Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to the Interactive Agenda for the 2016 ICS Cyber Security Conference! (View the full ICS Cyber Security Conference website here)  This agenda is currently a work in progress, please check back often as our team is making upates DAILY. (You can register for the conference here)
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Main Track [clear filter]
Tuesday, October 25
 

8:15am

Drone Attacks on Industrial Sites: A New Front in Cyber-Physical Security

With new Drone technologies appearing in the consumer space daily, Industrial Site operators are being forced to rethink their most fundamental assumptions about Industrial Sites and Cyber-Physical security. This presentation will cover Electronic Threats, Electronic Defensive measures, Recent Electronic jamming incidents, Latest Drone Threats and capabilities, defensive planning, and Electronic Attack Threats with Drones as delivery platform. 

This talk will present 2 drone attack scenarios with video [potentially live] demonstrations of drone attack capabilities on an industrial wireless flowmeter.  The first attack will illustrate simple disruption of the flowmeters signal potently causing the non-report of a product spill (Hacktivist purposes). The second demonstration would take this a step further demonstrating the ability for a $1000 drone to autonomously turn a directional disrupter via image targeting of plat personnel (Hacktivist/Malicious Attack purposes). 

Attendee Takeaways:

  • A new appreciation for the terrifying capabilities now available in hobby drones.
  • A better understanding how drones can now be the bridge that Hacktivists use to make attacks that were only possible in close proximity before.

  • Realization that large scale EW attacks to Industrial system that used to be possible with military grade equipment are now possible with hobby components.

  • An understand of what a defensive security person must consider when risk evaluating the threats to industrial wireless systems.

  • Using WiFi surveillance to track possible Drone use, scan of MACs associated with drones

  • Physical Defense and what to tell your guards if they see a Drone jump the fence.

  • Overview of Law and FAA regulations concerning drone use in and around plant infrastructure.

  • Much More


Speakers
avatar for Jeff Melrose

Jeff Melrose

Yokogawa US, Principal Technology Strategist for Cybersecurity
Jeff Melrose is the Principal Technology Strategist for Cybersecurity at Yokogawa US. Prior to his assignment with Yokogawa, Mr. Melrose was a Principal Security Engineer at Lockheed Martin and Raytheon designing secure systems for the US Military and US Intelligence Community. In those roles, he led Security Designers creating secure wireless technologies, developing secure networks and cryptographic infrastructures for the most paranoid of... Read More →


Tuesday October 25, 2016 8:15am - 9:00am
Grand Ballroom

9:15am

Keynote: Admiral Michael Rogers
Keynote by Admiral Michael Rogers, Director of the U.S. National Security Agency (NSA) and Commander of U.S. Cyber Command.

Speakers
avatar for Admiral Michael S. Rogers

Admiral Michael S. Rogers

Director of U.S. National Security Agency (NSA) and Commander of U.S. Cyber Command, NSA, U.S. Cyber Command
Admiral Michael Rogers is Director of the U.S. National Security Agency (NSA) and Commander of U.S. Cyber Command. Admiral Rogers is a native of Chicago and attended Auburn University, graduating in 1981 and receiving his commission via the Naval Reserve Officers Training Corps. Originally a surface warfare officer (SWO), he was selected for re-designation to cryptology (now Information Warfare) in 1986. | Rogers is a distinguished... Read More →



Tuesday October 25, 2016 9:15am - 9:30am
Grand Ballroom

9:30am

Conversation & Questions with Admiral Rogers
A converstation and Q&A with Admiral Mike Rogers, Commander, U.S. Cyber Command and Director, National Security Agency.

Moderators
avatar for Mike Lennon

Mike Lennon

Managing Director, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends and and the threat landscape in the enterprise IT security and critical infrastructure space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several leading security conferences.

