This is the 2021 Agenda  -  Please visit https://www.icscybersecurityconference.com/ for the most current information
Tuesday, October 26

10:00am EDT

Welcome Address
avatar for Mike Lennon

Mike Lennon

Managing Director, Conference Chair, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the cyber threat landscape, and enterprise, critical infrastructure, and national security space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages... Read More →

Tuesday October 26, 2021 10:00am - 10:05am EDT

10:00am EDT

Key Findings of the (CS)2AI-KPMG Control System Cyber Security Annual Report 2021
The Control Systems Cyber Security Association International (CS2AI), in collaboration with a team of ICS SMEs from the ICS cyber security practitioner community and its coalition of strategic alliance partners, conducts a yearly analysis on the current state of control system cyber security. Leveraging the participation of multiple stakeholders across roles and industry sectors, the survey is designed to help answer key questions about how we can best protect critical systems in the face of ever-growing and -evolving threats.
This session will reveal key findings from the not-yet-published Report, enabling defenders to improve their security posture through greater understanding of the diverse concerns and decision drivers that the industry faces.

avatar for Derek Harp

Derek Harp

Founder & Chairman, (CS)2AI
Derek Harp, Founder and Chairman of (CS)2AI, has relentlessly pursued new ideas that could change the world through founding, co-founding, advising and investing in new companies for more than twenty years, primarily focused on cyber security. A passionate professional speaker, Derek... Read More →

Tuesday October 26, 2021 10:00am - 10:35am EDT
Windsor Ballroom

10:35am EDT

CyOTE™: A Methodology for Cybersecurity in Operational Technology Environments
The Department of Energy’s Cybersecurity for the Operational Technology Environment (CyOTE) program provides a methodology for energy sector asset owner-operators to combine network-based sensor data with local context to recognize faint signals of malicious cyber activity before an adversary can cause higher-impact effects. By leveraging this methodology with existing commercial monitoring capabilities and manual data collection from broader but informative sources in operations and even in the business domain, asset owners can better understand relationships between multiple observables which could represent a faint signal of an attack requiring investigation. Visibility is necessary but the importance of visibility is in the understanding and decisions it drives – complicated by infrastructure changes, new technologies, and determined and sophisticated adversaries. Independently getting to the point of making a risk informed business decision on whether to respond to an incident or fix a reliability failure sooner and with more confidence is the promise of CyOTE.  

While CyOTE is an energy sector program, the insights and takeaways are broadly applicable to other industrial sectors. This presentation covers the history of CyOTE to explain how the key insights came about, and then walks through the methodology as a way to put those insights into practice, showing how it complements other high-priority investments and activities in energy sector OT cybersecurity.

avatar for Sam Chanoski

Sam Chanoski

Technical Relationship Manager | Cybercore Integration Center, Idaho National Laboratory
Sam Chanoski delivers technical leadership, expertise, and strategic insights to Cybercore’s portfolio of multi-million-dollar critical infrastructure security and resilience projects sponsored by the Department of Energy, Department of Homeland Security, and Department of Defense... Read More →

Tuesday October 26, 2021 10:35am - 11:15am EDT

11:15am EDT

Fireside Chat With Robert M. Lee, Founder and CEO, Dragos
avatar for Ryan


Editor-at-Large, SecurityWeek
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the Security Conversations podcast series. A journalist and cybersecurity strategist with more than 20 years experience covering IT security and technology trends, Ryan has built security engagement programs at major global... Read More →

avatar for Robert M. Lee

Robert M. Lee

CEO, Dragos, Inc.
Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus... Read More →

Tuesday October 26, 2021 11:15am - 12:00pm EDT

12:00pm EDT

Break: Please Visit Sponsor Booths
Tuesday October 26, 2021 12:00pm - 12:15pm EDT

12:15pm EDT

Industrial Cybersecurity – Separating Fact From Fiction
In every critical infrastructure sector, security teams responsible for industrial operations are re-evaluating their security programs as targeted ransomware, supply chain breaches and cloud connectivity all emerged as top-of-mind concerns. However, when these teams look for resources, advice on many facets of cyber security programs is often confusing and even contradictory. There exists a significant challenge in today’s environment where opinions based on narrow experiences are oftentimes presented as fact. It becomes a high hurdle to separate the facts from the fictions.

This talk will highlight some of the greatest arenas of discussion that have emerged in the field of Industrial Cybersecurity over the past two plus decades including:
  • IT/OT Convergence – There is only T
  • The perimeter is dead
  • Encryption will protect us
  • It isn’t “if”, it’s “when” you’ll be hacked
  • CIA vs AIC
  • Regulations are necessary to drive security

We will also explore some of the classic blunders in security strategies that we must learn from, in order to avoid repeating our history.

