NotPetya, Dragonfly 2.0 & CrashOverride: Is Now the Time for Active Cyber Defense in ICS/SCADA Networks?

  • Thursday, 12 Oct 2017 1:00PM EDT (12 Oct 2017 17:00 UTC)
  • Speakers: Mike Assante, Phil Neray

Recent campaigns against industrial and critical infrastructure organizations demonstrate that conventional ICS/SCADA defenses such as firewalls and segmentation are no longer sufficient to protect our ICS/SCADA networks from targeted attacks and sophisticated malware. With industrial organizations showing significant financial losses from widespread disruption to their production operations, management teams and boards of directors are now asking their cybersecurity and OT teams \How do we make sure this doesn't happen to us?"

Active Cyber Defense is the next step in the cybersecurity maturity model. As defined by SANS, it's the process of using security operations to continuously identify and counter threats. The Active Defense Cycle consists of four phases that continuously feed each other to create an ongoing process: asset identification and network security monitoring; incident response; threat and environment manipulation (e.g., addressing vulnerabilities); and threat intelligence consumption.

In this educational webinar led by Mike Assante, SANS Director of Critical Infrastructure & ICS/SCADA Security ' recently selected as one of "The Most Influential People in Security" by Security Magazine, we'll explore why "basic" ICS/SCADA security won't cut it anymore. We'll discuss the architecture of modern malware such as NotPetya and CrashOverride/Industroyer, as well as recent targeted attacks such as Dragonfly 2.0. And we'll provide actionable takeaways to help ICS/SCADA defenders implement Active Cyber Defense in a practical and pragmatic manner.

Phil Neray, CyberX's VP of Industrial Cybersecurity, will present a timeline of nation-state cyberattacks on critical infrastructures worldwide, so we can better understand our adversaries' motivations, TTPs, and how their capabilities have evolved over time. He'll also describe how network traffic analysis (NTA) can be used to visualize and predict the most likely attack vector paths to our most critical ICS/SCADA assets ' so you can prioritize remediation and mitigation activities when you have narrow change windows ' and how modern ICS/SCADA cybersecurity platforms can effectively support Active Cyber Defense for industrial and critical infrastructures.