The Original ICS/SCADA Cybersecurity Conference

SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity. Since 2002, the conference has gathered ICS cyber security stakeholders across various industries and attracts operations and control engineers, IT, government, vendors and academics.

Agenda

time icon 08:00

Operationalizing Cyber Resilience in Critical OT/IoT Environments

As industries become increasingly reliant on interconnected systems, securing operational technology (OT) and industrial internet of things (IoT) environments is paramount. This presentation explores the unique challenges of OT/IoT security, highlighting critical pain points such as a lack of visibility, limited resources, and evolving attack surfaces. We will dive into a proactive approach to cyber resilience by outlining key components such as deep visibility, threat and risk management, vulnerability management, and lifecycle management. Followed by practical steps to enhance OT/IoT security with a focus on best practices for proactive and reactive approaches. Join us to learn how to navigate these complexities and build a robust cyber resilience strategy for your critical infrastructure.

Carlos Buenano

CTO, OT, Armis

<p>Carlos possesses a degree of Electronic Engineering and a master's degree in telecommunications with more than 30 years of progressive experience in the control systems and telecommunications field. Carlos&rsquo; history includes positions such as Principal Systems Engineer, Senior ICS Cybersecurity Consultant, Solutions Architect and Technical Account Manager and Principal Solutions Architect around the world. Carlos has been actively involved in several brown and green field industrial control systems projects in Manufacturing, mining and Oil and Gas, from the concept definition to the commissioning stages of the projects. Carlos has spent the last 5 years of his career operationalizing cybersecurity Solutions focusing on industrial networks.</p>

time icon 09:55

Navigating the OT Security Nexus: AI, Digital Transformation, and Emerging Threats

As AI emerges as both a powerful tool for asset owners and a formidable weapon for attackers, the convergence of IT and OT is blurring the lines between people, processes, and technology, creating new vulnerabilities. In this rapidly shifting landscape, attackers stand to gain the upper hand if organizations fail to adapt their security strategies. This presentation draws on insights from a global "State of OT Security" survey, revealing how industry leaders are leveraging AI, Zero Trust Architecture, and converged IT-OT security platforms to stay ahead of the evolving threat landscape. Join us to explore how these strategies are essential for navigating the new nexus of OT security.

Qiang Huang

VP of Product Management, IoT and OT Security | Palo Alto Networks

Qiang Huang is the VP of product management in Palo Alto Networks leading IoT and OT security products and solutions. He has over 20 years of deep experience in a wide range of technologies including network security, enterprise networking, and IoT. In recent years, Qiang incubated several industry-first IoT and OT products and solutions, and developed partnerships across industries such as manufacturing, smart building and smart cities.Qiang holds a MS in EE from Colorado State University. He is also a co-author of the book: SSL Remote Access VPNs.

time icon 11:40

Where OT Passive Monitoring Projects Fail Top 5 Lessons from the Field

In the rapidly evolving landscape of Operational Technology (OT), passive monitoring projects are essential for ensuring security and operational efficiency. However, many of these initiatives encounter significant challenges that lead to their failure. This presentation delves into the common pitfalls and obstacles faced by organizations implementing OT passive monitoring systems. Drawing on real-world case studies and experiences from the field having performed numerous deployments, we will explore critical factors such as inadequate planning and design resulting in limited asset visibility and fidelity of results, lack of stakeholder engagement (e.g., who owns the solution, what the value is beyond a cyber-solution), integration issues, and insufficient response strategies (e.g., proper playbooks on how and who will deal with alerts). Attendees will gain valuable insights into the root causes of these failures and practical recommendations for overcoming them, ultimately paving the way for more successful and resilient OT passive monitoring projects.

time icon 11:40

Breaking Down Silos in OT Security Through Integrated Risk & Lifecycle Management

Are you struggling with fragmented security tools, reactive processes, and a lack of visibility into your risk landscape? This session offers a solution. Discover how integrating risk management with a lifecycle-aware approach to asset management can transform your OT security posture, ensuring compliance while proactively mitigating risks and enhancing operational resilience. Key Takeaways: Overcome Fragmentation: Bridge the gap between security and operations, creating a unified and cohesive approach to OT security. Proactive Risk Mitigation: Identify, assess, and prioritize risks throughout the entire asset lifecycle, enabling proactive measures that prevent incidents and minimize downtime. Data-Driven Decisions: Leverage real-time asset data and lifecycle information to make informed security decisions and optimize resource allocation. Operational Resilience: Achieve a resilient OT environment that can withstand evolving threats and ensure the continuity of critical operations.

time icon 12:15

Dynamic OT Inventory; Learnings From an Application Installation

In 2023 Elanco Animal Health, a pharmaceutical company which produces medicines and vaccinations for pets and livestock, began the investment in a inventory and vulnerability management application for some of our manufacturing locations. This session shares some of the lessons we learned: the good and the hard. Pulling together the requirements. Vendor selection hits and misses. Working with the IT team - right-sizing expectations. Working with the OT team - early and clear detailed directions. A great window into OT spaces. Document lessons learned and plan for the next phase.

Stuart Powell

OT Security Engineer with Elanco Animal Health

<p>Stuart has 40 years of professional experience with varying tenure lengths in; college level technical instruction, project management, industrial control systems engineering, business IT administration for Unix, Windows, and infrastructure and now OT security.</p>

time icon 12:15

How Can AI Help Your Network Segmentation Project to Finally Move Forward?