Speakers
avatar for Admiral Michael S. Rogers

Admiral Michael S. Rogers

Director of U.S. National Security Agency (NSA) and Commander of U.S. Cyber Command, NSA, U.S. Cyber Command
Admiral Michael Rogers is Director of the U.S. National Security Agency (NSA) and Commander of U.S. Cyber Command. Admiral Rogers is a native of Chicago and attended Auburn University, graduating in 1981 and receiving his commission via the Naval Reserve Officers Training Corps. Originally a surface warfare officer (SWO), he was selected for re-designation to cryptology (now Information Warfare) in 1986. | Rogers is a distinguished... Read More →



Tuesday October 25, 2016 9:30am - 10:00am
Grand Ballroom

10:00am

State of the State
Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. 

Speakers
avatar for Joe Weiss

Joe Weiss

SecurityWeek
Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss will provide his annual "State of the State" talk, which weighs in on recent industrial cyber incidents, emerging security threats and more.


Tuesday October 25, 2016 10:00am - 10:30am
Grand Ballroom

11:00am

Attack Demo: Hacking a Protective Relay

In this session we will demonstrate live cyberattacks against a Schweitzer SEL-751A feeder protection relay and the related impact to end devices and operator interfaces.

While the demonstration is not meant to single out any particular vendor or piece of equipment, it will highlight the lack of cyber security built into widely deployed intelligent electronic devices (IED), how these IEDs can be attacked and the physical impact they can have when compromised.

The cyberattack demonstration will highlight a loss of control of the relay, how such loss impacts an end device like a motor and how this can all be hidden from the operator.  The attacks include an adversary gaining access to the relay, taking control, locking out administrators, and changing the relay’s configuration. In addition, the attacks will be masked to leave no trace, making it difficult for an operator to trouble shoot the disruption was caused by a cyberattack, let alone prevent it from happening again.

The SEL-751A is an important piece of equipment performing many critical functions, and such attacks could be repeated across the same or different relays from different manufacturers.



Tuesday October 25, 2016 11:00am - 11:45am
Grand Ballroom

11:45am

Ghost in the Machine: SCADA Vulnerability Enables Remote Control of ICS Networks

Imagine an attack on critical infrastructures that could evade virtually all existing security measures (network firewalls, AV, application whitelisting, etc.) and that would operate generically across a wide range of different SCADA implementations. Indegy researcher Avihay Kain has discovered a vulnerability that would enable just such an attack. We will unveil the vulnerability for the first time at  the 2016 Industrial Control Systems (ICS) Cyber Security Conference.

The vulnerability allows for remote code execution in Schneider Electric’s flagship product - the UnityPro software platform. (The vulnerability applies to all versions of UnityPro, including the latest release of version 10.0.) Schneider Electric’s UnityPro software platform, which runs on Windows-based engineering workstations, is used for programing and managing Schneider Electric equipment in industrial control networks including those operating critical infrastructure.  Regardless of the specific SCADA application in use, if Schneider Electric PLCs are in use, UnityPro software will be deployed for the engineering stations, making this attack relevant across virtually any process controlled by Schneider PLCs.

While we will show an exploit specific to Schneider, all PLC vendors have similar proprietary engineering protocols and  we should expect many vulnerabilities like it that apply to other vendors.  The result is that those concerned with ICS security should realize two key points: 

1.) Attacks on ICS networks do not require exploitation of vulnerabilities in SCADA/HMI applications or the controllers themselves:

There is a misconception in the industrial cyber security space that securing these networks only requires monitoring of the SCADA/HMI application protocols, for instance - MODBUS and DNP3. However, there is an important distinction between the communication protocols used by HMI/SCADA applications, and the control-plane protocols which are used by the engineering station software. The less known engineering station protocols are not fully documented, and worse -- each vendor uses a different proprietary communication protocol, making it extremely difficult to monitor them. As a result, these protocols, which allow an attacker to access the controllers using the vulnerability described above, aren’t monitored and the engineering stations are mostly ignored. 

2.) Combining security controls borrowed from IT Security with HMI/SCADA application monitoring is not enough to secure ICS.

