable if ICS architecture was designed with OT policies and procedures, instead of IT.
• Value in regional deployments for “simulated honeypots” on their own infrastructure networks to share findings

With increasing attacks on critical infrastructure networks that have become more frequent and consequential, more effective operational cyber solutions are required that aggregate, analyze and correlate various sources of data and across multiple platforms into a near-real time visualization that depicts the potential threats emerging. Organizations have to look beyond their own perimeter to collaborate and assess the impact of a cyber-attack on their corporate partners, suppliers, and vendors. With complex systems of interacting devices, networks, organizations and people to facilitate the productive sharing of information; this is quickly becoming as much of a benefit as it is a threat.

The U.S. Department of Homeland Security (DHS) has identified three core principles for developing cyber ecosystems: Automation, Interoperability and Authentication

Maintaining the integrity of the ICS requires thorough understanding of the communications standards used between all the various ICS components, so that we maintain safe and efficient operations. In this cyber-physical layer, it can be difficult to spot communications errors, cyber security threats, and poor network health problems. The symptoms are obvious; sluggish HMI updates, unexplained shutdowns, and precarious failures of ICS components. A robust and healthy OT network is key to preventing these failures. This discussion mentions the tools and techniques used by professional cyber security firms including Network Security Monitoring (NSM), Intrusion Detection Systems (IDS), and manual analysis techniques are used to find and isolate problems on OT networks before they cause harmful impacts, or worse found by your adversaries.

The take away for the attendees will be to demonstrate why all facets of the cybersecurity industry must work together to improve end customers cyber-security processes and understanding from the basic framework to how their resources and organizational structure grow over time to result in a stronger security posture. An acknowledgement from our sector that a lot still needs to be done with standards, collaboration and awareness.

This presentation will also provide end users with a roadmap to start or improve their cyber- security processes through a basic framework and how to develop their resources and organizational structure over time to result in a stronger security posture.

Over the last decade, Industrial Control System Security has risen to a prominent role in our lives. Much has been said and written to offer our community guidance and structure over this time. Join us for a sometimes humorous, sometimes encouraging, and sometimes pitiful look back at some of the highlights and lowlights from SCADA Security research, advice, and regulation over the past 10 years.

A significant part of implementing security is identifying that there really is a security problem. This discussion will include a discussion of Polling Strategies, and communications integrity checks that can be done online. It can trigger alarms in the SCADA system if they detect real security problems. Furthermore, it can help telecommunications staff detect performance problems earlier.

This session will use DNP3 in this example, but other protocols have similar features.

Securing OT traffic is a fundamental component of improving OT security. There is no question that OT systems need to be hardened against cyber adversaries. The threat is real and incident rates are increasing in number and severity. This presentation explains how a proposed authentication and authorization architecture secures industrial control systems by blending TLS to secure existing OT protocols, extending X.509 digital certificates with Industrial Certification Authority.

This presentation will cover the key challenges that need to be overcome in order to introduce a digital certificate-based industrial authentication authorization concept, as well as a proposal for a secure Modbus protocol.

What will be covered?

1. The challenges to implementing security for OT-specific protocols; an overall authentication authorization architecture for protocols and devices
2. How to implement a role-based access control system that does not require a centralized server to be online for communication

Intended audience: General public in charge of cybersecurity for OT/ICS 

Industrial Control Systems are surrounding every aspect of our life. Our water or electric supply are fully dependent on reliable operation of those systems. The same goes for our medicine production or a chemical facilities. 

Are those systems fully secured? Is your OT network immune against cyber-attacks?

Stay one step ahead of the threat actors by learning from the experience of your sector counterparts. In this interactive discussion explore: how to segment, secure and prevent various attack vectors on your OT networks. The conversation will examine  using most advanced discovery and detection techniques.

The Industrial Control System – Cyber Emergency Response Team (ICS-CERT) has highlighted the increased frequency of attempted attacks against Industrial Control Systems (ICS). According to a DHS/FBI/NSA joint publication “Seven Steps to Effectively Defend Industrial Control Systems,” of the 295 breaches reported in the previous year, 98 percent could have been prevented if certain basic security protocols had been in place.

As evidenced by the Ukraine Power Grid Attack and other recent breaches, privileged accounts are on the attackers critical path to success 100% of the time in every attack. Let’s elevate the conversation and talk about how this attack vector is taking the industrial world by surprise. In this session, Alex Leemon will present the case studies of two companies that have put in place proactive controls to safeguard industrial control systems from malicious insiders or external threats by implementing privileged account security controls as recommended by the DHS/FBI/NSA publication.

Attendees will also learn how to mitigate the risks associated with the increased connectivity between IT and OT through the implementation of controls that can be used to isolate, control and monitor interactive remote access sessions which connect to ICS.

With cyber-attacks posing an increasing threat to critical infrastructure, a change of mindset is needed – one that presumes an attacker will inevitably infiltrate the network. It only takes one vulnerable system to be exploited for an attacker to cause significant damage that could compromise system performance and even their operation. It is therefore essential that industrial organizations proactively safeguard their systems with a practical set of steps that includes securing all privileged accounts existing in their networks.

Learning Objectives:

In this session, attendees will learn how organizations have applied the steps recommended by the DHS/FBI/NSA publication to safeguard industrial control systems. Attendees will learn how to lock up the “keys to the kingdom” through the implementation of a privileged account security solution while safeguarding critical assets from potentially malicious activity.

Attendees will also learn how to:

• Reduce the attack surface area
• Help prevent the spread of malware to critical systems
• Implement Secure Remote Access
• Monitor and  Respond