ICS Lockdown

Open source has been around since the early 1980s. Many open source platforms can assist in achieving a high level of security for IT and Industrial Control or Operational Technology networks. Today we have open source firewalls, routers, intrusion detection systems, antivirus, and host-based security systems, to name a few, that can be deployed to secure network environments. What open source presents to an enterprise is low startup costs in developing and deploying such systems across ICS/OT networks. However, it should be noted that having dedicated resources capable of maintaining these open source-based solutions is key to the long-term success of an open source-based security program.

The Perdue model presents a reference architecture for securing the enterprise in multiple layers for ICS networks. Open source can provide security for the physical process, intelligent devices, control systems, manufacturing and business logistics systems. Open source can also provide the proper network segmentation to support zones and conduits that we can see in ISA/IEC 62443, thereby allowing us to properly secure communications that require protection and another layer of security within a defense-in-depth strategy that is so critical in the protection of ICS Networks.

This presentation will discuss several open source tools and appliances and their use cases, as well as architectural examples, demonstrating that open source can provide a high level of security and enhance a defense-in-depth strategy for ICS networks, as well as providing financial savings to the enterprise.

The typical ICS environment is no longer the impregnable air-gapped network that it once was. It has been connected to the enterprise network, to the Internet, and to business partners who provide remote support. So while the traditional Purdue reference architecture is still “the” model, in most real-world environments it has lost its integrity. Attackers can find their way into your OT environment through new connected devices and converging networks..

To address this problem, enterprises need a comprehensive security approach that secures both IT and ICS environments. Such a platform needs to be able to:

• Generate a comprehensive inventory of all connected devices (OT & IT)
• Identify risks associated with every device
• Monitor the behavior and communication patterns of every device
• Identify policy violations such as deviations from the Purdue reference architecture
• Detect attack techniques such as those listed in the MITRE ATT&CK model
• Take automated actions to thwart attackers

This presentation will discuss practical approaches to achieving these goals including what to look for from security vendors.

With Industry 4.0 and IIoT initiatives driving the deployment of millions of new connected embedded devices, OT networks are now exposed to higher cyber risk that can lead to safety incidents, costly downtime, and theft of sensitive intellectual property. Gaining buy-in from the business and the board for stronger OT security requires a clear articulation of how cyber risk translates directly into business risk, and how the investment in stronger OT security will support the business while reducing the probability of a cyberattack having material impact on the firm. In this session, we will discuss how to: Define business metrics for stronger OT security; gather internal support and address potential objections from OT personnel; build a practical implementation plan that reduces risk in the shortest time and requires minimal internal resources; bridge the gap between IT and OT teams.

In this session we will share our learnings in bridging the gaps between IT and OT security teams and how multiple Microsoft teams are coming together to better secure data centers under One Microsoft principle. Join this session to learn how Microsoft is bringing security awareness across diverse teams via joint Threat Modeling, Table Top exercise, trainings and informal social events.

After analyzing 1.2 million IoT devices over two years, Palo Alto Networks discovered that 41% of attacks exploit device vulnerabilities, as IT-borne attacks scan through network-connected devices in an attempt to exploit known weaknesses. As an example, decades-old legacy OT protocols, such as DICOM, are attacked to disrupt critical business functions or propagate throughout the organization.

Join this discussion with May Wang around the current state of IoT security for ICS/OT. We will explore the top threats from our recent publication of the 2020 Unit 42 IoT Threat Report and best practices you can adopt to secure your organization.

COVID-19 has impacted businesses globally and forced transformation and operations virtually overnight. This session will discuss operational environment changes, variability in risks, and vulnerabilities and other challenges posed by COVID-19 to industrial environments. It will address how organizations need to prepare in order to restore the same operational state once the crisis is passed, and examine how Incident Response (IR) planning is key in adapting to the “new normal”.

Please visit the networking lounge to chat with industry peers to share what's on your mind in the world of industrial cybersecurity! The virtual expo hall is open, so please visit the exhibit booths and learn more about some of the most innovative security companies in the industry. If you missed any sessions earlier in the day, you can now watch them on demand in the auditorium.

