5th annual Industrial Control Cyber Security Europe Summit

It is often advantageous to think like an attacker in order to find weaknesses in systems, but that doesn’t mean we should give up on following sound engineering and maintenance practices when designing, operating and maintaining cyber systems.  Learn how companies are starting to apply principles adopted from safety analysis, as well as emerging concepts such as “cyber informed” or “consequence driven” engineering.

• Identify devices and components that facilitate risk, determine critical functions and high-consequence events then prioritise what cannot fail based on the consequences
• Think like an attacker to illuminate specific, detailed attack paths, access, information and action to have an effect and highlight system vulnerabilities in networks and the supply chain
• Engineer out the prioritised cyber-risk with controls, tripwires, mitigations and backstops to interrupt high-consequence risk
• The importance of collective resilience, collaboration and information sharing to combat high-consequence risk across the supply chain
• It is often advantageous to think like an attacker in order to find weaknesses in systems, but that doesn’t mean we should give up on following sound engineering and maintenance practices when designing, operating and maintaining cyber systems.  Learn how companies are starting to apply principles adopted from safety analysis, as well as emerging concepts such as “cyber informed” or “consequence driven” engineering.
  • Identify devices and components that facilitate risk, determine critical functions and high-consequence events then prioritise what cannot fail based on the consequences
  • Think like an attacker to illuminate specific, detailed attack paths, access, information and action to have an effect and highlight system vulnerabilities in networks and the supply chain
  • Engineer out the prioritised cyber-risk with controls, tripwires, mitigations and backstops to interrupt high-consequence risk
    
    

• From the simple first Ukraine attack, to the following years’ second attack, to an unrelated MENA attack, what can be learned of the broader strategic implications of these three attacks.  Are they connected, or can they be? A conjecture
• By looking at attacks and questioning the various Why’s, not necessarily the what happened or the how it happened, a picture emerges of an adversary looking to create instabilities by utilizing many attributes of conflict. Physical, cyber, media, disinformation, all play a part in these engagements
• When the Whys are looked at the closely coupled complex attacks can begin to be understood. This is the arena where targets can be chosen, and impacts dialled up to levels of interest by an adversary

Many asset owners have seen firsthand that becoming proactive about cyber protection for industrial systems in their plants is becoming a requirement. Yet at the same time, production processes cannot be disrupted, even for reducing cybersecurity risk in some cases. Key security controls that can address high risk areas such as secure remote access for employees and third party vendors/supply chain partners, and continuous monitoring of plant assets for threats and vulnerabilities are essential to deter cyber threats which can disrupt process controls and production.

In this session, Dave Weinstein, Claroty VP of Threat Research shares use cases from the field that demonstrate “zero-impact” deep packet inspection to precisely profile and dissect communications between assets in complex and sensitive industrial networks which can often indicate hidden cyber risks.

These passive techniques can identify misconfigurations, vulnerabilities, and anomalies plus provide operational security gaps and context so that plants can now have visibility into what’s happening and what to do about it without downtime, manual labor or having to become industrial cybersecurity experts overnight.

This presentation has been updated and Eric will presenting brand new research as opposed to our previously advertised content. 

·        Understanding that recovery is much more than developing incident response plans and procedures

·        Taking a business approach to understand key business processes, operational impacts and systems

·        Developing an adaptive capability to respond to cyber threats and move the risk needle

TRITON and CrashOverride showed us the potential of autonomous, purpose-built malware that enumerates and subsequently hijacks ICS devices using their native protocols. What if we could detonate ICS-specific malware in an "ICS Network Sandbox" that detects and analyzes purpose-built ICS malware before it even gets deployed? Current malware sandboxing technologies are designed for IT protocols and devices rather than OT protocols and devices; as a result, ICS-specific malware such as TRITON is undetected because IT malware sandboxes are unable to flag ICS-specific activities such as OPC scanning, overwriting of PLC configuration files, calls to ICS-specific libraries and ports, etc. CyberX's research team has built ICS-aware malware analysis sandbox that simulates a complete ICS execution environment in a virtual or offline state, and also instruments the execution environment to detect ICS-specific behavior. During this session, we'll describe the results of analyzing known ICS malware (Stuxnet, Industroyer, TRITON)  in the sandbox as well as data we've collected about the prevalence of ICS-specific malware "in the wild." Attendees will learn about ICS malware characteristics and ICS attack vectors so they can be better prepared to detect and respond to ICS security incidents in the future.

The increase in complexity of operational technology control systems has highlighted a growing skills gap and security concerns around the increased connectivity of industrial systems has fundamentally shifted the approach needed to OT cybersecurity. The bid to reduce costs often results in a trade-off between increased operational capabilities and security, and it has become essential to find solutions that can help to address this problem at speed and at scale. Moving to cloud-based SCADA systems can, in some cases, dramatically decrease complexity, present significant opportunities to reduce capital expenditure and improve control capabilities. This presentation will discuss some of the key considerations in embarking on cloud migration and provide lessons learned from doing so.

• Eliminating capital expenditure on control and backup centres and the need for dedicated SCADA teams
• How cloud solutions can help in effectively creating a green field environment in which to automate
• How we have ensured effective collaboration with key vendors to securely and cost-effectively migrate our OT environment to the cloud
• Is scepticism around security and reliability of cloud solutions for industrial applications justified and what are the limitations?

• The World is Changing for Industrial Enterprises
• There Will Be Winners and Losers
• Cryptographic Zoning
• ISA99 Architecture
• Plan to Embrace ---Digital Innovation

• What do we mean by a “modern” digital system?
• Threat –Who (or what...) is “attacking” our modern systems?
• Vulnerability –How does malware enter our systems?
• Probability –How worried should we be as industry?
• Impact –What is the worst that can happen?
• Risk –How do we pragmatically protect ourselves?

• "Architecture" view for standards perspective
• Risk assessment basis of standards to certification
• Product development assurance and testing
• Mutual recognition of testing results through the Certification Scheme
• Will it be possible to achieve transnational testing and certification?

• Understanding 3rd party testing and certification mechanisms
• Developing CA in line with market needs of individual sectors
• The value of peer led interpretation and CA