Attending this event?
Welcome to the Interactive Agenda for SecurityWeek’s 2017 ICS Cyber Security Conference! (View the full conference website here)  

This agenda is currently a work in progress and not yet complete, please check back often as our team is making upates and adding sessions DAILY. (You can register for the conference here)
View analytic
Tuesday, October 24 • TBA
What You Don’t Know Can Hurt You: Keys to Finding and Remediating Hidden Level 1 and 0 ICS Vulnerabilities

Sign up or log in to save this to your schedule and see who's attending!

Today, industrial process and power companies struggle to identify vulnerabilities at Level 1 or 0 within a process control network (PCN). They have a relatively easier time discovering Level 2 vulnerabilities, because inventorying – and thus providing needed data for assessing ICS-CERT advisory impacts – workstations, servers, routers, and switches is more straightforward than inventorying controllers and smart field instruments. 

Level 1 and 0 cyber assets, which comprise 80% of all the cyber assets in an industrial process facility, are opaquer to today’s manual inventory processes due to their proprietary architectures and lack of standard protocols to interrogate them. This renders vulnerability identification, and ultimately risk mitigation, so much more difficult to achieve. In fact, the method most companies use today is emailing asset owners asking for responses on affected systems. Not surprisingly, this approach falls short.
Here’s a test. How difficult is it for you to know enterprise-wide exposure to these kinds of high and critical Level 1/0 ICS-CERT advisories?

  • ICSA-16-343-05A: A Rockwell Logix5000 controller firmware vulnerability that results in a buffer overflow. When exploited, it allows an attacker to execute malicious code on the controller. There are over 50 controller models impacted including CompactLogix 5370, GuardLogix 5570, SoftLogix 5800, RSLogix Emulate 5000, and many other models, versions, and revisions.
  • ICSA-12-212-02: A Siemens S7-400 controller vulnerability that can force the controller into defect mode rendering it inoperable. There are 8 Siemens products affected that include firmware versions 5, 6.0.1 and 6.0.2 on CPUs 412-2, 414-3, 414F-3, 416-3, and 416F-3.

In this session, we will present best practices for effective cybersecurity vulnerability management for your entire PCN, not just Level 2. Companies will understand how to improve their layered defense cybersecurity program by detecting, remediating, and auditing vulnerability risk across all proprietary cyber assets.

Attendees will learn about:  

  • Details on Level 1 and 0 ICS vulnerabilities in recent years
  • Best practices companies should consider for Level 1 and 0 vulnerability management
  • How to overcome common challenges in establishing an ICS vulnerability management program


Nick Cappi

Nick Cappi joined PAS in 1995. As Director of Technical Consulting, Nick and his team of technologists solve critical business challenges for PAS customers from initial engagement through solutions deployment. During his tenure at PAS, Nick has held a variety of positions includi... Read More →

Tuesday October 24, 2017 TBA