Attending this event?
Welcome to the Interactive Agenda for SecurityWeek’s 2017 ICS Cyber Security Conference! (View the full conference website here)  

(You can register for the conference here)
View analytic
Monday, October 23 • 11:45am - 12:30pm
Performing ICS Cybersecurity Risk Assessments Across Multiple Plant Sites

Sign up or log in to save this to your schedule and see who's attending!

Industrial control systems (ICS) cybersecurity programs within manufacturing companies typically involve multiple plant sites spread out geographically. Most involve different processes and product variants.

Vulnerability and gap assessments of plant sites (usually a sampling of the plants) are conducted to determine the overall risk profile of each plant, prioritize recommendations, and develop a risk mitigation roadmap. The program management team aggregates the results across multiple plants and develops an implementation plan.

Assessments across multiple plant sites must focus on delivering a consistent view of the vulnerabilities, threats and recommendations based on a common risk analysis methodology and framework. 

This presentation highlights the requirements for consistency of the risk assessment process, methodology and reporting structure and offers guidelines for performing ICS cybersecurity assessments across multiple plant sites. A risk based framework to align vulnerabilities, threats and consequences will be presented, along with learnings from recent risk assessment projects including field level best practices (e.g., alerting on access to remote I/O cabinets), dos and don’ts of DMZ architecture, network segmentation (configuring VLANs with ACLs), securing change management protocols (external key lock, multifactor) will be referenced throughout the presentation.   

avatar for Gary Peterson

Gary Peterson

Director, Information Technology N&P, PotashCorp
Gary is a veteran of the Air Force with over 25 years in the IT field. He completed his 4-year military career in the Air Force as Radio Operator and attend and graduated Magna Cum Laude from East Carolina University with a MIS, Bachelor of Science in Business Administration degree. Gary has accomplished both Microsoft (MCSE) and Cisco (CCNP) Certifications. Gary presently works at PotashCorp as Directory IT... Read More →

avatar for Krish Sridhar

Krish Sridhar

aeSolutions, SME, ICS Cybersecurity Solutions
Krish is a subject matter expert on cybersecurity solutions applied to industrial control systems. He has over 20 years of industry experience with process automation, high availability architectures, industrial networks and application software. Krish has executed many cybersecurity risk and vulnerability assessment projects for chemical, specialty chemical and CFATS compliant companies per the NIST framework and ISA 62443... Read More →

Monday October 23, 2017 11:45am - 12:30pm

Attendees (14)