Industrial Control Systems Security
Explore content featuring this instructor’s insights and expertise.
The Winter Cyber Solutions Fest: Utilities and Critical Infrastructure Forum is a virtual event built specifically for utility asset owners, technology vendors, operators' staff, engineers, and cybersecurity professionals responsible for defending the ICS/OT systems that make, move, and power our world.
Cybersecurity policies are the foundation of any governance program, setting expectations for workforce behavior and establishing the rules that support compliance and risk management.
In ICS/OT environments, network visibility isn’t just a buzzword, it’s the foundation for safe and effective cybersecurity, incident response, and operational/engineering troubleshooting.
This free virtual event brings together cybersecurity professionals, utility operators, government stakeholders, and industry experts to explore the unique challenges and emerging threats facing the energy and water sectors.
Attackers are increasingly targeting critical infrastructure — including power grids, water systems, heavy manufacturing, and oil and gas — with a deep and sophisticated knowledge of ICS components, industrial protocols, and engineering processes. Employing advanced techniques like Living Off The Land (LOTL) strategies, they repurpose legitimate ICS software for malicious purposes. These tactics, when combined with ransomware and ICS-specific attacks, significantly escalate the risks to both human lives and essential infrastructure, especially in times of warfare.To counter these threats, ICS/OT environments need specialized technology solutions and highly trained ICS defenders. The ICS Active Cyber Defense model emphasizes “skilled human analysts capable of monitoring and responding to adversaries within the ICS/OT network.” Defending against LOTL and similar threats demands cybersecurity teams with a blend of specific expertise in control systems, IT security knowledge and a prioritization of safety.Is your ICS/OT cybersecurity program equipped with the appropriate technology and expertise? The ICS Summit Solutions Track 2025 will present cutting-edge solutions, live demonstrations, and strategies for tackling today’s ICS security challenges. Presentations and panels will align with industry frameworks, such as the SANS ICS Cybersecurity Critical Controls, demonstrating how expertly trained ICS defenders, armed with ICS-specific solutions, can safeguard the vital infrastructure we all depend on.
This 5th and final control involves understanding which cyber digital controls are deployed and what device operating conditions aid in risk-based vulnerability management decisions to patch vulnerabilities. This enables appropriate safety-informed mitigations to the impact and monitoring for possible attack exploitation internal to the control network.
Module 3 of the training relates to continuous network security monitoringof the ICS networked environment, with protocol-aware tool sets andsystem-to system interaction analysis capabilities used to informengineering of potential risks to the control, view, and safety of operations.
The first training module for the energy sector provides an overview of the elements of an ICS Specific Incident Response Plan, how it differs from astandard IT Incident Response Plan, and how to prepare your team to respond. Simulate an incident response to a remote cyber intrusion into a drilling rig’s control system network to access programmable logic controllers (PLCs) to validate industrial network visibility of the rig control system’s threat.
Nearly 40% of ICS environment compromises come from the IT business network that allows a threat into the ICS environment. So, it’s more important to focus on the ICS perimeter defenses first, followed closely by the additional required segmentation within the ICS network itself. This control involves ICS-aware network architectures that support effective segmentation, visibility of control system traffic for analysis, log collection, asset identification, industrial DMZs, and enforcement for process communication integrity and reliability.
This 4th control involves the identification and inventory of all remote access points and allowed destination environments, on-demand access and MFA authentication where possible, and jump host platforms to provide control and monitoring points within secure segments.
Industrial Control Systems (ICS) and Operational Technology (OT) environments are what makes, moves, and powers our world. ICS/OT are the backbone of critical infrastructure, from energy and water systems to manufacturing and transportation. As cyber threats targeting our critical environments intensify, understanding ICS/OT-specific security controls and appropriate budgets has become a pressing challenge.
Module 3 of the training focuses on network visibility and monitoring. The training module provides your operational and IT team with a foundational knowledge of techniques and benefits for this critical control. This control requires human intelligence and resources. Mature organizations use network visibility tools across their systems to identify opportunities for efficiency and vulnerabilities. Network visibility and monitoring benefits include safety asset identification, engineering asset identification, vulnerability detection, operational safety and reliability, and engineering troubleshooting.
The first training module for the electric sector provides an overview of the elements of an ICS Specific Incident Response Plan, how it differs from a standard IT Incident Response Plan, and how to prepare your team to respond. An ICS-specific incident response plan requires the following: • Enriched insights from engineering operations • Specific to the power grid operations • Emphasis on control system integrity and engineering recovery capabilities in the face of an attack on any aspect of the engineering process. Not only should the plan exist, but it also must be tested to ensure its effectiveness and engineering preparedness for cyber risk scenarios unique to ICS operations and the physical process. This module will dive into how an informed incident response plan increase system integrity and speed up recovery during an attack.
Nearly 40% of ICS environment compromises come from the IT business network that allows a threat into the ICS environment. So, it’s more important than ever to focus on the ICS perimeter defenses first, followed closely by the additional required segmentation within the ICS network itself. An ICS DMZ introduces additional layers of protection and is therefore a must-have. An ICS DMZ acts as a buffer between the internal industrial network and external entities such as corporate networks or the internet. Network architecture can support effective network segmentation, visibility of control system traffic for analysis, detection of threats, log collection, asset identification, industrial control systems DMZ, and enforcement zones. Through the right architecture, you can improve safety and system integrity.
The 5th and final Module of the cybersecurity series on ICS Critical Controls for the Electric Sector focuses on understanding and managing risk. A successful ICS cybersecurity strategy balances defense and offense. A mature vulnerability management program must consider many factors. It should focus on strategically patching vulnerabilities, implementing safety-informed mitigations to mitigate potential impacts, and actively monitoring for signs of pre-attack positioning from within the control network. But that’s only part of a risk-based vulnerability management program for ICS. This training module describes how organizations can identify vulnerabilities by understanding adversaries. This module will include safe and informed mitigation, workarounds, and monitoring for attack preposition and pre-exploitation attack attempts. It will be complete with a nuanced discussion of the probability of exploitation, where, and how an adversary gets into the system.
The ICS Cybersecurity Control Secure Remote Access does more than just enableproper remote authentication and access into a properly architected anddefensible ICS network. There may be several instances of remote access alreadydeployed for remote substations, generating facilities, and other remote sites vialegacy, vendor, integrator, or project access. Implementing this ICS cybersecuritycritical control must start with conducting an access assessment to identify anddocument all remote access points within all local and remote sites.The module will review general access credentials at levels 3 and 3.5, and potential risks deeper inside the ICS network. Setting up your remote access system properly can help utilities retain the benefits of modern control systems while reducing the risk of potentially devastating breaches.
Join Our Webcast on Enhancing Water and Wastewater Utility Security This webcast will dive into the key findings of a critical survey assessing the safety and security challenges in the water and wastewater utility sector. With a focus on Industrial Control Systems (ICS), SCADA, and Distributed Control Systems (DCS) used in water treatment and distribution, we’ll explore emerging trends, highlight survey results, and share best practices to strengthen security measures. Don’t miss this opportunity to gain valuable insights tailored to the unique needs of water and wastewater organizations.
Module 3 of the training focuses on network visibility and monitoring. The training module provides your operational and IT team with a foundational knowledge of techniques and benefits for this critical control.
Every infrastructure operator must understand defensible control system network architecture. Module 2 of the ICS critical controls series for water focuses on how the right architecture can provide a high return on investment.
The 5th and final Module of the cybersecurity series on ICS Critical Controls for the Water Sector focuses on understanding and managing risk. A successful ICS cybersecurity strategy balances defense and offense.