Finally, we will reserve some time for direct Q&A, ensuring that attention is given to the latest developments and audience concerns.

avatar for Michael Firstenberg

Michael Firstenberg

Director of Industrial Security, Waterfall Security Solutions
Mike Firstenberg is the Director of Industrial Security for Waterfall Security. Mike brings two decades of experience in Process Control Security, specializing in Control System Cyber Security. The former chair of the American Water SCADA Council, Mike studied Computer Science, Chemical... Read More →

Tuesday October 26, 2021 12:15pm - 1:00pm EDT

1:00pm EDT

What CISOs Get Wrong About Connected Device Product Security
With billions of connected devices powering up every year, crowded markets have created unique challenges and opportunities for device manufacturers. In this environment, competitive differentiation is key. As attackers move away from application layer attacks, connected devices are now the ultimate low-hanging fruit to offer unauthorized access to critical IT and OT networks. 

Breaches in product security will have unprecedented impacts on device manufacturers and owners. According to Gartner, cyber-physical attacks resulting in fatal casualties will cost over $50B by 2023. Even the White House is taking note, with a new Cybersecurity EO that will add new requirements for secure software. 

In this presentation by Finite State, we’ll take a close look at how product security breaches occur, and how the financial impact of these breaches have tangible permanent effects on industry competitors. Learn proactive approaches to product security that are being adopted by some of the world’s largest device manufacturers, as well as how to ensure that your product security strategies generate value for your customers and shareholders.

avatar for Jeanette Sherman

Jeanette Sherman

Sr. Director, Product Development, Finite State
Jeanette Sherman believes that technology achieves more when customers and companies speak each other’s language. As a Director of Product Management at Finite State, she works to tell customer stories to Finite State’s teams — and to tell Finite State’s technology story to... Read More →

Tuesday October 26, 2021 1:00pm - 1:30pm EDT

1:00pm EDT

Security for the Evolving Needs of Industrial Environments
As more and more industrial devices connect to corporate networks, and therefore the internet, SCADA and industrial control systems become increasingly vulnerable to attack.  Some consider them low hanging fruit given many run unpatched and have been in place for more than 20 years.  OT systems around the world are barraged with both recycled IT-based attacks and purpose-built OT exploits. One survey finds that 74% of OT professionals had experienced a breachin the past 12 months. During this session, we will explore the impact and considerations for safe and secure operations including the need to:
  • Evaluate the architecture needed to secure aging equipment and neutralize the impact on safety, uptime and time-to-market
  • Explore the Cybersecurity Maturity Scale to leverage data analytics, threat intelligence and sustained situational awareness to inform decision making
  • Understand how the Fortinet Security Fabric can provide foundation for securing industrial controls and SCADA systems in any environment

avatar for Carlos Sanchez

Carlos Sanchez

Director - Operational Technology, Central USA, Fortinet
Carlos is a technologist with 32 years of experience in network, telecommunications, and critical infrastructure security. He specializes in simplifying complex business problems with a pragmatic application of technology. With a wide range of experience ranging from US Air Force... Read More →

Tuesday October 26, 2021 1:00pm - 1:30pm EDT

1:30pm EDT

Agentless Monitoring & SIEM/XDR Analytics for IoT/OT Zero Trust
Recent ransomware attacks that shut down production for a US gas pipeline and global food processor have raised board-level awareness about IoT and Operational Technology (OT) risk. Increased IT/OT connectivity to support the business has now made it easier for adversaries to move laterally from IT to OT and vice-versa — yet many organizations continue to operate on the assumption that their OT networks are either air-gapped or sufficiently segmented from their IT networks to prevent this. In our risk assessments for organizations across all industry verticals, we have found this to be a false assumption in the majority of cases. In this 10-minute session, we’ll review some real-world attack chains and discuss why you need the bird’s eye view provided by SIEM and XDR — combined with rich telemetry provided by agentless, OT-aware network detection and response (NDR) — to detect and respond to modern multi-stage attacks that typically cross IT/OT boundaries.

avatar for Phil Neray

Phil Neray

Director, IoT & Industrial Cybersecurity, Microsoft
Phil Neray is Director of IoT & Industrial Cybersecurity at Microsoft. He joined Microsoft after its acquisition of CyberX, an innovator in agentless security and behavioral anomaly detection for industrial and critical infrastructure networks. Prior to CyberX, Phil held executive... Read More →

Tuesday October 26, 2021 1:30pm - 2:00pm EDT

1:30pm EDT

Closing IoT Gaps in Your Operations
Industrial organizations are quickly adopting Internet of Things (IoT) technologies to reduce costs and deliver more value to customers and shareholders. Unfortunately, the widespread deployment of IoT is creating new security risks, as many organizations lack the ability to monitor and secure their IoT devices. Join us for a discussion on: The transition of OT networks into IoT networks The visibility, monitoring and security challenges created by IoT technology IoT use cases within industrial operations Effective ways to close the IoT security gap.

