Attending this event?
Welcome to the Interactive Agenda for SecurityWeek’s 2017 ICS Cyber Security Conference! (View the full conference website here)  

This agenda is currently a work in progress and not yet complete, please check back often as our team is making upates and adding sessions DAILY. (You can register for the conference here)
View analytic
Thursday, October 26 • TBA
Combining IT and OT Security Monitoring to Prevent Cyber Attacks

Sign up or log in to save this to your schedule and see who's attending!

Intrusion detection principles are different in the OT (IACS, MES…) world and IT world:

  • In the IT domain, the traffic is huge in terms of bandwidth, unpredictable, heterogeneous, and if some way open to the internet. Detection rely on end-points security (which CPU/memory can process heuristics and support anti-malware software) and IoC using signature to detect known attack patterns
  • In the OT domain, the traffic is mostly predictable, with changes related to operational phases (reactive/planned maintenance operation, change/adaptation of production processes…): the most effective intrusion detection is to model the “normal” traffic, and identify any abnormal, possibly malicious, activity

By configuring and connecting an OT Security Monitoring solutions and IT-dedicated systems (such as centralized hosts and firewall logs), it is possible to correlate IT and OT events and raise alerts when suspicious activity is detected both in the IT office environment and on the shop floor at IACS level.

The presentation will include a primer on ISA99/IEC62443 and then one approach on how the standard could have been deployed to minimize the effects of the attack against the Ukrainian electrical distribution in December 2015.


Bill Joss

William (Bill) Joss – ISA Staff member and Patrice Bock: member of ISA 99 workgroup since 2011, experienced cybersecurity IACS consultant on various sectors, contributor to several French national work groups (ANSI, the French authority, CLUSIF, CLUSIR…), co-author of the ref... Read More →

Thursday October 26, 2017 TBA