The Top 20 ICS Cyber Attacks And how to use them to improve IIoT and cloud security designs

  • Tuesday, 19 Sep 2017 1:00PM EDT (19 Sep 2017 17:00 UTC)
  • Speakers: Tim Conway, Andrew Ginter

This presentation reviews the top twenty cyberattack classes for industrial control systems, and describes how to use these attacks to evaluate industrial control system security programs. We apply the attacks and methodology to Industrial Internet of Things (IIoT) and ICS cloud connectivity security designs, concluding that these designs increase the attack surface of industrial installations. We then evaluate the mitigations recommended by the Industrial Internet Consortium Security Framework and other authorities, again by evaluating attack classes against example designs. We conclude that the recommended mitigations are sufficient to address the increased risk, and that when applied correctly, these mitigations can reduce overall cyber-physical risks to levels even below pre-IIoT/cloud installations.

For additional information, please take a look at the following Waterfall Whitepaper: