This is the 2021 Agenda - The Full Agenda for 2022 Will Available Shortly. (See Available Training Options for 2022) - Register for 2022 Now

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tech Track [clear filter]
Tuesday, October 26

1:00pm EDT

Security for the Evolving Needs of Industrial Environments
As more and more industrial devices connect to corporate networks, and therefore the internet, SCADA and industrial control systems become increasingly vulnerable to attack.  Some consider them low hanging fruit given many run unpatched and have been in place for more than 20 years.  OT systems around the world are barraged with both recycled IT-based attacks and purpose-built OT exploits. One survey finds that 74% of OT professionals had experienced a breachin the past 12 months. During this session, we will explore the impact and considerations for safe and secure operations including the need to:
  • Evaluate the architecture needed to secure aging equipment and neutralize the impact on safety, uptime and time-to-market
  • Explore the Cybersecurity Maturity Scale to leverage data analytics, threat intelligence and sustained situational awareness to inform decision making
  • Understand how the Fortinet Security Fabric can provide foundation for securing industrial controls and SCADA systems in any environment

avatar for Carlos Sanchez

Carlos Sanchez

Director - Operational Technology, Central USA, Fortinet
Carlos is a technologist with 32 years of experience in network, telecommunications, and critical infrastructure security. He specializes in simplifying complex business problems with a pragmatic application of technology. With a wide range of experience ranging from US Air Force... Read More →

Tuesday October 26, 2021 1:00pm - 1:30pm EDT

1:30pm EDT

Closing IoT Gaps in Your Operations
Industrial organizations are quickly adopting Internet of Things (IoT) technologies to reduce costs and deliver more value to customers and shareholders. Unfortunately, the widespread deployment of IoT is creating new security risks, as many organizations lack the ability to monitor and secure their IoT devices. Join us for a discussion on: The transition of OT networks into IoT networks The visibility, monitoring and security challenges created by IoT technology IoT use cases within industrial operations Effective ways to close the IoT security gap.

avatar for Phil Trainor

Phil Trainor

Federal Product Manager, Nozomi Networks
Phil is an expert in creating and implementing threat intelligence driven products and solutions for the network security industry with a focus on Telecom, Government, Enterprise, and Cloud. He specializes in production network security auditing, SecOps, visibility, security testing... Read More →

Tuesday October 26, 2021 1:30pm - 2:00pm EDT

2:15pm EDT

Combining Threats, Vulnerabilities and Consequences to Better Understand and Defend ICS systems
Securing Process Control and Safety Instrumented Systems requires a holistic approach that recognizes threats and vulnerabilities while also understanding the consequences of a compromised system. Many approaches today look at the threats and vulnerabilities (often focused mostly on the process control network) or the consequences (process risk) without viewing them as a unified landscape that we are trying to defend.

This presentation will discuss the processes and methodologies MITRE uses in the functional safety engineering space that helps to identify, quantify, and rectify process risk to systems while leveraging the real world threat and vulnerability information available to allow us to realistically prioritize our actions in strengthening our ICS security posture. This talk will dive into some tried and true techniques as well as some of the newer more contemporary approaches to understanding the threat and providing the required mitigations/controls to bring operations into the threshold of tolerable risk.

avatar for Michael	Thompson

Michael Thompson

National Cyber Security FFRDC (NCF), MITRE
avatar for Tom Cottle

Tom Cottle

Lead Cyber Physical & Control Systems / OT Security Engineer, MITRE Corporation
Tom is a Lead Cyber Physical & Control Systems/Operational Technology Security Engineer at The MITRE Corporation with more than 15 years working in process control engineering and design, process and functional safety, compliance program management, project management, risk analysis... Read More →

Tuesday October 26, 2021 2:15pm - 2:45pm EDT

2:45pm EDT

Protecting Information and System Integrity in Manufacturing Environments
This discussion will address how manufacturing organizations can take a practical and extensive approach to securing their industrial control systems by implementing commercially available cybersecurity technologies.

This talk will step through the reference architecture and security solutions documented in NIST Special Publication 1800-10, Protecting Information and System Integrity in Industrial Control Systems Environments. Specifically, Dr. Powell will share a modular approach to integrating various commercially available security technologies together to: detect/prevent unauthorized software installation; identify, monitor, record, and analyze security events and incidents within a real-time OT environment; protect computers and ICS networks from potentially harmful applications using allow listing; determine if improper changes are made to a product or system; detect authenticated but unauthorized use of systems; validate the integrity of operating systems and application software files; continuously monitor the network for unusual events or trends; detect malware and mitigate any software designed to damage a computer, server, or computer network.