avatar for Phil Trainor

Phil Trainor

Federal Product Manager, Nozomi Networks
Phil is an expert in creating and implementing threat intelligence driven products and solutions for the network security industry with a focus on Telecom, Government, Enterprise, and Cloud. He specializes in production network security auditing, SecOps, visibility, security testing... Read More →

Tuesday October 26, 2021 1:30pm - 2:00pm EDT

2:00pm EDT

Afternoon Break: Please Visit Sponsor Booths
Tuesday October 26, 2021 2:00pm - 2:15pm EDT

2:15pm EDT

Lessons Learned From the Maritime Field
Are the Operational Technology (OT) systems onboard your vessel vulnerable to cyber threats? Poor cybersecurity risk management of these systems and networks could lead to safety and operational hazards and can have catastrophic effects on operations, the environment or even cause loss of life. Assessments of vessel OT systems provide awareness of the current cyber conditions and unique vulnerabilities onboard. After completing 70+ vessel assessments, our experienced team of assessors has compiled and analyzed the most common observations, vulnerabilities and questions relating to maritime OT cybersecurity.

How isolated are vessel OT systems? What does a proper maritime OT Cybersecurity Incident Response Plan look like? What about proper Management of Change policies and procedures? And why is asset and inventory knowledge so important? All these questions will be addressed during this presentation, accompanied by real-life examples that will illustrate how you can better identify, protect, detect, respond and recover from the growing industrial cyber threats. This presentation takes years of experience from the field and condenses it into the most important lessons learned that you need to know now.

We will also discuss the future of OT cybersecurity, exploring topics such as Industrial Security Operations Centers (ISOC), network scanning and top concerns from different sectors of the maritime industry.

Learning Objectives for Presentation:
  • Understand the safety and operational cyber risks to OT systems onboard vessels
  • Learn how you can upgrade your cybersecurity capabilities 
  •  Learn where the maritime industry is heading in regard to OT cybersecurity

Strategies and Tools:
  • Cyber-enabled asset inventories
  • OT Cybersecurity Incident Response Plans
  • Management of Change policies and procedures

avatar for Brendan Ward

Brendan Ward

Senior Cyber Security Engineer, ABS Group

Tuesday October 26, 2021 2:15pm - 2:45pm EDT

2:15pm EDT

Combining Threats, Vulnerabilities and Consequences to Better Understand and Defend ICS systems
Securing Process Control and Safety Instrumented Systems requires a holistic approach that recognizes threats and vulnerabilities while also understanding the consequences of a compromised system. Many approaches today look at the threats and vulnerabilities (often focused mostly on the process control network) or the consequences (process risk) without viewing them as a unified landscape that we are trying to defend.

This presentation will discuss the processes and methodologies MITRE uses in the functional safety engineering space that helps to identify, quantify, and rectify process risk to systems while leveraging the real world threat and vulnerability information available to allow us to realistically prioritize our actions in strengthening our ICS security posture. This talk will dive into some tried and true techniques as well as some of the newer more contemporary approaches to understanding the threat and providing the required mitigations/controls to bring operations into the threshold of tolerable risk.

avatar for Michael	Thompson

Michael Thompson

National Cyber Security FFRDC (NCF), MITRE
avatar for Tom Cottle

Tom Cottle

Lead Cyber Physical & Control Systems / OT Security Engineer, MITRE Corporation
Tom is a Lead Cyber Physical & Control Systems/Operational Technology Security Engineer at The MITRE Corporation with more than 15 years working in process control engineering and design, process and functional safety, compliance program management, project management, risk analysis... Read More →

Tuesday October 26, 2021 2:15pm - 2:45pm EDT

2:45pm EDT

How to Talk to Your Board of Directors About Industrial Cybersecurity
Cybersecurity is the new hot topic with boards of directors. High-profile attacks in the news, regulatory changes and customer concerns are fueling their conversations. However, too often these discussions are derailed by technical narrative, myths and misinformation, creating confusion. Few boards have a clear understanding of what cybersecurity is, how it impacts growth and valuation and what they should be doing about it. As a result, boards tend to act in extremes, taking too little action or imposing unrealistic expectations.

For industrial cybersecurity, this is a much harder problem. As attackers expand from traditional Information Technology (IT) targets to the Operational Technology (OT) networks that directly impact operations and safety, companies are forced to rethink their cybersecurity programs. Unfortunately, most boards haven’t been able to get a handle on IT security, and now they must adapt to a whole new world of risk.

This presentation will provide executives the guidance they need to effectively present industrial cybersecurity risks and solutions to their boards of directors.

Key topics include:
  • Understanding the board’s perspective
  • Demystifying industrial cybersecurity and debunking myths
  • Breaking down industrial cybersecurity into business challenges and risk
  • Clearly defining the difference between IT and OT
  • How to drive immediate action to secure resources
  • Setting and managing board expectations
  • Potential questions the board will ask and how to answer
  • Dos and Don’ts (How to stay on the board’s good side)
  • How to explain a cyber exploit, including the scenario: “What if you were attacked?”

