ICS Summit Solutions Track

  • Friday, 05 Mar 2021 9:45AM EST (05 Mar 2021 14:45 UTC)
  • Speakers: Phil Trainor, Chris Grove, Nick Cappi, Michael Rothschild, Amy Bejtlich, Don C. Weber, Michael Firstenberg, Vikram Sharma, Matt Hubbard, Robin Berthier, Scott Smith

You will earn 6 CPE credits for attending this virtual event.

Summit Format: Virtual

Event Overview

Tremendous gains are being achieved in industrial applications by sharing and analyzing data, but we need professionals who can address the security challenges. With many organizations focusing their information technology (IT) and operational technology (OT) teams on securing the control network and gathering as much information as possible, it is important to maintain secure and reliable operations in the face of determined threats.

Many organizations would consider the finding of actionable intelligence that allows leadership to make informed decisions to be a success. However, this influx of information will, eventually, lead to the identification of anomalous events. These events will lead to the identification of malicious activity. This activity will leave most organizations ' incident response teams failing at handling actual security incidents, increasing downtime, and difficulties returning to 100% production. Successful organizations focus on training their team to effectively respond to an incident and the deployment of technology designed for prevention and identification.

How organizations prepare their IT and OT teams for security incidents is often dependent on what techniques and tools are available. Teams can use the latest solutions to increase the identification, containment, and eradication of suspicious or malicious activities and overall improve response times and reduce recovery efforts.

'this forum will explore various ICS topics, ranging from logic controllers (PLCs) to distributed controls systems (DCSs), through invited speakers while showcasing current capabilities available today. Presentations will focus on case-studies and thought leadership using specific examples relevant to the industry as we know it.


9:45 - 10:00 AM EST - Event Welcome

Don Weber, @cutaway, Summit Co-Chair, SANS Institute, @SANSInstitute

10:00 - 10:35 AM EST - Threat Intelligence: From Threat to ICS Visibility

Amy Bejtlich, @_Silent_J, Director of Intelligence Analysis, Dragos, @Dragos

As threats to ICS environments increase, so too does the need for organizations to properly contextualize and respond to activity targeting them. Incorporating OT-specific threat intelligence with asset information and attacker tactics, techniques, and procedures (TTPs) into security operations informs effective decision making and allows defenders to better detect and respond to malicious activity. This session will highlight how threat intelligence into the Dragos Platform provides asset visibility and actionable information that OT SOC operators can use to defend their operating environments.

10:35 - 11:10 AM EST - ICS/OT Ransomware in the Supply Chain: Learnings from attacks in 2020

Michael Firstenberg, Director of Industrial Security, Waterfall Security, @WaterfallSecure

2020 was not a good year for cyber attacks on industrial control systems (ICS) and operational technology (OT) networks:

  • Targeted ransomware: Nine attacks shut down physical operations at industrial sites ' all were targeted ransomware.
  • SolarWinds Orion: The single biggest cyber attack in history ' the SolarWinds Orion supply chain breach ' impacted as many as 18,000 organizations, many of which were industrial enterprises with physical operations.

In addition, ICS and OT networks are increasingly connected, both to enterprise networks and to Internet-based cloud providers in Industrial Internet of Things (IIoT) configurations. Such connectivity makes targeted and supply chain attacks ever simpler and more far-reaching in their consequences. In 2020, ransomware, targeted ransomware, supply chain breaches and cloud connectivity all emerged as top-of-mind concerns for security teams at industrial enterprises. Security teams responsible for industrial operations are re-evaluating their security programs in light of this new, pervasive threat environment.

Join us to learn about the emerging representative and credible threats for 2021 and beyond ' pervasive threats that all ICS / OT security teams should consider going forward. This Discussion will include evaluation of defensive strategies and their efficacy at protection.

11:10 - 11:45 AM EST - The Journey Towards a Secure Industrial Network

Vikram Sharma, Senior Manager, Engineering, Cisco IoT, Cisco Umbrella, @CiscoUmbrella

Protecting industrial operations against cyber threats is a very specific challenge. As you are connecting more industrial devices, enabling more remote accesses, and building new applications, the airgap between IT and OT networks erodes 'and the IDMZ falls short of being sufficient.

Adding extra security to your industrial network will not happen overnight. This session will present:-

  • What's beyond the IDMZ to secure industrial networks
  • Cisco's phased approach to IoT/OT security where each phase builds the foundation for the next
  • How to mature your OT security strategy to embark all stakeholders in the journey and ensure success

11:45 AM - 12:00 PM EST - Break

12:00 - 12:35 PM EST - Analyzing & Preventing ICS Attacks with the MITRE ATT&CK for ICS Knowledgebase

Matt Hubbard, Senior Technology Product Marketing Manager, Armis, @Armis

The typical ICS environment is no longer the impregnable air-gapped network that it once was. It has been connected to the enterprise network, to the Internet, and to business partners who provide remote support. So while the traditional Purdue reference architecture is still "the" model, in most real-world environments it has lost its integrity. Attackers can find their way into your OT environment through new connected devices and converging networks.

