2021 ICS Cyber Security Conference

Securing Process Control and Safety Instrumented Systems requires a holistic approach that recognizes threats and vulnerabilities while also understanding the consequences of a compromised system. Many approaches today look at the threats and vulnerabilities (often focused mostly on the process control network) or the consequences (process risk) without viewing them as a unified landscape that we are trying to defend.

This presentation will discuss the processes and methodologies MITRE uses in the functional safety engineering space that helps to identify, quantify, and rectify process risk to systems while leveraging the real world threat and vulnerability information available to allow us to realistically prioritize our actions in strengthening our ICS security posture. This talk will dive into some tried and true techniques as well as some of the newer more contemporary approaches to understanding the threat and providing the required mitigations/controls to bring operations into the threshold of tolerable risk.