Communicating effectively to your board of directors can mean the difference between getting the resources you need now or consistently struggling to defend your operations against attack.

avatar for Ian Bramson

Ian Bramson

Global Head, Industrial Cybersecurity, ABS Group
Ian Bramson heads the Global Industrial Cybersecurity organization at ABS Group, where he works closely with senior executives across multiple industries including oil, gas and chemicals, power and energy, industrial manufacturing and maritime, to help minimize their cybersecurity... Read More →

Tuesday October 26, 2021 2:45pm - 3:15pm EDT

2:45pm EDT

Protecting Information and System Integrity in Manufacturing Environments
This discussion will address how manufacturing organizations can take a practical and extensive approach to securing their industrial control systems by implementing commercially available cybersecurity technologies.

This talk will step through the reference architecture and security solutions documented in NIST Special Publication 1800-10, Protecting Information and System Integrity in Industrial Control Systems Environments. Specifically, Dr. Powell will share a modular approach to integrating various commercially available security technologies together to: detect/prevent unauthorized software installation; identify, monitor, record, and analyze security events and incidents within a real-time OT environment; protect computers and ICS networks from potentially harmful applications using allow listing; determine if improper changes are made to a product or system; detect authenticated but unauthorized use of systems; validate the integrity of operating systems and application software files; continuously monitor the network for unusual events or trends; detect malware and mitigate any software designed to damage a computer, server, or computer network.

  • Understand potential cybersecurity risks in the manufacturing sector
  • Learn how to leverage NIST’s Cybersecurity Framework to strengthen manufacturing systems
  • Explore what commercially available technologies can improve cybersecurity within manufacturing environments

avatar for Dr. Michael Powell

Dr. Michael Powell

Cybersecurity Engineer, NIST/NCCoE
Michael Powell is a Cybersecurity Engineer at the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) in Rockville, Maryland. His research focuses on cybersecurity for the manufacturing sector, particularly how it impacts... Read More →

Tuesday October 26, 2021 2:45pm - 3:15pm EDT

3:20pm EDT

Leveraging the NIST CSF where Compliance Doesn’t Apply
Enhancing your cyber posture and achieving critical infrastructure resiliency is essential to your business. To achieve it, you need to understand the challenges of building such a cyber program, despite the evolving threat landscape and perpetually expanding regulatory standards.  When our clients seek to develop a more comprehensive cyber security program based on the NIST Cyber Security Framework (“CSF”), they intend to create a cyber security program to cover assets in their Operational Technology (OT) network not currently covered by regulatory compliance requirements. The starting point for achieving cyber resiliency is to implement a risk-centric program. To implement a risk-centric program, we assess the cyber threats and set realistic implementation goals to be completed.

Furthermore, well-defined governance processes enable organizations to continually adjust the program as both the business and threat environments change. Implementing a Cyber Resiliency program would likely not be practical without addressing the organizational disparity between the business technology environment and the ICS side. The program is not simply an expanded set of technical requirements—it may also require shifts in adoption and use, re-engineering of design and construction standards and processes, and new collaboration and accountability mechanisms.

Learning Objectives:
  • Develop a working understanding of NIST Cyber Security Framework
  • Understand the benefits of risk-based approach

avatar for John Biasi

John Biasi

Senior Consultant, Burns & McDonnell
John Biasi is a Senior Consultant with Burns & McDonnell.  He is also an adjunct professor at the Oklahoma State University Institute of Technology.  He received his Master of Business Administration degree with a concentration in Cybersecurity Management and his Bachelor of Science... Read More →

Tuesday October 26, 2021 3:20pm - 4:00pm EDT
Wednesday, October 27

10:00am EDT

Why the NVD Stinks: Using AI, NLP, and SBOMs to Discover Hidden Vulnerabilities
Most IT and OT practitioners assume that by searching the National Vulnerability Database (NVD), one will find all the vulnerabilities associated with a software product or device. Sadly this is not the case: the NVD is far from a complete set of vulnerabilities, with some sources claiming that 76% of all ICS vulnerabilities are missing from the NVD*. Furthermore, the NVD rarely maps vulnerabilities in software components back to the packages that contain those components, leaving ICS users no means of determining that the software they are deploying is at risk. Finally, mergers and acquisitions mean that the vendor name on the product in use often doesn't match the vendor name seen in the NVD disclosure details or the Common Platform Enumeration (CPE) listing.

This talk will discuss how a variety of Artificial Intelligence (AI) techniques can be used to discover vulnerability associations. Specifically, we will discuss how the combination of Natural Language Processing (NLP), extraction of Merger and Acquisition (M&A) product histories, and Software Bill of Materials (SBOM) analysis can alert both asset owners and suppliers to vulnerabilities hidden deep inside legacy products.