Segmenting industrial networks in small zones of trust is an efficient way to protect operations and avoid attacks to spread. But in many cases, it can be too complex to modify the network, deploy zone-based firewalls, and ensure assets are placed in the proper segment without disrupting production. This session will look at the roadblocks asset owners are facing and discuss ways to make segmentation projects finally move forward: Why is network segmentation so hard to do in OT? What are the software-based segmentation options? Why are these solutions not widely adopted? What is virtual segmentation and how can it help deploy software-based segmentation? How can AI help automate asset grouping to inform segmentation policies?

Fayce Daira

Solution Architect OT Security, Cisco

Fayce has been working in cybersecurity for 21 years. He started his career as a systems engineer for a network security distributor in Europe and co-founded Skyrecon Systems in 2008, an endpoint security vendor which was later acquired by Airbus Defense to form Stormshield. He lives in the US since 2009 where he helps organizations secure their industrial operations. He joined Cisco in 2019 where he is a technical architect focusing on industrial networking and cybersecurity solutions. Fayce holds a Master degree in Cybersecurity from Epitech, France and is a Certified Information Systems Security Professional (CISSP).

time icon 12:50

Converting Advancements in OT Security to Meaningful Operational Efficiency and Risk Management

OT Security tools are evolving rapidly - from network monitoring, intrusion detection to endpoint sensors and wireless detection. The use cases besides asset visibility and vulnerability & risk management, threat detection etc., are also evolving as business demand that any investment in security also leads to operational efficiency and greater ROI. How can ICS personnel and OT Security practitioners build a technical and business case to get executive buy-in?

Ben Callaway

Regional Sales Director, Nozomi Networks

Ben Callaway has 15+ years of experience in Industrial Automation, spending the last 6 years in OT Security. He currently serves customers in the Mid-Atlantic and Southeastern US for Nozomi Networks with market-leading OT and IoT Security & Visibility solutions. Having started his career in ICS in Instrumentation and Software Sales for Emerson, he spent over a decade on plant floors across all industrial verticals. Over his career, Ben has held multiple roles including Sales, Marketing & Business Development and Services covering Control systems & Cybersecurity solutions for Critical Infrastructure (Power, Oil & Gas, Water, Mining). Ben has a Bachelors Degree in Economics from The University of Georgia.

time icon 13:45

The Evolving Future of OT Network Defense: Lessons from National Security

The separation between IT and OT environments is increasingly analogous to the traditional separation between U.S. Government networks of differing security levels. Both require strictly defined data flows and rigorous control over information exchanges to prevent unauthorized access and breaches. OT environments face many of the same threats as national security networks, and the evolving complexity and sophistication of threat actors and incidents like Ripple20 have highlighted the need for security measures that evolve to meet them. As such, U.S. Government network security technology is increasingly shaping the future of Operational Technology (OT) security by informing new practices and influencing next-generation solutions. ?In this session, well discuss the application of robust OT security principles and technologies derived from experience defending the most sensitive U.S. Government networks. Well delve into the application of security principles such as Defense In Depth and Zero Trust, the current state of hardware- and software-based security technologies, and how we can take lessons learned from government network defense and apply them to the mitigation of future OT threats. By implementing the latest security principles and best practices, and leveraging government-driven innovations, OT systems can be fortified against evolving threats, ensuring the safety and reliability of critical infrastructure.

time icon 13:45

Revolutionizing OT Cybersecurity: Process-Oriented, Multi-Level Cyber Attack Management

An OT cyber breach is underway. Is there an Incident Response plan in place? This session will provide a deep dive into the role of process-oriented OT cybersecurity during the expression phase of an OT cyber breach. Attendees will learn about a multi-level IR approach that includes unfiltered visibility from Level 0 to Level 4 of Purdue model. This approach provides early detection of OT cyber-attacks like False Data Injection (Stuxnet like), Aurora and others as well as crucial decision-making support to the attack containment stage. Helping to determine whether to shut down operations or continue with caution. Join us to explore advanced and effective incident response and operational resilience in the face of OT cyber threats.

time icon 14:35

Defending the Core: Fortifying ICS Against Memory Safety Vulnerabilities

Awareness of existing vulnerabilities is crucial in the industrial control systems (ICS) landscape. Memory safety vulnerabilities are recognized as pervasive threats that demand immediate action. CISA highlighted them as a top-risk class, and they pose significant threats to ICS environments. Its imperative we address memory safety issues head-on, focusing on strategies to mitigate these vulnerabilities and secure ICS infrastructure. Traditional patching approaches often lag or remain incomplete, and current best practices are clearly not working given the increase in memory safety vulnerabilities year over year. This presentation confronts the reality of memory safety risks in ICS environments, focusing on current strategies and actionable steps to fortify defenses. Acknowledging the omnipresence of memory safety vulnerabilities, we explore proactive measures available today to mitigate these risks proactively. Central to this discussion is the role of Runtime Application Self-Protection (RASP) technology in ensuring robust memory safety without compromising operational performancea critical consideration in ICS's precision-driven operations. Real-world examples underscore how RASP can mitigate memory safety threats, urging OEMs and asset owners to prioritize proactive security measures. Attendees will leave with actionable insights into immediate actions to strengthen device security today and lay the groundwork for protecting ICS devices against evolving memory safety vulnerabilities in the future.

