Loading…
This event has ended. Visit the official site or create your own event on Sched.
Welcome to the interactive agenda for SecurityWeek’s ICS 2022 ICS Cyber Security Conference. Sessions are being finalized and the final program will include 4 FULL DAYS of content. (View the full conference website here) (You can Register for the IN-PERSON Conference and trainings here and register for virtual/online only access here)

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Monday, October 24
 

8:00am EDT

Monday - Pre-Conference Training & Workshop Day
Monday October 24, 2022 8:00am - 5:00pm EDT

9:00am EDT

Applied ICS Security Training Lab
This full-day lab course gives participants hands-on experience attacking and hardening a simulated power plant network to learn about common ICS vulnerabilities and defenses. Participants will attack historians, HMIs, and PLCs to cause a power outage in the 3D simulation, and then implement defenses like firewalls and network monitoring to harden it.

Learning Objectives - In this session attendees will learn:
  • Deeper understanding of common vulnerabilities in ICS networks and devices                     
  • Techniques for testing ICS devices for various vulnerabilities
  • Practical experience hardening ICS device configurations and using network defenses

Topics Covered:
  • Scanning ICS networks
  • Exploiting web vulnerabilities in the DMZ
  • Sniffing industrial network traffic
  • Password cracking
  • PLC and HMI programming
  • Using Yara to scan for ICS malware
  • Writing host and network firewall rules for ICS
  • ICS network intrusion detection
                               
Requirements
Participants must bring their own laptop with either Chrome or Firefox installed. Some Linux experience is helpful but not required.

Speakers
avatar for Dr. David Formby

Dr. David Formby

Fortiphyd Logic, CEO/CTO
David Formby is CEO/CTO and co-founder of Fortiphyd Logic. He received his Ph.D. from the Georgia Institute of Technology where he focused on developing novel attacks and defenses for industrial control system networks and PLCs. Formby now leads Fortiphyd Logic in developing innovative... Read More →


Monday October 24, 2022 9:00am - 5:00pm EDT
Trippe II

9:00am EDT

Attacking ICS With Python
(Register) This 8-hour workshop will be a crash course in ICS vulnerabilities and exploitation, providing hands-on, practical training in the carrying out of attacks against various common types of ICS equipment found in the field, including an HMI, PLC and automated circuit breaker. Students will learn:
  • Common ICS terminology and system architecture, including inherent flaws and typical mistakes made in system design which should be considered when planning an attack. 
  • Modbus and Modbus/TCP architecture and functionality
  • Python modules for interacting with Modbus-based systems, and writing scripts to interrogate and attack these systems
  • Defensive methodologies and considerations in the face of how simple these attacks can be to carry out
Students should come prepared with the following equipment and knowledge: 
  • A laptop running either Virtualbox, VMWare Workstation (not Player), Parallels, or VMWare Fusion
  • An available Ethernet port on the laptop
  • Ability to read technical documents written in English
  • Experience writing basic Python scripts which incorporate modules and leverage functions and loops
  • Basic Linux command line experience, including the ability to navigate directories, and launch application
Register Here

Speakers
avatar for Antonio “Johnny” Martinelli

Antonio “Johnny” Martinelli

Director of Training, GRIMM
Johnny is a predominant personality in the Information Security community and is currently the Director of Cybersecurity Training with the Grimm Security Engineering firm. He is most well-known for his work on the American TSA Master Key leaks between 2014 and 2018 and the Venmo public... Read More →
avatar for Cole Smith

Cole Smith

GRIMM
After finishing his Bachelor's in Cybersecurity at George Washington University, ColeSmith started as a Junior Cyber Physical Engineer at GRIMM. Prior to that, he spent four years in the United States Marine Corps working with field utilities as an electrician/generator mechanic... Read More →


Monday October 24, 2022 9:00am - 5:00pm EDT
Hope II

9:00am EDT

OT Cybersecurity Red Team/Blue Team Workshop
(Additional Registration Required - $495 Fee: Register ) This workshop will provide students of any role or skill level (beginners, advanced, and leadership) an immersive and entertaining OT cybersecurity learning experience, by participating as part of a blue team and a red team in a simulated environment. Short lectures cover Red Team topics (OT vulnerabilities, OT attack surface, and “hacker” methods) and Blue Team topics (OT vulnerabilities, security controls, threat monitoring, cyber risk management strategies, incident response, building a cybersecurity program). These topics are then exercised and reinforced in breakout sessions, where students get to compete against each other in “head-to-head” red team vs. blue team matches using the ThreatGEN® Red vs. Blue Cybersecurity Simulation Platform.

What will you get out of this course?
  • Gain a comprehensive, “big picture” understanding of how all the OT cybersecurity pieces work together.
  • A primer/refresher of Industrial Control Systems (ICS)/Operational Technology (OT)
  • Learn OT vulnerabilities and attack vectors
  • Learn about the methods and strategies red teams and hackers use to attack OT (High-level, this is not a command line level course)
  • Learn OT and cyber risk management concepts and strategies
  • Learn how to deploy efficient and cost-effective cyber risk mitigation strategies and security controls
  • Learn how to build a complete OT cyber security program.
  • Apply what you’ve learned against live adversaries (going head-to-head against other students) in the ThreatGEN® Red vs. Blue Cybersecurity Simulation Platform
  • Learn how to respond to, adapt, and defend against active attacks (High-level, this is not a technical incident response or threat hunting class.)
  • Participate as the blue team and the red team (no prior experience or technical skill required).
  • Taught by Clint Bodungen, world-renowned ICS cybersecurity expert and author of Hacking Exposed: Industrial Control Systems
Requirements
Participants must bring their own laptop with either Chrome, Firefox, or Microsoft Edge installed. Connection to the internet will be required (access provided by the conference). Nothing will be installed onto your laptop.

Speakers
avatar for Clint Bodungen

Clint Bodungen

President & CEO, ThreatGEN
Clint is a recognized industrial cybersecurity expert, public speaker, and lead author of the book “Hacking Exposed: Industrial Control Systems”. He is a United States Air Force veteran, has been an INFOSEC (now called “cybersecurity”) professional for more than 20 years... Read More →


Monday October 24, 2022 9:00am - 5:00pm EDT
Trippe I

3:30pm EDT

ICS4ICS Exercise
Open to all conference attendees (no additional fee)

ICS4ICS Exercises are designed to help people understand how ICS4ICS processes and tools are used to improve the response to industrial control system cybersecurity incidents by leverage FEMA and DHS CISA capabilities.

Be part and join the Incident Command System for Industrial Control Systems (ICS4ICS) Exercise at SecurityWeek's ICS Cybersecurity Conference! The ISA Global Cybersecurity Alliance has joined forces with DHS Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity response teams from more than 50 participating companies to adopt FEMA's Incident Command System framework for response structure, roles, and interoperability. This is the system used by First Responders globally when responding to hurricanes, floods, earthquakes, industrial accidents, and other high impact situations. The ICS4ICS program is designed to improve cybersecurity capabilities related to incidents that impact industrial control systems and critical infrastructure supporting countries throughout the world.

Access ICS4ICS Materials

Monday October 24, 2022 3:30pm - 5:30pm EDT
Hope III

6:00pm EDT

Welcome Reception
Don't miss the welcome reception as we reconnect with old friends and make new connections. Food and beverages provided. (Venetian Ballroom)

Monday October 24, 2022 6:00pm - 8:00pm EDT
Venetian Ballroom
 
Tuesday, October 25
 

8:00am EDT

Breakfast Session: The Checks and Balances for Cybersecurity Readiness
Large or small, cyberattacks are making headlines and elevating executive attention toward cyber resiliency. Preparing for, responding to and recovering from cyberattacks should be a strategic part of any business continuity plan. As recent cyberattacks have demonstrated increased risk to both IT and operational technology (OT) environments, readiness equates to enforcement of rules and policies that provide the visibility, control and situational awareness to respond at the speed of business. Cybercriminals are maximizing their opportunity by exploiting older vulnerabilities and an expanding attack surface. Strategic readiness should be underpinned with the notion that eventually an attack will happen, and when it occurs, you are proactively ready to respond. During this session, we will explore security considerations for developing cyber resilience covering security fundamentals and readiness planning to protect your IT and OT environments.

Speakers
avatar for Nate Dann

Nate Dann

Director, Operational Technology Southeast, Fortinet
Nathan brings more than 10 years of experience in industrial networking and factory automation. He has worked directly with teams implementing and automating Industrial Control Systems (ICS) across a variety of critical infrastructure environments including Manufacturing, Transportation... Read More →



Tuesday October 25, 2022 8:00am - 8:45am EDT
Trippe

8:00am EDT

Capture the Flag (CTF) Opens
(Click Here to Register for CTF)

Roll up your sleeves and get ready for some fun and challenges for the 2022 ICS Cybersecurity Conference Capture the Flag (CTF) hacking competition! Competition rules and setup details will be available prior to the conference.

Hack the Plan[e]t is a first-of-its-kind CTF: a slice of modern city life integrating both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge. Play for a few minutes or plan to stay for many hours as the challenge grows. The ICS Village delivers a compelling experience using real IT and industrial equipment for all skill levels and practitioner types. Open to all levels of experience.

Speakers
avatar for Dillon Lee

Dillon Lee

Volunteer, ICS Village
Dillon volunteers for ICS Village and works at Dragos as a Senior Technical Account Manager. Throughout the year he volunteers for ICS Village to increase public’s awareness of the need OT systems have for cybersecurity with interactive learning like CTF, TTX, and interactive demos... Read More →


Tuesday October 25, 2022 8:00am - Thursday October 27, 2022 1:00pm EDT
Hope I-III

9:00am EDT

Welcome Address
Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, Conference Chair, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the cyber threat landscape, and enterprise, critical infrastructure, and national security space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages... Read More →


Tuesday October 25, 2022 9:00am - 9:05am EDT
Windsor Ballroom

9:10am EDT

State of the State and Key Findings From (CS)2AI-KPMG Control System Cyber Security Annual Report
The Control Systems Cyber Security Association International (CS2AI), in collaboration with a team including KPMG and other supporting organizations, conducts a yearly analysis on the current state of ICS cyber security. Leveraging the participation of multiple stakeholders across roles and industry sectors, the survey is designed to help answer key questions about how we can best protect critical systems in the face of ever-growing and -evolving threats.

The survey results will be shared at SecurityWeek's ICS Cyber Security Conference and can help defenders improve their security posture through greater understanding of the diverse concerns and decision drivers that the industry faces.