Learning Objectives
  • Understand the scope of the problem trying to associate component vulnerabilities with products and why AI is necessary.
  • Learn the different SBOM formats approved by NTIA and how they can be generated for both current and legacy software (when source code is unavailable).
  • Learn how to monitor your software supply chain for components and vendors that are problematic.

avatar for Eric Byres

Eric Byres

Chief Technology Officer, aDolus Technology
Eric Byres, the Chief Technology Officer at aDolus Technology Inc., is widely recognized as one of the world’s leading experts in the field of Operational Technology (OT) cybersecurity. He is the inventor of the Tofino Security technology – the most widely deployed OT-specific... Read More →

Wednesday October 27, 2021 10:00am - 10:30am EDT

10:30am EDT

Cyber Insurance Gets Real: How Cyber-Physical Events Will Push Insurance Companies to Find a Solution to the Cyber Risk Equation
Cyber is a risk equation. It takes into account the likelihood of successful attacks and the impacts and consequences those attacks can have. However, the variables in the cyber environment are what make it so unpredictable. The lack of historical data, the explosion in connectivity, the dependency on the digital world and a wildly changing operating environment make traditional risk models obsolete. This is why insurance has struggled so intensely with cybersecurity. As a result, many insurance companies do not offer cyber insurance, and if they do, it is often narrowly defined and filled with exclusions that the policies are non-competitive.
Cyber is no longer staying in the digital world. The rise of attacks on industrial operations and critical infrastructure are resulting in real-world impacts. No longer is cyber about stealing data; it now impacts the flow of oil, the functions of machinery, the navigation of vessels and the core operations of businesses. This translates into what now is called “cyber-physical”, the real-world operational and safety risk posed by industrial cyber attacks, and the latest buzzword around board rooms. 
This is a game-changer for insurance. The consequences of a cyber-physical event can be devastating and insurance can no longer ignore the issue. Insurance companies need to be able to tell whether an event was caused by a cyber attack, be able to assess damage and impact and develop the ability to underwrite an ever-changing risk environment. This will take rethinking risk and the tools used to assess, underwrite and manage risk. 
This presentation will address the emerging challenges of industrial cybersecurity for the insurance industry and the new tools, solutions and roles the industry must adopt to adapt to cyber risk.

avatar for Kyle Tobias

Kyle Tobias

Principal Sales Engineer – Industrial Cybersecurity, ABS Group
Kyle Tobias is a Principal Sales Engineer – Industrial Cybersecurity at ABS Group. With over 18 years of OT cybersecurity planning, operations, training and audit experience in the maritime, energy, banking, finance and telecommunications industries, he has assisted clients across... Read More →

Wednesday October 27, 2021 10:30am - 11:00am EDT

11:00am EDT

When the Network is Not Enough: Monitoring Level 1 for Insider Threats
The ICS security community tends to focus on Level 2 and above, emphasizing network segmentation and network monitoring with little attention paid to the Level 1 controllers that form the critical bridge between the cyber and physical worlds. However, network segmentation and monitoring provides little help when the threat comes from inside your network boundaries with trusted personnel physically interacting with your PLCs. Thankfully, most PLC vendors provide diagnostic information that can be monitored to detect malicious and accidental modifications to the PLC if you know where to look. 

Join this session to see how operators can leverage diagnostic information from three of the most popular vendors to monitor their PLCs for insider threats.

avatar for Dr. David Formby

Dr. David Formby

CEO/CTO, Fortiphyd Logic
David Formby is CEO/CTO and co-founder of Fortiphyd Logic. He received his Ph.D. from the Georgia Institute of Technology where he focused on developing novel attacks and defenses for industrial control system networks. David has presented at both academic and industry conferences... Read More →

Wednesday October 27, 2021 11:00am - 11:30am EDT

11:30am EDT

Quick Wins: Demonstrating ROI from your ICS Security project
Securing industrial operations is top of mind but implementing OT security can be a long journey. If you’re in charge of securing your organization’s ICS, you need quick wins to improve your security posture, align all stakeholders and demonstrate ROI.
  • What are the typical issues that can be easily fixed to reduce the attack surface?
  • How to deal with OT vulnerabilities? Where should you invest in patching?
  • Which foundations should you build to start securing your industrial networks?

avatar for David Gutshall

David Gutshall

Business Development Lead,, Cisco IoT
David has two decades of industry experience in global manufacturing and information technology, with leadership and technical acumen across a multitude of disciplines including network engineering, assembly operations, IT operations, and technology solution sales. At Cisco, he leads... Read More →
avatar for Fayce Daira

Fayce Daira

Technical Solution Architect, Cisco IoT
Fayce has been working in cybersecurity for 15 years. He started his career as a systems engineer for a network security distributor in Europe and co-founded Skyrecon Systems in 2008, an endpoint security vendor which was later acquired by Airbus Defense to form Stormshield. He lives... Read More →

