This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2018 ICS Cyber Security Conference! (View the full conference website here)  (You can Register for ICS Cyber Security Conference Here
Monday, October 22 • 3:30pm - 4:15pm
Increase in CVE Reports vs Long Field-Deployment - How to Manage the Conflict

Sign up or log in to save this to your schedule and see who's attending!

In the ICS-CERT report for 2017 you can see an increase in the amount of vulnerabilities reported resulting in an increasing number of firmware updates from the vendors.

On the other hand ICS/SCADA operators indicate that a field update cycle for their controllers takes at least 1 year to avoid down-time. This gap actually results in an advantage for the attackers that can use the published CVEs in new attacks before the operators deploy the required fix.

In this session we will present some examples of such recent published vulnerabilities and how they can be used to attack field controllers. We will discuss the dilemmas of publishing and handling such new vulnerabilities by ethical hackers, security and automation vendors and end-customers. We will then present the ways to address this gap using IDSs with configurable signatures and threat intelligence feeds.

Attendees will learn how to manage their feed of new vulnerabilities published and the translation to signatures for IDS tools.

avatar for Ilan Barda

Ilan Barda

Founder and CEO, Radiflow
Ilan Barda is a cyber-security and communication executive with 20 yearsof experience in this market. In 2010 he founded Radiflow, a  provider of cyber-securitysolutions for ICS/SCADA networks. Ilan has extensive cyber security from his service in the Cyber-Security division in the... Read More →

Monday October 22, 2018 3:30pm - 4:15pm
Windsor DE