Defending the ICS Ahead of the Patch: WannaCry Lessons Learned

  • Friday, 26 May 2017 10:30AM EDT (26 May 2017 14:30 UTC)
  • Speakers: Mike Assante, Ben Miller, Joe Slowik

The WannaCry ransomware event attracted significant headlines for its rapid, indiscriminate spread and impact to critical services. The UK's National Health Service received the most attention, but institutions as varied as automotive manufacturers, rail service providers, and some U.S. utilities faced crippling impacts. Now that ransomware has moved beyond standard phishing and exploit kits, ICS defenders must take notice to ensure critical networks are prepared for the next 'wormable' threat. We will provide an overview of why WannaCry's self-propagation method represents a 'game changer' for ICS defenders and what related threat vectors future adversaries may take. The presentation will cover examples of assets that bridge the enterprise with the ICS and leverage impacted protocols.'then we will outline strategies designed to improve the readiness of ICS networks to fight off the next campaign and how defenders can better position their assets for rapid recovery.