Flexible Training for Today's Critical Cyber Skills - Available Now with Best Specials of the Year - Learn More

ICS Security Training

Houston, TX | Mon, Jul 25 - Fri, Jul 29, 2016
This event is over,
but there are more training opportunities.

Welcome to ICS Security Training Houston 2016

Welcome to ICS Security Training Houston 2016

  • 4 courses
  • 4 instructors
  • 1 disciplines

Training Course Dates: July 25-30, 2016

SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses: Click here.

Why Is the ICS Initiative Important?
  • Tremendous gains are being achieved in industrial applications by sharing and analyzing data, but we need professionals who can address the security challenges
  • Preparation is critical because ICS incidents are occurring with increasing frequency and damaging systems
  • Control systems are widely deployed and need your attention - there is no such thing as a system that is too small
  • Up-to-date ICS knowledge and security skills can help keep our critical systems safe
  • Shared learning translates into results-effective security requires the integration of cybersecurity professionals, ICS support staff, and engineers
GIAC Global Industrial Control Systems Professional (GICSP)

The Global Industrial Cyber Security Professional Certification (GICSP) assesses a base level of knowledge and understanding across a diverse set of professionals who engineer or support control systems and share responsibility for the security of these environments. This certification will be leveraged across industries to ensure a minimum set of knowledge and capabilities that IT, engineer, and security professionals should know if they are in a role that could impact the cyber security of an ICS environment. For a complete list of GICSP certification objectives, visit www.giac.org.

Industrial Control Systems Security Briefing

Tuesday, July 26, 2016

In conjunction with the ICS - Houston training event, SANS is pleased to offer the 4th Annual Industrial Control Systems Security Briefing. This event provides the opportunity to engage in dialog around Industrial Controls Systems Security and learn about key solution capabilities.

This event is free to Oil & Gas constituents as well as ICS -Houston training event students.

  • 4:00pm - 4:15pm:    Registration & Networking

  • 4:15pm - 4:30pm:    Opening Remarks - Key ICS Security Survey Findings
                                    Derek Harp, SANS Director - ICS & SCADA

    The Annual SANS ICS Security Survey is is one of the premier sources of data on threats to control and automation systems and networks. Every year we develop and report insights into the state of security in these critical systems. This session will present a brief look at a few findings from this year's survey, as well as directions to find out more information.

  • 4:30pm - 4:50pm:    Addressing the threat of ransomware in ICS/SCADA
                                    Lionel Jacobs, Palo Alto Networks

    Ransomware has quickly become a concern for IT and poses a grave threat to operational technology as well. ICS owner/operators need to educate themselves and prepare their organizations to defend critical systems from this growing threat. In this 20-minute presentation, we will look at why cyber criminals want to attack ICS systems and ways that owner/operators can prevent these types of events from happening.

  • 4:50pm - 6:05pm:    ICS Rapid-Fire Session
                                    - Brian Wilson - Economic Espionage (The Spies in your ICS)

    Foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation's prosperity and security. Cyberspace - where most business activity and development of new ideas now takes place - amplifies these threats by making it possible for malicious actors, whether they are corrupted insiders or foreign intelligence services (FIS), to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect.

                                    - Matt Luallen - PERA Level 1 Device Protections

    The Purdue Enterprise Reference Architecture (PERA) provides a reference model for owners, operators and vendors to integrate applications and capabilities within the ICS-enabled enterprise. Level 1 represents the Intelligent Electronic Devices (IEDs) to sense and manipulate the physical processes through sensors, actuators and instrumentation. These devices serve as the decentralized I/O points communicating with a DCS, OPC server and operator HMI. Level 1 devices have been repeatedly labeled as "Vulnerable by Design" and require care in protecting them. This lunch & learn will delve in to the specific attack surface and provide advice on how to physically, cyber and operationally protect PERA level 1 devices.

                                    - Marc Ayala - "What's in YOUR ICS Network?

    Assessing cybersecurity risk is generally considered to be one of the first and most fundamental steps in any solid IACS cybersecurity management program. ISA 99.02.01 (now ISA 62443-2-1) published in 2009 includes requirements that organizations perform both high-level and detailed cybersecurity risk assessments on all identified IACSs. These requirements were reinforced in 2014 by the NIST Cybersecurity Framework that also specifies cybersecurity risk assessments and directly references the ISA 62443 requirements.

    While both of these documents require risk assessments neither provide information regarding "how" to perform such an assessment. Guidance on how to perform IACS cybersecurity risk assessments is now available in the recently developed ISA 62443-3-2, "Security Risk Assessment and System Design". This presentation will provide an overview of the 62443-3-2 standard and demonstrate the IACS cybersecurity risk assessment process through a chemical industry example.

  • 6:05pm - 6:20pm:    Networking Break

  • 6:20pm - 6:40pm:    Stop Patching, It's Stupid.
                                    Lior Frenkel, Waterfall Security Solutions

    A better way to think about security is to consider a threat spectrum and decide how high in the spectrum to raise the bar. No security system is or ever can be perfect. Important control systems should raise the bar to just below Stuxnet-class attacks. That is: the only high-impact attack our defenses may not have a high degree of confidence in deflecting, are the most-sophisticated, autonomous, targeted attacks, which are designed to defeat one site's defenses specifically, with the active assistance of compromised insiders at the targeted site. Our goal for our important control systems should be to raise the bar to the point where the only credible, high-impact attacks are the most sophisticated, autonomous attacks, with active, deliberate cooperation from compromised insiders. With this goal in place, and a clear path to achieving it, we only need to determine which of our control systems are important.

  • 6:40pm - 7:20pm:    ICS Panel
                                    Moderator:   Derek Harp, SANS Director - ICS & SCADA
                                    Panelists:     Justin Searle
                                                         Rob Davis
                                                         Brett Young

    Panelists will discuss top current threats to ICS systems and what can be done to protect your devices, networks and operations.

  • 7:20pm - 7:30pm:    Cyber Resilient Energy Delivery Consortium

    Cyber networks provide the framework for many important functions within energy delivery systems, from sending data between a smart meter and utility to controlling the flow of oil or gas in a pipeline. However, they are also vulnerable to disturbances. According to the ICS-CERT "Monitor" newsletter, a publication of the Department of Homeland Security, a third of the 245 reported cyber incidents in industrial control systems that happened in 2014 occurred in the energy sector.

    The Cyber Resilient Energy Delivery Consortium (CREDC) aids and will continue to aid in making these systems more secure and resilient. In the cyber world, "security" refers to the ability to keep data confidential and uncorrupted, while "resiliency" is the ability to withstand attacks, provide an acceptable level of service in the midst of an incident, and recover quickly following an attack. CREDC focuses on resiliency. By involving industry early and often - from helping us identify critical sector needs to performing pilot deployments and technology adoption - CREDC continues to develop research that has significant and measurable sector impact. This initiative aims to create and fill a technology pipeline through which foundational research will lead to applied research and development, which in turn will result in technology that is effective and affordable and can be implemented quickly in the field.

  • 7:30pm - ??:            Networking Reception

Briefing Fee

This event is FREE to to Oil & Gas constituents as well as ICS -Houston training event students with Discount Code ICS-16. The fee is $50 for others.

(Note: To enable the Discount Code, enter ICS-16 in the Registration Discount Code block. Pick Check as Payment Method, then click Review Order. $0 fees will be reflected.)

The Industrial Control Systems Security Briefing is a vendor sponsored event. Your contact information will be shared with the sponsoring vendors.