You will earn 6 CPE credits for attending this virtual event.
Summit Format: Virtual
Event Overview
Tremendous gains are being achieved in industrial applications by sharing and analyzing data, but we need professionals who can address the security challenges. With many organizations focusing their information technology (IT) and operational technology (OT) teams on securing the control network and gathering as much information as possible, it is important to maintain secure and reliable operations in the face of determined threats.
Many organizations would consider the finding of actionable intelligence that allows leadership to make informed decisions to be a success. However, this influx of information will, eventually, lead to the identification of anomalous events. These events will lead to the identification of malicious activity. This activity will leave most organizations ' incident response teams failing at handling actual security incidents, increasing downtime, and difficulties returning to 100% production. Successful organizations focus on training their team to effectively respond to an incident and the deployment of technology designed for prevention and identification.
How organizations prepare their IT and OT teams for security incidents is often dependent on what techniques and tools are available. Teams can use the latest solutions to increase the identification, containment, and eradication of suspicious or malicious activities and overall improve response times and reduce recovery efforts.
'this forum will explore various ICS topics, ranging from logic controllers (PLCs) to distributed controls systems (DCSs), through invited speakers while showcasing current capabilities available today. Presentations will focus on case-studies and thought leadership using specific examples relevant to the industry as we know it.
9:45 - 10:00 AM EST - Event Welcome
Don Weber, @cutaway, Summit Co-Chair, SANS Institute, @SANSInstitute
10:00 - 10:35 AM EST - Threat Intelligence: From Threat to ICS Visibility
Amy Bejtlich, @_Silent_J, Director of Intelligence Analysis, Dragos, @Dragos
As threats to ICS environments increase, so too does the need for organizations to properly contextualize and respond to activity targeting them. Incorporating OT-specific threat intelligence with asset information and attacker tactics, techniques, and procedures (TTPs) into security operations informs effective decision making and allows defenders to better detect and respond to malicious activity. This session will highlight how threat intelligence into the Dragos Platform provides asset visibility and actionable information that OT SOC operators can use to defend their operating environments.
10:35 - 11:10 AM EST - ICS/OT Ransomware in the Supply Chain: Learnings from attacks in 2020
Michael Firstenberg, Director of Industrial Security, Waterfall Security, @WaterfallSecure
2020 was not a good year for cyber attacks on industrial control systems (ICS) and operational technology (OT) networks:
In addition, ICS and OT networks are increasingly connected, both to enterprise networks and to Internet-based cloud providers in Industrial Internet of Things (IIoT) configurations. Such connectivity makes targeted and supply chain attacks ever simpler and more far-reaching in their consequences. In 2020, ransomware, targeted ransomware, supply chain breaches and cloud connectivity all emerged as top-of-mind concerns for security teams at industrial enterprises. Security teams responsible for industrial operations are re-evaluating their security programs in light of this new, pervasive threat environment.
Join us to learn about the emerging representative and credible threats for 2021 and beyond ' pervasive threats that all ICS / OT security teams should consider going forward. This Discussion will include evaluation of defensive strategies and their efficacy at protection.
11:10 - 11:45 AM EST - The Journey Towards a Secure Industrial Network
Vikram Sharma, Senior Manager, Engineering, Cisco IoT, Cisco Umbrella, @CiscoUmbrella
Protecting industrial operations against cyber threats is a very specific challenge. As you are connecting more industrial devices, enabling more remote accesses, and building new applications, the airgap between IT and OT networks erodes 'and the IDMZ falls short of being sufficient.
Adding extra security to your industrial network will not happen overnight. This session will present:-
11:45 AM - 12:00 PM EST - Break
12:00 - 12:35 PM EST - Analyzing & Preventing ICS Attacks with the MITRE ATT&CK for ICS Knowledgebase
Matt Hubbard, Senior Technology Product Marketing Manager, Armis, @Armis
The typical ICS environment is no longer the impregnable air-gapped network that it once was. It has been connected to the enterprise network, to the Internet, and to business partners who provide remote support. So while the traditional Purdue reference architecture is still "the" model, in most real-world environments it has lost its integrity. Attackers can find their way into your OT environment through new connected devices and converging networks.