Speakers
avatar for Derek Harp

Derek Harp

Founder & Chairman, (CS)2AI
Derek Harp, Founder and Chairman of (CS)2AI, has relentlessly pursued new ideas that could change the world through founding, co-founding, advising and investing in new companies for more than twenty years, primarily focused on cyber security. A passionate professional speaker, Derek... Read More →


Tuesday October 25, 2022 9:10am - 9:45am EDT
Windsor Ballroom

9:45am EDT

Securing IT/OT Convergence with Zero Trust
(Access Livestream and On Demand Video Here)

Attacks on manufacturing, energy, transportation and other critical infrastructure have escalated in the recent past. Ransomware impacting critical business systems and Industrial Control System (ICS) targeted malware have the capability to bring operations to a halt or even worse place risk to human life. Cybersecurity is now a boardroom priority.

Join this session by Liia Sarjakoski, Global Industry Solutions Director for Manufacturing and Energy at Palo Alto Networks, to hear more about the ever increasing threats ICS, Industry 4.0 and IT/OT environments are facing. She will share insights from the recent Unit 42 Incident Response Report, as well as other threat intelligence, future predictions based on this data, and recommendations to proactively prepare for future threats which are critical to ensuring safety of the critical infrastructure that our society depends on.

Speakers
avatar for Liia Sarjakoski

Liia Sarjakoski

Global Industry Solutions Director, Manufacturing and Energy, Palo Alto Networks



Tuesday October 25, 2022 9:45am - 10:30am EDT
Windsor Ballroom

10:30am EDT

Coffee Break
Tuesday October 25, 2022 10:30am - 10:45am EDT

10:45am EDT

Why Endpoint Management is Key to Securing OT Environments
ICS (or more broadly OT/Cyber Physical systems) security is now a critical issue for senior management and boards of directors. The increase in ransomware, the spiraling costs of insurance and the necessary reporting requirements to even access coverage, as well as growing regulatory burdens require a change in mindset when it comes to protecting these systems. No longer can organizations “check the box” and say “oh, I have a basic inventory” or “at least I have some network monitoring occurring”. CISOs (driven by their boards, insurers, and regulators) now need to achieve the same level of security in ICS as they have achieved in IT. They need to demonstrate how they are practically improving security….going from red to green on key metrics and security controls. This requires the focus to go beyond the network (firewalls, monitoring, etc.) and get to the endpoint. They need to find a way of protecting and managing those endpoints to improve the overall protection of the control systems.

Join this session to learn how you can practically, efficiently, and safely manage and protect OT endpoints:
• How to gather accurate visibility into all assets across all sites in one place
• Prioritizing remediation based on asset and risk context
• Enabling response, not just detection, in an OT-safe way
• Demonstrating true security progress

Speakers
avatar for John Livingston

John Livingston

CEO, Verve Industrial Security
John leads Verve's mission to protect the world’s infrastructure. He brings 20+ years of experience from McKinsey & Co. advising large companies in strategy and operations. John's committed to helping clients find the lowest cost and simplest solutions for controls, data and ICS... Read More →



Tuesday October 25, 2022 10:45am - 11:15am EDT
Trippe

10:45am EDT

[Panel] 72 Hours and Counting: Preparing for and Responding to Critical Infrastructure Cyber Incidents
The Cyber Incident Reporting Act for Critical Infrastructure Act, which was enacted in March 2022, will require critical infrastructure organizations to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours.  This aggressive timeline will require companies to have enhanced identification, escalation, and investigation processes in place.
 
In this session, we will discuss the new Act, and the practical steps companies should take, both proactively and during an incident, to comply with this and other industry-specific regulations and expectations.  We will also discuss the unique cybersecurity threats for critical infrastructure organizations that make the industry particularly vulnerable to a cyberattack and the importance of heightened focus to help prevent and contain incidents.


Speakers
avatar for Ben Miller

Ben Miller

Vice President Professional Services and R&D, Dragos
Ben Miller is Vice President of Professional Services and R&D with Dragos, Inc., where he leads a team of analysts in performing active defense inside of ICS/SCADA networks. In this capacity he is responsible for a range of services including threat hunting, incident response, penetration... Read More →
avatar for Matthew R. Baker

Matthew R. Baker

Partner - San Francisco, Baker Botts L.L.P.
Matthew's cross-disciplinary practice focuses on data privacy, cybersecurity, crisis management, and incident response for a broad range of industries. He is well-versed in multi-jurisdictional privacy compliance; cyber risk identification, mitigation, and response strategies; complex... Read More →
avatar for Rachel Ehlers

Rachel Ehlers

Special Counsel, Baker Botts L.L.P.
Rachel has served as breach counsel and led incident response for more than one hundred high-profile cyber incidents – with a particular focus on heavy manufacturing and distribution.  Her practice focuses on technology transactions, cybersecurity and data privacy, and regulatory... Read More →


Tuesday October 25, 2022 10:45am - 11:30am EDT
Windsor Ballroom

11:30am EDT

Are Zero Trust Industrial Networks Achievable?
The Pandemic brought zero trust to the forefront with the advent of Hybrid work and creating the perimeter less enterprise. Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Zero trust within the industrial space is often misrepresented and there can be confusion on what can or cannot be implemented. This quick overview will provide guidance on:
  • What Zero Trust is
  • Why Zero Trust can be challenging to implement in OT
  • Where Zero Trust applies across an Industrial Architecture
  • Starting the Zero Trust Journey while securing ICS with Industrial Standards.

Speakers
avatar for Jason Greengrass

Jason Greengrass

Principal IoT Architect, Palo Alto Networks



Tuesday October 25, 2022 11:30am - 11:50am EDT
Trippe

11:30am EDT

Framework for Potential OT Cyberattack Scenarios
One of the biggest challenges for operational technology (OT) system cyber defenders is the lack of open-source information on cyber incidents impacting sector industrial control systems (ICS), systems putting defenders at a knowledge disadvantage. Understanding potential threats to the overall organization and critical infrastructure is crucial to preventing and responding to incidents.  

Credible failure scenarios can be used to augment the available incident information with a focus on attacks that can cause a physical impact on control systems resulting in the loss of availability, equipment damage, human causalities, loss of revenue etc. EPRI and MITRE will present a Framework for the Use of Potential Cyber Attack Scenarios to Guide Incident Response. The framework makes use of potential cyberattack scenarios to guide incident response that includes analyzing potential failure scenarios, defining associated cyber-attack TTPs using the ATT&CK framework, identifying required data sources, defining representative analytics for detection, identifying potential incident response actions and identifying potential mitigations. The results of failure scenario analysis from a cyber adversary perspective have broad application to ICS environments providing valuable data to enable detection and response to significant cyber attack TTP. Performing trend analysis across scenarios provides additional and significant benefits to include the identification of common adversary TTPs that will aid in prioritizing mitigations. EPRI and MITRE will present on this Framework in the context of energy sector scenarios.

Speakers
avatar for Adam Hahn

Adam Hahn

Lead Critical Infrastructure Security Engineer, MITRE
Adam Hahn is a Principal Critical Infrastructure Security Engineer at The MITRE Corporation where he supports ATT&CK for ICS development, along with numerous research projects funded by DOE, EPRI, and DHS. Previously he was an assistant professor in the Department of Electrical Engineering... Read More →
avatar for Ben Sooter

Ben Sooter

Program Manager – Cyber Security, Electric Power Research Institute
Ben has 16 years of experience at EPRI and has been with the cyber security team since 2016. He has led the development of our cyber security research lab in Knoxville along with many technical projects related to Threat Management, Threat Hunting, Access Management, Threat Intelligence... Read More →


Tuesday October 25, 2022 11:30am - 12:00pm EDT
Windsor Ballroom

12:00pm EDT

Lunch (12:00 - 1:15PM)

Tuesday October 25, 2022 12:00pm - 1:10pm EDT
Windsor Garden

12:15pm EDT

Lunch Workshop: CISA Alert (AA22-265A) - Control System Defenses: Know the Opponent, know their steps. Anatomy of a Port Infrastructure Attack
Operational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for malicious cyber actors. Traditional approaches to securing OT/ICS do not adequately address current threats to those systems. However, owners and operators who understand cyber actors’ tactics, techniques, and procedures (TTPs) can use that knowledge when prioritizing hardening actions for OT/ICS.  Join Armis in reviewing the anatomy of a port infrastructure attack and how the lessons of Sun Tzu can help in protecting our critical infrastructure against advanced persistent threat (APT) groups.

Speakers
avatar for Keith Walsh

Keith Walsh

Director, OT Strategy and Operations, Armis
Keith has been in the IoT and OT space since 2010 helping to protect and harden the lifecycle of critical infrastructure devices found within our nation's grid, healthcare and medical devices, transportation, DoD, smart city, and critical manufacturing. Keith has worked with the largest... Read More →



Tuesday October 25, 2022 12:15pm - 12:45pm EDT
Trippe

1:15pm EDT

100 Sabotaged Operations - And What To Learn From Them
In the last 2 years, over 100 industrial operations have shut down or suffered physical damage from cyber attacks - pipelines obviously, manufacturing plants, rail systems, steel mills and others. In this presentation we review the attacks & outages, identify patterns in attacks and patterns in defensive system failures, and we draw conclusions about the changing threat environment. One important conclusion is that ransomware criminals are trailing nation-state attack tools and techniques by less than 5 years. What we see nation states doing to each other today, we should expect to see ransomware groups doing to everyone with money in just a couple more years. We conclude with a look at the new DOE Cyber-Informed Engineering strategy which highlights engineering as a neglected asset in addressing these risks, and dig into how safety, automation and network engineering should play a role in preventing unacceptable physical outcomes of cyber attacks.

Speakers
avatar for Andrew Ginter

Andrew Ginter

VP Industrial Security, Waterfall Security Solutions
At Waterfall, Andrew leads a team of experts who work with the world's most secure industrial enterprises. Before Waterfall, Andrew led the development of high-end industrial control system products at Hewlett-Packard, of IT/OT middleware products at Agilent Technologies, and of the... Read More →


Tuesday October 25, 2022 1:15pm - 1:45pm EDT
Windsor C

1:15pm EDT

Cybersecurity Assessment Tools for Distributed Energy Resources
The National Renewable Energy Laboratory developed the Distributed Energy Resources Cybersecurity Framework (DERCF) and web application to help federal agencies mitigate gaps in their cybersecurity posture for distributed energy systems. The web-based tool assists a facility’s energy management team by bringing guidance and structure to the extensive array of cybersecurity controls applicable to DERs and walking the user through a three-pillar assessment framework. The three pillars, defined as Cybersecurity Governance, Technical Management, and Physical Security, each contain multiple layers that address key cybersecurity topics and together create a robust and flexible framework specifically designed for DERs. Join this session to learn more about the framework and how it could be utilized to help protect your operation!