It is commonly believed that with a combination of IT security technologies (secure network design, AV/anti-malware and application whitelisting) and monitoring the HMI/SCADA protocols mentioned in point 1, it is possible to prevent industrial network infiltration and device access. This exploit will look exactly like known good engineering work and will evade all of those controls, demonstrating that IT security plus HMI monitoring is not sufficient for ICS. Additional security controls for engineering network activity monitoring are needed.  


Speakers
avatar for Mille Gandelsman

Mille Gandelsman

Indegy, CTO
Mille Gandelsman is the CTO and Co-Founder of Indegy, an industrial cybersecurity startup that provides situational awareness and real-time security for industrial control networks. He leads Indegy’s technology research and product management activities. Prior to Indegy, Gandelsman led engineering efforts for Stratoscale and spent several years leading cybersecurity research for Israel’s elite intelligence corps. Gandelsman is an... Read More →


Tuesday October 25, 2016 11:45am - 12:30pm
Grand Ballroom
 
Wednesday, October 26
 

8:15am

Checklist for Process Security & Overview of ICS Patch Standard

Bill Cotter, Master System Engineering Specialist at 3M, will provide a Top 12 Checklist for Process Security, along withan overview of the ISA-TR62443-2-3 ICS Patch Standard.


Speakers
avatar for William Cotter

William Cotter

Senior Engineering Specialist, 3M
Mr. Cotter has more than 40 years of manufacturing experience in various chemical manufacturing areas. He started as a mechanical engineer then progressed thru maintenance, project engineering and finally into process control. He has worked for a tire company, a large chemical, a small pharmaceutical and now 3M, where he has worked for the last 30 plus years. He has reached the level of Master System Engineering Specialist with the Process... Read More →


Wednesday October 26, 2016 8:15am - 9:00am
Grand Ballroom

9:00am

Inside the CRIT-EX 16.2 Cyberattack Readiness Exercise

The state of Indiana executed CRIT-EX 16.2 on the 18th and 19th of May, 2016, at the Muscatatuck Urban Training Center.  This cyberattack readiness exercise aimed to improve the overall security and responsiveness of Indiana’s critical infrastructure in the face of an advanced cyber incident that disrupts essential water utility services and presents a public safety threat. 

The Indiana Department of Homeland Security in conjunction with the Indiana National Guard, Indiana Office of Technology, Cyber Leadership Alliance, and over 16 other public and private partners developed this controlled functional cyberattack exercise to allow participants to deploy resources and communicate with response partners to mitigate adverse effects and expedite recovery.  Additionally, CRIT-EX is the first joint public-private partnership simulating responses to cyberattacks on the Muscatatuck water treatment plant, with expert programming and cybersecurity teams acting as cyberterrorists who attack the facility’s Supervisory Control and Data Acquisition (SCADA) systems.  

The exercise had three very important themes that differentiated Crit-Ex from other cyber exercises: First, participants had to agree on a common language. Second, privacy was at the center of the exercise. The third unique theme and what is considered to be the hallmark of Crit-Ex 16.2 was the complexity of the event.  

This presentation will cover the importance of training cybersecurity for industrial control systems in a complex environment. While using lessons learned as examples, the presenter will provide a roadmap to plan and execute a complex cyber exercise.

View a detailed description of the talk here 


Speakers
avatar for Douglas C. Rapp

Douglas C. Rapp

President, Cyber Leadership Alliance
Douglas C. Rapp is the President and CEO of the Cyber Leadership Alliance, a nonprofit industry organization and an action arm for cyber efforts in Indiana. He also serves as the Advisor for Cyber and National Security for the State of Indiana. He holds an MS in Management from Indiana Wesleyan, and a Bachelors from Indiana University in Fort Wayne. His accomplishments include creating the strategic plan for the Indiana National Guard Cyber... Read More →


Wednesday October 26, 2016 9:00am - 9:45am
Grand Ballroom

9:45am

Inside ExxonMobil's Initiative to Build a Next Generation Process Control Architecture

Don Bartusiak, Chief Engineer, Process Control at ExxonMobil Research & Engineering, will present an exclusive talk about ExxonMobil's initiative regarding a standards-based, open, secure, interoperable process control architecture.  Bartusiak will address the business problem that the world's largest publicly traded international oil and gas company is trying to solve and why ExxonMobil feels that existing ICS vendor approaches are not adequate to meet their needs.  

