Attending this event?
Welcome to the Interactive Agenda for SecurityWeek’s 2017 ICS Cyber Security Conference! (View the full conference website here)  

This agenda is currently a work in progress and not yet complete, please check back often as our team is making upates and adding sessions DAILY. (You can register for the conference here)
View analytic
Monday, October 23 • TBA
Twisted Haystack: Protecting Industrial Systems with Dynamic Deception

Sign up or log in to save this to your schedule and see who's attending!

Deception techniques for cybersecurity are not new – honeypots have been used for many years. However, new types of deception techniques are being developed to supplement the classical honeypot approach. Deception can be used in a number of ways and for various end results. In this presentation, we will cover two main areas related to deception-based cybersecurity. Attendees will learn about the early types of deception technology along with recent advancements in the field. In particular, we’ll dive deep into deception technologies that are beneficial to industrial systems and introduce an open-source deception tool called Twisted Haystack that can be used for protecting these systems. Nowadays, industrial systems are becoming highly interconnected to information technology systems. For example, advanced manufacturing environments, healthcare environments, power grids, and many other critical infrastructure environments are now integrating Information Technology (IT) and Operations Technology (OT). An interesting benefit of the tool being discussed and released for this presentation is its extensibility in providing deception techniques for converged IT and OT environments. Lastly, the presentation will provide an overview of the open-source Twisted Haystack tool chain and how it can be deployed for protection services, as well as how it can be extended for environment-specific protections.

Learning Objectives:

The audience will learn about deception technology as related to cybersecurity in general and for securing industrial systems specifically. The open-source tool is built with the Python programming language and utilizes the “Twisted” python-based networking framework. The audience will learn about this new tool and how it utilizes the Twisted networking framework, as well as how it can be extended to add deception capabilities for virtually any Internet Protocol (IP) based industrial communication protocol. The audience will learn the strengths and weaknesses of various deception approaches in order to better understand how, where, and when a particular type of deception technology should be used. 


Lane Thames, PhD

Lane Thames is a senior security researcher and software engineer with Tripwire’s Vulnerability and Exposure Research Team (VERT). As a member of VERT, Lane develops software that detects applications, devices, and operating systems along with vulnerability detection and manage... Read More →

Monday October 23, 2017 TBA