Wednesday October 27, 2021 11:30am - 12:00pm EDT

11:30am EDT

Operational Integrity:​ Safeguarding Your OT Systems with Self-Learning AI
Join Jeff Cornelius, EVP, Cyber-Physical Security, as he uncovers the security challenges facing industrial environments and cyber-physical ecosystems. In addition to advances in attacker techniques, such as the rise of ICS ransomware, these include evolutions in the technological architecture of ICS, including digitized OT, exponential connections to Industrial IoT, and expanding internet-connected supply chains.  Here, Self-Learning AI provides the ideal solution to keep pace with rapid changes in the threat landscape and industrial technologies, with its ability to detect never-before-seen attacks and adapt to any changes in infrastructure.

In this session, he will explore:
  • A new generation of threats facing the industrial sector
  • Threat discovery: Advanced ICS attack at an international airport
  • Threat discovery: Targeting sensitive data via an air-conditioning unit

avatar for Jeff Cornelius

Jeff Cornelius

EVP, Cyber-Physical Security, Darktrace
Jeff Cornelius joined Darktrace in February of 2015 as Executive Vice President and oversees Darktrace’s Cyber-Physical Security solutions while serving as a subject matter expert around Darktrace’s solutions for OT/ICS environments. Jeff has been the featured/keynote speaker... Read More →

Wednesday October 27, 2021 11:30am - 12:00pm EDT

12:00pm EDT

Break: Please Visit Sponsor Booths
Wednesday October 27, 2021 12:00pm - 12:15pm EDT

12:15pm EDT

Reducing Industrial Cybersecurity Risk with Early Threat Detection & Incident Response
Now more than ever, industrial companies are facing increasing cyber threats and vulnerabilities in their IT/OT environments. Those that do more to identify indicators of compromise and attacks early, and quickly respond to contain and remediate the threats, will gain a competitive advantage in operational resilience. Based on recent Honeywell experience in delivering 100s of industrial cybersecurity projects world-wide, this presentation reflects on the latest cyber threats facing industrial businesses and what industry leaders are doing to detect threats earlier and respond to incidents faster.

avatar for Greg Randall

Greg Randall

Chief Revenue Officer, Honeywell Connected Cybersecurity
Greg Randall is the Chief Revenue Officer for Honeywell's Connected Cybersecurity business, where he is responsible for the global go to market strategy, sales execution, and client success related to Honeywell's cybersecurity products and managed services offerings. ​Prior to Honeywell... Read More →

Wednesday October 27, 2021 12:15pm - 12:45pm EDT

12:15pm EDT

Defense in Data: Decentralized ICS Cybersecurity Based on OT Data
Current industrial cybersecurity solutions are heavily based on networked approaches to security, and focus on using IT-first principles to create a secure “shell” around OT networks and ICS components. However, these approaches do not fully utilize the unique characteristics of ICSs. ICS components have a significant amount of industrial process data associated with them, such as control commands & sensor values, which correlate to the current state of the physical facility and process that ICS component is supervising. Monitoring of this process data can provide deep insight and detection of physical anomalies which are impossible to detect from purely digital information, such as degrading equipment and incorrect physical configurations. Current approaches to monitoring process data often begin by uploading this data to the cloud for analysis and detection. However, requiring this kind of data transfer is prohibitively expensive for sites with a large number of process data points, or for remote sites without access to high-bandwidth communications channels. Additionally, the data transfer paradigm creates additional vulnerability concerns – especially for defense-in-depth approaches – which industrial entities may prefer to avoid altogether.

This talk will show how adopting a decentralized approach allows for robust detection of threats to industrial infrastructure without incurring significant data transfer requirements, and that this approach is scalable to thousands of devices. We also show that with increasingly miniaturized electronics, and the decreasing cost of compute, this approach enhances defense-in-depth focused industrial cybersecurity.

avatar for Juan Lopez Jr.

Juan Lopez Jr.

Group Leader, Energy & Control Systems Security, Oak Ridge National Laboratory
avatar for Forrest Shriver

Forrest Shriver

CEO, Sentinel Devices
Entrepreneur and serial scientist, Forrest Shriver recently finished his dissertation at the University of Florida and is now the CEO of Sentinel Devices LLC, developing the next generation of industrial cybersecurity devices. Forrest has experience working in multiple roles, from... Read More →

Wednesday October 27, 2021 12:15pm - 12:45pm EDT

12:50pm EDT

Bringing Zero Trust to Industrial Control Systems
Traditional security offers a castle-and-moat or perimeter approach to assess whether connections are trustworthy and should be given access, but the current industrial control systems (ICS) ecosystem requires a different approach. Zero Trust reminds us that the information security perimeter never really existed. The pace of attacks, and ubiquity of IIoT is forcing us to improve our cyber-resilience quickly. This talk addresses how to bring Zero Trust to the ICS world: the benefits, the challenges, architectural constraints, planning and sizing the effort, success criteria, and future evolution. We will present a model for Zero Trust success, revealing how to integrate it with cybersecurity policies and procedures, set new requirements for vendors, align reporting and metrics, and properly use MSPs for ongoing trustworthiness.  