He will also discuss the status of formulation of an end user, supplier, system integrator, and standards organization consortium that is underway with The Open Group.  


Speakers
avatar for Don Bartusiak

Don Bartusiak

Chief Engineer, Process Control, ExxonMobil
Don Bartusiak is Chief Engineer, Process Control for ExxonMobil Research and Engineering.  He has 28 years of experience in process control and advanced computing with ExxonMobil and 7 years of experience in process development research with Bethlehem Steel.  From 2000 to 2002, he was Lecturer and Adjunct Professor of Chemical Engineering at Rice University.  Don received a B.S. (ChemE) from the University of Pennsylvania and... Read More →



Wednesday October 26, 2016 9:45am - 10:30am
Grand Ballroom

11:00am

Demo: Technical Attack Disabling a Fully Air-gapped System

Live Demo: Remote Attack That Can Permanently Disable a Fully Air-gapped System

Industrial control systems that claim to be fully air-gapped often aren't. In particular, elements of the ICS take electrical power from a local network, or UPS. Power supply engineers who work on power disturbances can demonstrate certain types of events -- as simple as turning the power off and on in a particular pattern -- that can permanently disable typical off-the-shelf power supplies.  A technical discussion of this attack vector, with a follow-on live demonstration, will be provided.


Speakers
avatar for Alex McEachern

Alex McEachern

President, Power Standards Lab
Alex McEachern is well known worldwide for his cheerful, thought-provoking speeches on electric power quality.  Active in writing and approving international power standards, Alex is the chairman of the IEC Working Group that sets the standard for power quality instruments, and the Chair of voltage sag standard for the semiconductor industry, SEMI F47. He is Fellow -- the highest possible member -- of the IEEE, with 30 U.S. patents awarded... Read More →


Wednesday October 26, 2016 11:00am - 11:45am
Grand Ballroom

11:45am

Industrial Equipment Exposed: The Rise of Industrial Vulnerabilities

The ICS threat landscape is expanding fast. With the rise of the Industrial IoT, and increased device connectivity, no mission-critical entity is safe. On one hand, the expansion of the Internet also makes ICS easier prey to attackers, with ICS components being available online. On the other hand, attackers can easily attain industrial products and technologies and reveal relevant vulnerabilities to exploit. Both aspects emphasize that it is getting increasingly simpler for attackers to exercise their will in industrial environments, having to invest less resources to do so.

In this session, we will provide an example which emphasizes this trend, where the CyberX research group was able to expose vulnerabilities within a leading vendor’s PLC, getting from complete obscurity to the desired end-game, while having to cope with diverse challenges. These include physical extraction of components and de-coding of the encoded firmware.

The aforementioned trend in the ICS Security eco-system leads to a flux in ICS vulnerabilities, which is part of the inevitable cat and mouse race between attackers and defenders in the ICS security domain. This race has peaked a new level, where every Industrial IoT environment is in harm's way. We will also outline the need for comprehensive threat analysis tools for the ICS industry required to mitigate the ever growing risks.

Attendee takeaways

  1. Understanding of the unique, yet attainable methods required for discovering and exploiting ICS vulnerabilities and how these facilitate the rising number of ICS cyber incidents.
  2. Industrial hacking expertise, once thought to be rare, is becoming more common knowledge.
  3. Forward thinking insights regarding the need for effective and readily available tools for the ICS industry.

Speakers
avatar for David Atch

David Atch

VP of Research, CyberX
David is a highly experienced security professional with vast experience in reverse engineering and unique knowledge in malware research. During his military career in the Israel Defense Forces (IDF), Atch lead a team of programmers and reverse engineers, hunting and mitigating complex cyber intrusions. He has also received multiple awards for technological innovation.
avatar for Nir Giller

Nir Giller

CTO and Co-Founder, CyberX
Nir Giller, Co-founder and CTO of CyberX, is a seasoned security researcher with extensive knowledge and experience in securing OT networks. Following a lengthy career, as a Team Leader and a Security System Engineer in the Israel Defense Forces (IDF) elite cyber unit, Giller brings to CyberX the invaluable combination of a true technology visionary with vast hands-on expertise.


