10th Annual ICS Security Summit

Orlando, FL | Sun, Feb 22, 2015 - Mon, Mar 2, 2015
This event is over,
but there are more training opportunities.

Developing an Industrial Controls Security Framework for balanced and targeted investment

  • Ernie Hayden CISSP CEH GICSP
  • Tuesday, February 24th, 12:45pm - 2:00pm

The challenge with implementing an industrial controls security program is to identify the appropriate standards to use and to maximize their use. For instance should you use ISA-99/IEC-62443? What about ISO 27001/2? What about NIST 800-82 and NIST 800-53 or the latest NIST Framework? While working with several major global corporations in the Electric Utility, Oil & Gas and Manufacturing sectors, this challenge surfaced. Ultimately, an ICS Cybersecurity Framework was developed by Securicon and corporate stakeholders to satisfy not only these questions, but also help identify and prioritize impact criteria and methods for illustrating and measuring cost savings. This presentation will discuss setting the scene for the problem and providing information on how the challenge was solved with an effective framework.

The presentation will also include a sense of how the different standards were analyzed and how they were integrated into the single ICS Cyber Security Framework. We will also review how the Framework is being used as a cost savings vehicle.

The audience will gain a sense of the challenge faced by these global companies and ICS security; they will understand the desired outcome for this ICS cybersecurity framework, and they will understand the approach taken to build the framework for ultimate use as part of a balanced Cyber Security Program.

(The global companies associated with this Framework development wish to remain anonymous).

Securicon

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Sunday, February 22
Session Speaker Time Type
Advanced CRPA/C2M2 Workshop Sunday, February 22nd, 8:30am - 4:30pm Special Events
ES-ISAC Briefing Sunday, February 22nd, 5:00pm - 6:00pm SANS@Night
Welcome Reception Sunday, February 22nd, 5:00pm - 7:00pm SANS@Night
Exposure to Closure: 2015 Sunday, February 22nd, 7:00pm - 10:00pm SANS@Night
Monday, February 23
Session Speaker Time Type
Vendor Showcase Monday, February 23rd, 10:30am - 11:00am Vendor Event
Emerging Best Practice for ICS Perimeter Cyber Security Michael Piccalo, Director of Industrial Security Monday, February 23rd, 12:30pm - 1:45pm Lunch and Learn
Just how easy is it to hack a DCS? Dr. Alex Tarter, Technical Director, Cyber Security Group Monday, February 23rd, 12:30pm - 1:45pm Lunch and Learn
High Value ICS Network Monitoring and Anomaly Detection - Table Talk Monday, February 23rd, 12:30pm - 1:45pm Lunch and Learn
Vendor Showcase Monday, February 23rd, 3:45pm - 4:15pm Vendor Event
WOPR: Shall we play a game? Monday, February 23rd, 7:00pm - 10:00pm SANS@Night
KIPS, Kaspersky Industrial Protection Simulation Monday, February 23rd, 7:00pm - 9:00pm SANS@Night
Tuesday, February 24
Session Speaker Time Type
Vendor Showcase Tuesday, February 24th, 10:30am - 11:00am Vendor Event
Developing an Industrial Controls Security Framework for balanced and targeted investment Ernie Hayden CISSP CEH GICSP Tuesday, February 24th, 12:45pm - 2:00pm Lunch and Learn
Attacker Behavior & Incident Response Pat Haley Tuesday, February 24th, 12:45pm - 2:00pm Lunch and Learn
Designing a Safe, Intelligent, Security Architecture Richard Devera Tuesday, February 24th, 12:45pm - 2:00pm Lunch and Learn
Vendor Showcase Tuesday, February 24th, 3:30pm - 4:00pm Vendor Event