  • Understand potential cybersecurity risks in the manufacturing sector
  • Learn how to leverage NIST’s Cybersecurity Framework to strengthen manufacturing systems
  • Explore what commercially available technologies can improve cybersecurity within manufacturing environments

avatar for Dr. Michael Powell

Dr. Michael Powell

Cybersecurity Engineer, NIST/NCCoE
Michael Powell is a Cybersecurity Engineer at the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) in Rockville, Maryland. His research focuses on cybersecurity for the manufacturing sector, particularly how it impacts... Read More →

Tuesday October 26, 2021 2:45pm - 3:15pm EDT

3:20pm EDT

Leveraging the NIST CSF where Compliance Doesn’t Apply
Enhancing your cyber posture and achieving critical infrastructure resiliency is essential to your business. To achieve it, you need to understand the challenges of building such a cyber program, despite the evolving threat landscape and perpetually expanding regulatory standards.  When our clients seek to develop a more comprehensive cyber security program based on the NIST Cyber Security Framework (“CSF”), they intend to create a cyber security program to cover assets in their Operational Technology (OT) network not currently covered by regulatory compliance requirements. The starting point for achieving cyber resiliency is to implement a risk-centric program. To implement a risk-centric program, we assess the cyber threats and set realistic implementation goals to be completed.

Furthermore, well-defined governance processes enable organizations to continually adjust the program as both the business and threat environments change. Implementing a Cyber Resiliency program would likely not be practical without addressing the organizational disparity between the business technology environment and the ICS side. The program is not simply an expanded set of technical requirements—it may also require shifts in adoption and use, re-engineering of design and construction standards and processes, and new collaboration and accountability mechanisms.

Learning Objectives:
  • Develop a working understanding of NIST Cyber Security Framework
  • Understand the benefits of risk-based approach

avatar for John Biasi

John Biasi

Senior Consultant, Burns & McDonnell
John Biasi is a Senior Consultant with Burns & McDonnell.  He is also an adjunct professor at the Oklahoma State University Institute of Technology.  He received his Master of Business Administration degree with a concentration in Cybersecurity Management and his Bachelor of Science... Read More →

Tuesday October 26, 2021 3:20pm - 4:00pm EDT
Wednesday, October 27

11:00am EDT

When the Network is Not Enough: Monitoring Level 1 for Insider Threats
The ICS security community tends to focus on Level 2 and above, emphasizing network segmentation and network monitoring with little attention paid to the Level 1 controllers that form the critical bridge between the cyber and physical worlds. However, network segmentation and monitoring provides little help when the threat comes from inside your network boundaries with trusted personnel physically interacting with your PLCs. Thankfully, most PLC vendors provide diagnostic information that can be monitored to detect malicious and accidental modifications to the PLC if you know where to look. 

Join this session to see how operators can leverage diagnostic information from three of the most popular vendors to monitor their PLCs for insider threats.

avatar for Dr. David Formby

Dr. David Formby

CEO/CTO, Fortiphyd Logic
David Formby is CEO/CTO and co-founder of Fortiphyd Logic. He received his Ph.D. from the Georgia Institute of Technology where he focused on developing novel attacks and defenses for industrial control system networks. David has presented at both academic and industry conferences... Read More →

Wednesday October 27, 2021 11:00am - 11:30am EDT

11:30am EDT

Operational Integrity:​ Safeguarding Your OT Systems with Self-Learning AI
Join Jeff Cornelius, EVP, Cyber-Physical Security, as he uncovers the security challenges facing industrial environments and cyber-physical ecosystems. In addition to advances in attacker techniques, such as the rise of ICS ransomware, these include evolutions in the technological architecture of ICS, including digitized OT, exponential connections to Industrial IoT, and expanding internet-connected supply chains.  Here, Self-Learning AI provides the ideal solution to keep pace with rapid changes in the threat landscape and industrial technologies, with its ability to detect never-before-seen attacks and adapt to any changes in infrastructure.

In this session, he will explore:
  • A new generation of threats facing the industrial sector
  • Threat discovery: Advanced ICS attack at an international airport
  • Threat discovery: Targeting sensitive data via an air-conditioning unit

avatar for Jeff Cornelius

Jeff Cornelius

EVP, Cyber-Physical Security, Darktrace
Jeff Cornelius joined Darktrace in February of 2015 as Executive Vice President and oversees Darktrace’s Cyber-Physical Security solutions while serving as a subject matter expert around Darktrace’s solutions for OT/ICS environments. Jeff has been the featured/keynote speaker... Read More →