The new MITRE ATT&CK for ICS knowledgebase can help security managers understand the tactics and techniques that attackers use to gain access to industrial control systems. Join Armis in this session to learn:

  • How MITRE ATT&CK for ICS works
  • How you can use the new MITRE ATT&CK tool to assess gaps and weaknesses in your existing security tools
  • Practical advice on how to prevent attacks against your ICS infrastructure, based on the MITRE ATT&CK techniques.

12:35 - 1:10 PM EST - A Different Approach to Vulnerability Management: Most Bang for the Buck

Nick Cappi, VP Product Management & Technical Support, PAS part of Hexagon, @PASGlobal

Attend this presentation to learn how to mitigate the cyber threats and vulnerabilities that can negatively impact plant safety, reliability, and your company's bottom line. This session will present:

  • Understand the current OT threat landscape and the state of OT security
  • Identify the security architecture layers required for effective OT endpoint defense
  • Learn what to do and what not to do for driving improved OT endpoint security in industrial facilities

1:10 - 2:00 PM EST - Lunch

2:00 - 2:35 PM EST - OT Cyber Maintenance ' Best Practices In Proactive Security

Michael Rothschild, Senior Director, OT Solutions, Tenable, @TenableSecurity

Beyond clear and present OT security threats, what are the most critical OT cyber maintenance issues to address now?

As security experts, we 're too accustomed to being called into action after a breach has been discovered ' Or with increasing frequency, to address the latest news-making exploit.

Even though we all understand the need for routine maintenance when it comes to the machinery our businesses (and lives) rely on, evidence suggests that's not always the case for your OT cyber assets.

We will share practical advice and best practices to keep your OT systems in top shape from a security perspective.

Topics covered include:

  • Explanation of what cyber maintenance is and why we need it.
  • What are the most critical OT cyber maintenance issues to address now
  • Lessons learned and key takeaways to share with your team and business stakeholders

2:35 - 3:10 PM EST - SOC Techniques for Analysing ICS Attacks

Phil Trainor, Director of Security Solutions, Keysight Technologies, @Keysight

This lecture will delve into the specifics of the efficient collection and analyzation of malicious network events targeting industrial control networks. The dataset in which these techniques are applied comes from the recent 'Hack the Building ' event put on through a partnership between US Cyber Command and the Maryland Innovation and Security Institute. 'Keysight Technologies visibility solutions were utilized to intercept and forward malicious events to relevant security solutions, and to collect metadata. This talk is geared toward all audiences, but will focus on technical points, not high-level scenarios.

3:10 - 3:45 PM EST - Using AI to Precisely Detect Anomalies in the OT Process

Chris Grove, Technology Evangelist, Nozomi Networks, @nozominetworks

Scott Smith, Senior Product Owner, Nozomi Networks, @nozominetworks

Artificial Intelligence and machine learning techniques are vital to automating the detection and analysis of cybersecurity and OT system incidents. However, a full understanding of the process being monitored, including its communications and assets, is needed to avoid deluging security teams with anomalous events.

This session looks at how AI can be used to precisely identify anomalies in the OT process indicative of equipment failure, a cyberattack or a system problem.

A combination of process parameter deviation information, and rules that detect specific data and events from a stream of network traffic, make for a powerful threat hunting tool. See a demonstration of process anomaly detection in action and learn how it can help you accelerate incident detection and response, safeguarding availability and cybersecurity.

3:45 - 4:20 PM EST - Accelerate Incident Response with Instant OT Network Access Visualization

Robin Berthier, CEO, Network Perception, @networkperceptn

As the size and complexity of networks continue to grow, ICS and OT environments are getting exposed to larger attack surfaces. The frequency, severity, and sophistication of cyber attacks has also been rising and incident response teams are facing a greater challenge to identify and contain issues faster.

With the realization that network access policies are our first line of defense, this session will present a practical case study to demonstrate the value of instant visualization into network access and the exposure of connected assets. You will learn about technology to:

  • Keep network topology diagram and asset inventory up to date at all time
  • Leverage next-generation network visualization to gain situational awareness
  • Verify network access containment policies and network segmentation

4:20 PM- 4:30 PM EST - Wrap-Up

ICS Security Summit & Training 2021

Summit: March 4-5 | Training: March 8-13

The annual ICS Security Summit brings together the industry's top practitioners and leading experts from around the globe to share actionable ideas, methods, and techniques for safeguarding critical infrastructures. In-depth talks and interactive panel discussions deliver proven advances and approaches that make a real difference for the individuals leading this fight every day.

​The ICS Security Summit will address a wide range of topics, including:

  • Understanding what an attack against your organization will look like (deconstructing real-world ICS attacks and technical threats)
  • Live attack demonstrations & the defenses needed to stop them
  • Case studies and success stories
  • System and organizational investment opportunities that reduce attacker effects
  • Future attack vectors on ICS
  • Mitigations - Defenders, governance, and controls

View Summit Agenda & Register