Ending Soon! Get an iPad Air with Smart Keyboard, Surface Go, or $300 Off thru Dec 11 with OnDemand or vLive Training!

ICS Security Summit & Training 2020

Orlando, FL | Mon, Mar 2 - Mon, Mar 9, 2020
Live Event starts in 86 Days

ICS Security Summit Agenda

Summit speakers

Confirmed talks include:

2020 ICS Cyber Attack Trends

Sarah G. Freeman, ICS Cybersecurity Analyst, Idaho National Lab

Cyber attacks over the past few years have highlighted the increasing sophistication of adversaries. However, other trends – including the shift toward safety system attacks and the continued blurring of nation-state and non-state actors – can be turned to our advantage by informing cybersecurity strategies, especially within resourced-constrained environments. This talk will focus on recent trends in this area and identify potential security strategies.

“Project Runaway:” How the World’s Largest Manufacturers Are Unknowingly Leaking Their Secrets Online

Matan Dobrushin, Head of Research, OTORIO

Yoav Flint Rosenfeld, Head of Services, OTORIO

Project files are the blueprints of the industrial process. They can contain network configurations, screen definitions, hardware and software configurations, and the actual automation logic of the controllers. Access to project file means access to knowledge about the most important elements of the production floor. Because of their sensitivity, these files should be kept in a well-secured location such as an internal vault. However, the growing need to share and collaborate with suppliers makes it difficult to keep track of the files, and the data can end up in the wrong hands. A large amount (>500!) of highly confidential industrial data is located on an Internet research site and available to every registered user. The data involve multiple manufacturers, suppliers, and orchestrators from different sectors and geographical locations. The amount of the data and the companies involved suggests that the widespread availability of such data is not a one-time event but rather a systematic issue caused by the security tools that are not protecting companies as they should. This presentation will explain the basic components and structures of certain project files; outline the threat landscape connected to the data and the inherent insecurity of the supply chain; show how an attacker might use these data to target a company’s operations and processes; look at what can be derived from automation logic by examining past research and proposing new approaches; share statistics about the amount of companies, sectors, and geolocations of the affected companies; and propose options to address the potential sources of the leaks and put in place different security methods to fix the problem.

Mission Kill: Process Targeting in Industrial Control System Attacks

Joe Slowik @jfslowik, Principal Adversary Hunter, Dragos

Typical conceptions of industrial control system (ICS) targeting focus on direct disruption of organizations through specific action resulting in complete operational loss, such as opening breakers to interrupt the flow of electricity, or tripping a safety system to shut down a plant. Yet further analysis of ICS events over time indicates adversaries are pursuing far more ambitious attack patterns. Following the 2015 Ukraine power event, ICS-focused attacks began to shift from direct disruption to changing, modifying, or otherwise undermining fundamental ICS processes by either staging more serious attacks or identifying specific process “pain points” with outsized value to the victim environment. There is clear evidence that adversaries are learning about process and operational dependencies in industrial environments and how they can be leveraged to achieve maximum impact. This presentation will examine three case studies: the 2016 Ukraine event, the 2017 TRISIS event, and the 2019 attack on the Abqaiq oil processing facility in Saudi Arabia (relevant for targeting purposes even though it was not a cyber attack). In each case, attackers identified specific operational pain points (protective relays, safety instrumented systems, hydrodesulfurization facilities) to create cascading or outsized impacts from specific device compromise (or destruction). Given these developments, ICS security operations need to move beyond the realm of being IT-centric to fusing IT visibility with industrial process awareness. From a defensive point of view, understanding the process environment and identifying critical path nodes for the defended facility is vital to ensure appropriate defense where it matters most. By understanding how attackers have evolved, ICS and critical infrastructure defenders can better position themselves to counter future attacks.

Security Worst Practices

David Foose, Ovation Security Program Manager, Emerson

We hear all the time about “best practices,” but this presentation will present war stories that are examples of organizations approaching various security problems the wrong way – that is, “worst practices” in security. We’ll walk through the reasons why these events occurred and look at improvements that can be made going forward to make sure they don’t happen again.

The Current Status of Industrial Control Systems in Developing Countries: A Case Study of Argentina and Latin America

Almada Pablo Martin, Director of ICS/IIoT Services, KPMG

While developed countries such as the United States have led the way in the cybersecurity of critical infrastructure, developing countries have fallen behind due to socioeconomic conditions, lack of investment, and difficulties in developing the skills needed in this area. This presentation examines Latin America’s critical infrastructure situation, with Argentina as a case of study. The presentation will start with a brief overview of current cyber regulation and national initiatives, then turn to examining the status of principal industries in the region, with a focus on the energy industry. Finally, we will look at lessons learned from underdeveloped countries, taking into account that industrial control system (ICS) best practices and regulations are often based on ideal scenarios that are not always feasible in developing nations. To address this challenge, the presentation will examine case studies in critical infrastructure cybersecurity and the steps that Argentina and other countries in the region need to take to improve ICS security in the context of the developing world.

Ways to Mitigate Insecure ICS Device Communications

Michael Hoffman, Principal ICS Security Engineer, Shell

Industrial control system (ICS) devices are well known for their insecure-by-design communications protocols. What can be done to ensure that these protocols operate as intended if an attacker is trying to exploit the devices? To answer that question, this presentation will first look at how easily many ICS protocols can be manipulated and at some initiatives that can be undertaken at the network, controller, and logic levels to mitigate such manipulation. As a backdrop for the discussion, student kits from SANS ICS515 and ICS612 courses will be used in a combined ICS application to show how logic values can be overwritten due to insecure ICS communication. Mitigating controls for the PLC logic and network will be deployed to raise the level of difficulty for the protocol attack, and the attacks will be re-performed to understand how effective the controls are and highlight what folks can do today to protect their ICS devices.

To get a taste of the type of dynamic presentations and speakers you’ll see at the 2020 ICS Security Summit, check out these talks from the 2018 Summit:

Scanners, Tunnels, and Sims, Oh My! - Justin Searle

You're Probably Not Red Teaming (And Usually I'm Not, Either) - Deviant Ollam

Sh*t Happens! (But You Still Need to Drink the Water) - Doug Short

Jumping Air Gaps - Monta Elkins