SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
Current ICS Threats with Tim Conway | 17
Cyber leadersPublished 11 Jul 2025
In this episode, Ciaran and James are joined by Tim Conway, Technical Director of ICS and SCADA, to discuss the hidden systems that keep society running, from power plants to water grids. Tim sheds light on the unique challenges of securing industrial control systems, the dangers of complacency, and why the OT world is often overlooked until something goes terribly wrong.
Guest Bio:
Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.
Highlights:
The Threat Landscape
An exploration of high-impact, low-frequency cyber threats targeting OT and ICS, from state-sponsored attacks to critical infrastructure vulnerabilities.
Real-world Cyberattacks
- An Unprecedented Look at Stuxnet, the World's First Digital Weapon | WIRED
- Power grid cyberattack in Ukraine (2015) - International cyber law: interactive toolkit
- BlackEnergy (Malware Family) | BlackEnergy | NJCCIC
- Triton is the world’s most murderous malware, and it’s spreading | TRITON Malware Targeting Safety Controllers - NCSC.GOV.UK | HatMan – Safety System Targeted Malware | Triton/Trisis Attack Was More Widespread Than Publicly Known
State Actors and Advanced Persistent Threats
- Russia’s Cyber Campaigns and the Ukraine War: From the ‘Gray Zone’ to the ‘Red Zone’
- Typhoons in Cyberspace | Royal United Services Institute
Broader Systemic Risks
- Heathrow Airport: flights resume following power outage - BBC News
- August 14th, 2003 blackout impacting the northeast | Intervenor Pre-filed ExhibiEconomic Impact of the August 2003 Blackout
Regulations: US vs Europe
A look at how the United States and Europe differ in regulating cybersecurity for critical infrastructure, and the evolution of standards like NERC CIP and the NIS 2 Directive.
- Nuclear Sector: Cybersecurity Framework Implementation Guidance
- NEI 08-09, Rev 6, "Cyber Security Plan for Nuclear Power Reactors." Nuclear Energy Institute, NEI 08-09, Revision 7, Cyber Security Plan for Nuclear Power Reactors (Draft)
- The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years | CISA
- American Water turns off app after suffering cyber attack • The Register | Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity | CISA
- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
- CIP-015-1 – Cyber Security – Internal Network Security Monitoring | Standards
- The NIS 2 Directive
Best Practice
Recommended frameworks and controls tailored to OT/ICS environments, adapted from traditional IT cybersecurity models and refined for the unique challenges of industrial systems.
- General Guidance
- Essential Cybersecurity Practices for Protecting Industrial Infrastructure
- Primary Mitigations to Reduce Cyber Threats to Operational Technology | CISA
- The SANS ICS Five Critical Controls: A Practical Framework for OT Cybersecurity | Dragos
- Monitoring and Measuring the CIS Critical Security Controls
- Control Frameworks
- OT/IT Security Distinctions
Additional Resources:
Subscribe & Follow:
- Subscribe to the podcast on Apple Podcasts, Spotify, or your favorite podcast platform.
- Follow us on Twitter, Facebook, and LinkedIn for updates.
Contact:
- Have questions or comments? Email us at cyberleaderspodcast@sans.org
