2023 ICS Security Summit Solutions Track | Two Day Event May 1st & 2nd

The Industrial control system (ICS) / operational technology (OT) security environments require different security skills, technologies, and methods to manage the different risks, as they have mission and risk surfaces that set ICS/OT apart from traditional IT enterprise networks. ICS/OT networks are also seeing different attacks beyond traditional intrusions commonly seen in enterprise networks.

Adversaries in critical infrastructure networks have illustrated knowledge of control system components, industrial protocols, and engineering operations. Detecting and preventing modern threats to our critical infrastructure requires modern ICS specific technology solutions.

Year over year we are seeing more impactful attacks. Such as CRASHOVERRIDE in the electric sector, human machine interface hijacking through remote access in water management, ICS specific ransomware in manufacturing and energy sectors, targeted attacks on SIS (safety instrumented systems) in the oil and gas sector, and the more recent PIPEDREAM/Incontroller advanced scalable attack framework targeting multiple ICS sectors, to name a few. ICS/OT attacks are more disruptive with the possibility of physical destructive capabilities. Industrial security defenders across all sectors must address new challenges and face serious threats.

The focus of this two-day event is to illustrate the challenges, the risks, the impacts of incidents in control systems, as well as actionable achievable methods we can take to meet these challenges head-on. We will show how ICS-specific trained defenders can step up to protect and defend the critical infrastructure we all rely on in our daily lives.

Presentations will be a combination of thought leadership and technical use-case examples with actionable takeaways facilities can start considering to immediately deploy where it suits their safety and industrial security defense goals.

So, you've saved your seat for the ICS Security Summit Solutions Track, but have you registered to join us for the ICS Security Summit & Training? Visit the ICS Security Summit homepage to get all the details about what you can look forward to when you register to join us live in sunny Orlando, FL or Live Online.


Thank You to Our Sponsors


In Partnership With


Agenda | May 1, 2023 | 1:00PM - 3:00PM ET | Day 1



1:00 PM

Welcome & Opening Remarks

Dean Parsons, Certified Instructor, SANS Institute

1:15 PM

Going Beyond SRA: Saftly Connecting OT Environments

Any disruption to the safe function of operational technology is unacceptable. Yet, as more connections are made to these critical systems, the risks have never been higher. Specifically, existing ways of connecting outside users present five enormous challenges that many ICS operators face. The challenges pivot around the need to fully identify, approve, and monitor each connected session, lowering the operational risk of external connections. This session will discuss these five challenges and share new ways of providing access in controlled and monitored ways. 

Samuel Hill, Director of Product Marketing, Cyolo

1:50 PM

If I Get An SBOM, What’s Next?

In today’s software supply chains, how do you leverage SBOMs to assess vulnerabilities in ICS software supply chains and convince device manufacturers to mitigate them? How do SBOMs bolster our response to new threats and ensure we’ve addressed dangerous OT exposures? In this talk hosted by Finite State Lead Software Engineer Parker Wiksell, we examine why attackers love the OT/IoT attack surface and the key challenges facing stakeholders charged with protecting ICS amidst the rising complexity of modern software supply chains. Parker also explores how dynamic SBOM management informs repair-versus-replace decisions and prompts productive discussions with upstream supply chain partners.

Jason Ortiz, Lead Engineer, Finite State

2:25 PM

“This is Fine”: Fighting Fires with Infrastructure Susceptibility Analysis

Cyber risks and weaknesses are everywhere, but what do we need to fix first? This is a common refrain from asset owners and operators trying to prioritize limited mitigation resources. In the last few years there has been a significant growth in vulnerability discovery. Additionally, several organizations expanded safety engineering practices to reduce the attack surface of modern critical infrastructure. Despite these growth areas, cyber threat intelligence has failed to keep pace with adversary advancement and capabilities. Defensive efforts continually fall behind adversary activities designed to attack and hold critical infrastructure at risk. Infrastructure Susceptibility Analysis (ISA) is a repeatable, proactive methodology designed to leverage threat actor information commonly overlooked by normal threat cyber intelligence practices. ISA expands on existing engineering best practices to enable asset and system owners to understand not only the most damaging outcomes of cyber-attack, but also the most likely. ISA leverages often overlooked aspects of cyber threat intelligence to generate the most comprehensive picture of adversary targeting. Armed with these insights, security programs can then introduce the most impactful modifications and mitigations, saving resources and financial investment. This session is designed to provide the audience with a background in relevant engineering practices for understanding cyber risk, as well as the limitations of these approaches. It will introduce the audience to the ISA process and highlight key differentiators from past approaches. This session will also expose the audience to term and trend cyber threat intelligence practices and provide recommendations for how to track adversary capability growth against their own systems and infrastructure.

Mark Bristow, Director Cyber Infrastructure Protection Innovation Center, MITRE

Sarah Freeman, Principal Cyber Engagement Operations Engineer, MITRE

3:00 PM

Platform vs. Products in ICS Security: What's better

Shan Zhou, Director of Technical Sales Engineering, Nozomi Networks


Agenda | May 2, 2023 | 10:30AM - 3:00PM ET | Day 2



10:30 AM

Welcome & Opening Remarks

Dean Parsons, Certified Instructor, SANS Institute

10:50 AM

Elmer Fudd without the FUD: Threat Hunting in OT Demonstration

While IT threat hunting has been a common practice in industry, it is rare to see that practice extended to OT environments. This talk will demonstrate how to develop and execute an OT aligned threat hunt.

John Burns, Principal Industrial Hunter, Dragos, Inc.

11:25 AM

Identity Crisis: Solving the Access Management Challenge in OT and ICS
Global technology and workforce trends have pushed Identity & Access Management and Asset Protection to the top of industrial cybersecurity priorities. Meanwhile, growth in assets and connectivity has greatly expanded the attack surface, which organizations struggle to protect effectively. Operational Technology (OT) leaders increasingly leverage third party contractors and vendors, requiring secure, controlled local or remote access. IT-centric technologies not built for OT can HARM your security posture.

In this session, experts with decades of OT/ICS security experience will discuss:

  • Hidden challenges in managing identity, credentials, and access in ICS/OT
  • How to improve user experience and security by orchestrating identity across OT, IT, and Cloud
  • How to achieve Defensible Architecture and other SANS ICS Critical Cybersecurity Controls

Roman Arutyunov, Co-Founder & VP Products, Xage Security

12:00 PM


1:00 PM

Elevating Cybersecurity Visibility with Network Access Modeling: A Real-World Case Study

The only way to verify if your network segmentation efficiently protects your critical assets is network access modeling (NAM). Through a real-world case study, this presentation will demonstrate how NP-View analyzes network connectivity in minutes by modeling firewall configurations from all major manufacturers. Learn how to simulate attack paths and precisely assess vulnerability exposure without having to instrument your network with sensors. Key takeaways also include procedures to strengthen your firewall policy review workflow and automatically collect evidence of compliance for your NERC CIP-003 and/or CIP-005 programs.

Robin Berthier, CEO/Co-Founder, Network Perception

1:35 PM

Panel: ICS/OT Security - Prioritizing Safety Rather Than IT Practices

Dean Parsons, Certified Instructor, SANS Institute

Jeff Aliber, Sr. Director of Product Marketing, XONA Systems

Ritesh Agrawal, CEO, Airgap

2:10 PM

Closing Remarks

Dean Parsons, Certified Instructor, SANS Institute