Wednesday October 26, 2016 11:45am - 12:30pm
Grand Ballroom

1:45pm

The Insecurity of Industrial Things

When hearing the buzz-word “Internet of Things,” we typically think of the consumer world: smart toasters and connected fridges. However, there is a staggering number of networked embedded devices that perform life- and mission-critical tasks that our daily lives depend on. We haven’t thought of these new types of devices as miniature computers that need the same care in deployment, management and protection as our servers, computers and mobile phones. This is a HUGE blind spot. Embedded devices, such as ICS and SCADA systems, are the low-hanging fruit for potential attackers: They are fairly easy to compromise, are connected to high-value networks and detection often only happens after the fact.

This talk will share experiences exploiting embedded system used in industrial control environments and discuss the reasons why these insecure design patterns exist; including business drivers and technology factors. We will share stories and anecdotes based on 10 years of research, training and consulting. Attendees will get an inside view into how attackers operate and walk away knowing what to look for when future-proofing our industrial control systems. 

This talk summarizes the state of IoT security, specifically as it relates to Industrial Control and Energy. 


Speakers
avatar for Stephen A. Ridley

Stephen A. Ridley

Founder and CEO/CTO, Senrio
Stephen A. Ridley is Founder and CEO/CTO at Senrio. He has more than 10 years of experience in software development, software security, and reverse engineering. His original research on embedded device vulnerabilities has been featured on SecurityWeek, NPR, Wired and numerous other publications. Prior to Senrio, Mr. Ridley was Principal Researcher at Xipiter and served as Chief Information Security Officer of a financial services firm. Prior to... Read More →


Wednesday October 26, 2016 1:45pm - 2:30pm
Grand Ballroom
 
Thursday, October 27
 

8:30am

Ukrainian Hack: What it Means to the U.S. Grid

Could the U.S. nuclear or energy critical infrastructures be vulnerable to a cyber attack similar to the Ukrainian Power attack in 2015? 

Marlene Ladendorff is a subject matter expert on Nuclear Cyber Security for the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).  


Speakers
avatar for Marlene Ladendorff, Ph.D.

Marlene Ladendorff, Ph.D.

Nuclear Cyber Security SME, DHS ICS-CERT
Marlene Ladendorff, PhD, is a Nuclear Cyber Security SME for the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Her specific areas of interest and expertise include industrial control systems cyber security in the nuclear power and energy critical infrastructure sectors in the United States. Marlene has written cyber security strategies and training plans for the domestic nuclear power... Read More →
avatar for Joseph D. Price

Joseph D. Price

Deputy Director, Critical Infrastructure Protection National & Homeland Security, Idaho National Laboratory
Joseph Price served as a Communications and Computer Systems Officer in the United States Air Force (USAF) for nine years, where he was one of the original members of the 609th Information Warfare Squadron (USAF’s first operational IW squadron) conducting computer network defense on Air Force and Joint networks starting in 1996. He has been active in cyber mission areas since then serving in multiple positions (operator, engineer, test... Read More →


Thursday October 27, 2016 8:30am - 9:15am
Grand Ballroom

9:15am

3 out of 5 ICS Security Practitioners Say What?

Using data from a few key research projects and primary interviews with a variety of industry practitioners, this session will provide insights to what practitioners are actually thinking and doing every day. What really are the perceived highest risks? What initiatives are gaining traction and which ones aren’t? Is the “C” level bought in? How is the ICS cyber security work force developing? Is OT and IT a divide that can’t be crossed or are organizations building bridges right now? Get the view from the trenches, and share yours as well. 


