ICS 2022

This full-day lab course gives participants hands-on experience attacking and hardening a simulated power plant network to learn about common ICS vulnerabilities and defenses. Participants will attack historians, HMIs, and PLCs to cause a power outage in the 3D simulation, and then implement defenses like firewalls and network monitoring to harden it.

Learning Objectives - In this session attendees will learn:

• Deeper understanding of common vulnerabilities in ICS networks and devices                     
• Techniques for testing ICS devices for various vulnerabilities
• Practical experience hardening ICS device configurations and using network defenses

Topics Covered:

• Scanning ICS networks
• Exploiting web vulnerabilities in the DMZ
• Sniffing industrial network traffic
• Password cracking
• PLC and HMI programming
• Using Yara to scan for ICS malware
• Writing host and network firewall rules for ICS
• ICS network intrusion detection
                             

Requirements
Participants must bring their own laptop with either Chrome or Firefox installed. Some Linux experience is helpful but not required.

(Register) This 8-hour workshop will be a crash course in ICS vulnerabilities and exploitation, providing hands-on, practical training in the carrying out of attacks against various common types of ICS equipment found in the field, including an HMI, PLC and automated circuit breaker. Students will learn:

• Common ICS terminology and system architecture, including inherent flaws and typical mistakes made in system design which should be considered when planning an attack. 
• Modbus and Modbus/TCP architecture and functionality
• Python modules for interacting with Modbus-based systems, and writing scripts to interrogate and attack these systems
• Defensive methodologies and considerations in the face of how simple these attacks can be to carry out

Students should come prepared with the following equipment and knowledge: 

• A laptop running either Virtualbox, VMWare Workstation (not Player), Parallels, or VMWare Fusion
• An available Ethernet port on the laptop
• Ability to read technical documents written in English
• Experience writing basic Python scripts which incorporate modules and leverage functions and loops
• Basic Linux command line experience, including the ability to navigate directories, and launch application

Register Here

(Additional Registration Required - $495 Fee: Register ) This workshop will provide students of any role or skill level (beginners, advanced, and leadership) an immersive and entertaining OT cybersecurity learning experience, by participating as part of a blue team and a red team in a simulated environment. Short lectures cover Red Team topics (OT vulnerabilities, OT attack surface, and “hacker” methods) and Blue Team topics (OT vulnerabilities, security controls, threat monitoring, cyber risk management strategies, incident response, building a cybersecurity program). These topics are then exercised and reinforced in breakout sessions, where students get to compete against each other in “head-to-head” red team vs. blue team matches using the ThreatGEN® Red vs. Blue Cybersecurity Simulation Platform.

What will you get out of this course?

• Gain a comprehensive, “big picture” understanding of how all the OT cybersecurity pieces work together.
• A primer/refresher of Industrial Control Systems (ICS)/Operational Technology (OT)
• Learn OT vulnerabilities and attack vectors
• Learn about the methods and strategies red teams and hackers use to attack OT (High-level, this is not a command line level course)
• Learn OT and cyber risk management concepts and strategies
• Learn how to deploy efficient and cost-effective cyber risk mitigation strategies and security controls
• Learn how to build a complete OT cyber security program.
• Apply what you’ve learned against live adversaries (going head-to-head against other students) in the ThreatGEN® Red vs. Blue Cybersecurity Simulation Platform
• Learn how to respond to, adapt, and defend against active attacks (High-level, this is not a technical incident response or threat hunting class.)
• Participate as the blue team and the red team (no prior experience or technical skill required).
• Taught by Clint Bodungen, world-renowned ICS cybersecurity expert and author of Hacking Exposed: Industrial Control Systems

Requirements
Participants must bring their own laptop with either Chrome, Firefox, or Microsoft Edge installed. Connection to the internet will be required (access provided by the conference). Nothing will be installed onto your laptop.

Open to all conference attendees (no additional fee)

ICS4ICS Exercises are designed to help people understand how ICS4ICS processes and tools are used to improve the response to industrial control system cybersecurity incidents by leverage FEMA and DHS CISA capabilities.

Be part and join the Incident Command System for Industrial Control Systems (ICS4ICS) Exercise at SecurityWeek's ICS Cybersecurity Conference! The ISA Global Cybersecurity Alliance has joined forces with DHS Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity response teams from more than 50 participating companies to adopt FEMA's Incident Command System framework for response structure, roles, and interoperability. This is the system used by First Responders globally when responding to hurricanes, floods, earthquakes, industrial accidents, and other high impact situations. The ICS4ICS program is designed to improve cybersecurity capabilities related to incidents that impact industrial control systems and critical infrastructure supporting countries throughout the world.

Access ICS4ICS Materials

(Click Here to Register for CTF)

Roll up your sleeves and get ready for some fun and challenges for the 2022 ICS Cybersecurity Conference Capture the Flag (CTF) hacking competition! Competition rules and setup details will be available prior to the conference.

Hack the Plan[e]t is a first-of-its-kind CTF: a slice of modern city life integrating both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge. Play for a few minutes or plan to stay for many hours as the challenge grows. The ICS Village delivers a compelling experience using real IT and industrial equipment for all skill levels and practitioner types. Open to all levels of experience.

Train control systems manage various things, from physical breaking to wayside switching control to railway congestion management. This tabletop exercise will take you on a journey through a compromised train scenario. All are welcome to come, share their experiences, and gain fantastic cyber-physical knowledge.

Note: Participants are required to utilize their own laptops

{This a re-run of the same TTX session that was held on Wednesday to accommodate those who could not attend the previous session}

Train control systems manage various things, from physical breaking to wayside switching control to railway congestion management. This tabletop exercise will take you on a journey through a compromised train scenario. All are welcome to come, share their experiences, and gain fantastic cyber-physical knowledge.

Note: Participants are required to utilize their own laptops
*Capacity Limited - First come, first served