Shane Fry

Chief Technology Officer, RunSafe Security

Shane Fry is the Chief Technology Officer at RunSafe Security, Inc. He has over a decade of experience in cybersecurity, on both the offensive and defensive sides of the house. He has performed vulnerability research on all layers of the hardware and software stack, including physical circuit security, secure boot, software update, memory corruption, and web-application vulnerabilities.

time icon 14:35

Responding to and Recovering from an OT Cyber Incident

Cybersecurity incidents in manufacturing facilities present unique problems that are not typically found in IT environments. This session will explore these specific issues and differences by describing a project that was developed and executed at National Cybersecurity Center of Excellence (NCCoE) Manufacturing Lab to test Response and Recovery capabilities in an Operational Technology (OT ) environment. Speakers will incorporate a unique video demonstration of a specialized Manufacturing Lab at NIST, which includes typical OT components such as: programmable logic controllers (PLCs), human machine interfaces, a conveyor system, a robotic system, a supervisory system, and various networking components. The presenters will also discuss various types of cybersecurity incidents tested in the lab, which map to: MITRE ATT&CK for ICS; the CSF categories and subcategories associated with Response and Recovery; the risk-based decisions made during an incident response for an operational facility; some critical technologies implemented in an OT environment; and the dependence on planning and communication for incident response. This presentation is intended to encourage attendees to discuss and plan for a response to and recovery from cyberaattacks against OTand highlights NCCoE manufacturing guidance relative to this topic. The expertise gained from working alongside other NIST experts in a technical manufacturing lab brings unique perspectives that the speakers can share as lessons learned and ideas to consider. Speakers will share tips, ideas, and information that will serve as helpful starting points for cybersecurity professionals throughout their presentation.

time icon 15:10

Measuring OT Cybersecurity Risk through Scenario Analysis - Lessons from Fast Jet Operations

As somebody who began their career working in air traffic control for fighter jet operations in the Royal Air Force, I know a thing or two about risk! Understanding and mitigating OT risk is akin to navigating the fast-paced, high-risk environment of fast jet operations in air traffic control. Drawing from my extensive experience in my years since those miliotary days, my presentation will delve into the intricacies of measuring OT cybersecurity risk using scenario analysis, a methodology that mirrors the precision and strategic foresight required in aviation. Presentation Agenda 1. Introduction to OT Cybersecurity Risk: Overview of OT environments and the unique challenges they pose. Importance of accurate risk assessment to ensure safety, reliability, and operational continuity. 2. Lessons from the tower: Insights from air traffic control and fast jet operations. How managing risks in high-speed aviation parallels OT cybersecurity challenges. Real-life anecdotes and experiences from my tenure in the air force. 3. Scenario Analysis: A Strategic Tool: Explanation of scenario analysis and its application in risk assessment. Step-by-step guide to developing effective scenarios. Techniques to identify, analyze, and prioritize risks based on potential impact and likelihood. 4. Case Studies: Fast Jet Operations vs. OT Cybersecurity: Comparative analysis of real-world scenarios in fast jet operations and OT cybersecurity. How scenario planning in aviation can inform and enhance cybersecurity strategies. Examples of successful risk mitigation tactics from both domains. Developing Your Scenario Playbook: 5. Practical exercises to create your own scenario analysis framework. Tools and methodologies to tailor scenarios specific to your OT environment. Strategies to engage stakeholders and build a robust risk management culture. Audience Takeaways: Attendees will leave with a deeper understanding of how to leverage scenario analysis for comprehensive OT cybersecurity risk assessment. They will gain actionable insights from the world of fast jet operations, enabling them to anticipate and mitigate potential threats with the precision and foresight of a seasoned air traffic controller. This presentation will empower cybersecurity professionals to develop more resilient and proactive defense strategies, ensuring the safety and security of critical OT environments.

Stuart King

Advisor to the OT Cybersecurity Industry

<p>Stuart's career began in the Royal Air Force where, as an air traffic controller, he learnt a lot about what it means to manage risk. Over the years, Stuart's civilian career has been focused on mitigating cybersecurity risks for a diverse range of organizations all around the world. Stuart was one of the founding members of the Chartered Institute of Information Security Professionals - a UK body dedicated to professionalism in the cybersecurity industry, holds an MBA in Technology Management, and is GICSP certified.</p>

time icon 15:10

OT Cloud: How to Adapt Your OT Architecture for Cloud Applications

This session will present a simplified approach to taking what you already know about the Purdue model and applying it to your OT cloud applications. It will provide a brief history of connecting networks from Multiprotocol Label Switching (MPLS) to wide area networks (WAN) and a summary of the most relevant aspects of the Purdue model to consider for OT cloud integrations. We will explore common cloud architectures with Google Cloud, Microsoft Azure, and AWS OT, and outline effective strategies for leveraging the Purdue model principles within a modern, cloud-based OT architecture.

time icon 15:10

Control Logic Syslog for Deeper Visibility

In the IT world, syslog is the universal protocol for logging. With syslog, endpoint events and information that would be impossible to see from network monitoring alone are streamed to a central location for correlation and analysis of the bigger picture. However, syslog is only available on some of the most modern PLCs, leaving a huge gap in visibility for legacy PLCs. Then where syslog is available, it typically isnt flexible enough to let users log sensitive process events that could provide important context. In this talk we will first demonstrate the security events that can be logged with existing syslog libraries from top PLC vendors, and then show how a new open source library can bring deep syslog visibility to PLCs that didn't have it before.