The National Renewable Energy Laboratory is a national laboratory of the U.S. Department of Energy, Office of Energy Efficiency and Renewable Energy.

Speakers
avatar for Anuj Dilip Sanghvi

Anuj Dilip Sanghvi

Researcher, Cybersecurity Science and Simulation Group, National Renewable Energy Laboratory
Anuj Sanghvi is an Operational Technology (OT) Cybersecurity Researcher and Network Security Engineer with the Cybersecurity Science and Simulation group at the National Renewable Energy Laboratory. He leads the research and development of NREL’s Distributed Energy Resources Cybersecurity... Read More →


Tuesday October 25, 2022 1:15pm - 1:45pm EDT
Windsor DE

1:45pm EDT

Everyone. Everything. Everywhere. Securely Bridging the Last Mile in Digital Transformation
How to securely access and bring together People, Process or Technology is one of the biggest challenges in today’s technology world. With the need to access technology beyond your secure perimeter or in the cloud, how do organizations bridge that last mile to resources such as wind turbines,  ships, remote storage facilities, or drilling platforms? Join this session as we discuss how organizations can connect people and process to those resources in a safe, secure and regulated manner without causing disruptions or safety concerns to these remote OT assets.

Speakers
avatar for Kevin Kumpf

Kevin Kumpf

Chief OT / ICS Security Strategist, Cyolo
Kevin Kumpf has more than 20 years of IT security and compliance experience, including over 10 years of cybersecurity, governance and critical infrastructure experience working in the energy, medical, manufacturing, transportation and FedRAMP realms.Kevin’s past roles include Director... Read More →


Tuesday October 25, 2022 1:45pm - 2:15pm EDT
Windsor C

1:45pm EDT

The Pros and Cons of Monitoring OT Cybersecurity Environments On Premise vs Through a Managed Security Service
Active monitoring of your ICS network traffic and end points can significantly reduce cyber risk and help ensure stable operations, but establishing a 24/7 OT monitoring solution remains a goal out of reach for many operators. Some have elected to leverage existing IT SOC capabilities or premise alternatives to support OT monitoring while others are turning to MSSP providers for an outsourced solution. In this presentation, we’ll discuss the benefits and challenges of OT/ICS cybersecurity risk monitoring & threat detection in both on-premise and MSS scenarios as well as best practices to drive resilience with 24/7 cyber threats detection and response.

Speakers
avatar for Mohammed Saad

Mohammed Saad

Director of Industrial Cybersecurity, Honeywell
Mohammed Saad is a Global Director for Honeywell’s OT cybersecurity business. He holds a BSC and MSC in Electronics and Control Systems Engineering. Before working at Honeywell, Mohammed has worked as a Senior Process Control Systems Engineer, Freelancer Engineering Consultant... Read More →
avatar for Greg Randall

Greg Randall

Chief Revenue Officer, Cybersecurity, Honeywell
Greg Randall is the Chief Revenue Officer for Honeywell's Connected Cybersecurity business, where he is responsible for the global go to market strategy, sales execution, and client success related to Honeywell's cybersecurity products and managed services offerings. ​Prior to Honeywell... Read More →



Tuesday October 25, 2022 1:45pm - 2:15pm EDT
Windsor DE

2:15pm EDT

Shadow OT: Shining Light on the Blind Spots in Industrial Infrastructure
If you’ve been around the cybersecurity space for a while now, you’ve probably heard the term “Shadow IT”. But did you know that there is an even bigger blind spot inside your operational technology (OT) infrastructure? Executives and SOC analysts almost always have an incomplete picture of what’s happening at the plant or site level even though these are the critical, moneymaking parts of a business.

The Shadow OT phenomenon is an important problem to solve. If you don’t have 100% visibility into and control of your operational systems (including the legacy ones), you may not be able to identify and respond to cyberthreats quickly enough to avoid the impacts of an attack, which could include anything from process disruption to severe environmental damage or even fatalities.

This session will outline how security practitioners and executives can shine light on their Shadow OT. We’ll cover:

  • Different methods for collecting endpoint and network data out of OT environments
  • How to use that data to create context for threat and incident response
  • What data executive teams should know
  • The best formats for sharing OT data internally

Speakers
avatar for Greg Valentine

Greg Valentine

SVP Solutions Engineering, Industrial Defender
Greg has over 30 years of experience in the high software industry. The past 15 of which has been focused on cyber security. Greg currently holds two certifications including an ISC2 – CISSP, and GIAC – GRID. Greg is responsible for building technical solutions for Industrial... Read More →


Tuesday October 25, 2022 2:15pm - 2:45pm EDT
Windsor C

2:15pm EDT

Operationalizing OT Threat Intelligence
Join this session as we explore various approaches that defenders can take to operationalize valuable ICS threat intelligence and take action to defend critical assets.

Threat intelligence has long been considered an apparatus of militaries and three letter agencies. Unfortunately, given the fact that sophisticated threat groups have shifted to disrupting civilian infrastructure as an objective of their cyber operations, threat intelligence is now a necessary component of every strong OT security program, including those in private industry. Although the term "threat intelligence" can sound nebulous or intimidating to security leaders, receiving and actioning threat intelligence can easily amplify preexisting security processes and enrich security operations, increasing industrial safety and resiliency. This talk will seek to inform OT defenders on the ways in which, with good planning and direction, OT threat intelligence can be implemented into security programs with easy alignment to the NIST Cybersecurity Framework, limited strain on human resources, and improved security posture. The talk will focus on ICS Threats and their implications, key strategic and tactical intelligence workflows, and extraordinary examples of industrial organizations (unattributed) actioning OT threat intelligence to prevent disruption.


Speakers
avatar for Michael Gardner

Michael Gardner

Senior Intelligence Technical Account Manager, Dragos
Michael Gardner is a Senior Intelligence Technical Account Manager at Dragos, Inc. In his role, Michael helps Dragos customers across a variety of industrial verticals create more mature threat intelligence programs and operationalize ICS/OT threat intelligence. He has worked in the... Read More →


Tuesday October 25, 2022 2:15pm - 2:45pm EDT
Windsor DE

2:45pm EDT

Your Risk Assessment (Probably) Has Gaps
Identifying and understanding the risks present in your OT environment is an important component of addressing cybersecurity threats. Utilizing traditional IT risk methods will help organizations address risk but may leave blind spots in your view. Research into risk assessments will be presented with a call to action for those performing audits or assessments to begin to include additional checks and to adapt their approach to evaluating identified risks. To demonstrate the possible improvements, a case study will be reviewed.
 
Attendees should expect a brief overview of current risk assessment techniques, potential gaps, and considerations for improving their own internal processes.

Speakers
avatar for Alan Raveling

Alan Raveling

OT Architect, Interstates
Alan Raveling is an OT Security Architect and leads the OT Cybersecurity Team within Interstates. Alan has been walking alongside companies in their journeys of digitization, IT/OT convergence, and cybersecurity enhancements for over 15 years.


Tuesday October 25, 2022 2:45pm - 3:15pm EDT
Windsor C

2:45pm EDT

Research: Protecting CAN Bus from Cyberattacks
Research efforts have demonstrated many critical security weaknesses in modern vehicles, specifically involving their Controller Area Networks (CAN). The CAN bus serves as the main communication network between all control systems in the vehicle. Due to its importance and weak security properties, the CAN Bus presents an attractive attack surface for cyberattacks; but also a useful resource for detecting any attacks or other anomalous vehicle conditions.

We present an overview of three recent contributions. First, we describe a research testbed that allows for replaying, modifying, or generating synthetic CAN traffic. This is complementary to testing approaches that involve real vehicles, allowing simpler and easier development and testing, especially at earlier stages in research and development. Next, we present a method for decoding the (proprietary) encoded contents of CAN messages. This automatically determines what signals are present in each message type, and then uses known (standardized) diagnostic queries to label the meaning and units of these learned signals. Finally, we implement a system to find anomalous network traffic on the CAN bus. This includes monitoring the timing characteristics of CAN messages and detecting missing or unexpected messages. In addition, we used the extracted signals described above to detect unusual or tampered message contents. We then combine these approaches into an ensemble detector to demonstrate its effectiveness.

Speakers
avatar for Joel Asiamah

Joel Asiamah

Cybersecurity Technical Professional, National Security Sciences Directorate, Oak Ridge National Laboratory
Joel Asiamah is a Cybersecurity Technical Professional in the National Security Sciences Directorate at Oak Ridge National Laboratory. He performs cybersecurity research in Energy and Control Systems, automotive CAN Bus, and Additive Manufacturing. His expertise is in Mechanical Engineering... Read More →
avatar for Sam Hollifield

Sam Hollifield

Cyber Security Hardware Engineer, Oak Ridge National Laboratory
Sam Hollifield has worked and led research in automotive and transportation cybersecurity at Oak Ridge National Laboratory since 2018. He advises and delivers technical solutions to unique security problems on projects sponsored by the Department of Energy, the National Nuclear Security... Read More →


Tuesday October 25, 2022 2:45pm - 3:15pm EDT
Windsor DE

3:15pm EDT

Afternoon Break
Tuesday October 25, 2022 3:15pm - 3:30pm EDT

3:30pm EDT

Cybersecurity Regulations and IIJA Funding Are We Ready?
Over the last few years there has been a significant increase in Cybersecurity regulation coming from DHS/CISA that requires Critical Infrastructure owners and operators to improve their reporting mechanisms and overall cyber security posture. For example Airports and Rail operators were required to assign a Cybersecurity POC to report cyber incidents to DHS/CISA. Are these complex ecosystems ready to identify and report cyber incidents? In addition the Infrastructure Investment and Jobs Act (IIJA) is setting up to distribute $1 billion dollars for cybersecurity improvements at the state an local levels. Based on what we’ve seen: are Critical Infrastructure operators and owners ready to comply with the new cybersecurity requirements and are they effectively positioning to submit grant applications to get some of the government help?

Some of the structural challenges with IT/OT security to including technological and cultural differences are starting to be evident in this transition. This presentation would explore some of those challenges and identify some of the potential gaps that Critical Infrastructure owners and operators are facing and suggest some actions to be better prepared in the face of increased regulation and significant government investments.
 
