Welcome to the interactive agenda for SecurityWeek’s 2019 ICS Cyber Security Conference. Sessions are being finalized and the final program will include 4 FULL DAYS of content. (View the full conference website here) (You can Register for the ICS Cyber Security Conference and training here)
Back To Schedule
Tuesday, October 22 • 3:15pm - 4:00pm
ICS Active Monitoring Using Analytics

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Active system monitoring is a core tenant of a well-managed OT environment.  The active system monitoring solution proactively connects to monitored systems and checks them as opposed to passively waiting to get information from monitored systems.  This method of system monitoring is better suited to state of health monitoring because there is no chance that a system will become inaccessible or otherwise non-functional and fail to report a problem.  If the monitored system becomes inaccessible or otherwise impaired, the active monitoring system will discover that the next time it attempts to poll the monitored system or device.   Creating a fully populated active monitoring system creates a foundation around which to structure OT support activities by providing alerting mechanisms that can target specific problem types to specific OT support roles and duties.  To be a reliable source for trouble awareness and to be effective in communicating to OT support staff an active system monitoring solution must be kept maintained with accurate configuration information.  Failure to do so will create a sense that the environment is in a state of health that does not accurately reflect what is happening in the field.  

Passive system monitoring is the collection of information that is reported by configured clients. This is a supplementary form of monitoring that generally provides for detail rich metadata and granular analysis of system behavior. For this reason, it lends itself well to more detailed security and state of health monitoring. Paired with active system monitoring, a passive monitoring solution can provide unparalleled assessment of the overall state of the OT systems environment. The passive monitoring system should receive information from the active monitoring system as well as the systems that the active monitoring system is monitoring in order to create a cyclical check system that reduces the likelihood of systems "going dark" without OT support staff being aware. A SIEM cybersecurity tool has been implemented, creating great value in the areas of general troubleshooting as well as OT activity awareness in multiple Syngenta OT environments to date. The tool provides a means by which to centralize all OT operational intelligence into one place for monitoring and analysis by OT engineers, administrators, technicians and functional managers alike.

Using a combination of both active and passive monitoring to create the concept of “Active Monitoring using Analytics” within a chemical plant’s manufacturing environment.

avatar for Jeff Young

Jeff Young

Principal Engineer - Automation and Controls, Syngenta Engineering

Tuesday October 22, 2019 3:15pm - 4:00pm EDT
Windsor C