  1. Hear practical steps to take towards a comprehensive, integrated information security program covering all intelligent devices, sensors, and networks within and beyond the enterprise. 
  2. Understand how ICS teams can work with their IT counterparts on cybersecurity measures – risk assessment, appropriate countermeasures, and architectural assumptions. 
  3. Discover how technology leaders can better align the goals and effectiveness of enterprise detection, mitigation, and response to cyberthreats across their IT infrastructure.

avatar for William Malik

William Malik

VP Infrastructure Strategies, Trend Micro

Wednesday October 27, 2021 12:50pm - 1:30pm EDT

1:30pm EDT

Break: Please Visit Sponsor Booths
Wednesday October 27, 2021 1:30pm - 1:45pm EDT

1:45pm EDT

Ryuk on Industrial Control System Networks
Ransomware is the most common attack type against organizations with industrial control system networks today, with incidents leading to shutdowns of critical infrastructure, millions of dollars in productivity lost per hour, layoffs, and ripple effects across multiple markets. Of ransomware strains in use today, Ryuk ransomware actors in particular appear to gravitate toward organizations with industrial control system networks. In addition, there have been more documented cases of Ryuk ending up on operational technology networks themselves compared to most other ransomware strains. This session will provide a deep dive on Ryuk, examine why the actors behind it are targeting industrial control systems, how the ransomware has jumped segmentation into ICS and OT networks, and explore new mechanisms in the malware’s propagation mechanism that might make it even more capable of getting on OT networks in the future. Case studies of specific instances in which Ryuk has migrated into OT networks will be part of this discussion. The session will end with concrete measures organizations with ICS networks can take to shore up defenses against this particular ransomware strain.

avatar for Camille Singleton

Camille Singleton

Senior Strategic Cyber Threat Lead, IBM
Camille Singleton brings fifteen years of professional experience to cybersecurity topics, both in the US government and as an analyst at IBM. While specializing in threats to operational technology, she is conversant on a range of topics affecting the cyber threat landscape, including... Read More →

Wednesday October 27, 2021 1:45pm - 2:15pm EDT

2:15pm EDT

2021 Update to IT/OT Convergence
While IT/OT Convergence has been discussed heavily in recent years,  it remains an area of concern and a challenge. Real world attacks against ICS/SCADA and others, such as SolarWinds, Colonial Pipeline, JBS meat processing, and Kaseya, are raising concerns about interconnectivity and the resulting vulnerability of ICS/SCADA systems. While some organizations are taking steps to converge cyber control and cybersecurity of their IT and OT operations, much still needs to be done and more organizations need to recognize the need.

This presentation will discuss:

  • The threat landscape and actions organizations can take to increase awareness among executives and senior management
  • The challenges of ever increasing connectivity between OT and IT infrastructure and/or connectivity of OT infrastructure to the Internet, lack of documented connectivity, resistance to change, denial, misunderstanding, and delays to ICS upgrades,
  • Best practices of network and subnet segmentation, online and offline backups, patching, strong access protection, and others, and,
  • The need for maintaining safety, continuity of operation, recognition of the long life cycle of ICS, and understanding of the differences between OT and IT.

avatar for Jack D. Oden

Jack D. Oden

Program Director, ICS Cybersecurity SME, and Consultant, Parsons
Jack D. Oden, Principal Project Manager and ICS Cybersecurity Subject Matter Expert (SME), is a self-motivated, energetic, and accomplished team player and speaker with twenty years’ experience in negotiating system improvements between users and engineers; developing projects... Read More →

Wednesday October 27, 2021 2:15pm - 2:55pm EDT

3:00pm EDT

Defense-in-Depth: Differences Between an IT and OT Approach
The threat to network, control, and physical security systems has never been greater and points to a need for a holistic information technology/operation technology (IT/OT) approach. Environments change constantly, and the magnitude of risk varies by customer. Given the complexity and ever-changing nature of the asymmetric threat, it is possible that traditional IT approaches to resolve cybersecurity issues in critical infrastructure may not identify systemic flaws in certain situations. These flaws may provide openings for attacks, which would then place the client in jeopardy. Client jeopardy in cybersecurity, functionality, and physical security stems from vulnerabilities and threats that capitalize on them. An integrated IT-OT approach needs to be designed to evaluate these areas for weaknesses, but if adequate information is not available, vulnerabilities and threats may escape notice. Further, the very nature of information systems is that the advantage is to the attacker, and in most cases, the network defense is in a constant state of reaction to identified vulnerabilities and new or evolving threats. In addition, critical infrastructure/industrial control system networks have unique characteristics that make them vulnerable to attacks if not secured correctly.