David Formby

CEO/CTO, Fortiphyd Logic

<p>David Formby is CEO/CTO and co-founder of Fortiphyd Logic. He received his Ph.D. from the Georgia Institute of Technology where he focused on developing novel attacks and defenses for industrial control system networks and PLCs. Formby now leads Fortiphyd Logic in developing innovative solutions for industrial cybersecurity training and PLC endpoint detection. He is a member of the ISA and the Top 20 Secure PLC Coding Practices community.</p>

time icon 15:55

Fortifying Industrial Control Systems: A Deep Dive into Evaluating Cryptographic Implementations

Industrial control systems face persistent threats due to plaintext protocols and improper authentication mechanisms, leading to an over-reliance on network segmentation and the Purdue Model. In this presentation, we delve into the fundamentals of cryptography and explore best practices for implementing robust cryptographic controls. Well talk about what infosec researchers look for, and provide valuable insights for asset owners seeking more secure ICS solutions. Well wrap up with a few case studies and examples seen in real products.

Nicholas Miles

Staff Research Engineer, Tenable, Inc.

<p>Nick has worked for Tenable Research since 2011. He has written hundreds of Nessus plugins, and has published research on multiple vulnerabilities, with a focus on IoT / OT devices. He now works on Tenable's Zero day research team researching industrial control systems. Nick has a Masters' Degree in Computer Engineering, and is an inventor on 3+ patents.</p>

time icon 15:55

Boiling the Ocean: Prioritizing ICS Systems in the Energy Sector

The US Energy sector is a complex ecosystem with a vast multitude of components to analyze, enumerate, and test for vulnerabilities. But where would you begin? What systems would you choose? And how would you make that decision? This question drives the Department of Energy's Cyber Testing for Resilient Industrial Control Systems (CyTRICS) Prioritization research. This talk will cover years of National Laboratory research to determine how to prioritize critical energy systems in an ongoing attempt to buy down risk and strengthen the security and resilience of the U.S. energy sector. CyTRICS researchers have developed a unique, ICS focused approach to prioritizing systems based on quantitative factors like impact, prevalence, and technical characteristics. Additionally, we've explored how to accommodate shifting stakeholder priorities though qualitative factors like balancing existing versus emerging technologies. We'll discuss the herculean task of developing assumed operational context, comparing wholly unlike systems, and making all this data actionable. The audience will leave inspired to take a new approach on how to measure risk in their environments, and will see the energy sector through a new lens.

Anna Skelton

Control Systems Cybersecurity Analyst

<p>Anna Skelton is a Control Systems Cybersecurity Analyst at Idaho National Laboratory (INL), where she leads the CyTRICS Prioritization and Initial Engagement workstream. Prior to INL, she was a Senior Intelligence Analyst at Dragos, and even before that, she worked as a Cyber Threat Intelligence Analyst at Bank of America. She is passionate about securing critical infrastructure, spending as much time outside as possible, and creative problem solving.</p>

time icon 15:55

Applying Bowtie Analysis to OT Cybersecurity Risk Modeling

Bowtie Analysis is graphical risk management methodology to evaluate and document information about risks in situations where an event has a range of possible causes and consequences. Originally developed in the 1970s to study chemical process safety risks, bowtie analysis has expanded into a wide variety of applications including health & safety, aviation safety, financial, and cyber security. Because of its intuitive approach, visual presentation, and roots in process safety, the methodology has proven especially beneficial in studying the cyber-physical risks associated with ICS cybersecurity events. A significant benefit of applying the methodology in OT cybersecurity is the ability to visualize, on one diagram, the cause-and-effect relationship between a cyber incident and operational impacts for a particular event. This is because the methodology graphically depicts the entire pathway from the initiating events, to the prevention barriers (typically referred to as cybersecurity controls), to the mitigation barriers (typically referred to as safeguards), and finally to the operational consequences and their impact. Furthermore, the methodology aligns well with OT cybersecurity industry standards, such as ISA/IEC 62443-3-2 - Security Risk Assessment for System Design, NIST 800-82 - Guide to Operational Technology (OT) Security, and API 1164 - Pipeline Control Systems Cybersecurity. This presentation will discuss and demonstrate, through oil and gas industry examples, how Bowtie Analysis has been applied to study OT cybersecurity risk and how the output of such as study can serve as the basis for the development of a site-specific cyber risk model that can be integrated with real-time data to provide a dynamic cyber risk dashboard for an industrial facility.

