Last Day to Get an iPad mini, Surface Go 2, or Take $300 Off with OnDemand Training - Register Today!

ICS Security Summit & Training 2018

Orlando, FL | Sun, Mar 18 - Mon, Mar 26, 2018
This event is over,
but there are more training opportunities.

Alright, Who Changed What?

  • Eric Persson, ICS Cybersecurity Consultant
  • Wednesday, March 21st, 12:30pm - 1:15pm

When production systems become disrupted or process controls behave abnormally, the first question most ICS engineering teams ask is not "are we being attacked?" Instead, itās "Alright ā what happened? Did somebody change something?" Rapid response to finding and correcting errors is often handled through organizations allowing employees, third party contractors and industrial equipment manufacturers to remotely access ICS networks and assets for management and maintenance purposes. However, very often there is a huge lack of real visibility into the state of ICS assets, no passive monitoring for proactive indicators of potential problems and no real control over remote access which makes it very difficult to find what went wrong and back changes out.

No two networks are alike and most have no passive monitoring controls in place to help quickly pinpoint recent or risky changes to ICS assets, nor are most OT organizations controlling and securing remote access adequately. This presentation provides technical guidance on the weaknesses inherent in allowing access to your ICS networks and covers the technical strengths and limitations of several methods. There will also be field use cases in how some OT organizations have been able to control and secure remote access, passively monitor network traffic, and use these tools for rapid troubleshooting when things go wrong.

Claroty Inc.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Sunday, March 18
Session Speaker Time Type
Electricity Information Sharing and Analysis Center (E-ISAC) strategic plan update and GridEx IV lessons learned Bill Lawrence, NERC E-ISAC Sunday, March 18th, 5:30pm - 6:30pm SANS@Night
Monday, March 19
Session Speaker Time Type
Solutions Expo Monday, March 19th, 11:00am - 11:30am Vendor Event
Defeating Alert Fatigue: Transforming NSM Alerts Into Effective Workflows Monday, March 19th, 12:05pm - 1:30pm Lunch and Learn
ICS Cybersecurity Vulnerabilities and the One Chip Challenge Monday, March 19th, 12:05pm - 1:30pm Lunch and Learn
Choose the Right Tool for the Job - A "Lessons Learned" discussion on the value of breaking tradition in the OT space Rick Kaun, VP Solutions Monday, March 19th, 12:05pm - 1:30pm Lunch and Learn
Solutions Expo Monday, March 19th, 3:00pm - 3:30pm Vendor Event
ICS Security Summit Night Out Monday, March 19th, 6:00pm - 8:00pm Reception
Tuesday, March 20
Session Speaker Time Type
Solutions Expo Tuesday, March 20th, 10:30am - 11:00am Vendor Event
Solutions Expo Tuesday, March 20th, 3:15pm - 3:45pm Vendor Event
GIAC Certification Reception Tuesday, March 20th, 6:30pm - 8:00pm Reception
Wednesday, March 21
Session Speaker Time Type
Under the Hood of ICS Monitoring and Detection: 3 Use Cases Kim Legelis, Chief Marketing Officer Wednesday, March 21st, 12:30pm - 1:15pm Lunch and Learn
Alright, Who Changed What? Eric Persson, ICS Cybersecurity Consultant Wednesday, March 21st, 12:30pm - 1:15pm Lunch and Learn
ICS Down...it's go time! Jason DelyTechnical Director, ICS and Critical Infrastructure Wednesday, March 21st, 12:30pm - 1:15pm Lunch and Learn
Thursday, March 22
Session Speaker Time Type
Learning from the Adversary: The Value of Malware Analysis for ICS Dean Parsons Thursday, March 22nd, 6:00pm - 7:00pm SANS@Night