IIoT World Days Track: ICS Security – Risks, Strategies and Solutions | SPONSORED
Track Sponsored by aDolus
This track, originally presented at IIoT World Days on June 30, 2020, covers 4 presentations from industry leaders in ICS Security:
- Five Blind Men and the Elephant called ICS Supply Chain Security
- The Road to Industrial IoT Security
- Automated ICS Vulnerability Assessment
- Identifying Compromises Through Device Profiling Using Open Source Tools
Five Blind Men and the Elephant called ICS Supply Chain Security
Is a secure ICS software supply chain important to your company’s critical operations? And what does securing your supply chain really involve? A 3-year study sponsored by the US Department of Homeland Security revealed many different perspectives. ICS vendors, asset owners, consultants and security researchers all identified numerous complex priorities: 1) Counterfeit firmware detection, 2) Mystery sub-component detection, 3) Version validation and 4) Certification-chain validation. A common theme among these different perspectives is the exploitation of trust between ICS vendors and their customers (and other suppliers). This talk explores specific examples of each of these threats and discusses FACT, a framework for safeguarding against attacks on trust and reliability. Presented by Eric Byres, CEO at aDolus Inc.
Further reading: 9 questions you should ask before choosing a security vendor
The Road to Industrial IoT Security
Industrial IoT (IIoT) is all around us: in water, in gas, in electricity distribution networks, running power plants and critical infrastructure, in production lines and transportation networks, and so much more.
With 150 million IIoT devices coming online by 2021, industrial networks have become a target for hackers. In fact, cyberattacks on IoT devices surged 300 percent in 2019, and 41.2 percent of ICS computers were attacked at least once in the first half 2019. So, what can be done? This session provides a roadmap to ensuring the continuity, resilience, and safety of operations when securing industrial environments and covers: 1) Identifying your industrial assets, 2) Segmenting your control networks, 3) Enforcing security policies and 4) Monitoring industrial processes. Presented by Joe Malenfant, Director of IoT Marketing at Cisco.
Automated ICS Vulnerability Assessment
The presentation discusses the results of ObjectSecurity’s ongoing government-funded R&D to develop an intelligent automated vulnerability assessor and penetration tester” (VAPT) for assessing cybersecurity of embedded/ICS systems. VAPT intelligently automates software vulnerability assessment for embedded/ICS systems. The idea is to build a portable device that can be used to assess fielded ICS systems, designed to be used by non-experts. For intelligent AI-driven action selection, the prototype includes an AI agent that learns over time and adapts a bit like a human vulnerability assessor or pen-tester, selecting the most promising sequence of actions. Presented by Ulrich Lang, Co-Founder and CEO at ObjectSecurity LLC (Americas).
Identifying Compromises Through Device Profiling Using Open Source Tools
The Internet and our local networks have the ability to handle an amazing quantity of connections simultaneously. That strength leads to a problem when we’re trying to detect malicious traffic: how can we tell when one of our IIoT devices like an industrial control unit or camera or even a Windows device are sending traffic that it shouldn’t? In this session, you’ll learn how to detect these malicious patterns by combining two open source software packages. Presented by William Sterns, CTO at Active Countermeasures.