Industrial Control Systems Security
Explore content featuring this instructor’s insights and expertise.
Top ICS/OT vendors will showcase cutting-edge tools for anomaly detection, ransomware containment, and engineering-aware industrial ICS/OT incident response—proving how defenders can protect the systems that make, move, and power our world.
The Winter Cyber Solutions Fest: Utilities and Critical Infrastructure Forum is a virtual event built specifically for utility asset owners, technology vendors, operators' staff, engineers, and cybersecurity professionals responsible for defending the ICS/OT systems that make, move, and power our world.
Grounded in current SANS research and frontline operational experience, this one-hour session brings together Tim Conway, Robert M. Lee, Jason D. Christopher, and Dean Parsons to deliver leadership-level guidance for practitioners and executives.
Cybersecurity policies are the foundation of any governance program, setting expectations for workforce behavior and establishing the rules that support compliance and risk management.
In ICS/OT environments, network visibility isn’t just a buzzword, it’s the foundation for safe and effective cybersecurity, incident response, and operational/engineering troubleshooting.
This free virtual event brings together cybersecurity professionals, utility operators, government stakeholders, and industry experts to explore the unique challenges and emerging threats facing the energy and water sectors.
Attackers are increasingly targeting critical infrastructure—including power grids, water systems, heavy manufacturing, and oil and gas—with a deep and sophisticated knowledge of ICS components, industrial protocols, and engineering processes.
The first training module for the energy sector provides an overview of the elements of an ICS Specific Incident Response Plan, how it differs from a standard IT Incident Response Plan, and how to prepare your team to respond.
This 5th and final control involves understanding which cyber digital controls are deployed and what device operating conditions aid in risk-based vulnerability management decisions to patch vulnerabilities.
This control involves ICS-aware network architectures that support effective segmentation, visibility of control system traffic for analysis, log collection, asset identification, industrial DMZs, and enforcement for process communication integrity and reliability.
Module 3 of the training relates to continuous network security monitoring of the ICS networked environment, with protocol-aware tool sets and system-to system interaction analysis capabilities used to inform engineering of potential risks to the control, view, and safety of operations.
This 4th control involves the identification and inventory of all remote access points and allowed destination environments, on-demand access and MFA authentication where possible, and jump host platforms to provide control and monitoring points within secure segments.
Industrial Control Systems (ICS) and Operational Technology (OT) environments are what makes, moves, and powers our world. ICS/OT are the backbone of critical infrastructure, from energy and water systems to manufacturing and transportation. As cyber threats targeting our critical environments intensify, understanding ICS/OT-specific security controls and appropriate budgets has become a pressing challenge.
Module 3 of the training focuses on network visibility and monitoring. The training module provides your operational and IT team with a foundational knowledge of techniques and benefits for this critical control. This control requires human intelligence and resources. Mature organizations use network visibility tools across their systems to identify opportunities for efficiency and vulnerabilities. Network visibility and monitoring benefits include safety asset identification, engineering asset identification, vulnerability detection, operational safety and reliability, and engineering troubleshooting.
The first training module for the electric sector provides an overview of the elements of an ICS Specific Incident Response Plan, how it differs from a standard IT Incident Response Plan, and how to prepare your team to respond. An ICS-specific incident response plan requires the following: • Enriched insights from engineering operations • Specific to the power grid operations • Emphasis on control system integrity and engineering recovery capabilities in the face of an attack on any aspect of the engineering process. Not only should the plan exist, but it also must be tested to ensure its effectiveness and engineering preparedness for cyber risk scenarios unique to ICS operations and the physical process. This module will dive into how an informed incident response plan increase system integrity and speed up recovery during an attack.
Nearly 40% of ICS environment compromises come from the IT business network that allows a threat into the ICS environment. So, it’s more important than ever to focus on the ICS perimeter defenses first, followed closely by the additional required segmentation within the ICS network itself. An ICS DMZ introduces additional layers of protection and is therefore a must-have. An ICS DMZ acts as a buffer between the internal industrial network and external entities such as corporate networks or the internet. Network architecture can support effective network segmentation, visibility of control system traffic for analysis, detection of threats, log collection, asset identification, industrial control systems DMZ, and enforcement zones. Through the right architecture, you can improve safety and system integrity.
The 5th and final Module of the cybersecurity series on ICS Critical Controls for the Electric Sector focuses on understanding and managing risk. A successful ICS cybersecurity strategy balances defense and offense. A mature vulnerability management program must consider many factors. It should focus on strategically patching vulnerabilities, implementing safety-informed mitigations to mitigate potential impacts, and actively monitoring for signs of pre-attack positioning from within the control network. But that’s only part of a risk-based vulnerability management program for ICS. This training module describes how organizations can identify vulnerabilities by understanding adversaries. This module will include safe and informed mitigation, workarounds, and monitoring for attack preposition and pre-exploitation attack attempts. It will be complete with a nuanced discussion of the probability of exploitation, where, and how an adversary gets into the system.
The ICS Cybersecurity Control Secure Remote Access does more than just enableproper remote authentication and access into a properly architected anddefensible ICS network. There may be several instances of remote access alreadydeployed for remote substations, generating facilities, and other remote sites vialegacy, vendor, integrator, or project access. Implementing this ICS cybersecuritycritical control must start with conducting an access assessment to identify anddocument all remote access points within all local and remote sites.The module will review general access credentials at levels 3 and 3.5, and potential risks deeper inside the ICS network. Setting up your remote access system properly can help utilities retain the benefits of modern control systems while reducing the risk of potentially devastating breaches.
Join Our Webcast on Enhancing Water and Wastewater Utility Security This webcast will dive into the key findings of a critical survey assessing the safety and security challenges in the water and wastewater utility sector. With a focus on Industrial Control Systems (ICS), SCADA, and Distributed Control Systems (DCS) used in water treatment and distribution, we’ll explore emerging trends, highlight survey results, and share best practices to strengthen security measures. Don’t miss this opportunity to gain valuable insights tailored to the unique needs of water and wastewater organizations.
Module 3 of the training focuses on network visibility and monitoring. The training module provides your operational and IT team with a foundational knowledge of techniques and benefits for this critical control.