Loading…
Welcome to the interactive agenda for SecurityWeek’s 2019 ICS Cyber Security Conference. Sessions are being finalized and the final program will include 4 FULL DAYS of content. (View the full conference website here) (You can Register for the ICS Cyber Security Conference and training here)
Tuesday, October 22 • 10:15am - 11:00am
The Past and Future of Integrity-Based Attacks in ICS Environments

Sign up or log in to save this to your schedule and see who's attending!

Industrial control system (ICS) attacks typically focus on immediate process disruption: turning off the power, shutting down a plant, or something similar. Yet an examination of the history and potential of ICS intrusions shows a far more worrisome attack vector: undermining the integrity (either via process accuracy or process safety) of an industrial environment. While not necessarily immediately evident, such an attack can produce significant impacts through undermining a physical process and calling into doubt the viability of a specific facility.

Historically, such attacks are not new, but instead encapsulate the very first know ICS-targeting malware: Stuxnet. Rather than seeking direct disruption, Stuxnet sought to undermine process integrity by altering the functionality of the plant in question while masking effects to operators. Since that time, the industrial community initially faced a long period focused only on direct disruption, until the emergence of CRASHOVERRIDE in 2016 (whose integrity-impacting effects have not previously been discussed) and the safety-system targeting TRISIS. Each of these sought in certain ways to undermine the very reliability of underlying processes to produce potentially disastrous outcomes.

This presentation will explore these historical examples while presenting potential attack scenarios for future integrity-based attacks. In doing so, attendees will learn more about the risk framework faced by ICS-operating organizations and unique defense and recovery requirements within these environments. This talk will conclude with recommendations for defense and recovery to mitigate against integrity-based attacks, while seeking to educate audiences on the unique risk posed by such events.

Speakers
avatar for Joe Slowik

Joe Slowik

Principal Adversary Hunter, Dragos
Joe Slowik currently hunts ICS adversaries for Dragos, pursuing threat activity groups through their malware, their communications, and any other observables available. In this role, Joe provides time-sensitive, actionable threat intelligence to enable ICS asset owners and defenders... Read More →


Tuesday October 22, 2019 10:15am - 11:00am
Windsor Ballroom