Current ICS Threats with Tim Conway | 17

Guest Bio:

Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.

Highlights:

The Threat Landscape

An exploration of high-impact, low-frequency cyber threats targeting OT and ICS, from state-sponsored attacks to critical infrastructure vulnerabilities.

●   Real-world Cyberattacks

• An Unprecedented Look at Stuxnet, the World's First Digital Weapon | WIRED
• Power grid cyberattack in Ukraine (2015) - International cyber law: interactive toolkit
• BlackEnergy (Malware Family) | BlackEnergy | NJCCIC
• Triton is the world’s most murderous malware, and it’s spreading | TRITON Malware Targeting Safety Controllers - NCSC.GOV.UK | HatMan – Safety System Targeted Malware | Triton/Trisis Attack Was More Widespread Than Publicly Known

●    State Actors and Advanced Persistent Threats

• Russia’s Cyber Campaigns and the Ukraine War: From the ‘Gray Zone’ to the ‘Red Zone’
• Typhoons in Cyberspace | Royal United Services Institute

●    Broader Systemic Risks

• Heathrow Airport: flights resume following power outage - BBC News
• August 14th, 2003 blackout impacting the northeast | Intervenor Pre-filed ExhibiEconomic Impact of the August 2003 Blackout
  Regulations: US vs Europe

A look at how the United States and Europe differ in regulating cybersecurity for critical infrastructure, and the evolution of standards like NERC CIP and the NIS 2 Directive.

• Nuclear Sector: Cybersecurity Framework Implementation Guidance
• NEI 08-09, Rev 6, "Cyber Security Plan for Nuclear Power Reactors." Nuclear Energy Institute, NEI 08-09, Revision 7, Cyber Security Plan for Nuclear Power Reactors (Draft)
• The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years | CISA
• American Water turns off app after suffering cyber attack • The Register | Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity | CISA
• North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
• CIP-015-1 – Cyber Security – Internal Network Security Monitoring | Standards
• The NIS 2 Directive

Best Practice

Recommended frameworks and controls tailored to OT/ICS environments, adapted from traditional IT cybersecurity models and refined for the unique challenges of industrial systems.

• General Guidance
  • Essential Cybersecurity Practices for Protecting Industrial Infrastructure
  • Primary Mitigations to Reduce Cyber Threats to Operational Technology | CISA
  • The SANS ICS Five Critical Controls: A Practical Framework for OT Cybersecurity | Dragos
  • Monitoring and Measuring the CIS Critical Security Controls
• Control Frameworks
  • The Five ICS Cybersecurity Critical Controls
  • The 18 CIS Critical Security Controls
• OT/IT Security Distinctions
  • The Distinctive Worlds of OT Cybersecurity and IT Cybersecurity
  • The Differences Between ICS/OT and IT Security Poster
  • Operational Technology (OT) - NCSC.GOV.UK.
  • Why ICS/OT Infrastructure is Insecure
  • The Growing Influence of IT on OT | Automation World

Additional Resources:

• Feynman Lectures

Subscribe & Follow:

• Subscribe to the podcast on Apple Podcasts, Spotify, or your favorite podcast platform.
• Follow us on Twitter, Facebook, and LinkedIn for updates.

Contact:

• Have questions or comments? Email us at cyberleaderspodcast@sans.org