2021 ICS Cyber Security Conference

As more and more industrial devices connect to corporate networks, and therefore the internet, SCADA and industrial control systems become increasingly vulnerable to attack.  Some consider them low hanging fruit given many run unpatched and have been in place for more than 20 years.  OT systems around the world are barraged with both recycled IT-based attacks and purpose-built OT exploits. One survey finds that 74% of OT professionals had experienced a breachin the past 12 months. During this session, we will explore the impact and considerations for safe and secure operations including the need to:

• Evaluate the architecture needed to secure aging equipment and neutralize the impact on safety, uptime and time-to-market
• Explore the Cybersecurity Maturity Scale to leverage data analytics, threat intelligence and sustained situational awareness to inform decision making
• Understand how the Fortinet Security Fabric can provide foundation for securing industrial controls and SCADA systems in any environment

Industrial organizations are quickly adopting Internet of Things (IoT) technologies to reduce costs and deliver more value to customers and shareholders. Unfortunately, the widespread deployment of IoT is creating new security risks, as many organizations lack the ability to monitor and secure their IoT devices. Join us for a discussion on: The transition of OT networks into IoT networks The visibility, monitoring and security challenges created by IoT technology IoT use cases within industrial operations Effective ways to close the IoT security gap.

Securing Process Control and Safety Instrumented Systems requires a holistic approach that recognizes threats and vulnerabilities while also understanding the consequences of a compromised system. Many approaches today look at the threats and vulnerabilities (often focused mostly on the process control network) or the consequences (process risk) without viewing them as a unified landscape that we are trying to defend.

This presentation will discuss the processes and methodologies MITRE uses in the functional safety engineering space that helps to identify, quantify, and rectify process risk to systems while leveraging the real world threat and vulnerability information available to allow us to realistically prioritize our actions in strengthening our ICS security posture. This talk will dive into some tried and true techniques as well as some of the newer more contemporary approaches to understanding the threat and providing the required mitigations/controls to bring operations into the threshold of tolerable risk.

This discussion will address how manufacturing organizations can take a practical and extensive approach to securing their industrial control systems by implementing commercially available cybersecurity technologies.

This talk will step through the reference architecture and security solutions documented in NIST Special Publication 1800-10, Protecting Information and System Integrity in Industrial Control Systems Environments. Specifically, Dr. Powell will share a modular approach to integrating various commercially available security technologies together to: detect/prevent unauthorized software installation; identify, monitor, record, and analyze security events and incidents within a real-time OT environment; protect computers and ICS networks from potentially harmful applications using allow listing; determine if improper changes are made to a product or system; detect authenticated but unauthorized use of systems; validate the integrity of operating systems and application software files; continuously monitor the network for unusual events or trends; detect malware and mitigate any software designed to damage a computer, server, or computer network.

SESSION OBJECTIVES: 

• Understand potential cybersecurity risks in the manufacturing sector
• Learn how to leverage NIST’s Cybersecurity Framework to strengthen manufacturing systems
• Explore what commercially available technologies can improve cybersecurity within manufacturing environments

Enhancing your cyber posture and achieving critical infrastructure resiliency is essential to your business. To achieve it, you need to understand the challenges of building such a cyber program, despite the evolving threat landscape and perpetually expanding regulatory standards.  When our clients seek to develop a more comprehensive cyber security program based on the NIST Cyber Security Framework (“CSF”), they intend to create a cyber security program to cover assets in their Operational Technology (OT) network not currently covered by regulatory compliance requirements. The starting point for achieving cyber resiliency is to implement a risk-centric program. To implement a risk-centric program, we assess the cyber threats and set realistic implementation goals to be completed.

Furthermore, well-defined governance processes enable organizations to continually adjust the program as both the business and threat environments change. Implementing a Cyber Resiliency program would likely not be practical without addressing the organizational disparity between the business technology environment and the ICS side. The program is not simply an expanded set of technical requirements—it may also require shifts in adoption and use, re-engineering of design and construction standards and processes, and new collaboration and accountability mechanisms.

Learning Objectives:

• Develop a working understanding of NIST Cyber Security Framework
• Understand the benefits of risk-based approach

The ICS security community tends to focus on Level 2 and above, emphasizing network segmentation and network monitoring with little attention paid to the Level 1 controllers that form the critical bridge between the cyber and physical worlds. However, network segmentation and monitoring provides little help when the threat comes from inside your network boundaries with trusted personnel physically interacting with your PLCs. Thankfully, most PLC vendors provide diagnostic information that can be monitored to detect malicious and accidental modifications to the PLC if you know where to look. 