Key Takeaways:
  • Awareness of new DHS/CISA cybersecurity current and future regulations
  • IIJA funding available and requirements for Grant applications
  • How structural IT/OT convergence challenges are impacting compliance with regulations (Airports, Rail and transit, Utilities, etc.)
  • What Critical Infrastructure owners and Operators should consider to be better prepared to comply with regulation and apply for Grants

Speakers
avatar for Juan Espinosa

Juan Espinosa

Principal Project Manager, Critical Infrastructure Protection-Cyber IT/OT, Parsons
Mr. Espinosa is a licensed Professional Engineer with 20+ years of experience in project and program management supporting cybersecurity, design, and construction programs, primarily for federal customers including Department of Defense (DOD), Department of State (DOS), U.S. Army... Read More →


Tuesday October 25, 2022 3:30pm - 4:10pm EDT
Windsor C

3:30pm EDT

Preparing ICS for Post-Quantum Cryptography
In August 2022, The Cybersecurity and Infrastructure Security Agency (CISA) released information on Preparing Critical Infrastructure for Post-Quantum Cryptography to help prepare critical infrastructure network owners and operators potential impacts from quantum computing. Join this session as we walk OT asset owners through the Post-Quantum Cryptography Roadmap along with the guidance from CISA and cryptography experts. Attendees will come away with actionable steps to take to prepare for the transition.

*This session will be presented remotely

Speakers
avatar for Denis Mandich

Denis Mandich

CTO, Qrypt
Qrypt CTO and co-founder, Denis Mandich, focuses on quantum security technologies, R&D, post quantum encryption (PQC) algorithms and standards bodies. He holds several patents in cryptography, cyber technologies and information processing. Denis a founding member of the Quantum Economic... Read More →


Tuesday October 25, 2022 3:30pm - 4:10pm EDT
Windsor DE

4:00pm EDT

ICS Tabletop Exercise (TTX) - All Aboard the Runaway Train: Riding the Train that Couldn’t
Train control systems manage various things, from physical breaking to wayside switching control to railway congestion management. This tabletop exercise will take you on a journey through a compromised train scenario. All are welcome to come, share their experiences, and gain fantastic cyber-physical knowledge.

Note: Participants are required to utilize their own laptops

Tuesday October 25, 2022 4:00pm - 5:00pm EDT
Hope I-III

4:15pm EDT

Power, Semiconductor, and Retail - Supply Chain Threat Analysis
Following the influence of the trade war, the epidemic lockdown and the Ukraine-Russia conflict, the global supply chain has faced surging risks. especially the electronics industry suppliers are unable to provide materials and parts, making it more difficult for enterprises to manage the supply chain. For supply chain security, MITRE and DHS have developed the System of Trust (SoT) framework to improve the trust between supply chain partners. As we know, we should not only evaluate product quality of suppliers, but also understand their geopolitical, national governance, financial, etc.

This research will take the consumer electronics as an example to explore its complete industrial chain, and in-depth analyze the core of the supply chain, including the power industry, semiconductor industry and retail industry. Then find out the security situation and potential threats of above three industries. Finally, we will review the practical mitigations in ICS for different industries. By our research, the organization can fully understand potential threats in their industry, and collaborate with suppliers, manufacturers, and other partners to face the threats from various attack vectors, keeping operation going.

Speakers
avatar for Mars Cheng

Mars Cheng

Manager, PSIRT and Threat Research Team, TXOne Networks
Mars Cheng is a manager of TXOne Networks PSIRT and threat research team, responsible for coordinating product security and threat research. Mars blends a background and experience in both ICS/SCADA and enterprise cybersecurity systems. Mars has directly contributed to more than ten... Read More →
avatar for YenTing Lee

YenTing Lee

Threat Researcher, TXOne Networks
YenTing Lee is a cyber threat researcher at TXOne Networks, blending experience in ICS/SCADA, cyber-offensive and defensive exercises, penetration testing, honeypot and image processing. YenTing has spoken at several conference such as FIRST Conference, ICS Cyber Security Conference... Read More →


Tuesday October 25, 2022 4:15pm - 4:45pm EDT
Windsor DE

5:00pm EDT

Cocktail & Dinner Reception - Foyer & Exhibitor Hall (5-7PM)
Please join us in the foyer and sponsor hall for a reception with cocktails and amazing food and enjoy networking with industry peers. As part of your conference experience, we have prepared a fantastic menu and premium bar! This is a reception that you won't want to miss!




Tuesday October 25, 2022 5:00pm - 7:00pm EDT
Windsor Ballroom Pre-function & Exhibit Hall

7:00pm EDT

Bourbon-ISAC: Tasting and Networking
Network and share insights at Bourbon-ISAC! Hand-picked from a selection of American bourbons, Bourbon-ISAC will offer you a chance to end the day tasting some great Bourbons and networking with conference attendees.



Tuesday October 25, 2022 7:00pm - 8:30pm EDT
Windsor Garden
 
Wednesday, October 26
 

8:00am EDT

Breakfast Session: Network Engineering for Deterministic Protection
Security engineering eliminates entire classes of cyber risk to operations, while cyber security only reduces those risks. This makes security engineering and the network engineering sub-discipline essential for industrial operations that must carry the Internet's threat load predictably, affordably, and for decades. In this presentation we take a deep dive into four powerful techniques for network engineering: hard segregation for safe cloud connections, unidirectional networks, hard wiring for safe access to safety systems and the Internet, and the (few) places it still makes sense to use real air gaps. These and other engineering-grade solutions are a blind spot in many cybersecurity programs - for example: where do buckling relief valves fit in the NIST Framework? We must expand our cyber risk programs beyond cybersecurity if we want those programs to be effective in addressing today's steadily-increasing threat loads.

Speakers
avatar for Andrew Ginter

Andrew Ginter

VP Industrial Security, Waterfall Security Solutions
At Waterfall, Andrew leads a team of experts who work with the world's most secure industrial enterprises. Before Waterfall, Andrew led the development of high-end industrial control system products at Hewlett-Packard, of IT/OT middleware products at Agilent Technologies, and of the... Read More →



Wednesday October 26, 2022 8:00am - 8:45am EDT
Trippe

9:00am EDT

Deep Dive: PIPEDREAM/Incontroller ICS Attack Framework
In this session, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, will dive deep into the technical details and real-world impact on the modular ICS attack framework know as PIPEDREAM/Incontroller that can be used to disrupt and/or destruct devices in industrial environments. In April 2022, a joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created this suite of specialized tools capable of causing major damage to PLCs from Schneider Electric and OMRON Corp. and servers from open-source OPC Foundation.

Analysts believe the malware has not been deployed yet in the wild and that its operator likely plans on using it in future operations. Based on analysis, the framework has been designed to target equipment in electric power and liquified natural gas (LNG) facilities, but it could easily be adapted for other types of environments, as well as devices beyond Schneider and Omron PLCs. Join this session to learn more!

Speakers
avatar for Mark Plemmons

Mark Plemmons

Sr. Director for Threat Intelligence, Dragos


Wednesday October 26, 2022 9:00am - 9:40am EDT
Windsor Ballroom

9:40am EDT

A PoC Methodology to Choose the ‘Right’ OT Monitoring Tool
OT monitoring is one of the essential cybersecurity controls for OT environments. It supports organizations in multiple cybersecurity domains, namely asset management, vulnerability management, and security monitoring. Products within the OT monitoring space have matured immensely over the past few years. These products typically rely on passive network monitoring, and most also utilize some sort of active scanning (although the latter is being masked under different names for marketing purposes). There are multiple vendors in the market, and it is difficult for organizations to select the ‘right’ one.

To devise a repeatable methodology that helps organizations assess the major players in the OT monitoring space, our first step was to create a testbed by means of an OT lab environment. Using different types of devices, including OT, IIoT, and IT, various industrial systems were built to simulate real-life processes. Additionally, the selection of the devices was diversified in terms of technology, vendor, make and model, protocols, and deployment architecture. We then devised a methodology that assesses candidate tools across the following functional areas:
  • IT Asset Detection
  • OT Asset Detection
  • IT Asset Identification
  • OT Asset Identification
  • IT Vulnerability Detection
  • OT Vulnerability Detection
  • Threat Detection
  • User Interface
  • Integrations

Applying a methodology to our testbed environment, over 4 weeks of a PoC, generated interesting and insightful results (as well as questions). The various candidate tools, namely Claroty, CyberVision, Defender for IoT, Nozomi, Tenable.ot, performed to varying degrees, some excelling significantly in certain domains over others. The PoC validated that the methodology used was a practical framework that is customizable for organizations’ needs. Since then, this PoC methodology has been adapted and applied to multiple organizations in various industries.

Join this session as Raphael explains the PoC methodology that helps organizations choose the ‘right’ OT monitoring tool.

Speakers
avatar for Raphael Arakelian

Raphael Arakelian

Manager, OT & IoT Security Team, PwC
Raphael Arakelian is a Manager in the ‘OT & IoT Security Team’ at PwC Canada. He is the national lead of PwC Canada’s ‘OT Monitoring Implementation Services’, where he has conducted PoC evaluations as well as implementations for mid-to-large scale industrial organizations... Read More →


Wednesday October 26, 2022 9:40am - 10:15am EDT
Windsor Ballroom

10:15am EDT

Break
Wednesday October 26, 2022 10:15am - 10:30am EDT

10:30am EDT

Using “Man-in-the-Middle” to build a Zero-Trust Architecture
(Access Livestream and On Demand Video Here)

Designing a Zero Trust Architecture can seem like a daunting task. Rome wasn’t built in a day either! As you begin your journey you must start from the basics of what Zero Trust is and what it means to your organization. Then you must identify a starting point and develop an execution plan. In some cases that plan can be as simple as using known strategies from the adversaries to combat the adversaries.

What If I told you that designing a “man-in-the middle” mitigation could start you on your journey of achieving a zero-trust architecture? Join us as we talk about being “in the middle” and how this approach can allow you to broker the trust relationships as we talk about:
  • Utilizing an Intermediate System to establishing session controls
  • Establishing conditional access policies and parameters
  • Doing this with a single tool that will also provide you with situational Awareness.

Speakers
avatar for Pam Johnson

Pam Johnson

VP Business Operations and Customer Experience, TDI Technologies
Pam Johnson is a 25-year, growth-phase software veteran. Johnson thrives in a fast-paced, innovative environment assuring customer success and solving business problems. Her responsibilities at TDi Technologies include professional services, customer support, sales, marketing and... Read More →


Wednesday October 26, 2022 10:30am - 11:00am EDT
Trippe

10:30am EDT

{Panel} The End Goal for SBOMs - Lessons Learned and Moving Forward
Many of today’s critical infrastructure systems consist of legacy equipment originally designed to be perimeter-protected or air-gapped from unsecure networks. However, while many of these have become connected over time resulting in a strong emphasis on IT and network based cyber security, device and control system cyber security has not received the same attention.