Speakers
avatar for Derek Harp

Derek Harp

Director, ICS Strategic Programs, SANS
Derek Harp is currently the Director for ICS Strategic Programs at SANS and the GICSP Steering Committee Chair. He is responsible for organizing events, resources and initiatives that educate and enable increased collaboration within the entire ICS security community. Mr. Harp has served as a founder, CEO, or advisor of early-stage companies for the last 18 years with a focus on cybersecurity. Derek is also a co-founder and a board member of... Read More →


Thursday October 27, 2016 9:15am - 10:00am
Grand Ballroom

10:00am

Fact or F.U.D.? – ICS Cyber-Attack Simulation and Impact Analysis

Using computer gaming technology for industrial purposes is certainly not an obvious concept. However, as the technology has improved with advanced AI and seemingly realistic physics, one can see where using gaming engines for something beyond just an entertainment medium might actually make a lot of sense. The industrial community seems to finally be turning the corner in regards to industrial control systems (ICS) cyber security. The community now understands that   there is a real and growing threat to these systems and preventative security measures need to be put in place. An area of contention however, remains the ability to determine a realistic threat level for each and every U.S. ICS-CERT advisory, flash report, and security vendor claim. Asset owners/operators find themselves at the mercy of speculation. After all, they can’t exactly simulate attacks that cause actual catastrophic results to industrial environments and systems. Or can they?

In this session, Clint Bodungen will demonstrate how several technologies once intended for completely different industries, such as computer gaming engines and engineering software/hardware, can be combined to simulate realistic consequences of cyber-attack scenarios on industrial systems. Powerful gaming engine physics and 3D animation, scientific data and simulation capabilities (i.e. Matlab and engineering applications), and real-life physical devices (i.e. PLCs) are all connected in this presentation in order to provide a cutting-edge look at the impact analysis capabilities with stunning realistic 3D visuals.

Key Takeaways:

  1. Attendees will gain an understanding of what cyber-attack simulation/impact analysis are, and why it they are important for ICS risk mitigation.
  2. They will also learn methods of performing realistic cyber-attack simulation/impact analysis using different technologies together.
  3. As well as walk away with a better understanding of how to deploy these methods and tools in their own ICS risk mitigation program.

Speakers
avatar for Clint Bodungen

Clint Bodungen

Senior Critical Infrastructure Security Researcher, Kaspersky Lab
With more than 20 years of professional experience in cybersecurity, including 12 years focused exclusively on ICS security, Clint brought his expertise to Kaspersky Lab as a senior critical infrastructure security researcher in May 2016. Throughout his career, Clint has worked in several key cybersecurity roles where he focused on cyber threat/vulnerability research, risk analysis, penetration testing, and cybersecurity product R&D for the... Read More →


Thursday October 27, 2016 10:00am - 10:45am
Grand Ballroom

11:15am

Current Status of ICS in Developing Countries - Case Study of Argentina and LATAM

Although developed countries such as the United States have shown the path in terms of Cyber Security in Critical Infrastructure, developing countries are falling behind due to socio-economic conditions. Lack of investment and difficulty in finding the necessary skills are the main reasons that make Cyber Security a challenge for these countries.

This presentation goes through LATAM’s critical infrastructure situation with Argentina as a case of study. On one hand, we provide the audience a brief overview of the actual cyber regulation and national initiatives. On the other, we describe the state of the main industries, common issues and what we are the next steps to be taken in the near future.


Speakers
avatar for Pablo Almada

Pablo Almada

Manager, IT Advisory, KPMG
Pablo is a Manager at KPMG Argentina’s IT Advisory practice and has over 10 years of experience in different domains of Cyber Security. Pablo has remarkable experience providing consulting services in the Cyber Security space for different industries and organizations mainly in the manufacturing, financial, Oil & Gas, telecommunication, Energy and industrial sectors in South - America. He has developed experience in Cryptography... Read More →
avatar for Nicolas Brahim

Nicolas Brahim

Sr. Cybersecurity Consultant, KPMG
Nicolas is a consultant of the Cyber Security Practice, specialized in Industrial Control Systems Security, Cyber Architecture, Secure Software, among other subjects.  Since he has been incorporated to KPMG, he has acquired a vast experience providing consulting services Information Security, IT Security and IT Audit for different industries and organizations mainly in the manufacturing, financial, Oil & Gas, telecommunication, Energy... Read More →


