NIST Recommendations for ICS & IIoT Security

  • Thursday, 28 Feb 2019 3:30PM EST (28 Feb 2019 20:30 UTC)
  • Speakers: Phil Neray, Michael Powell, Jim McCarthy, Tim Zimmerman

WannaCry, NotPetya, and TRITON demonstrate that ICS and IIoT networks continue to be soft targets for cyberattacks, increasing the risk of costly downtime, safety failures, environmental incidents, and theft of sensitive intellectual property.

NIST and the NCCoE recently published a NIST Interagency Report (NISTIR) demonstrating how off-the-shelf, ICS-aware behavioral anomaly detection (BAD) effectively reduces cyber risk for manufacturing organizations, without impacting OT networks, as well as risk from equipment malfunctions.

The report was the product of a close collaboration between NCCoE, CyberX, and other technology providers such as OSIsoft.

In this joint webinar with NIST and CyberX, you'll learn about:

  • Mapping the security characteristics of BAD to the NIST CSF
  • Using NIST's reference architecture for your own ICS & IIoT environment
  • How CyberX detected 15 examples of high-risk anomalies in NIST's testbed environment, including unauthorized devices; unauthorized remote access; plain-text credentials; network scans using ICS protocols; and unauthorized PLC logic downloads

We'll also discuss how CyberX's agentless platform helps you:

  • Auto-discover your ICS & IIoT assets, protocols, and network topology
  • Identify critical OT vulnerabilities and risks
  • Prioritize risk mitigation for your most valuable processes (crown jewels)
  • Enable rapid ICS threat detection, response, threat hunting, and prevention
  • Implement converged IT/OT security in your corporate SOC via certified apps for IBM QRadar, Splunk, ServiceNow, Palo Alto Networks, and other integrations with your security stack