Train From Home on Your Schedule with OnDemand - Special Offers Available Now

ICS Security Summit & Training 2018

Orlando, FL | Sun, Mar 18 - Mon, Mar 26, 2018
This event is over,
but there are more training opportunities.

ICS Cybersecurity Vulnerabilities and the One Chip Challenge

  • David Zahn, Chief Marketing Officer
  • Monday, March 19th, 12:05pm - 1:30pm

A single bite of a hot pepper can cause extreme, incapacitating pain that seemingly lasts forever. There is a system for understanding the culinary risk that peppers pose called the Scoville Scale, where heat intensity is measured in Scoville Heat Units (SHU). A jalapeno registers at 8,000 SHU, while the hottest pepper on earth, the Carolina Reaper, has 2.2M SHU. That's clearly a high-risk pepper - and the one behind the notorious "one chip challenge" seen on the Internet!

In industrial process facilities, there are a multitude of systems with no similar "Scoville Scale" available for security personnel wanting to understand risk - particularly from published vulnerabilities. Yes, there are risk assessments, process hazard analyses, and standards applied to industrial facilities with the purpose of identifying and mitigating risk, but the endpoints that matter most in a facility - the proprietary industrial control systems (ICS)- are largely hidden from the view of security personnel. With the number of ICS-CERT vulnerability advisories having risen 1,035% from 2010 to 2017, we are in an untenable position of enterprises with unexamined risk to safety and reliability.

Before biting into a pepper or continuing to rely on traditional ICS security controls, cybersecurity personnel and asset owners alike need better visibility into risk. In this presentation, we will examine how risk can lay hidden within a facility, we will provide a specific example of how a published vulnerability can lead to exploitation, and we will describe what companies are doing today to manage vulnerability risk. And YES, we will take the one chip challenge!

PAS

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Sunday, March 18
Session Speaker Time Type
Electricity Information Sharing and Analysis Center (E-ISAC) strategic plan update and GridEx IV lessons learned Bill Lawrence, NERC E-ISAC Sunday, March 18th, 5:30pm - 6:30pm SANS@Night
Monday, March 19
Session Speaker Time Type
Solutions Expo Monday, March 19th, 11:00am - 11:30am Vendor Event
Defeating Alert Fatigue: Transforming NSM Alerts Into Effective Workflows Monday, March 19th, 12:05pm - 1:30pm Lunch and Learn
ICS Cybersecurity Vulnerabilities and the One Chip Challenge Monday, March 19th, 12:05pm - 1:30pm Lunch and Learn
Choose the Right Tool for the Job - A "Lessons Learned" discussion on the value of breaking tradition in the OT space Rick Kaun, VP Solutions Monday, March 19th, 12:05pm - 1:30pm Lunch and Learn
Solutions Expo Monday, March 19th, 3:00pm - 3:30pm Vendor Event
ICS Security Summit Night Out Monday, March 19th, 6:00pm - 8:00pm Reception
Tuesday, March 20
Session Speaker Time Type
Solutions Expo Tuesday, March 20th, 10:30am - 11:00am Vendor Event
Solutions Expo Tuesday, March 20th, 3:15pm - 3:45pm Vendor Event
GIAC Certification Reception Tuesday, March 20th, 6:30pm - 8:00pm Reception
Wednesday, March 21
Session Speaker Time Type
Under the Hood of ICS Monitoring and Detection: 3 Use Cases Kim Legelis, Chief Marketing Officer Wednesday, March 21st, 12:30pm - 1:15pm Lunch and Learn
Alright, Who Changed What? Eric Persson, ICS Cybersecurity Consultant Wednesday, March 21st, 12:30pm - 1:15pm Lunch and Learn
ICS Down...it's go time! Jason DelyTechnical Director, ICS and Critical Infrastructure Wednesday, March 21st, 12:30pm - 1:15pm Lunch and Learn
Thursday, March 22
Session Speaker Time Type
Learning from the Adversary: The Value of Malware Analysis for ICS Dean Parsons Thursday, March 22nd, 6:00pm - 7:00pm SANS@Night