Thursday October 27, 2016 11:15am - 12:00pm
Grand Ballroom

12:00pm

Practical Attacks on Oil and Gas industries

The industries most plagued by cyber-attacks are Oil and Gas businessesSeveral attacks against the infrastructure of Oil firms like Aramco have been executed by the Anonymous operation #OpPetrol that targeted major Oil companies. The Oil and Gas sectors are also threatened by frauds where there is blatant theft of resources during upstream or downstream processes. SAP and Oracle systems are widely used in Oil and Gas industries, and there are even specific SAP modules for Oil and Gas such as SAP Upstream Operations Management (UOM) or SAP PRA (Production and Revenue Accounting), Oracle Field Service and Oracle Enterprise Asset Management.

Cyber-attacks on SAP systems belonging to Oil and Gas industries can be critical themselves, however they are even more lethal because of trust connections in systems responsible for asset management (such as SAP xMII and SAP Plant Connectivity) and systems responsible for OT (such as ICS, SCADA and Field Devices).

Moreover, SAP and Oracle serves business processes like Digital Oilfield Operations, Hydrocarbon Supply Chain and Operational Integrity that are extremely critical themselves and are vulnerable to attacks.

For example, hydrocarbon volumes, which are the basis for pricing, excise duty, and transportation fees, fluctuate depending on environmental temperature and pressure conditions. An attacker can easily modify these conditions. As it requires masses and weights for product valuation, and weighing is not possible, we must derive them from volumes at ambient temperature and pressure conditions, requiring complex conversion calculations of the observed volumes at each custody transfer point. These complex features put all infrastructure at high risk if an attacker can get access to these data.

This talk is based on a several case studies conducted during research and professional services will shed a light on this highly critical and very dark area. We will discuss specific attacks and vulnerabilities related to Oil and Gas companies as well as guidelines and processes on how to avoid them.

Takeaways

  • Understand specific risks related to Oil and Gas companies infrastructure from IT and OT perspective.
  • Learn what kind of enterprise applications are used in Oil and Gas industry and whit kind of security issues they have.
  • Learn how to secure these applications.
  • For pentesters, it will be helpful to learn how to analyze security of these specific systems. For information security specialists, it will be useful to know how to protect their systems.

Speakers
avatar for Alexander Polyakov

Alexander Polyakov

ERPScan, CTO, Co-Founder
Founder of ERPScan, President of EAS-SEC.org project. Recognized as an R&D professional and Entrepreneur of the year. His expertise covers the security of enterprise business-critical software like ERP, CRM, SRM and industry specific solutions developed by enterprise software companies such as SAP and Oracle. He has received several accolades, and published over 200 vulnerabilities. He has authored multiple whitepapers such as annual award... Read More →


Thursday October 27, 2016 12:00pm - 12:45pm
Grand Ballroom

1:45pm

The Physics of Cyber Security

This presentation will describe the need to integrate approaches to the physical aspects of computer and network device security during design.

Even if steps are taken to make software attacks on a system impractical, it is possible to bypass these by attacking weaknesses in the physical implementation of systems.  These attacks are much harder or even impossible to “patch” once systems are fielded, and include attacks on the physical implementation of memory (Row Hammer) and attacks on cryptographic systems using timing (cache timing attacks).  Recently both of these have been demonstrated to be practical even without direct access to privileged instructions or native code; both have been accomplished from inside a browser’s Javascript “sandbox.”  Dealing with these sort of attacks requires thinking about security at the physical device design stage.


Speakers
avatar for Stacy Prowell, Ph.D.

Stacy Prowell, Ph.D.