John Cusimano

CFSE, CISSP, GICSP, Armexa VP of OT Cybersecurity, Experienced ICS / OT Cybersecurity Leader w/ Strong Process Control and Safety Background

<p>John Cusimano is an ICS/OT cybersecurity expert with a background in process control and functional safety engineering. Since 2009, John has started up and successfully led 2 ICS/OT cybersecurity consulting practices at boutique consulting/engineering firms (exida and aeSolutions).John has personally performed countless ICS cybersecurity vulnerability and risk assessments in wide range of industries per NIST, ISA/IEC 62443 and NERC CIP standards. He developed the CyberPHA methodology through a combination of his work on standards committees and by working with key clients who shared his interest in applying process safety engineering discipline to ICS cybersecurity. The CyberPHA methodology has become a globally recognized method of performing risk assessments of ICS and safety systems.</p>

time icon 16:30

23andMe for OT: Genetic Testing Your Supply Chains DNA

This session is for OT companies with deep complexity in their software supply chains: lots of assets, countless 3rd-party suppliers, multiple eras of technology, and frequent M&As. With new supply chain legislation arising in both North America and Europe, OT vendors are now required to disclose the contents of their products their inherited DNA. To illustrate the value of this push for transparency, we scraped the Download/Support portals of multiple critical infrastructure industry OEMS and analyzed over 2TB of raw data (and over 10+ TB when unpacked). Much like the genetic testing analysis of 23andMe, we discovered a complex portrait of their suppliers, ownership, and end-of-life products. Our research revealed multiple risks that companies need to consider when choosing products and working with their vendors: * Products full of inherited subcomponents and added suppliers * Historically dead or acquired companies that bear inherited risks * Incomplete knowledge of the subcomponents in products or deployed assets * Product assessments with gaps between assumption and reality * Illicit sharing of OT software as a distribution system for malware This talk will describe the scraping research project, share the trends and symptoms to watch out for when tracking suppliers and subcomponents, and provide a vendor-agnostic approach to integrating the supply chain into existing programs and risk management capabilities. It is suitable for all audiences and provides attendees with key takeaways on how to reduce risk in your software supply chain DNA.

Ron Brash

VP Technical Research & Integrations, Exiger

Ron is an ICS/OT cybersecurity and embedded vulnerability research expert. He was instrumental in creating datasets for the S4 ICS Detection Challenges, received the 2020 Top 40 under 40 award for Engineering Leaders from Plant Engineering, was an embedded developer at Tofino Security, advised large OT asset owners in multiple industries, and brought several products to market, including consumer neuroscience devices and industrial networking appliances.Ron obtained a Bachelor of Technology from BCIT and a Master of Computer Science from Concordia University. He was a contributing committee member for the CSA T-200 IoT/OT Secure Software Development Lifecycle initiative, was VP of the ISA Montreal chapter, is a certified ISA 62443 "expert,"" and has over a decade of industry experience.

time icon 16:30

ICS Attack Vectors And The Role of AI To Secure

Whether a simple manufacturer or critical infrastructure, OT based organizations have been targeted. In fact, the severity and frequency is only increasing. In this session, we'll unwrap several recent attacks to understand the TTPs hackers are using, who they are and the motivation for their attack. We'll look at the attack path progression and the behaviors of the attacker. We'll then discuss how AI is increasingly being used to stop attacks while still in the formulation stage by leveraging four crucial telemetry inputs. Finally, we'll outline best practices and discuss what attendees can so next (whether operating in a converged environment, airgapped or possibly accidentally converged) to best secure their environment for both today's and future threats.

Michael Rothschild

Senior Director of Product, Armis

Michael Rothschild is a prominent figure in the cybersecurity industry, serving as the Senior Director of Product at Armis, a leading company specializing in asset visibility and security for enterprise environments. Michael held various significant roles in several renowned technology companies over the last 25 years, where he developed a deep understanding of the cybersecurity landscape. Michael has been recognized for his thought leadership in cybersecurity, often contributing to industry discussions through speaking engagements, webinars, and published articles. A past professor of marketing, Michael hold advisory board positions at Ithaca College and Rutgers University.

time icon 08:00

Lessons Learned From 20 Years of Securing Legacy Critical Devices

The world of securing the most critical devices such as IEDs, RTUs and PLCs has been evolving over the past few years as the compliance and threat landscape have evolved including specific device requirements for NERC-CIP and targeted malware impacting the actual end-user device such as FrostyGoop. Traditional methods of passive scanning and device interrogation may provide a basic asset inventory, but do not include any ability to protect and manage the device. Learn from SUBNETs 20 years of experience helping secure and manage these devices in utilities. Also see how utilities are expanding their compliance and device management footprint from regulated to unregulated parts of their business such as electric and gas distribution, and how other verticals can approach their secure remote access and device management problem.

time icon 09:45

Case for Centralized ICS Perimeter Management

A centralized security model offers operational efficiency, robust threat protection, and streamlined management. By overcoming challenges and leveraging the benefits, organizations can safeguard their interconnected infrastructure effectively. This session, ExxonMobil's Brad Nash will delve into the centralized security approach, focusing on the deployment and management of firewalls remotely. Participants will explore how centralized management of firewalls can streamline configuration updates, standardize security policies, and provide real-time visibility into network traffic and threats. The session will also address the challenges inherent in this approach, such as the need for customized layer-7 rules to meet specific site requirements, understanding the intricate interactions between process control systems and networked devices, and ensuring high-level support for critical connections. Attendees will learn strategies to overcome these obstacles and maintain a consistent security posture across all sites. Additionally, the benefits of centralizing security will be highlighted, including enhanced threat detection through correlated data from multiple locations, assured remote configuration consistency, and the ability to offload technical security work to specialized teams, allowing on-site personnel to focus on core operations. By the end of the session, attendees will have a comprehensive understanding of how a centralized security model can lead to operational efficiency, improved threat protection, and streamlined management, ultimately enabling organizations to safeguard their interconnected infrastructure effectively.