Join us for an exciting panel discussion that will discuss:
  • Executive Order EO 14028 which has brought the requirement of SBOMs to the forefront.
  • How SBOMs can play a major role in securing the supply chain, devices and control systems. 
  • Where the onus resides for monitoring for vulnerabilities within the supply chain.

Moderators
avatar for David Leichner

David Leichner

CMO, Cybellum
David Leichner, CMO at Cybellum. David started his career in network security at one of the leading banks on Wall Street followed by a similar role at TRW Space and Defense. Since moving to the supplier side, David has 25 years of executive management and consulting experience garnered... Read More →

Speakers
avatar for Mirel Sehic

Mirel Sehic

Head of Cybersecurity, Honeywell Building Technologies
Mirel is the VPGM / Head of Cybersecurity for Honeywell Building Technologies (HBT). Having spent over a decade embedded across varying domains Mirel has global experience leading from the front in engineering, operations, marketing and sales disciplines. Employing a strategic mindset... Read More →
avatar for Adam Hahn

Adam Hahn

Lead Critical Infrastructure Security Engineer, MITRE
Adam Hahn is a Principal Critical Infrastructure Security Engineer at The MITRE Corporation where he supports ATT&CK for ICS development, along with numerous research projects funded by DOE, EPRI, and DHS. Previously he was an assistant professor in the Department of Electrical Engineering... Read More →


Wednesday October 26, 2022 10:30am - 11:15am EDT
Windsor Ballroom

11:15am EDT

Is ‘Wait-and-See’ a Good OT Security Strategy?
Modernization of operational technology has brought about significant challenges. Can we justify a wait-and-see approach when it comes to securing OT? The operations in OT/ICS used to be relatively straight forward, but as we become more dependent on connectivity, the challenges securing cyber assets become more complex. We’ll focus on use cases that deal with some of the most prevalent issues organizations encounter today: Legacy systems, insecure protocols, and ‘whose job is it anyway?’ are some of the topics we’ll discuss.

Speakers
avatar for Jim Montgomery

Jim Montgomery

Solution Architect, TXOne Networks
Jim Montgomery is a 30-year veteran of IT security working in all aspects of solution design, deployment an implementation. During this time, he has helped several fortune 100 companies implement complex strategies for operational efficiency and secure processing. Jim is currently... Read More →



Wednesday October 26, 2022 11:15am - 11:45am EDT
Trippe

11:15am EDT

{Panel} Insights from CISOs on OT Security Journey
Join this session of industry veterans as they discuss the cybersecurity challenges faced in securing the critical operational infrastructure for companies on a digital journey.  Hear lessons learned and insights from their real-world experience on the front lines, building defenses against the evolving and escalating cyber threats to the production networks and industrial control systems they were tasked with protecting.  The discussion will also explore suggestions for moving from a reactive posture to a more proactive stance against the APT’s industry faces today.  And then conclude with Q&A from the audience.

Moderators
avatar for Ilan Barda

Ilan Barda

CEO, Radiflow
Ilan Barda, founder of Radiflow is a Security and Telecom executive with 20 years of experience in the industry. Ilan has deep experience in developing secure communication equipment from his service in the Information Security division of the IDF.

Speakers
avatar for Nurettin Erginoz

Nurettin Erginoz

Head of Cybersecurity & Security Consultant, Sabancı DX / EnerjiSA
Nurettin Erginoz, Head of Cyber Security at Sabancı DX & Security Consultant for EnerjiSA - the largest power utility company in Turkey. Nurettin has a Master's degree in Computer Engineering and has been continuing his professional career in the field of Cyber Security for more... Read More →
avatar for John Allen

John Allen

Consultant, Former VP OT Cybersecurity at GSK
John Allen, a strategic consultant in Manufacturing IT bringing leadership in technology, process and culture across OT Cyber Security, Digital Transformation, M&A and Applications Systems. John started his career in IT Operations within the Aerospace industry and then moved into... Read More →
avatar for Emmett Moore III

Emmett Moore III

CEO, Red Trident Inc.
Emmett Moore is the Chief Executive Officer for Red Trident, Inc. providing expertise in ICS/OT Cybersecurity for public and private organizations. Prior to Red Trident, Inc. Emmett was the Cybersecurity Program lead for Cimation, LLC. While at Cimation, Emmett managed teams focused... Read More →


Wednesday October 26, 2022 11:15am - 12:00pm EDT
Windsor Ballroom

12:00pm EDT

Lunch (12:00 - 1:15PM)
Wednesday October 26, 2022 12:00pm - 1:15pm EDT
Windsor Garden

12:15pm EDT

Lunch Workshop: Life After Segmentation: What Comes Next in Your OT Security Strategy
ICS networks have traditionally been segmented from the rest of the enterprise network with most cyber threats stemming from human error, accidents, and acts of physical sabotage. The increasing integration of OT with business networks and internet-based applications has vastly increased the prevalence and complexity of cyber threats to ICS networks. As a result, segmentation/air gapping is is no longer the finish line for a good security strategy. To defend against a diverse set of cyber threats, you need a comprehensive ICS security strategy.

Join our lunch and learn session to learn how to go beyond segmentation and bring your OT security strategy to the next level. We’ll cover:
  • How to get a clear understanding of all the assets in on your networks and how to identify blindspots
  • Advanced threat detection and vulnerability assessment to identify and prioritizes security risks
  • How to predict and detect OT process and stability issues giving you early warning signs of possible downtime

Speakers
avatar for Gehron (Ronny) Fredericks

Gehron (Ronny) Fredericks

Field CTO, Nozomi Networks
Gehron “Ronny” Fredericks is Field CTO at Nozomi Networks. He holds a Master’s degree in Digital Forensics & Cyber Investigation and an additional MBA from UMUC. Ronny has unique OT experience from his time at leading energy provider, Exelon Corporation, as a Senior Security... Read More →



Wednesday October 26, 2022 12:15pm - 1:00pm EDT
Trippe

1:15pm EDT

Was it an OT Cyberattack or a System/Asset Failure or Both?
The days of a fully “air gapped” system are gone. The convergence of IT and OT and the need for connectivity have greatly increased the attack surface within manufacturing facilities, supply chains, critical infrastructure and travel & transportation. As a result, system reliability and safety are at a greater risk from cyberattacks.

If an incident occurs which causes any type of disruption to a production facility, do we know what caused it? Was it a system/asset failure, or was it a successful cyberattack?

Join us to hear how to establish detailed insights into both aspects, and joining the dots between the two, can greatly improve overall security and reliability.

Speakers
avatar for David Lancaster, Jr.

David Lancaster, Jr.

OT/ICS Security Practice Manager, IBM
David Lancaster, Jr. is an IBM Executive Consultant and OT/ICS Security Practice Manager for the Americas.  He has over 34 years of professional cross industry experience with a background in OT/ICS cybersecurity, process control systems/instrumentation design and IT Security & Compliance... Read More →



Wednesday October 26, 2022 1:15pm - 2:00pm EDT
Windsor C

1:15pm EDT

Cyber Risk Mitigation in a Manufacturing Environment via Security Segmentation
Learn how security segmentation can be a cost-effective and efficient approach to mitigate cyber vulnerabilities for manufacturing environments.

Small manufacturers tend to operate facilities with limited staff and limited resources enabling cybersecurity to fall by the wayside as something that takes too much time or cost. The lack of cybersecurity leaves small manufacturers vulnerable to cyberattack. Some assets used by a manufacturing company need more protection than other assets. The grouping of assets according to the protection they need and placing appropriate cyber protection measures around these groups of assets is security segmentation. This session provides an overview of security segmentation, and then present a systematic yet simple six-step approach for security segmentation design.

Session Objectives: 
  • The intended audiences for this session are people managing the IT/OT systems at a manufacturer who could be the operations manager, the network/security architect or a CISO. 
  • Learn how common cybersecurity weaknesses present in the OT environment can be mitigated with security segmentation.
  • Learn what are the building blocks of security segmentation.
  • Learn how to conduct a security segmentation design.
 

Speakers
avatar for Dr. Michael Powell

Dr. Michael Powell

Cybersecurity Engineer, NIST/NCCoE
Michael Powell is a Cybersecurity Engineer at the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) in Rockville, Maryland. His research focuses on cybersecurity for the manufacturing sector, particularly how it impacts... Read More →
avatar for Aslam Sherule

Aslam Sherule

Lead Cyber Physical Security Engineer, MITRE Corporation
Aslam Sherule is a Lead Cyber Physical Security Engineer at MITRE Corporation. He co-authored NIST SP 800-82 R3 and NIST SP 1800-10. Currently he is working on creating practice guides for Zero Trust Architecture in OT and Responding to & Recovering from Cyber Attacks. Prior to joining... Read More →


Wednesday October 26, 2022 1:15pm - 2:00pm EDT
Windsor DE

2:00pm EDT

ICS Cyber Due Diligence: A Critical Element During M&A
Industrial organizations are constantly changing. Mergers and acquisitions of assets happen on a regular basis, and evaluating cyber risk as part of the standard due diligence process must become a requirement for executives. A significant cybersecurity incident could cost tens of millions of dollars due to lost revenue, ransom payments, legal fees, incident response costs, and increased cyber insurance premiums. Company owners, CEOs and boards of directors are also being held personally liable for a lack of security oversight following a cybersecurity breach.
 
This presentation will guide security executives through:
  • How ransomware groups identify their targets 
  • What should be done to strengthen the outward cyber appearance of industrial assets to avoid a nation state cyberattack or ransomware attack
  • Why you should delay M&A announcements until you have done your cyber due diligence
  • Methodologies for evaluating cyber risk as part of your due diligence process

Speakers
avatar for Jay Williams

Jay Williams

CEO, Industrial Defender
As CEO of Industrial Defender, Williams is positioning the company as an integral enabler of the OT cybersecurity transformation and scaling it through the next phase of global growth. He is a highly regarded cybersecurity executive with 30 years’ experience in OT/ICS environments... Read More →


Wednesday October 26, 2022 2:00pm - 2:30pm EDT
Windsor C

2:00pm EDT

Using VEX to Prioritize Vulnerabilities That Matter
Software Bill of Materials (SBOMs) are now recognized as a key component in software supply chain risk management. Executive Order 14028 has mandated them for doing business with the federal government, and critical industries are increasingly adopting this position as well. Unfortunately, SBOMs can result in a significant number of false positive vulnerability reports, creating too much work for too few security experts.

Not every vulnerability merits panic. Just because a vulnerability is reported for a software component doesn't mean the vulnerability is actually exploitable.
 