This talk will address the main differences between IT and OT from the perspective of Defense in depth, with real live examples on OT assessments.

This presentation addresses technical areas such as network, software and hardware controls, and administrative policies and procedures to provide a layered security posture.

avatar for Juan Espinosa

Juan Espinosa

Principal Project Manager, Cyber & Intelligence Division, Parsons Government Services
Juan Espinosa is a licensed Professional Engineer with 20+ years of experience in project and program management supporting cybersecurity, design, and construction programs, primarily for Federal customers including DOD, DOS, and USACE. He has led diverse and complex projects from... Read More →

Wednesday October 27, 2021 3:00pm - 3:45pm EDT

3:45pm EDT

Virtual Networking, Solutions Theater and Expo

Wednesday October 27, 2021 3:45pm - 4:30pm EDT
Thursday, October 28

9:00am EDT

Applied ICS Security Training Lab
[Register for This Training Session - $495]

This full-day lab course gives participants hands-on experience attacking and hardening a simulated power plant network to learn about common ICS vulnerabilities and defenses. Participants will attack historians, HMIs, and PLCs to cause a power outage in the 3D simulation, and then implement defenses like firewalls and network monitoring to harden it.

Key Takeaways
•    Deeper understanding of common vulnerabilities in ICS networks and devices
•    Techniques for testing ICS devices for various vulnerabilities
•    Practical experience hardening ICS device configurations and using network defenses

Topics Covered
•  Scanning ICS networks
•  Exploiting web vulnerabilities in the DMZ
•  Sniffing industrial network traffic
•  Password cracking
•  PLC and HMI programming
•  Understanding Linux and Windows logs
•  Using Yara to scan for ICS malware
• Writing host and network firewall rules for ICS
• ICS network intrusion detection

Participants must bring their own laptop with either Chrome or Firefox installed. Some Linux experience is helpful but not required.

Register Now

avatar for Dr. David Formby

Dr. David Formby

CEO/CTO, Fortiphyd Logic
David Formby is CEO/CTO and co-founder of Fortiphyd Logic. He received his Ph.D. from the Georgia Institute of Technology where he focused on developing novel attacks and defenses for industrial control system networks. David has presented at both academic and industry conferences... Read More →

Thursday October 28, 2021 9:00am - 5:00pm EDT

9:00am EDT

Red vs. Blue: OT/ICS Cybersecurity & Incident Response Workshop
[Register for This Training Session - $495]

Introduction to OT/ICS Cybersecurity & Incident Response

From management to engineers and end-users, cybersecurity and incident preparedness begins with people. This course starts at the cybersecurity program level and helps students understand cybersecurity concepts, controls, and overall cyber risk management strategy. It introduces beginner to intermediate topics such as OT/ICS vulnerabilities, “hacker” methodologies, security controls, and incident response (IR) at a comfortable and easy to follow pace. These topics are then exercised and reinforced against an active adversary, IR tabletop exercise style, using the ThreatGEN® Red vs. Blue cybersecurity gamification platform

What will you get out of this course?
  • Gain a comprehensive, “big picture” understanding of how all the cybersecurity pieces work together.
  • An introductory overview of the concepts, function, and components of industrial control systems, equipment, and technology
  • Learn vulnerabilities and attack vectors specific to ICS.
  • Learn about the methods and strategies hackers use to attack industrial control systems as well as traditional IT systems (Introductory level. This is not a technical hands-on, “hacking” course)
  • Learn and apply practical industrial cybersecurity and risk management concepts.
  • Learn how to deploy efficient and cost-effective mitigation strategies and security controls
  • Learn how to build a complete ICS cyber security program.
  • Apply what you’ve learned against an active adversary using the cutting-edge, turn-based cybersecurity simulation
  • Learn how to respond to, adapt, and defend against active attacks (Introductory level, this is not a technical incident response or threat hunting class)
  • Participate as the blue team and the red team, regardless of experience or technical skill level.
  • Taught by world-renown ICS cybersecurity experts with decades of real-world experience

[Register for This Training Session - $495]

avatar for Clint Bodungen

Clint Bodungen

President & CEO, ThreatGEN
Clint is a recognized industrial cybersecurity expert, public speaker, and lead author of the book “Hacking Exposed: Industrial Control Systems”. He is a United States Air Force veteran, has been an INFOSEC (now called “cybersecurity”) professional for more than 20 years... Read More →

Thursday October 28, 2021 9:00am - 5:00pm EDT
  • Timezone
  • Filter By Date 2021 ICS Cyber Security Conference Oct 26 -28, 2021
  • Filter By Venue Atlanta, GA, USA
  • Filter By Type
  • Break
  • Main Stage
  • Strategy Track
  • Tech Track
  • Training

Filter sessions
Apply filters to sessions.