time icon 09:45

Protecting Honeywell Manufacturing Sites Using Our Own OT Cybersecurity Platform

Over the years, Honeywell has tested and evaluated dozens of OT cybersecurity software products in its labs for use in its 400+ factory sites. Many of these solutions didnt provide the visibility required to efficiently identify cyber threats. In some cases, over 49% of our assets were left unclassified or the solution incorrectly identified 200,000+ assets on the network. In this session we will cover the lessons learned from deploying OT cyber solutions to 120 of Honeywells most critical manufacturing sites.

time icon 10:30

Trustworthy Cyber-Physical Critical Infrastructures via Physics-Aware and AI-Powered Security

Critical cyber-physical infrastructures, such as the power grid and manufacturing, integrate networks of computational and physical processes to provide people across the globe with essential functionalities and services. Protecting these critical infrastructures security against adversarial parties is a vital necessity because the failure of these systems would have a debilitating impact on economic security, public health, and safety. Our research aims at the provision of real-world solutions to facilitate the secure and reliable operation of next-generation critical infrastructures. This requires interdisciplinary research efforts across adaptive systems and network security, cyber-physical systems, and trustworthy real-time detection and response mechanisms. This talk will focus on real past and potential future threats against critical infrastructures and embedded controllers, and discuss the challenges in the design, implementation, and analysis of security solutions to protect cyber-physical platforms. This session will present solutions for security verification, monitoring, and response capabilities in cyber-physical controllers for safe power grid, manufacturing, and avionics operations. Finally, this session will discuss recent efforts in security monitoring of the controller side-channel signals for online attack detection purposes.

time icon 10:30

Measuring Maturity of Secure Remote Access in OT Environments

As digital environments evolve rapidly, there's an increasing need for secure remote access in operational and industrial environments. This need has grown due to the rising demand for intensive monitoring, maintenance, and control over distributed assets. The integration or convergence of IT and OT data and systems in these environments has further heightened the importance of robust security measures to protect critical infrastructure from cyber threats. Ensuring secure remote access has become essential to safeguarding these vital systems against cybercriminals. Join Massimo Nardone from SSH Communications Security as he presents information about OT Security market trends, the key elements of IT-OT Security Convergence, what are the indicators that an organizations secure remote access strategy is mature, the typical results of operational and industrial environments vulnerability scanning and finally how to adopt Zero-Trust (ZT) approach and Quantum-Safe Cryptography (QSC) to develop secure and robust Remote Access Management solution for operational and industrial environments.

Massimo Nardone

VP, Operational Technology (OT) Security, SSH Communications Security

VP, Operational Technology (OT) Security at SSH Communications Security

time icon 11:25

ICS Virtualization Testbed

This presentation describes the University of Illinois' Critical Infrastructure Resilience Institute (CIRI), a Department of Homeland Security Center of Excellence, funded project. The projects goal is to create a fully virtualized ICS testbed, replicating real-time hardware interactions and unprecedented fidelity, with the intent to overcome existing constraints in container synchronizationand hardware-specific coding. The virtualized system, hosted in the cloud, will provide an "effectively hands-on" experience, accommodating multiple concurrent users. Leveraging prior research and experience with such educational and research platforms,we aim to develop and validate an enhanced platform paving the way for a radical shift in the methodologies used for research and education within the ICS sphere. The system will further support connecting to current and future cyber-physical ranges providing a hybrid virtual and physical opportunity to expand existing ranges beyond any current scaling limitations. The general concepts include supporting virtual hands-on (cloud), unprecedented fidelity (simulated hardware interactions), increased scalability (cloud, concurrency) with access for academics, professionals, and researcher (who cares) to impart Cyber Informed Engineering (CIE) principles (wide impact and accessibility).

time icon 11:25

Security Challenges in IT/OT and AI Technology Convergence in ICS Systems

In this session, a panel of experts will explore the intricate relationship between OT, IT, and artificial intelligence (AI) within industrial control systems. As OT and IT increasingly converge with AI, new opportunities for efficiency and innovation emerge, but so do significant security challenges. The discussion is centered around critical issues such as protecting legacy OT systems from evolving cyber threats, navigating the complexities of integrating AI with IT/OT environments, and building robust cybersecurity frameworks tailored to OT needs. Panelists will share strategies for mitigating these risks, ensuring resilience, and securing the future of industrial operations in this rapidly evolving landscape.