This session will consider several examples of attacks across the IoT and IIoT landscape including the risk of various Y2K-like architectural design defects, recently revealed problems in the TCP/IP stack code used in IIoT, and defects in smart energy distribution that have led to attacks against regional utilities. The speaker will also share policy recommendations and technology strategies that will help keep these important functions secure, citing updates to the MITRE ATT&CK framework and automotive standard ISO/SAE 21434, among others. Together we will look ahead across the likely evolution in technology and the threat landscape as IoT, IIoT and smart cities become an increasingly important part of our connected lives.

World Largest Operational Technology (OT) Cybersecurity Monitoring Implementation

Industrial Control Systems (ICS) have always been perceived as a black box when it comes to cybersecurity monitoring due to its remote visibility and environment. The relative obscurity and remoteness of ICS has given energy companies a false sense of security. The mentality was “Why monitor a network that can’t be or won’t be attacked?” Indeed, up until recent events, the IT infrastructure was the primary focus of companies as they believed that any attack would occur there.

The threat landscape for ICS is ever increasing in numbers and sophistication. Over the past decade, ICS targeted attacks have become far more prevalent. Stuxnet was the game changer, as it was the first malware that specifically targeted SCADA systems and PLCs, both of which are essential components of ICS. In more recent years, ICS specific malware have become more frequent. This has shifted the paradigm for energy companies, and put a spotlight on the need to monitor ICS.

Cybersecurity monitoring ICS is not as straightforward as IT. Aspects such as proprietary logs, incompatible devices, remote locations, isolated zones, and vendor restrictions render cybersecurity monitoring ICS networks, a far more challenging task than cybersecurity monitoring traditional IT networks. Moreover, companies must find a delicate balance on how-to on-board security logs without affecting critical operations.

Passive cybersecurity monitoring has been suggested as the most viable option for cybersecurity monitoring ICS. While passive cybersecurity monitoring does provide great value for identifying behavior, anomalies, and certain Indicators of Compromise (IoCs), passive monitoring will not detect local attacks on a device. Thus, active cybersecurity monitoring must also be implemented in an ICS to provide a more holistic view.

This talk will discuss the extension of cyber security visibility to OT environments. Furthermore, this talk will discuss the implementation of this visibility extension with the largest ICS cybersecurity monitoring initiative in the world.

Join Dave Masson as he uncovers the evolving challenges of securing industrial control systems, including digitized OT, exponential connections to Industrial IoT, and expanding internet-connected supply chains.

Dave will also explore how cyber defense has reoriented towards preparing for the next phase of offensive, AI-driven cyber warfare and how Cyber AI is now the only viable solution in safeguarding critical infrastructure, relied on by thousands of organizations.

In session, discover how Cyber AI thwarted:
· Zero-day Trojan at industrial IoT manufacturing company
· Serpent ransomware infection in the oil and gas industry
· External reconnaissance in the oil and gas industry
· Compromised equipment at food manufacturer

With the impact of COVID-19 on businesses around the globe, brining IT and OT teams together to keep industrial operations running smoothly and securely is more important than ever. In this panel discussion, OT security veterans will discuss best practices for aligning IT and OT teams, while securing your operational networks during a time of increased risk.

In this exclusive fireside chat that took place at SecurityWeek's 2019 ICS Cyber Conference, Admiral Mike Rogers joins SecurityWeek's Mike Lennon to discuss a range of topics, ranging from geopolitical tensions and nation-state threats, to protection of U.S. critical infrastructure from cyber threats across the board.

This is the first time the video has been made available to those who did not attend the 2019 event in Atlanta.

Admiral Mike Rogers is the former director of the National Security Agency (NSA), the former chief of the Central Security Service, and the former commander of the U.S. Cyber Command. He retired from the U.S. Navy in 2018 and was responsible for creating the DoD’s newest combatant command and running the U.S. government’s largest intelligence organization.

Please visit the networking lounge to chat with industry peers to share what's on your mind in the world of industrial cybersecurity! The virtual expo hall is open, so please visit the exhibit booths and learn more about some of the most innovative security companies in the industry. If you missed any sessions earlier in the day, you can now watch them on demand in the auditorium.