Cybersecurity and Infrastructure Security Agency (CISA) and the German Cybersecurity and Infrastructure Security Agency (BSI), have developed VEX (Vulnerability Exploitability eXchange) to address this issue. VEX documents allow vendors to preemptively assess the exploitability of vulnerabilities and issue a standardized, machine-readable document that states whether or not their products are “affected” by one or more known component vulnerabilities. 
VEX helps vendors communicate efficiently with their customers and prevents organizations wasting valuable time fruitlessly searching for and patching vulnerabilities in components that are perfectly safe.

This talk will present the results of a supplier of mission-critical ICS equipment using VEX documents to swiftly address customer concerns regarding the high-profile Log4j vulnerability. It will also cover the structure and the standardized formats available for VEX documents. VEX is still early days and there is still work to be done regarding the processing of VEX documents. But the industry needs to understand and be ready for VEX if they are to get vulnerability management under control.

The discussion of the results of this project will be valuable to both end-users and vendors considering implementing VEX to improve and streamline their security processes.

Learning Objectives:

The discussion of the results of this project will be valuable to both end-users and vendors considering implementing VEX to improve and streamline their security processes.

Speakers
avatar for Eric Byres

Eric Byres

Chief Technology Officer, aDolus Technology
Eric Byres, the Chief Technology Officer at aDolus Technology Inc., is widely recognized as one of the world’s leading experts in the field of Operational Technology (OT) cybersecurity. He is the inventor of the Tofino Security technology – the most widely deployed OT-specific... Read More →


Wednesday October 26, 2022 2:00pm - 2:30pm EDT
Windsor DE

2:30pm EDT

How ICS Cyber Resiliency Contributes to Energy Savings by Improving Plant Efficiency
Cybersecurity is now a real boon for ICS/SCADA operations and maintenance. The talk will create awareness for plant/field teams by detailing various area of focus and measures for improving cyber resiliency for the ICS/plant which would pave way to the overall efficiency and savings.

While cybersecurity is typically thought of as a cost driver, there is mounting evidence that it can lead to a positive return of investment (ROI). Company leaders are spending heavily to protect their networks, systems, and data.

This presentation will analyze the roots of connected ICS like Industrial IoT, connected process controls, smart meters, etc., It will also make the argument for tangible benefits for plant efficiency, energy savings and process/machinery optimization, which could be a big motivating factor for management teams making budgetary decisions on cybersecurity efforts as well as the operations and maintenance teams implementing them.

Learning objectives for attendees:

While the ICS/OT cybersecurity budgets are growing larger, plant managers tend to believe that these investments don’t yield a direct return of investments. This presentation will attempt to counter that argument by explaining that ICS/OT cybersecurity not only secures networks and data but also helps with prime business protections such as emergency shutdown, disaster recovery, machinery safety and human safety. It contributes to energy safety, plant efficiency and ultimately leads to a healthier bottom line.

                                       

Speakers
avatar for Sivakumar Radhakrishnan

Sivakumar Radhakrishnan

Head of ICS/OT Cybersecurity, TÜV SÜD America
Mr. Sivakumar Radhakrishnan, an Electronics & Instrumentation engineering graduate with an overall experience of 32 Years of international experience.International Business expert from - NIT (Holding both SPIN & SPARTA Certifications). Certified Environmental specialist from SPACE... Read More →


Wednesday October 26, 2022 2:30pm - 3:00pm EDT
Windsor C

2:30pm EDT

Deep Dive Into PLC Ladder Logic Forensics
In this talk we will introduce new open-source tools for PLC Ladder Logic forensics, showing how it can be used to analyze code and data blocks.

We will demonstrate how it can be used to detect rogue code blocks and anomalous metadata. The demonstration will be shown on a POC malware that has been simulated in our ICS lab environment.

This talk will also cover the basics of programming and explain how communications and execution concepts works in Ladder Logic programming.

Speakers
avatar for Maayan Shaul

Maayan Shaul

Security Researcher, Microsoft
Maayan Shaul is a Malware Analyst and Security Researcher in Section52 at Microsoft Defender for IoT (formerly CyberX).


Wednesday October 26, 2022 2:30pm - 3:00pm EDT
Windsor DE

3:00pm EDT

Defending OT In the Midst of An IT Attack
OT networks need to share data with IT for performance monitoring and analytics. However, if an IT network is hacked and is shut down, this prevents the exchange of data from OT to IT. Data can be transferred directly to the cloud, so operators have access to that data even if IT is shut down due to an attack, however it needs to be transferred securely to prevent threats from entering the OT network. Join this session as we discuss best practices for locking down OT networks and enabling secure connections between OT networks and the cloud.

During this session:
  • Learn to think vertically about production encompassing ground-to-cloud thinking and the importance of actionable visibility spanning the entire IT and OT business process stack
  • Gain an understanding of how IT system outages can impact production directly and indirectly 
  • Best practices for enabling secure communications with a locked down OT network architecture for asset visibility and analytics in the cloud

Speakers
avatar for David Muccini

David Muccini

Sales Engineer, Owl Cyber Defense Solutions
Owl Cyber Defense cross domain, data diode, and portable media solutions provide hardened network security checkpoints for absolute threat prevention and secure data availability. Certified by the U.S. government, independent testing authorities, and international standards bodies... Read More →


Wednesday October 26, 2022 3:00pm - 3:30pm EDT
Windsor C

3:00pm EDT

How I Learned to Stop Worrying and Love the PLC Change
Until recently, most of the focus in the ICS security community has been “bolting on” security to the network in the form of firewalls, data diodes, and network monitoring all at the perimeter. Any mention of touching Level 1 devices like PLCs deep inside the network has traditionally been met with gut reactions saying they are too sensitive to handle any extra security functionality, or it is not an effective investment in security. However, there is a wealth of data inside PLCs that can provide tremendous value both for security detections and for everyday troubleshooting. In this talk we will break down common objections we have heard to Level 1 security so we can learn how to stop worrying and love the PLC change.
                   
In this session attendees will learn:
  • Common challenges and concerns when deploying Level 1 (PLC) security
  • Strategies and tests to ensure Level 1 security solutions don’t affect the process
  • Benefits of Level 1 security that far outweigh the costs of deployment


Speakers
avatar for Dr. David Formby

Dr. David Formby

Fortiphyd Logic, CEO/CTO
David Formby is CEO/CTO and co-founder of Fortiphyd Logic. He received his Ph.D. from the Georgia Institute of Technology where he focused on developing novel attacks and defenses for industrial control system networks and PLCs. Formby now leads Fortiphyd Logic in developing innovative... Read More →


Wednesday October 26, 2022 3:00pm - 3:30pm EDT
Windsor DE

3:30pm EDT

Break
Wednesday October 26, 2022 3:30pm - 3:45pm EDT

3:45pm EDT

The Cyber Physical War – Lessons From the Digital Front Line
Since the Colonial Pipeline cyber attack, there has been an abundance of actions taken – from the cybersecurity directives issued by the White House and the Transportation Security Administration (TSA) to the bolstering of IT operations within companies. Despite these preliminary actions from the government, oil and gas organizations, and other industrial sectors within critical infrastructure, it is not enough. 
 
The Colonial incident and the subsequent directives are not only warning bells for the industrial sectors within critical infrastructure but are booming dinner bells for cyber criminals. These adversaries have confirmed that the cyber-physical world is their new battleground and they will continue to find new ways to exploit vulnerabilities and disrupt industrial operations with potentially devastating consequences. They do so by targeting OT networks that run industrial systems instead of IT because the impacts are far-reaching, costly and dangerous. It is important to note that these criminals only need to get it right one time to make a substantial impact and are constantly evolving attack methods.
 
As cyber criminals are strategically changing course to target critical infrastructure, companies must realize that the cyber-physical world is vulnerable and unprotected. Immediate action is necessary to prevent OT networks from being comprised. 
 
This presentation will examine how cyber incidents, like Colonial, Oldsmar Water Plant and the JBS food plant, have highlighted the growing problem of cyber-physical attacks on critical infrastructure and what criminal behavior tells us about future attacks. In addition, this session will explain how the growing convergence of OT and IT cyber have exposed the gaps in OT cybersecurity, why the methods used to protect IT do not work in an OT environment and why all eyes will be focused on OT to prevent growing cyber-physical threats.  
 
Furthermore, this presentation will explain why the current cybersecurity regulations are not enough to spur widespread change while highlighting the market forces that will drive that change. It will also discuss why the private and public sectors need to join forces to advance industrial cybersecurity. Lastly, it will underscore the questions stakeholders must ask and the actions they need to take to fight against criminals in this new battleground, protect their OT environments, and ultimately safeguard their businesses, supply chains, and consumers. The warning bell has sounded but the dinner bell is louder.

Speakers
avatar for Rob Wade

Rob Wade

Global Head, Sales and Strategy, Industrial Cybersecurity, ABS Group
Rob Wade oversees sales and strategy for Industrial Cybersecurity at ABS Group. For over 26 years, he has helped companies adapt to their digital environments and solve business challenges related to complex global IT outsourcing and managed services. For the last 12 years, he has... Read More →


Wednesday October 26, 2022 3:45pm - 4:30pm EDT
Windsor C

3:45pm EDT

Asset Inventory and Network Security Monitoring – Key Technical Considerations and Best Practices
Why are organizations struggling to get the basics of OT Asset Visibility & Detection right?

Due to increasing awareness and/or Board/Compliance requirements, many organizations conduct a preliminary risk assessment to initiate their OT specific Security program. One of the initial steps is to generate an inventory of OT assets, which used to be a rudimentary spreadsheet exercise. With the wide availability of OT asset discovery tools, many go down that path via a proof of concept/value. Besides inventory, asset visibility, network security monitoring and threat detection are evaluated as part of this process. This talk will focus on technical considerations, lessons learnt and best practices from performing these POC/POV, and covers challenges including availability of infrastructure (span ports/tap, routing, bandwidth), archaic protocol implementations, organizational policies for network flows, risk appetite for active probing on low traffic networks and installing agents on HMIs & EWS, and finally the collaboration required of OT & IT personnel for successful implementations.

Due to a speaker travel issue, this session will be presented remotely

Speakers
avatar for Vivek Ponnada

Vivek Ponnada

Nozomi Networks
Vivek Ponnada is an OT practitioner with global (14 countries) experience and currently works at Nozomi Networks as a Regional Sales Director.  Having started his career in ICS as an Instrumentation Technician, Vivek became a Controls Engineer and commissioned Gas Turbine Controls... Read More →


Wednesday October 26, 2022 3:45pm - 4:30pm EDT
Windsor DE

4:00pm EDT

ICS Tabletop Exercise (TTX) - All Aboard the Runaway Train: Riding the Train that Couldn’t
{This a re-run of the same TTX session that was held on Wednesday to accommodate those who could not attend the previous session}

Train control systems manage various things, from physical breaking to wayside switching control to railway congestion management. This tabletop exercise will take you on a journey through a compromised train scenario. All are welcome to come, share their experiences, and gain fantastic cyber-physical knowledge.

