Last Day to Get an iPad mini, Surface Go 2, or Take $300 Off with OnDemand Training - Register Today!

ICS & Energy-Houston 2017

Houston, TX | Mon, Jul 10 - Sat, Jul 15, 2017
This event is over,
but there are more training opportunities.

SANS ICS Briefing:

  • Defending Energy Systems
  • Robert M. Lee, Stuart Bailey (Waterfall Security), Nick Cappi (PAS), Jason Farmer (Arbor Networks)
  • Thursday, July 13th, 4:00pm - 7:30pm

In conjunction with the ICS - Houston training event, SANS is pleased to offer the 4th Annual Industrial Control Systems Security Briefing. This event provides the opportunity to engage in dialog around Industrial Controls Systems Security and learn about key solution capabilities.

This event is free to Oil & Gas constituents as well as ICS -Houston training event students.

Theme for this years event: Defending Energy Systems


4:00pm - 4:15pm Registration & Coffee Networking

4:15pm - 4:45pm Welcome & Keynote:

CRASHOVERRIDE and Detailing Different Types of Detection

Robert M. Lee, Dragos

Organizations are constantly asked to evaluate new technologies, approaches, and tradecraft largely focused around different ways of detecting threats. However, there is not a standard model for the different types of detection. This presentation is a preview of an upcoming SANS paper on the four types of threat detection, how to leverage them, and the pros and cons of each for your organization. CRASHOVERRIDE will be leveraged as an example so that defenders can leave with actionable recommendations for their environments.

4:45pm - 5:20pm Session by Waterfall Security

Speaker: Stuart Bailey, Director of Industrial Security

5:20pm 5:55pm Anatomy of an Attack: Two ICS Attack Vectors and How to Defend Against Them

Speaker: Nick Cappi, Director of Global Business Development for Integrity Solutions

What are your blind spots when protecting critical Industrial Control Systems (ICS) from attacks that can impact production and safety? Compromising ICS cyber assets particularly proprietary ICS is not difficult for someone with knowledge of these systems.

Traditionally, industrial processing facilities have relied on security by obscurity, system complexity, air gapping, network segmentation, and perimeter-based security protection for process control networks (PCNs). Many organizations have put IT-centric security technologies in place that primarily focus on securing Level 3 and 2 systems within the PCN. This IT-centric approach fails to protect Level 1 and 0 production-centric assets sufficiently, thus leaving them vulnerable. This creates a huge blind spot, which leaves industrial processing facilities vulnerable to common ICS attack vectors.

This presentation provides an overview of two simple Level 1 and 0 attack vectors that challenge most industrial processing facilities to defend proactively against. It provides an in-depth examination of the thought processes used by an attacker, along with detail of each attack. It then discusses the required technical controls needed for defense.

Attendees will learn:

How an attacker approaches an ICS environment

How two real-world attack vectors can lead to process and safety disruption as well as how to defend against them

Security controls that protect against these two scenarios

5:55pm 6:05pm Networking Break

6:05pm - 6:40pm Session by Cylance

6:40pm - 7:15pm Rise of the Industrial Internet of Things (IIoT)

Speaker: Jason Farmer, Advanced Threat Consulting Engineer

The Industrial Internet of Things (IIoT) promises to change Oil and Gas. Everything from connected barrels to new insight into the hydrocarbon supply chain and marketing to customers will be impacted by the IIoT. These new capabilities and insights into our business also bring new opportunities for malicious actors. This session explores our roles in using, exploiting, controlling, and surviving the hyper-connected world.

7:15pm - 7:30pm Closing Remarks

7:30pm ?? Networking Reception

Tripwire, Inc.
Arbor Networks
Waterfall Security
Claroty Inc.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, July 10
Session Speaker Time Type
Analyzing CRASHOVERRIDE - The Grid Targeted Malware Robert M. Lee Monday, July 10th, 7:15pm - 8:15pm SANS@Night
Tuesday, July 11
Session Speaker Time Type
Debunking the Myths about Cyber Insurance: Jason Christopher Tuesday, July 11th, 6:15pm - 7:15pm SANS@Night
Wednesday, July 12
Session Speaker Time Type
ICS NetWars Wednesday, July 12th, 6:00pm - 9:00pm Special Events
Thursday, July 13
Session Speaker Time Type
SANS ICS Briefing: Robert M. Lee, Stuart Bailey (Waterfall Security), Nick Cappi (PAS), Jason Farmer (Arbor Networks) Thursday, July 13th, 4:00pm - 7:30pm Special Events