The new MITRE ATT&CK for ICS knowledgebase can help security managers understand the tactics and techniques that attackers use to gain access to industrial control systems. Join Armis in this session to learn:
12:35 - 1:10 PM EST - A Different Approach to Vulnerability Management: Most Bang for the Buck
Nick Cappi, VP Product Management & Technical Support, PAS part of Hexagon, @PASGlobal
Attend this presentation to learn how to mitigate the cyber threats and vulnerabilities that can negatively impact plant safety, reliability, and your company's bottom line. This session will present:
1:10 - 2:00 PM EST - Lunch
2:00 - 2:35 PM EST - OT Cyber Maintenance ' Best Practices In Proactive Security
Michael Rothschild, Senior Director, OT Solutions, Tenable, @TenableSecurity
Beyond clear and present OT security threats, what are the most critical OT cyber maintenance issues to address now?
As security experts, we 're too accustomed to being called into action after a breach has been discovered ' Or with increasing frequency, to address the latest news-making exploit.
Even though we all understand the need for routine maintenance when it comes to the machinery our businesses (and lives) rely on, evidence suggests that's not always the case for your OT cyber assets.
We will share practical advice and best practices to keep your OT systems in top shape from a security perspective.
Topics covered include:
2:35 - 3:10 PM EST - SOC Techniques for Analysing ICS Attacks
Phil Trainor, Director of Security Solutions, Keysight Technologies, @Keysight
This lecture will delve into the specifics of the efficient collection and analyzation of malicious network events targeting industrial control networks. The dataset in which these techniques are applied comes from the recent 'Hack the Building ' event put on through a partnership between US Cyber Command and the Maryland Innovation and Security Institute. 'Keysight Technologies visibility solutions were utilized to intercept and forward malicious events to relevant security solutions, and to collect metadata. This talk is geared toward all audiences, but will focus on technical points, not high-level scenarios.
3:10 - 3:45 PM EST - Using AI to Precisely Detect Anomalies in the OT Process
Chris Grove, Technology Evangelist, Nozomi Networks, @nozominetworks
Scott Smith, Senior Product Owner, Nozomi Networks, @nozominetworks
Artificial Intelligence and machine learning techniques are vital to automating the detection and analysis of cybersecurity and OT system incidents. However, a full understanding of the process being monitored, including its communications and assets, is needed to avoid deluging security teams with anomalous events.
This session looks at how AI can be used to precisely identify anomalies in the OT process indicative of equipment failure, a cyberattack or a system problem.
A combination of process parameter deviation information, and rules that detect specific data and events from a stream of network traffic, make for a powerful threat hunting tool. See a demonstration of process anomaly detection in action and learn how it can help you accelerate incident detection and response, safeguarding availability and cybersecurity.
3:45 - 4:20 PM EST - Accelerate Incident Response with Instant OT Network Access Visualization
Robin Berthier, CEO, Network Perception, @networkperceptn
As the size and complexity of networks continue to grow, ICS and OT environments are getting exposed to larger attack surfaces. The frequency, severity, and sophistication of cyber attacks has also been rising and incident response teams are facing a greater challenge to identify and contain issues faster.
With the realization that network access policies are our first line of defense, this session will present a practical case study to demonstrate the value of instant visualization into network access and the exposure of connected assets. You will learn about technology to:
4:20 PM- 4:30 PM EST - Wrap-Up
Summit: March 4-5 | Training: March 8-13
The annual ICS Security Summit brings together the industry's top practitioners and leading experts from around the globe to share actionable ideas, methods, and techniques for safeguarding critical infrastructures. In-depth talks and interactive panel discussions deliver proven advances and approaches that make a real difference for the individuals leading this fight every day.