Welcome to the interactive agenda for SecurityWeek’s 2019 ICS Cyber Security Conference. Sessions are being finalized and the final program will include 4 FULL DAYS of content. (View the full conference website here) (You can Register for the ICS Cyber Security Conference and training here)
Back To Schedule
Monday, October 21 • 9:45am - 10:30am
Securing Remote Access into ICS Networks with Open Source and Open Source 2-Factor Authentication

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Cybersecurity can be a sizable investment.  Companies with large funding can afford well established cybersecurity solutions and the associated annual subscription fees.  This session will discuss using open source software to secure remote access into ICS networks. Open source software can be found running on IT systems, the Cloud and embedded devices in Industrial Control Systems.  In terms of Cybersecurity, Open Source can provide a vast amount of security solutions with low startup costs in developing security solutions, benefiting tight budgets for smaller companies.

With the mindset of finding a solution with very low start-up costs, the first objective was to create a proof-of-concept to secure remote access with two-factor authentication to a jump server. VPNs (Virtual Private Networks) can support a secure channel, but there is nothing stopping a virus or malware to be transmitted from a remote system to the jump server and from the jump server into an ICS network. The second objective was to find a way to mitigate against malware or unwanted software finding its way to the jump server all with open source.

An ICS network was built to emulate a real environment including a host hypervisor running a jump server VM (Virtual Machine) in a DMZ (Demilitarized Zone). 2-Factor authentication was implemented to access the jump server VM. PowerShell scripts were developed to shut down the jump server VM, delete, copy a pristine Jump Server image from a secure location, import the image into the hypervisor, and restart into a ready pristine state via a scheduler.

Files were damaged or corrupted on the jump server to emulate a malicious attack on the system. At 1 AM the scheduler initiated the jump server VM re-imaging process and an email was sent showing successful restore of a pristine image. Multiple vendors providing remote support, each assigned a VM jump server, could be permitted to service or monitor specific systems via 2-Factor Authentication. With the scripting process previously described, malware or unwanted software will be mitigated via the described process.

avatar for Daniel Paillet

Daniel Paillet

Cybersecurity Lead Architect, Schneider Electric
Daniel Paillet is currently Cybersecurity Lead Architect within the Schneider Electric, Energy Management Business Unit. His background includes working in the US Department of Defense on various security projects, Operational Technology, Retail, Banking, and Point-of-Sale. He holds... Read More →

Monday October 21, 2019 9:45am - 10:30am EDT
Windsor C