Who Owns ICS Security? Fusing IT, OT, & IIoT Security in the Corporate SOC.

  • Webcast Aired Thursday, 14 Dec 2017 1:00PM EST (14 Dec 2017 18:00 UTC)
  • Speakers: Doug Wylie, Phil Neray

When targeted ICS attacks and malware impact production operations, everyone in the organization is affected. Downtime leads to customer dissatisfaction, reduced revenue, quarterly losses due to clean-up costs, fewer career opportunities from slower growth, and more.

ICS security has historically operated in its own silo. With its unique priorities (Safety and Availability vs. Confidentiality, etc.), lack of visibility into non-IT devices and protocols, and the notion of air-gapping, this seemed like the optimum approach.

But the world has changed dramatically. IIoT technology brings many benefits to businesses such as smart machines and real-time intelligence from the factory floor - but it also increases the attack surface and requires continuous connectivity between IT and OT.

Attackers look for the weakest links - and don't care if they pivot from a control engineer's PC on the corporate IT network, an HMI maintained by a third-party vendor whose credentials have been compromised, or a vulnerable CCTV device operated by the physical security team.

In this educational webinar led by Doug Wylie, SANS Director of the Industrials & Infrastructure practice area and previously Director of Product Security and Risk Management at Rockwell Automation, with Phil Neray, VP of Industrial Cybersecurity at CyberX, we'll explore the following questions:

  • Blending IT, OT and IIoT Security in the Corporate SOC: Given the massive investment organizations have already made in centralized SOCs - in trained personnel, standardized workflows, and unifying technologies such as SIEMs - is it time to bring ICS security into the corporate SOC?
  • Addressing the culture gap: How do we encourage tighter collaboration between IT security and OT teams?
  • Funding models: Who pays for stronger ICS security?
  • New technologies for Active Cyber Defense: With varying degrees of maturity, purpose-built OT security platforms now provide unprecedented visibility into ICS protocols, devices, and applications, combined with OT-specific analytics for behavioral anomaly detection. So how do we move beyond simple Syslog alerts to provide deeper visibility for SOC analysts - so they can leverage their skills in modern active cyber defense strategies such as threat modeling, threat hunting, and threat intelligence?