Industrial Solutions Forum

  • Webcast Aired Friday, 17 Sep 2021 9:30AM EDT (17 Sep 2021 13:30 UTC)
  • Speakers: Justin Searle, Keith Walsh, Chris Carlson, Syed Kaptan, Maurits Lucas, John Livingston, Mike Firstenberg, Michael Rothschild, Robin Berthier, Ian Schmertzler, Alan Hudson

Tremendous gains are being achieved in industrial industries as we mature our cybersecurity programs in the OT portions of our infrastructures, however the attacks keep coming and are increasingly targeting our industrial processes. It is important for us to identify the right solutions to maintain secure and reliable operations in the face of determined threats.

Maintaining the integrity of our IT and OT technologies requires our security teams to keep doing the cybersecurity basics, but also requires us to spend our limited resources to make strategic investments in modern techniques and solutions created for OT. IT/OT convergence is not an effort to merge IT and OT, and we need to do more than just copy what we are doing in IT and paste it in OT.

This forum will explore various ICS topics through invited speakers while showcasing current capabilities available today. Presentations will focus on case-studies and thought leadership using specific examples relevant to the industry as we know it.

Industrial_Solutions_Forum_-_Webcast_Reg_Page.jpg

Sponsor

Dispel_Logo.jpgPRIMARY_LOGO_Dragos_Logo_RGB_Transparent.pngNetwork_Perception.pngnozomi-networks-logo-color.pngTenableLogoR2018_FullColor_RGB.pngtq_main-logo-color.pngVerve-Logo-01.pngWaterfall_logo-1.png

Agenda

Timeline (EDT)

Session Description

9:30 AM

Welcome

Justin Searle, Senior Instructor, SANS Institute

9:40 AM

Industry 4.0 and IT/OT Convergence

Digital transformation is blurring the line between IT and OT. The two worlds are converging. Processes are overlapping within the electric, gas, and water utility industries, as IT and OT teams are using the same infrastructure and applications. Smart metering is a perfect example of this. The meters themselves are OT and are a part of the electricity distribution network, yet the meter data management and back office functions are classic IT applications.

Keith Walsh, Principal Solution Architect, Armis

10:15 AM

Defensible Perimeters Between IT and OT Using Network Traffic Monitoring

Operational technology networks are becoming increasingly difficult to control and monitor due to the increasing connectivity and internet access required by network modernization, business initiatives, and digital transformation projects. Additionally, organizations that have not deployed monitoring solutions for their OT networks further limit their visibility when there are unknown, unapproved, or unintended network changes that expose the OT environment to attacks from the IT network and the open Internet. Securely connecting IT and OT is achievable by leveraging cybersecurity network traffic monitoring with network controls to create defensible perimeters. This session will address the risks with unmonitored networks, describe common adversary attack patterns used to penetrate connected networks, and demonstrate how OT-specific cybersecurity network traffic monitoring solutions are required to provide enhanced visibility to identify malicious or unauthorized network communications, detect threat activity penetrating the OT network from the IT boundary, and verify that vulnerability mitigation controls are in place and functioning properly.​

Chris Carlson, VP, Product, Dragos. Inc

10:50 AM

The Easy Ticket to Reducing Security Risk: Leveraging and Improving Asset Inventories

Instead of adding more complexity to your current security stack, why not leverage and improve on what you already have? In this session, cyber threat intelligence gurus, Syed Kaptan and Maurits Lucas, will share an impactful way to reduce security risk: the build and management of asset inventories.

In this session, listeners will learn how to:

  • Prioritize and patch vulnerabilities impacting the most critical assets first through proper asset inventories.
  • Determine the risk potential of your industrial control system components through learning and documenting how operations and processes are impacted during an asset breach.
  • Add more context to your assets and vulnerabilities with open-source data from MITRE ICS ATT&CK Framework and National Vulnerability Database.

Syed Kaptan, Director - Threat Intelligence Engineering, ThreatQuotient
Maurits Lucas
, Director of Intelligence Solutions, Intel471

11:25 AM

Break

11:35 AM

The “Forgotten” OT/ICS Endpoints - How to Demonstrate Measurable Improvement in OT/IC Security

Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls connecting data and information networks, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable. We explore eight common mistakes that firewall administrators make and describe how these mistakes can compromise ICS network security. The lesson here though is not 'stop making mistakes. ' The lesson is to choose appropriate technology for the need. We explore technology alternatives to 'OT firewalls that eliminate the potential for online attacks as a result of misconfiguration.

John Livingston, CEO, Verve Industrial Protection

12:10 PM

Eight Common OT / Industrial Firewall Mistakes

Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls connecting data and information networks, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable. We explore eight common mistakes that firewall administrators make and describe how these mistakes can compromise ICS network security. The lesson here though is not 'stop making mistakes. ' The lesson is to choose appropriate technology for the need. We explore technology alternatives to 'OT firewalls that eliminate the potential for online attacks as a result of misconfiguration.

Mike Firstenberg, Director of Industrial Security, Waterfall Security Solutions

12:45 PM

The DHS 16 - Securing the Operation of Essential Services

The Department of Homeland Security has identified 16 unique industries as being essential and part of the critical infrastructure. Impacts or disruptions to any of these verticals would have dire and reverberating effects across society. Over the course of the last 10 months, many of these industries have experienced significant and unanticipated stressors and some companies did not survive. In this session we will discuss who the DHS 16 are, the challenges that they have faced now and into the future. From this retrospective, we will provide a "lessons learned" synopsis which can be applied to all industries going forward as to what is needed to ensure resilience, security and continued operations of industrial and critical infrastructure environments.

Michael Rothschild, Sr. Director, OT Solutions, Tenable, Inc.

1:20 PM

Break
1:30 PM
How to Verify Perimeter Defense with OT Network Visibility

Gaining accurate visibility of OT networks is fundamental to protect critical assets and to ensure network access security as the first line of perimeter defense. This presentation will present practical advice on how to eliminate blind spots through automated network architecture visibility and understand cyber risks in the context of network segmentation and access policies.

Robin Berthier, Ph.D., CEO, Network Perception

2:05 PM
From the Ground Up

A manufacturer's plants were ransomed 4 times in the year it took them to procure a secure remote access system. A network security architect at an electrical authority spent 15 months trying to get his colleagues in a room to plan aligning with 800-160 v2. We all have our own stories. The ICS Security "Solution" we need is not another product, it is a way to reliably get things done.

This talk is about one way we have found that works. Half technical, half about people, this session will be taught around the example of getting a pre-existing multi-facility OT environment shifted over to a cyber resilient posture. To help, we've invited along a unexpected yet essential ally in this effort, VTScada.

Ian Schmertzler, President, Dispel
Alan Hudson
, Manager, VTScada

2:40 PM
Wrap-Up

Justin Searle, Senior Instructor, SANS Institute