Note: Participants are required to utilize their own laptops
*Capacity Limited - First come, first served 

Wednesday October 26, 2022 4:00pm - 5:00pm EDT
Hope I-III

4:30pm EDT

Are Zero Trust Industrial Networks Achievable?
The Pandemic brought zero trust to the forefront with the advent of Hybrid work and creating the perimeter less enterprise. Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Zero trust within the industrial space is often misrepresented and there can be confusion on what can or cannot be implemented. This quick overview will provide guidance on:
  • What Zero Trust is
  • Why Zero Trust can be challenging to implement in OT
  • Where Zero Trust applies across an Industrial Architecture
  • Starting the Zero Trust Journey while securing ICS with Industrial Standards.

Solutions Session Sponsored by Palo Alto Networks

Speakers
avatar for Jason Greengrass

Jason Greengrass

Principal IoT Architect, Palo Alto Networks



Wednesday October 26, 2022 4:30pm - 4:50pm EDT
Windsor DE

6:00pm EDT

Offsite Party: Industry Tavern
Join us for our 2022 offsite party at the Industry Tavern to enjoy great food, craft beers and vintage cocktails. (Open to all full conference pass holders. Conference badge required for entry)











Wednesday October 26, 2022 6:00pm - 10:00pm EDT
Industry Tavern 3280 Peachtree Rd NE #187, Atlanta, GA 30305
 
Thursday, October 27
 

9:00am EDT

Fast-track ICS Cybersecurity Risk Assessment - The Short Cut to Lowering Your Premium for OT Cyber Liability Insurance Coverage

Cyberattacks and breaches against ICS and OT networks have increased at an alarming rate. As threats grow, the number of companies inquiring about cyber liability insurance coverage has increased heavily...
The 2021 Colonial Pipeline incident and resulting $4 million ransomware payment represented a watershed moment. It led insurance companies to be more vigilant and offer strict and high-premium based insurance coverage especially for ICS industries that seek cyber liability protection.

In contrast to traditional IT cyber liability insurance coverage, ICS cyber liability insurance is still in its nascent stage. It is also seen as particularly complicated due to indirect damage to its productivity and costly ICS machinery. Due to this, some companies have even experienced insolvency due to wrong estimates and incorrect pricing. It has led insurers to tighten their policy terms and conditions to reduce unexpected losses. Traditionally, commercial property and casualty policies could include limited cyber coverage, but now, carriers are becoming less likely to include it, and are instead offering cyber coverage separately.

This paper details how a clear and focused ICS cyber risk assessment can save money on premiums and help underwriters offer more adequate insurance capacity. During an ICS cyber risk assessment, experienced engineers will examine a company’s compliance with multiple industrial cybersecurity standards including NIST CSF, IEC 62443, etc. It also provides a detailed Business Intelligence analytics report for ICS management so they can take an informed approach to risk mitigation that will strengthen their ICS networks and help them better negotiate with insurance carriers. It also helps insurance companies and underwriters make more informed ICS cyber liability insurance coverage decisions.

An ICS risk assessment determines risk percentage, risk scoring and breach probability of all individual key ICS networks and systems. The report determines a clear risk value in terms of dollar value for both the end-user and insurer.

Learning Objectives for Attendees
When insurance companies are making underwriting decisions on ICS cyber liability coverage, they must take many factors into account. They want substantial material and technical evidence. Self-initiated questionnaires won’t suffice. They are cautious about these decisions and thorough in their research. In fact, there have been frequent instances of underwriters rejecting inadequate risk assessment reports/questionnaires because they are too thin and don’t focus enough on ICS cybersecurity.
This paper addresses to the key question of first party revue losses and the third-party claims using ICS risk assessments to assess the breach probability in every stage of ICS to derive the cost of potential business disruption and revenue loss.

Speakers
avatar for Sivakumar Radhakrishnan

Sivakumar Radhakrishnan

Head of ICS/OT Cybersecurity, TÜV SÜD America
Mr. Sivakumar Radhakrishnan, an Electronics & Instrumentation engineering graduate with an overall experience of 32 Years of international experience.International Business expert from - NIT (Holding both SPIN & SPARTA Certifications). Certified Environmental specialist from SPACE... Read More →


Thursday October 27, 2022 9:00am - 9:30am EDT
Windsor C

9:00am EDT

The Security Risks of 4.0 CNC Machines
CNC (computer numerical control) machines are largely used in production plants and constitute a critical asset for organizations globally. The strong push dictated by the Industry 4.0 paradigm led to the introduction of technologies for the wide connectivity of industrial equipment, including CNCs. As a result, modern CNCs resemble more to fully fledged systems rather than mechanical machines, offering numerous networking services for smart connectivity. Given this shift into a more complex and software-dependable ecosystem, these machines are left more easily exposed to potential threats.

Our work explored the risks associated with the strong technological development observed in the domain of numerical controls. We conducted an empirical evaluation of four representative controller manufacturers, by analyzing the technologies introduced to satisfy the needs of the Industry 4.0 paradigm, and conducting a series of practical attacks against real-world CNC installations.

Join this session as we share findings showing that malicious users could abuse of such technologies to conduct attacks like denial-of-service, damage, hijacking or theft. We reported our findings to the affected vendors and proposed mitigations. This talk wants to be an opportunity to raise awareness in a domain in which, unfortunately, security is not yet considered an important driver.

Speakers
avatar for Marco Balduzzi

Marco Balduzzi

Senior Research Scientist, Trend Micro
Dr. Marco Balduzzi is a team leader & principal researcher in computer & network security. Marco holds a Ph.D. in applied security from Télécom ParisTech and a M.Sc. in computer engineering from the University of Bergamo. His interests concern all aspects of computer security... Read More →


Thursday October 27, 2022 9:00am - 9:30am EDT
Windsor DE

9:30am EDT

Building an Operational Cyber Program for Small to Medium Critical Infrastructure Entities
The NRECA Threat Analysis Center (TAC) is the new Cooperative Operational Technology (OT) cybersecurity threat analysis and sharing platform, designed to improve the speed, coordination, and effectiveness of Co-op threat response. This initiative is designed to serve the small to medium utility community with right sized tools and products – is technology agnostics, and not for profit.  

The TAC is designed to be both a tool and a community, enabling collaboration and assistance among cybersecurity professionals at NRECA, Co-ops, and the wider intelligence community. This vision is dependent on establishing a network of cybersecurity professionals across the Co-op space. Therefore, as part of the TAC program, NRECA will launch the Grow/Keep Initiative, a workforce development initiative to address many of the challenges Co-ops face in hiring and retaining cybersecurity personnel. This center

As small, rural organizations, many Co-ops struggle to compete in the cybersecurity personnel marketplace. As electric utilities with expanding use of DER and IoT devices, Co-ops also require personnel who understand the critical infrastructure they serve and the associated risks of being compromised. Such “unicorns” are rare and expensive. The workforce Initiative will address these challenges by using the collective Co-op strength to compete in the marketplace while also growing cybersecurity expertise from the local Co-op communities. The resulting skilled and expansive network of professionals will act as a semi-shared resource, so every Co-op has the resources they need to resist and recover from threats.


With these efforts, the Threat Center Initiative will help ensure that no Co-op is too small to be protected, every Co-op has a community of support, and the nation’s power grid is safer.

Learning Objectives: 
  • Right Sizing of Products and Solutions for Small to Medium Entities 
  • Information Sharing initiatives for LMI communities 
  • Building a novel workforce

Speakers
avatar for Emma Stewart, Ph.D.

Emma Stewart, Ph.D.

Chief Scientist, National Rural Electric Cooperative Association (NRECA)
Emma Stewart, Ph.D. is chief scientist of the National Rural Electric Cooperative Association (NRECA) where she works to expand the leadership of NRECA and electric co-ops in the scientific and engineering communities. She leads the Business & Technology Strategies team to further... Read More →


Thursday October 27, 2022 9:30am - 10:00am EDT
Windsor C

9:30am EDT

Tests Using Polarization for RF Fingerprinting
This presentation is a report on field tests of a method for authenticating wireless devices based on the polarization characteristics of their signals.Results from monitoring wireless sensors in a factory environment will be presented under various conditions.The tests include the motion of an autonomous robot in the multipath environment and its impact on the polarization characteristics of stationary sensors on the production line. Results will be analyzed for their repercussions of the viability of using polarization for securing wireless devices.



Speakers
avatar for Page Heller

Page Heller

Endpoint Security


Thursday October 27, 2022 9:30am - 10:00am EDT
Windsor DE

10:00am EDT

When is Good Enough OT Cybersecurity, Not Good Enough
In todays IIOT world order of standards ( NIST 800-53) and frameworks, and Product Resiliency against cyber attack with IEC 62443 products, there is still room for debate, and even confusion from the myriad of choices a manager in charge of Cybersecurity and protecting critical assets and operation, independent of what industry sector you come from. This lecture unpacks the practices and pitfalls of the Cybersecurity journey from observation of numerous projects over the past 20+ years of digital transformation.  For both new ventures, and organizations well on their journey to defend against today threat groups targeting Manufacturing sectors. There is a practical approach that will be outlined for assessment, monitoring, control, detection & incident response needed in today’s OT environments.. This session focuses on requirements & priorities, rather than today’s latest technologies, but also gives insight to why some of the leading products work, and some times fail to meet targeted return, on investment, or even address todays threat vulnerabilities.  Session is intended for C-level audience, (CISO), as well as technical mangers from IT and Industrial Control and Operations involved in Cybersecurity programs.

Speakers
avatar for Rodney Arnold

Rodney Arnold

Honeywell
Rodney Arnold is an employee of Honeywell Connected Enterprise. He has almost 30 years of industrial information technology experience, and over 20 years in the ISC Cybersecurity field.  In his role he has consulted with numerous Fortune 100 companies, and overseen +100 Cyber Security... Read More →


Thursday October 27, 2022 10:00am - 10:30am EDT
Windsor C

10:00am EDT

From Industrial Cybersecurity Tools to Solutions to Protect Critical Infrastructure Sectors
This presentation will highlight the importance of designing and tailoring industrial cybersecurity solutions for critical infrastructure based on lessons learned and best practices obtained across industry sectors, entities, and critical services. Every industrial cybersecurity solution must be unique for every organization because every OT-IoT environment is also unique.

