Attending this event?
Welcome to the Interactive Agenda for SecurityWeek’s 2017 ICS Cyber Security Conference! (View the full conference website here)  

(You can register for the conference here)
View analytic
Thursday, October 26 • 2:15pm - 3:00pm
Combining IT and OT Security Monitoring to Prevent Cyber Attacks

Sign up or log in to save this to your schedule and see who's attending!

Intrusion detection principles are different in the OT (IACS, MES…) world and IT world:

  • In the IT domain, the traffic is huge in terms of bandwidth, unpredictable, heterogeneous, and if some way open to the internet. Detection rely on end-points security (which CPU/memory can process heuristics and support anti-malware software) and IoC using signature to detect known attack patterns
  • In the OT domain, the traffic is mostly predictable, with changes related to operational phases (reactive/planned maintenance operation, change/adaptation of production processes…): the most effective intrusion detection is to model the “normal” traffic, and identify any abnormal, possibly malicious, activity

By configuring and connecting an OT Security Monitoring solutions and IT-dedicated systems (such as centralized hosts and firewall logs), it is possible to correlate IT and OT events and raise alerts when suspicious activity is detected both in the IT office environment and on the shop floor at IACS level.

The presentation will include a primer on ISA99/IEC62443 and then one approach on how the standard could have been deployed to minimize the effects of the attack against the Ukrainian electrical distribution in December 2015.

Thursday October 26, 2017 2:15pm - 3:00pm

Attendees (26)