time icon 12:15

The Labors of Hercules: Protecting Critical Infrastructure for National Defense

Kyle McMillan

Product and Solution Security Office, Siemens Digital Industries

<p>Kyle is a former electrical engineer that got suckered into industrial communication with PROFINET and fully embraced the dark side with an emphasis on cybersecurity. He's had the opportunity to work on everything from communication stack development to policy writing, OT auditing and cybersecurity assessments. He's currently working to help balance risk transference within the industry.He lives in Appalachia and tempers professional stress with everything the mountains have to offer.</p>

time icon 12:15

Its Raining SBOMs: What to Do with Them Once Youve Got Them

time icon 12:15

Beyond the Pain Threshold: YARA Rules as Your ICS/OT Threat Hunting Excalibur

Michael Rebultan

Cybersecurity Researcher, Counterintelligence, and DFIR

<p>With over 20 years of combined experience in IT and OT cybersecurity, R&amp;D, and academia, an accomplished cybersecurity professional passionate about helping organizations navigate the ever-changing landscape of cybersecurity threats.Specializing in breach and compromise assessment, counterintelligence, and threat hunting.</p>

time icon 13:00

Managing Open Source Risks in OT: Insights from DHS and CISA

It is widely recognized that the supply chain, hardware, firmware, and software of operational technology (OT) contain a substantial amount of Open-Source Software (OSS). Freely available and reused by numerous software and electronics vendors, OSS a critical component in many software packages. However, the lack of clear ownership, traceable provenance, and visibility into OSS within OT systems presents significant cybersecurity challenges. In response, the Cybersecurity and Infrastructure Security Agency (CISA) has partnered with the Department of Homeland Security Science and Technology Directorate (DHS S&T) to develop a data structure and flow model. This initiative aims to help critical infrastructure owners and operators gain greater insights into the OSS within their enterprise architectures and assess the associated risks. Additionally, the effort seeks to map the general prevalence of OSS in OT environments to better inform CISAs vulnerability management processes moving forward. This presentation will outline the proposed solution and its potential impact on improving OSS risk management in OT systems.

time icon 13:45

Security and Safety Challenges of Integrated Control and Safety Systems (ICSS) in OT

This session will explore the real-world challenges of integrating Basic Process Control Systems (BPCS) with Safety Instrumented Systems (SIS). For industries ranging from water to manufacturing, and operations both large and small, maintaining the separation of production and safety systems is essential, especially in the era of cloud and AI technologies. Integrating control and safety systems can offer significant operational efficiencies, such as a common HMI for both applications, shared cybersecurity infrastructure, unified user access and management platforms, and ROI savings. However, balancing safety and security in this integration is crucial. The lower levels of the Purdue model focus on safety, while the upper levels emphasize security, illustrating the shift in priorities as one moves from IT to OT environments. As you converge IT and OT systems, safety becomes the primary concern when transitioning from IT boundaries into OT environments. Once access to OT safety systems is established, security must be seamlessly integrated to protect these critical assets. Automation and orchestration, including Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR), play a vital role in this process. As outlined in the CISA Five Pillars of the Zero Trust Model, these tools, combined with AI, machine learning (ML), and User and Entity Behavior Analysis (UEBA), enable Security Operations Centers (SOC) to respond quickly and effectively to advanced and emerging threats. By providing continuous monitoring, real-time reactions to intrusions, and a baseline of expected behavior, these technologies form a robust security layer against cybersecurity threats. This session will address the risks and regulatory concerns specific to ICSS infrastructure, with a focus on industries that have critical infrastructure, such as manufacturing, water, and oil & gas. We will delve into the convergence of IT and OT systems, discussing how to maintain the right balance between safety and security. The discussion will also highlight the importance of managing third-party access and how leveraging the same security tools and access perspectives can benefit both control and safety systems. Attendees, including plant operators, security practitioners, auditors, leadership, and newcomers to the OT community, will gain valuable insights into the cybersecurity risks and operational threats associated with ICSS. The session will provide best practices and compliance strategies to help organizations achieve a secure and efficient integration of their control and safety systems.

Kevin Kumpf

Chief OT/ICS Strategist, Cyolo

Kevin is the Chief OT Strategist and Tech Evangelist at Cyolo, a software company whose Next Generation Secure Remote Access platform gives security leaders the controls to safely provide asset access to on-premise, remote, and third-party users. He has more than 20 years of IT security and compliance experience, including over 10 years of cybersecurity, governance and critical infrastructure experience working in the energy, medical, manufacturing, transportation, and FedRAMP realms.

time icon 13:45

PANEL: From Edge to Cloud | Securing the Changing Industrial Controls Landscape

The systems that have long existed to generate power, produce parts, pump oil and move goods were not designed to be widely interconnected. Most of these systems were traditionally isolated as their method of protection. Fast forward to todays headlines and we know the current landscape for cybersecurity of industrial control systems (ICS) is best described as turbulent. During this panel discussion, asset owners from public sector, mid enterprise and global enterprise will discuss the risks and rewards for securing operational technology environments including the: - Layers of security needed from the edge to the cloud for protecting users, data and applications - Evolving threat landscape, recent attacks and their impact - Regulatory requirements, increase in cybersecurity oversight and reporting, and what to expect from third-party suppliers - Impact on next generation technologies like AI/ML and 5G on cybersecurity for OT

time icon 14:35

Cybersecurity Tabletops - Building Resiliency and Relationships

Randy Petersen

SCADA Superintendent, San Jacinto River Authority

<p>I am the SCADA Superintendent for San Jacinto River Authority.</p>

time icon 14:35

Effectively Securing Industrial Embedded Systems Running Linux

Cory Minyard

Principal Architect, MontaVista Software, LLC

<p>Corey has used and developed Linux since version 0.01, the very beginning, and has worked on Linux ever since. He currently maintains the Linux IPMI subsystem, the QEMU IPMI and I2C subsystems, and a number of open source projects including ser2net, OpenIPMI, and the gensio library.He worked at Nortel networks building many different embedded systems and doing research on distributed fault tolerance on VxWorks, pSOS, and eventually, of course, Linux. He then moved to MontaVista software where he has worked on embedded Linux ever since.</p>

time icon 15:10

Financial Quantification of Cyber Risk to ICS/OT for Industrials, Manufacturing, and Critical Infras

time icon 15:10

Zero Trust Approach for Secure ICS/OT Operations: Addressing 62443, NIS2, and Compliance Needs

