ICS Consequence-Driven Incident Response Solutions Forum

Friday, 09 Dec 2022 10:30AM EST (09 Dec 2022 15:30 UTC)
Speaker: Dean Parsons

Consequences of modern cyber-attacks impacting control systems can range from large power grid blackouts to large cities or major regions, failure of critical manufacturing equipment with massive financial loss, paralyzing smart city infrastructure such as transportation in large municipalities, inflict serious environmental damage, or worse, cause injury or death to facility workers.

The obvious choice for ICS security managers and technical defenders is to focus on pre-incident defense - prevention - which has a lot of value! However, facility owners and security managers must not become fatigued by a prevention-only approach and forget to focus on regularly refining steps for effective and optimal engineering MTTR (mean time to recover) for a rapid return to operations.

Establishing ICS-specific network visibility, threat detection based on evolving sector specific threat intelligence, and specific incident response for control networks - are all critical! They are all requirements of the first stages of maturity towards any effective ICS Security Defense Program.

However, for resilience, with the consequences these imminent intrusions bring, plant owners and operators will do well to ensure the ICS incident response includes effective and rapid engineering system recovery plans. That is, technology solutions and processes combined with ICS-trained defenders, security managers and engineering teams being able to work to restore control systems to trusted restore points after events from cyber incidents, natural disasters, human error, or possible malicious insiders that threaten engineering operations.

This ICS Forum will bring to light lessons learned through a 2022 ICS year in review and reveal suggested actions for ICS incident response with a focus on ICS specific threat detection and rapid engineering system recovery.

Login to Register

Sponsors

Agenda | December 9, 2022 | 10:30 AM - 1:30 PM EST

Timeline (EST)	Session Details
10:30 AM	Welcome & Opening Remarks Dean Parsons, Certified Instructor, SANS Institute
10:45 AM	You Are Not Alone – 5 Critical Controls for Consequence-Driven Incident Response in ICS/OT Environments Keeping the operational technology (OT) environments of industrial control systems (ICS) secure from cyberattacks is critical to our daily lives, and increasingly top of mind from the board room to the manufacturing floor. And while aligning organizational leadership and implementing a successful OT cybersecurity posture can be overwhelming for even seasoned security operations teams, there are some proven strategies to be proactive about protecting industrial infrastructure. Context and collaboration are key to establishing effective, consequence-driven incident response. First, it’s important to understand that leveraging an IT incident response plan (IRP) simply won’t work, because the risk profile is very different and the potential consequences and costs for personal, operational, and environmental safety are much more significant. Having a dedicated IRP suited for ICS/OT environments is a must-have for effective incident response that is consequence oriented. Join Tim Ennis, Senior Industrial Incident Responder at Dragos, and Jan Hoff, Principal Industrial Incident Responder at Dragos, for an informative panel discussion exploring 5 critical controls for OT cybersecurity and their significance for consequence-driven incident response. Additionally, this session will cover the importance of: Driving alignment and cross-functional collaboration for an ICS-specific incident response plan Correlating OT systems data with a Collection Management Framework is essential to the speed, effectiveness, and efficiency of incident response Knowing your Crown Jewels, and the impact of a cyberattack on key assets Tim Ennis, Senior Industrial Incident Responder, Dragos, Inc. Jan Hoff, Principal Industrial Incident Responder, Dragos, Inc.
11:20 AM	Pre and Post Incident Network Collection at the Edge - A Practical Guide for Asset Owners Implementing a comprehensive and continuous network visibility solution may not be possible for all organizations. Ron Fabela, CTO & Co-Founder at SynSaber will discuss the many practical steps to industrial edge visibility that can be taken before and after an incident has occured. Collection of industrial edge data is critical to the understanding of any process or control environment; so are some other non-technology based processes that can assist. Key takeaways for this segment include: The importance of automated collection, analysis and transport of industrial edge network data Methods to collect industrial edge data without a continuous monitoring solution Ron Fabela, CTO & Co-founder, SynSaber
11:55 AM	Implementing a Zero Trust Framework for Secure Remote Access in ICS Remote access is becoming a necessity for OT and there are countless reasons from professionals running offshore oil rigs, manufacturing plants meeting high demand, water treatment facilities serving large populations and other critical facilities needing 24/7 access from anywhere. But providing that access has traditionally been too complex and fraught with security issues as exposing critical infrastructure to the “outside” greatly expands the attack surface for hackers. Hear how to create and maintain secure and frictionless access to industrial control systems, enabling secure remote operations with a zero-trust architecture including protocol isolation, integrated MFA, role-based and time-based access controls, user session analytics, and more. Bill Moore, CEO, Xona
12:30 PM	Break
12:40 PM	Panel Discussion - ICS Consequence-Driven Incident Response Dean Parsons, Certified Instructor, SANS Institute Bill Moore, CEO, Xona Jan Hoff, Principal Industrial Incident Responder, Dragos Ron Fabela, CTO & Co-founder, Synsaber
1:25 PM	Wrap-Up Dean Parsons, Certified Instructor, SANS Institute

Related Content

Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting

The Quest to Summit | SANS ICS Security Summit 2024

Register for the ICS Security Summit to be able to participate in The Quest to Summit and win big prizes.

Cybersecurity Insights, Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cloud Security, Cyber Defense

December 11, 2023

A Look at the SANS Sponsorship Program

Reach the right audience, at the right time, with the right message with the SANS Sponsorship Program.

340x340 Five Startling Findings in 2023's ICS Cybersecurity Data

Industrial Control Systems Security

November 20, 2023

Five Startling Findings In 2023’s ICS Cybersecurity Data

As ICS risk grows, so too must the skills of the ICS cyber defender.