New MacBook Air, Dell XPS 13, or $600 Off with SANS Online Training for a limited time!

ICS Amsterdam 2015

Amsterdam, Netherlands | Tue, Sep 22 - Mon, Sep 28, 2015
This event is over,
but there are more training opportunities.

5 years post-Stuxnet. What changed, what didnt and what lies ahead of us

  • Thomas Brandstetter
  • Thursday, September 24th, 6:00pm - 7:00pm

Within the industrial security world, the disclosure of Stuxnet in 2010 definitely was the most striking event of recent times. Many presentations on industrial security since have started with the statement "Everything changed with Stuxnet". To mark the 5th-year disclosure anniversary of Stuxnet, it is worthwhile to raise the following questions: Is this really true? Which consequences did Stuxnet really provoke in the industrial world? Thomas Brandstetter was on the front line, having been the incident handler back in 2010 for this unique threat and has witnessed and participated in many changes in the years after Stuxnet. What was the industrial world like before Stuxnet? What is its security posture now? Which things have changed, and which haven't? What has changed in the security research community? What on the attacker side? In this talk Thomas is taking stock of his last 10 years in the industrial security world and on the occasion of Stuxnet's 5th year detection anniversary poses the question: Has the industrial world become either more secure or insecure since then?

Thomas Brandstetter is co-founder of Limes Security, an Austrian company focusing on industrial security and secure software development. He also is Associate Professor at the University of Applied Sciences St. Poelten, Austria where he teaches classes like industrial security, incident response, botnets and honeypots and penetration testing.

He gathered a decade of experience in the industry when he joined Siemens to build up the topic of security in industrial products, 10 years ago. After years in pen-testing industrial systems, he lead the Siemens "Hack-Proof-Products Program". He held this position until in 2010 the Stuxnet malware hit, where he was assigned the official incident manager role. Out of the remnants of the Stuxnet- activities, Thomas founded the Siemens ProductCERT, which is still one of the most effective industrial incident and vulnerability response teams worldwide today.

Thomas spoke at security conferences like Blackhat, SANS SCADA, IFIP SEC, ICS-CSR and CIRED and is also contributor to the DEFCON ICS village.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Thursday, September 24
Session Speaker Time Type
5 years post-Stuxnet. What changed, what didnt and what lies ahead of us Thomas Brandstetter Thursday, September 24th, 6:00pm - 7:00pm SANS@Night