2021 ICS Cyber Security Conference

With billions of connected devices powering up every year, crowded markets have created unique challenges and opportunities for device manufacturers. In this environment, competitive differentiation is key. As attackers move away from application layer attacks, connected devices are now the ultimate low-hanging fruit to offer unauthorized access to critical IT and OT networks. 

Breaches in product security will have unprecedented impacts on device manufacturers and owners. According to Gartner, cyber-physical attacks resulting in fatal casualties will cost over $50B by 2023. Even the White House is taking note, with a new Cybersecurity EO that will add new requirements for secure software. 

In this presentation by Finite State, we’ll take a close look at how product security breaches occur, and how the financial impact of these breaches have tangible permanent effects on industry competitors. Learn proactive approaches to product security that are being adopted by some of the world’s largest device manufacturers, as well as how to ensure that your product security strategies generate value for your customers and shareholders.

Recent ransomware attacks that shut down production for a US gas pipeline and global food processor have raised board-level awareness about IoT and Operational Technology (OT) risk. Increased IT/OT connectivity to support the business has now made it easier for adversaries to move laterally from IT to OT and vice-versa — yet many organizations continue to operate on the assumption that their OT networks are either air-gapped or sufficiently segmented from their IT networks to prevent this. In our risk assessments for organizations across all industry verticals, we have found this to be a false assumption in the majority of cases. In this 10-minute session, we’ll review some real-world attack chains and discuss why you need the bird’s eye view provided by SIEM and XDR — combined with rich telemetry provided by agentless, OT-aware network detection and response (NDR) — to detect and respond to modern multi-stage attacks that typically cross IT/OT boundaries.

Are the Operational Technology (OT) systems onboard your vessel vulnerable to cyber threats? Poor cybersecurity risk management of these systems and networks could lead to safety and operational hazards and can have catastrophic effects on operations, the environment or even cause loss of life. Assessments of vessel OT systems provide awareness of the current cyber conditions and unique vulnerabilities onboard. After completing 70+ vessel assessments, our experienced team of assessors has compiled and analyzed the most common observations, vulnerabilities and questions relating to maritime OT cybersecurity.

How isolated are vessel OT systems? What does a proper maritime OT Cybersecurity Incident Response Plan look like? What about proper Management of Change policies and procedures? And why is asset and inventory knowledge so important? All these questions will be addressed during this presentation, accompanied by real-life examples that will illustrate how you can better identify, protect, detect, respond and recover from the growing industrial cyber threats. This presentation takes years of experience from the field and condenses it into the most important lessons learned that you need to know now.

We will also discuss the future of OT cybersecurity, exploring topics such as Industrial Security Operations Centers (ISOC), network scanning and top concerns from different sectors of the maritime industry.

Learning Objectives for Presentation:

• Understand the safety and operational cyber risks to OT systems onboard vessels
• Learn how you can upgrade your cybersecurity capabilities 
•  Learn where the maritime industry is heading in regard to OT cybersecurity

Strategies and Tools:

• Cyber-enabled asset inventories
• OT Cybersecurity Incident Response Plans
• Management of Change policies and procedures

Cybersecurity is the new hot topic with boards of directors. High-profile attacks in the news, regulatory changes and customer concerns are fueling their conversations. However, too often these discussions are derailed by technical narrative, myths and misinformation, creating confusion. Few boards have a clear understanding of what cybersecurity is, how it impacts growth and valuation and what they should be doing about it. As a result, boards tend to act in extremes, taking too little action or imposing unrealistic expectations.

For industrial cybersecurity, this is a much harder problem. As attackers expand from traditional Information Technology (IT) targets to the Operational Technology (OT) networks that directly impact operations and safety, companies are forced to rethink their cybersecurity programs. Unfortunately, most boards haven’t been able to get a handle on IT security, and now they must adapt to a whole new world of risk.

This presentation will provide executives the guidance they need to effectively present industrial cybersecurity risks and solutions to their boards of directors.

Key topics include:

• Understanding the board’s perspective
• Demystifying industrial cybersecurity and debunking myths
• Breaking down industrial cybersecurity into business challenges and risk
• Clearly defining the difference between IT and OT
• How to drive immediate action to secure resources
• Setting and managing board expectations
• Potential questions the board will ask and how to answer
• Dos and Don’ts (How to stay on the board’s good side)
• How to explain a cyber exploit, including the scenario: “What if you were attacked?”

Communicating effectively to your board of directors can mean the difference between getting the resources you need now or consistently struggling to defend your operations against attack.

Securing industrial operations is top of mind but implementing OT security can be a long journey. If you’re in charge of securing your organization’s ICS, you need quick wins to improve your security posture, align all stakeholders and demonstrate ROI.

• What are the typical issues that can be easily fixed to reduce the attack surface?
• How to deal with OT vulnerabilities? Where should you invest in patching?
• Which foundations should you build to start securing your industrial networks?

Now more than ever, industrial companies are facing increasing cyber threats and vulnerabilities in their IT/OT environments. Those that do more to identify indicators of compromise and attacks early, and quickly respond to contain and remediate the threats, will gain a competitive advantage in operational resilience. Based on recent Honeywell experience in delivering 100s of industrial cybersecurity projects world-wide, this presentation reflects on the latest cyber threats facing industrial businesses and what industry leaders are doing to detect threats earlier and respond to incidents faster.

While IT/OT Convergence has been discussed heavily in recent years,  it remains an area of concern and a challenge. Real world attacks against ICS/SCADA and others, such as SolarWinds, Colonial Pipeline, JBS meat processing, and Kaseya, are raising concerns about interconnectivity and the resulting vulnerability of ICS/SCADA systems. While some organizations are taking steps to converge cyber control and cybersecurity of their IT and OT operations, much still needs to be done and more organizations need to recognize the need.

This presentation will discuss:

• The threat landscape and actions organizations can take to increase awareness among executives and senior management
• The challenges of ever increasing connectivity between OT and IT infrastructure and/or connectivity of OT infrastructure to the Internet, lack of documented connectivity, resistance to change, denial, misunderstanding, and delays to ICS upgrades,
• Best practices of network and subnet segmentation, online and offline backups, patching, strong access protection, and others, and,
• The need for maintaining safety, continuity of operation, recognition of the long life cycle of ICS, and understanding of the differences between OT and IT.

The threat to network, control, and physical security systems has never been greater and points to a need for a holistic information technology/operation technology (IT/OT) approach. Environments change constantly, and the magnitude of risk varies by customer. Given the complexity and ever-changing nature of the asymmetric threat, it is possible that traditional IT approaches to resolve cybersecurity issues in critical infrastructure may not identify systemic flaws in certain situations. These flaws may provide openings for attacks, which would then place the client in jeopardy. Client jeopardy in cybersecurity, functionality, and physical security stems from vulnerabilities and threats that capitalize on them. An integrated IT-OT approach needs to be designed to evaluate these areas for weaknesses, but if adequate information is not available, vulnerabilities and threats may escape notice. Further, the very nature of information systems is that the advantage is to the attacker, and in most cases, the network defense is in a constant state of reaction to identified vulnerabilities and new or evolving threats. In addition, critical infrastructure/industrial control system networks have unique characteristics that make them vulnerable to attacks if not secured correctly.

This talk will address the main differences between IT and OT from the perspective of Defense in depth, with real live examples on OT assessments.

This presentation addresses technical areas such as network, software and hardware controls, and administrative policies and procedures to provide a layered security posture.