Chief Cyber Security Research Scientist, Oak Ridge National Laboratory
Dr. Stacy Prowell serves as the Director of Oak Ridge National Laboratory's Vehicle Security Center. Dr. Prowell is also the laboratory's Chief Cyber Security Research Scientist, leads the Cyber Warfare Research Team, and is the Program Manager for the lab's Cybersecurity for Energy Delivery Systems program. Dr. Prowell's research focuses on exploiting physical sensors and properties to detect and prevent intrusion, and on deep semantic... Read More →


Thursday October 27, 2016 1:45pm - 2:30pm
Grand Ballroom

2:30pm

Security Consequences of Using Cloud-Based Technologies in Industrial Environments

Not so long ago, seasoned control engineers would laugh at the thought of having their industrial control and SCADA systems connected to the Internet. However, times have changed, and today the Industrial Internet of Things (IIoT) is interconnecting industrial control system (ICS) devices and critical infrastructure to the Internet at an unprecedented pace. This in turn is forcing a fast, large-scale convergence of old and new technologies that is reshaping the reliability, availability and security of industrial environments.

Cloud computing is a paradigm that will eventually come into play with Internet-connected industrial environments. Currently, a vast amount of research is being pursued that investigates cloud-computing's role within the industrial and manufacturing space, as well as other critical infrastructures such as the smart grid. Nonetheless, one major consequence of using cloud-based technologies within industrial environments is that of mitigating pervasive cybersecurity risks for industrial systems. This presentation will highlight the current trends and advancements of cloud-based technologies for industrial environments, both from a practical and research perspective. More importantly, however, the session will provide insight into how cloud-based technologies might be used to alleviate complex cybersecurity challenges within industrial environments.

Learning Objectives:

Attendees will get a glimpse into the advancements of Cloud computing based technologies and their integration within industrial environments. The material will provide a balance of advanced research that will impact near-future industrial systems along with real-world implementations and results that are currently in progress around the world.


Speakers
avatar for Lane Thames

Lane Thames

Software Development engineer, Tripwire
Lane Thames is a software development engineer and security researcher with Tripwire’s Vulnerability and Exposure Research Team (VERT). As a member of VERT, Lane develops software that detects applications, devices, and operating systems along with vulnerability detection and management software. He also spends time looking for new vulnerabilities, contributing to the Tripwire State of Security blog, and understanding emerging cybersecurity... Read More →


Thursday October 27, 2016 2:30pm - 3:15pm
Grand Ballroom

3:15pm

Implementing a Publicly-Accessible Event and Incident Database

In this talk, Bob Radvanovsky will introduce the "SCada Incident Database", or "SCID".

The concept of the project is to include critical infrastructure incidents that have transpired over the years, with a majority of the database made publicly-accessible at no cost. 

The SCID repository will help:

  • Governments Worldwide
  • Private Sector Asset Owners
  • Legal Firms
  • Law Enforcement
  • Regulatory Organizations
  • Insurance Companies

The discussion will include screenshots of the repository, along with relevant field types being collected, and how the data is being ascertained.  Part of the discussion is to engage the audience as part of the project's development, as this is supposed to be a community-based effort. 

Additionally, this talk will address some of the controversial definitions, such as "incident", "cyber incident", "event", and "cyber event", and the reasoning behind the questions.  For this part of the discussion, examples through existing documentation, will be provided.


Speakers
BR

Bob Radvanovsky

Critical Infrastructure Protection and Cyber Security Researcher
Subject matter expert and researcher in Homeland Security, Critical Infrastructure Assurance and Protection; member of DHS CSS-CWG, DHS CSSP ICSJWG, DHS NCIRP Nuclear Sector Working Group, DHS Cybersecurity Nuclear Sector, DHS TSA TSS-CWG, and DHS Cyber UCG.


Thursday October 27, 2016 3:15pm - 3:45pm
Grand Ballroom

4:00pm

Closing Remarks and Open Mic Discussions
The 2016 conference is winding down but there is still time for some great discussions! Please join us for closing remarks and an open discussion where anyone can make comments, share insights, ask questions and engage in a lively discussion. 

Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends and and the threat landscape in the enterprise IT security and critical infrastructure space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several leading security conferences.


Thursday October 27, 2016 4:00pm - 5:00pm
Grand Ballroom