Get a MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training - Learn More


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

BlackEnergy 2: ICS-Focused Threats

  • Tuesday, December 02, 2014 at 1:00 PM EST (2014-12-02 18:00:00 UTC)
  • Robert Huber, Tim Conway, Michael Assante

You can now attend the webcast using your mobile device!



The emergence of ICS-focused technical threats has been forecasted for the last several years. The story has been unfolding with several important revelations. One of those is that ICS modules have been in existence for years and they have been used in attack campaigns dating back to 2011. What do we know- and what dont we know yet? Why are some organizations reporting destructive malware associated with ICS? This talk is the first in a new series of SANS ICS webcasts that provides our watchers a dossier on discovered ICS technical threats. These talks will provide a summary of the facts and highlight research into the behaviors and characteristics of threats used in real world attacks so you can hone your defenses.

This webcast series will begin to deconstruct emerging ICS-focused threats, which will be examined in greater detail, including live demonstrations of ICS attacks, at the 10th Annual ICS Security Summit & Training, February 23-March 1 in Orlando, FL.

If youre interested in ICS Security, please join us for the 10th Annual ICS Security Summit | Orlando, FL | Feb 23 March 2, 2015.

Come ready to learn about the recent onset of ICS-focused attacks and how you need to hone your skills to defend our critical infrastructure systems. This years summit will feature hands-on training courses focused on attacking and defending ICS Environments, industry-specific pre-summit events, and an action-packed summit agenda with the release of ICS security tools and a new up-to-date security kit for attendees.

If thats not enough to have you join us....these reasons should seal the deal:

  1. Choose from SIX awesome ICS courses.
  2. TWO days of incredible summit sessions with some of the best minds in the ICS space.
  3. ONE night of ICS defense exercises and missions where you'll use your skills to attack and defend a variety of live ICS target environments.
  4. Networking opportunities: Meet summit speakers, instructors, and fellow attendees in a fun, casual atmosphere to exchange ideas and build relationships.
  5. AND opportunities to participate in special offsite tours taking place during the Summit. More details to come.

Register before January 14th and save $400 on tuition fees. Or save $500 when you purchase a full price, 5-6 day course, in conjunction with the Summit. Learn more and register

Speaker Bios

Michael Assante

Michael Assante is currently the SANS lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) security and Co-founder of NexDefense an Atlanta-based ICS security company. He served as Vice President and Chief Security Officer of the North American Electric Reliability (NERC) Corporation, where he oversaw industry-wide implementation of cyber security standards across the continent. Prior to joining NERC, Mr. Assante held a number of high-level positions at Idaho National Labs and served and as Vice President and Chief Security Officer for American Electric Power. Mr. Assante's work in ICS security has been widely recognized and was selected by his peers as the winner of Information Security Magazine's security leadership award for his efforts as a strategic thinker. The RSA 2005 Conference awarded him its outstanding achievement award in the practice of security within an organization.

He has testified before the US Senate and House and was an initial member of the member of the Commission on Cyber Security for the 44th Presidency. Before his career in security served in various naval intelligence and information warfare roles, he developed and gave presentations on the latest technology and security threats to the Chairman of the Joint Chiefs of Staff, Director of the National Security Agency, and other leading government officials. In 1997, he was honored as a Naval Intelligence Officer of the Year.

Tim Conway

Technical Director - ICS and SCADA programs at SANS. Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.

Robert Huber

Robert is an information security professional with experience across the financial, DoD and energy sectors. He has consulted, trained and presented on process control and SCADA security topics, as well as intrusion analysis. Prior to forming Critical Intelligence, Mr. Huber was a Cyber Intelligence Analyst for Lockheed Martin's CIRT, dealing with APT activity on a daily basis. Robert gained his industrial control systems experience while working as a Senior Cyber Security Researcher in the Critical Infrastructure Protection/Resilience Division at Idaho National Laboratory (INL) tasked with analysis of the latest cyber threats and defense technologies for control systems, network protocol analysis of control system protocols, as well as network security assessments for industrial control system owner/operators. Robert was a member of the DHS Control Systems Security Program (CSSP) providing situational awareness of cyber threats to control systems, support for incident response issues, malware analysis and training. Robert also performed onsite assessments for owner/operators as a part of the DOE National SCADA TestBed. Robert joined INL from JP Morgan Chase where he was a vice president and the chief security architect for the security event management team. In addition to his civilian experience, Robert is currently a member of the Air National Guard serving in a network warfare squadron as a defensive element leader for digital forensics to include network traffic analysis, malicious code analysis and forensic media analysis. Robert holds a BS in Computer Science as well as the CISSP, Sans GSEC, GCFW and Certified Ethical Hacker certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.