Wednesday October 27, 2021 11:30am - 12:00pm EDT

12:15pm EDT

Defense in Data: Decentralized ICS Cybersecurity Based on OT Data
Current industrial cybersecurity solutions are heavily based on networked approaches to security, and focus on using IT-first principles to create a secure “shell” around OT networks and ICS components. However, these approaches do not fully utilize the unique characteristics of ICSs. ICS components have a significant amount of industrial process data associated with them, such as control commands & sensor values, which correlate to the current state of the physical facility and process that ICS component is supervising. Monitoring of this process data can provide deep insight and detection of physical anomalies which are impossible to detect from purely digital information, such as degrading equipment and incorrect physical configurations. Current approaches to monitoring process data often begin by uploading this data to the cloud for analysis and detection. However, requiring this kind of data transfer is prohibitively expensive for sites with a large number of process data points, or for remote sites without access to high-bandwidth communications channels. Additionally, the data transfer paradigm creates additional vulnerability concerns – especially for defense-in-depth approaches – which industrial entities may prefer to avoid altogether.

This talk will show how adopting a decentralized approach allows for robust detection of threats to industrial infrastructure without incurring significant data transfer requirements, and that this approach is scalable to thousands of devices. We also show that with increasingly miniaturized electronics, and the decreasing cost of compute, this approach enhances defense-in-depth focused industrial cybersecurity.

avatar for Juan Lopez Jr.

Juan Lopez Jr.

Group Leader, Energy & Control Systems Security, Oak Ridge National Laboratory
avatar for Forrest Shriver

Forrest Shriver

CEO, Sentinel Devices
Entrepreneur and serial scientist, Forrest Shriver recently finished his dissertation at the University of Florida and is now the CEO of Sentinel Devices LLC, developing the next generation of industrial cybersecurity devices. Forrest has experience working in multiple roles, from... Read More →

Wednesday October 27, 2021 12:15pm - 12:45pm EDT

12:50pm EDT

Bringing Zero Trust to Industrial Control Systems
Traditional security offers a castle-and-moat or perimeter approach to assess whether connections are trustworthy and should be given access, but the current industrial control systems (ICS) ecosystem requires a different approach. Zero Trust reminds us that the information security perimeter never really existed. The pace of attacks, and ubiquity of IIoT is forcing us to improve our cyber-resilience quickly. This talk addresses how to bring Zero Trust to the ICS world: the benefits, the challenges, architectural constraints, planning and sizing the effort, success criteria, and future evolution. We will present a model for Zero Trust success, revealing how to integrate it with cybersecurity policies and procedures, set new requirements for vendors, align reporting and metrics, and properly use MSPs for ongoing trustworthiness.  

  1. Hear practical steps to take towards a comprehensive, integrated information security program covering all intelligent devices, sensors, and networks within and beyond the enterprise. 
  2. Understand how ICS teams can work with their IT counterparts on cybersecurity measures – risk assessment, appropriate countermeasures, and architectural assumptions. 
  3. Discover how technology leaders can better align the goals and effectiveness of enterprise detection, mitigation, and response to cyberthreats across their IT infrastructure.

avatar for William Malik

William Malik

VP Infrastructure Strategies, Trend Micro

Wednesday October 27, 2021 12:50pm - 1:30pm EDT

1:45pm EDT

Ryuk on Industrial Control System Networks
Ransomware is the most common attack type against organizations with industrial control system networks today, with incidents leading to shutdowns of critical infrastructure, millions of dollars in productivity lost per hour, layoffs, and ripple effects across multiple markets. Of ransomware strains in use today, Ryuk ransomware actors in particular appear to gravitate toward organizations with industrial control system networks. In addition, there have been more documented cases of Ryuk ending up on operational technology networks themselves compared to most other ransomware strains. This session will provide a deep dive on Ryuk, examine why the actors behind it are targeting industrial control systems, how the ransomware has jumped segmentation into ICS and OT networks, and explore new mechanisms in the malware’s propagation mechanism that might make it even more capable of getting on OT networks in the future. Case studies of specific instances in which Ryuk has migrated into OT networks will be part of this discussion. The session will end with concrete measures organizations with ICS networks can take to shore up defenses against this particular ransomware strain.

avatar for Camille Singleton

Camille Singleton

Senior Strategic Cyber Threat Lead, IBM
Camille Singleton brings fifteen years of professional experience to cybersecurity topics, both in the US government and as an analyst at IBM. While specializing in threats to operational technology, she is conversant on a range of topics affecting the cyber threat landscape, including... Read More →

Wednesday October 27, 2021 1:45pm - 2:15pm EDT
  • Timezone
  • Filter By Date 2021 ICS Cyber Security Conference Oct 26 -28, 2021
  • Filter By Venue Atlanta, GA, USA
  • Filter By Type
  • Break
  • Main Stage
  • Strategy Track
  • Tech Track
  • Training

Filter sessions
Apply filters to sessions.