Designing a tailored solution requires specific knowledge, skills and experience in OT/ICS that must include people, processes, and technology. However, many industrial organizations are investing in IT/OT technology tools available on the market without a proper planning and before having a clear understanding of their OT-IoT environments and a development roadmap for their industrial cybersecurity solutions. In many cases, such investments are leading to overspending, disappointment, and lack of expected outcomes.

The goal of this presentation is to provide a practical and hands-on approach to designing and developing industrial cybersecurity solutions that will help organizations within critical infrastructure sectors and their leadership teams in planning, tailoring, and implementing solutions for their OT-IoT environments and Operations.

Recommendations that will be provided for audience during the presentation are based on industrial cybersecurity practical experience, use-cases and lessons learned obtain across industry sectors including public and private organizations.

Speakers
avatar for Goran Novkovic, P.Eng., PMP

Goran Novkovic, P.Eng., PMP

Head of Industrial Cybersecurity Practice, NEOM
Goran Novkovic is Head of Industrial Cybersecurity Practice with NEOM. Goran is a licensed Professional Engineer in Ontario, Canada (Electrical and Controls Engineering background) with 20+ years of hands-on experience in Operational Technology and Industrial Control Systems within... Read More →


Thursday October 27, 2022 10:00am - 10:30am EDT
Windsor DE

10:30am EDT

Break
Thursday October 27, 2022 10:30am - 10:45am EDT

10:45am EDT

Public Data Source Vulnerability Identification of ICS Devices and its Shortcomings
ICS and OT devices have historically been viewed as black boxes, especially by the end users of these devices. Tools and capabilities are incredibly limited in terms of how they can provide visibility and risk identification to these devices, so what are end users to do? The only recourse end users/asset owners have is to leverage existing knowledge bases such as the NVD and by reaching out to the device manufacturers themselves to identify any vulnerabilities and risks. In this presentation, Tom Pace, co-founder & CEO of NetRise will highlight how this is not enough. These datasets and even the knowledge from the manufacturer are insufficient to properly ascertain the level of risk that is present. Thousands of well-known vulnerabilities exist in ICS and OT devices that asset owners are completely blind to. Tom will highlight the true vulnerability disparity that exists for these devices and will explain how to shine a light on true device risk with real world data and techniques that everyone can use when they go back to their organizations.

Attendees will learn how to shine a light on the black box that is ICS/OT devices. Attendees will learn that software vulnerabilities are not the only risks that they should be concerned about. Attendees will walkway with practical recommendations on how to approach this problem on their own.

Speakers
avatar for Thomas Pace

Thomas Pace

Co-founder & CEO, NetRise
Thomas is currently the co-founder and CEO of NetRise, a cybersecurity company focused on providing visibility into devices to identify vulnerabilities and risk via firmware analysis. Prior to NetRise, Thomas served as the Global Vice President of Enterprise Solutions at Cylance where... Read More →


Thursday October 27, 2022 10:45am - 11:15am EDT
Windsor C

10:45am EDT

Electric Vehicle Supply Equipment (EVSE) Cybersecurity and Resilience
Electric vehicle (EV) development and associated charging infrastructure are expected to advance rapidly. Most of all global vehicle sales may be EVs and hybrid EVs in years to come, and they will rely on increasingly sophisticated strategies for grid integration. Next-generation EV charging infrastructure is expected to include interconnected renewable resources, such as photovoltaic (PV) arrays and battery storage systems, along with grid-edge devices. These complex interconnections expand the attack surface and could result in attackers acquiring valuable user data or manipulating firmware updates to create malfunctions that could impact power equipment.

In this session, Anuj Sanghvi, Cybersecurity Researcher at the National Renewable Energy Laboratory (NREL), will dive into the some of the cybersecurity work NREL is doing around threat vectors and risk mitigation techniques for Electric vehicle supply equipment (EVSE) and connected and automated vehicles to identify cybersecurity gaps and develop mitigation strategies for the future technologies.

Speakers
avatar for Anuj Dilip Sanghvi

Anuj Dilip Sanghvi

Researcher, Cybersecurity Science and Simulation Group, National Renewable Energy Laboratory
Anuj Sanghvi is an Operational Technology (OT) Cybersecurity Researcher and Network Security Engineer with the Cybersecurity Science and Simulation group at the National Renewable Energy Laboratory. He leads the research and development of NREL’s Distributed Energy Resources Cybersecurity... Read More →


Thursday October 27, 2022 10:45am - 11:15am EDT
Windsor DE

11:15am EDT

Beyond Defense in Depth: What's Next for ICS Defenses?
The "defense in depth" concept is widely used inside the Industrial Control systems (ICS) space, which proposes different layers of defense to make penetration difficult for an outside attacker perspective. While this concept is still important, the rapid growth in sophistication and number of cyberattacks shows this may not be enough to face the current challenges. This talk presents a complementary methodology to enhance the defense in depth approach, supported by international frameworks such as NIST, CIS CSC and ISA/IEC 62443, among others. Available topologies for centralized and decentralized  monitoring and the advantages and disadvantages of active or passive approaches will also be discussed.

Speakers
avatar for Engr. Felipe Costa, MSc

Engr. Felipe Costa, MSc

Product Marketing Manager - Americas, Moxa Americas
Felipe is the Cybersecurity Director at ISA Brazil, an Industrial Cybersecurity (IACS) Expert and Product Manager at Moxa Americas, an official ISA/IEC-62443 industrial cybersecurity trained at ISA Headquarters in US and EC- Council instructor . He is an international speaker and... Read More →


Thursday October 27, 2022 11:15am - 11:45am EDT
Windsor C

11:15am EDT

{Panel} Tackling What’s Next for ICS Cybersecurity
We are often asked how relevant Zero Trust is for critical infrastructure/operational technology (CI/OT). The answer is not only is it highly relevant but, when done properly, will safeguard against what would otherwise be catastrophic attacks. The principles of Zero Trust are ideal in large part because CI/OT's purpose-built nature and correspondingly predictable network traffic (as well as being unpatched for long periods of time and therefore creating vulnerability).  Join Rob Rachwald, Director of Zero Trust Strategy at Palo Alto Networks, for a panel discussion on how others are leveraging the principles of Zero Trust to tackle cyber security's toughest challenge: what's next.  We'll ask panelists to share insights on how Zero Trust is helping them achieve higher levels of security and operational resilience in CI/OT technologies.

Moderators
avatar for Rob Rachwald

Rob Rachwald

Director of Zero Trust Strategy, Palo Alto Networks

Speakers
avatar for Jack D. Oden

Jack D. Oden

Program Director, ICS Cybersecurity SME, and Consultant, Parsons
Jack D. Oden, Principal Project Manager and ICS Cybersecurity Subject Matter Expert (SME), is a self-motivated, energetic, and accomplished team player and speaker with twenty years’ experience in negotiating system improvements between users and engineers; developing projects... Read More →
avatar for Del Rodillas

Del Rodillas

Client Partner, Americas Industrials and Critical Infrastructure, ISTARI


Thursday October 27, 2022 11:15am - 12:00pm EDT
Windsor DE

12:00pm EDT

Lunch (12:00 - 1:00PM)
Thursday October 27, 2022 12:00pm - 1:15pm EDT
Windsor Garden

1:15pm EDT

Zero Trust in an ICS Environment
Beginning with a dissertation in 1994, in the subsequent 28 years, Zero Trust has moved from an academic discussion, through struggles that continue with current network and cybersecurity policies and implementation, to the availability of some tools from a wide variety of vendors. ICS often is the last to implement the newest of technology, for very good reason. There are architectures and papers providing much to consider. However, ICS lives in a world where information technology provides the Internet, wide-area and campus-wide communications, as well as some local, dedicated engineering communications. Our goal is to ensure this new technology, like others before it, is useful in an ICS environment. We will see this technology still a concept in development. Alternatively, ICS can be prepared to operate in such an environment provided by others. To those ends, we will examine the information available to carefully consider what should be done.

Key Takeaways:
  • Although it can be considered the latest buzzword, Zero Trust offers the next step in cybersecurity
  • It’s being implemented, but …
  • There is some very good guidance, but it is not mature
  • There are tools, but they do not play well together
  • Just how it applies to ICS
  •  If you have not started, what you can do now to prepare
  • Takeaways and thoughts from various presentations and panels throughout the week


Speakers
avatar for Jack D. Oden

Jack D. Oden

Program Director, ICS Cybersecurity SME, and Consultant, Parsons
Jack D. Oden, Principal Project Manager and ICS Cybersecurity Subject Matter Expert (SME), is a self-motivated, energetic, and accomplished team player and speaker with twenty years’ experience in negotiating system improvements between users and engineers; developing projects... Read More →


Thursday October 27, 2022 1:15pm - 2:00pm EDT
Windsor Ballroom

2:00pm EDT

Closing Panel: Takeaways and Insights from 2022 ICS Cybersecurity Conference
Join this session as we discuss takeaways from the week and share insights and thoughts based both on stage presentations and from the great networking discussions throughout the week.

Moderators
avatar for Andrew Ginter

Andrew Ginter

VP Industrial Security, Waterfall Security Solutions
At Waterfall, Andrew leads a team of experts who work with the world's most secure industrial enterprises. Before Waterfall, Andrew led the development of high-end industrial control system products at Hewlett-Packard, of IT/OT middleware products at Agilent Technologies, and of the... Read More →

Speakers
avatar for Kenny Mesker

Kenny Mesker

Enterprise OT Cybersecurity Architect, Chevron
avatar for Gonda Lamberink

Gonda Lamberink

VP, Critical Manufacturing Security Solutions, Fortress Information Security
avatar for Brian Schleifer

Brian Schleifer

Senior System Security/Cybersecurity Engineer, Modern Technology Solutions (MTSI)


Thursday October 27, 2022 2:00pm - 2:45pm EDT
Windsor Ballroom

2:45pm EDT

Open Mic Exchange, Networking & Beverages
Join us in the Windsor Ballroom for a closing session with an open mic and your chance to ask questions, share insights and network with others for discussions as we wind down a great week!

Thursday October 27, 2022 2:45pm - 4:00pm EDT
Windsor Ballroom

4:00pm EDT

Conclusion of 2022 ICS Cybersecurity Conference
Thank you for attending SecurityWeek's 2022 ICS Cybersecurity Conference!  We hope you enjoyed the content and made fantastic connections. We look forward to seeing everyone in 2023!

Thursday October 27, 2022 4:00pm - 4:00pm EDT
Windsor Ballroom
 
Filter sessions
Apply filters to sessions.