Top Cybersecurity Instructors and Best Offers of the Year Available Now - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The Top 20 ICS Cyber Attacks And how to use them to improve IIoT and cloud security designs

  • Tuesday, September 19, 2017 at 1:00 PM EDT (2017-09-19 17:00:00 UTC)
  • Andrew Ginter, Tim Conway


  • Waterfall Security

You can now attend the webcast using your mobile device!



This presentation reviews the top twenty cyberattack classes for industrial control systems, and describes how to use these attacks to evaluate industrial control system security programs. We apply the attacks and methodology to Industrial Internet of Things (IIoT) and ICS cloud connectivity security designs, concluding that these designs increase the attack surface of industrial installations. We then evaluate the mitigations recommended by the Industrial Internet Consortium Security Framework and other authorities, again by evaluating attack classes against example designs. We conclude that the recommended mitigations are sufficient to address the increased risk, and that when applied correctly, these mitigations can reduce overall cyber-physical risks to levels even below pre-IIoT/cloud installations.

For additional information, please take a look at the following Waterfall Whitepaper:

Speaker Bios

Tim Conway

Technical Director - ICS and SCADA programs at SANS. Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.

Andrew Ginter

Andrew Ginter is Waterfall's Vice President of Industrial Security. He spent 25 years leading and managing R&D of commercial products for computer networking, industrial control systems and industrial cyber security for leading vendors including Hewlett-Packard, Agilent Technologies and Industrial Defender. Andrew holds a B.Sc in Applied Mathematics and an M.Sc. in Computer Science from the University of Calgary. He is an Adjunct Assistant Professor at Michigan Technological University, a co-chair of the ISA SP99 security technology working group, a co-author of the Industrial Internet Consortium Security Framework and the author of "SCADA Security - What's broken and how to fix it.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.