Join this session to see how operators can leverage diagnostic information from three of the most popular vendors to monitor their PLCs for insider threats.

Join Jeff Cornelius, EVP, Cyber-Physical Security, as he uncovers the security challenges facing industrial environments and cyber-physical ecosystems. In addition to advances in attacker techniques, such as the rise of ICS ransomware, these include evolutions in the technological architecture of ICS, including digitized OT, exponential connections to Industrial IoT, and expanding internet-connected supply chains.  Here, Self-Learning AI provides the ideal solution to keep pace with rapid changes in the threat landscape and industrial technologies, with its ability to detect never-before-seen attacks and adapt to any changes in infrastructure.

In this session, he will explore:

• A new generation of threats facing the industrial sector
• Threat discovery: Advanced ICS attack at an international airport
• Threat discovery: Targeting sensitive data via an air-conditioning unit

Current industrial cybersecurity solutions are heavily based on networked approaches to security, and focus on using IT-first principles to create a secure “shell” around OT networks and ICS components. However, these approaches do not fully utilize the unique characteristics of ICSs. ICS components have a significant amount of industrial process data associated with them, such as control commands & sensor values, which correlate to the current state of the physical facility and process that ICS component is supervising. Monitoring of this process data can provide deep insight and detection of physical anomalies which are impossible to detect from purely digital information, such as degrading equipment and incorrect physical configurations. Current approaches to monitoring process data often begin by uploading this data to the cloud for analysis and detection. However, requiring this kind of data transfer is prohibitively expensive for sites with a large number of process data points, or for remote sites without access to high-bandwidth communications channels. Additionally, the data transfer paradigm creates additional vulnerability concerns – especially for defense-in-depth approaches – which industrial entities may prefer to avoid altogether.

This talk will show how adopting a decentralized approach allows for robust detection of threats to industrial infrastructure without incurring significant data transfer requirements, and that this approach is scalable to thousands of devices. We also show that with increasingly miniaturized electronics, and the decreasing cost of compute, this approach enhances defense-in-depth focused industrial cybersecurity.

Traditional security offers a castle-and-moat or perimeter approach to assess whether connections are trustworthy and should be given access, but the current industrial control systems (ICS) ecosystem requires a different approach. Zero Trust reminds us that the information security perimeter never really existed. The pace of attacks, and ubiquity of IIoT is forcing us to improve our cyber-resilience quickly. This talk addresses how to bring Zero Trust to the ICS world: the benefits, the challenges, architectural constraints, planning and sizing the effort, success criteria, and future evolution. We will present a model for Zero Trust success, revealing how to integrate it with cybersecurity policies and procedures, set new requirements for vendors, align reporting and metrics, and properly use MSPs for ongoing trustworthiness.  

1. Hear practical steps to take towards a comprehensive, integrated information security program covering all intelligent devices, sensors, and networks within and beyond the enterprise. 
2. Understand how ICS teams can work with their IT counterparts on cybersecurity measures – risk assessment, appropriate countermeasures, and architectural assumptions. 
3. Discover how technology leaders can better align the goals and effectiveness of enterprise detection, mitigation, and response to cyberthreats across their IT infrastructure.

Ransomware is the most common attack type against organizations with industrial control system networks today, with incidents leading to shutdowns of critical infrastructure, millions of dollars in productivity lost per hour, layoffs, and ripple effects across multiple markets. Of ransomware strains in use today, Ryuk ransomware actors in particular appear to gravitate toward organizations with industrial control system networks. In addition, there have been more documented cases of Ryuk ending up on operational technology networks themselves compared to most other ransomware strains. This session will provide a deep dive on Ryuk, examine why the actors behind it are targeting industrial control systems, how the ransomware has jumped segmentation into ICS and OT networks, and explore new mechanisms in the malware’s propagation mechanism that might make it even more capable of getting on OT networks in the future. Case studies of specific instances in which Ryuk has migrated into OT networks will be part of this discussion. The session will end with concrete measures organizations with ICS networks can take to shore up defenses against this particular ransomware strain.