Philip Griffiths

Head of Strategic Solution Sales, NetFoundry

Philip Griffiths is a seasoned business leader who is experienced in developing new business grounds up and building high-performance teams. Currently, he is previously the VP and GM of the Global Business Development and recently updated his role to Head of Strategic Solution Sales. He regularly speaks at events from DevOps to IoT to Cyber Security. Prior to this, he used to manage Europe, Middle East and Africa as the VP and GM for NetFoundry and worked for Atos IT Services in various roles working with C-suit executives to realise their digital transformation. He lives in Cambridge with his wife and two daughters.

time icon 15:10

Securing Future Energy Supplies: From Renewables to Microreactors

Megan Egan

Control Systems Cybersecurity Analyst, Idaho National Lab

<p>Meg Egan is a Control Systems Cybersecurity Analyst at Idaho National Lab's Cybercore Integration Center where she supports INL's Consequence-driven, Cyber-informed Engineering portfolio, serves as lead analyst for the ICS Situation Threat Awareness Team, and works on programs for a variety of U.S. Government customers. She has a Masters of Cyber Operations and Resilience from Boise State University and has degrees in International Affairs from Penn State University.</p>

time icon 15:55

Guarding the Gate: Combating Insider Threats in OT/IoT Cybersecurity

time icon 15:55

OT, the More Things Change, the More They Stay the Same

Paul Brownridge

Pen Test Partners, OT Pen Tester/Security Consultant

<p>Originally coming from an engineering background, Paul swapped his hard hat for a white hat and has been working in cyber security for the last 10 years. His practical experience of industrial environments and cybersecurity make for a capable and highly competent OT cyber engineer. Paul is a regular speaker at national and international technology and security events such as Defcon and the (ISC)2 Security Conference, highlighting key risks with automotive, maritime and OT.</p>

time icon 16:30

Hack the Sky: Exploring Satellite Vulnerabilities and Cyber Threats

Muhammad Shahmeer

Ethical Hacker

<p>Shahmeer Amir is a world-renowned Ethical Hacker and the 3rd most accomplished bug hunter who has helped over 400 Fortune companies, including Facebook, Microsoft, Yahoo, and Twitter, resolve critical security issues in their systems. He has founded multiple entrepreneurial ventures in the field of Cyber Security, and currently leads three startups in four countries.As the CEO of Younite, Shahmeer's premier company is working on next-generation audio-video communication technologies. He is also the CEO of Veiliux, Asia's first mainstream Cyber Security startup present in the Asia Pacific, UAE, and the UK. Authiun, another startup, is a complete passwordless authentication solution for the 21st century.</p>

time icon 16:30

Dont Sign that PO Without a Cyber-Informed TCO

Ron Brash

VP Technical Research & Integrations, Exiger

Ron is an ICS/OT cybersecurity and embedded vulnerability research expert. He was instrumental in creating datasets for the S4 ICS Detection Challenges, received the 2020 Top 40 under 40 award for Engineering Leaders from Plant Engineering, was an embedded developer at Tofino Security, advised large OT asset owners in multiple industries, and brought several products to market, including consumer neuroscience devices and industrial networking appliances.Ron obtained a Bachelor of Technology from BCIT and a Master of Computer Science from Concordia University. He was a contributing committee member for the CSA T-200 IoT/OT Secure Software Development Lifecycle initiative, was VP of the ISA Montreal chapter, is a certified ISA 62443 "expert,"" and has over a decade of industry experience.

time icon 16:30

Building an OT Security Program from Nothing

Tracey Vincent

Global Director of Operational Technology, Elanco Animal Health

<p>Tracey Vincent is the Global Director of OT for Elanco Animal Health. I have 32 years of experience in human and animal health, biotech, beer brewing, pulp &amp; paper, and biofuels, My roles have varied from integrator, plant OT engineer, and OT leadership at several locations/levels. OT Security is relatively new to biography in the last 3.5 years.</p>

time icon 09:00

Smart Shields: AI-Enhanced Tabletop Exercises for OT Defense

Alan Raveling

Senior Technologist, Interstates

Alan Raveling, DCS, serves as a Senior Technologist at Interstates, where he evaluates and leverages technologies to enhance workforce efficiency and capability. His passion lies in guiding clients through the complexities of the cybersecurity landscape. With over 15 years of experience, Alan has supported companies in their digitization and cybersecurity efforts, speaking at numerous controls and automation conferences. He holds multiple certifications and actively participates in several OT cybersecurity organizations.

time icon 09:00

Navigating the Threat Horizon: Enhancing Oil and Gas Cybersecurity through Digital Twin

The emergence of the Metaverse has opened new avenues for advancing industrial control system (ICS) cybersecurity. This presentation delves into a comprehensive technology stack that harnesses the capabilities of virtual and augmented reality to create a powerful tool known as the Cyber Digital Twin (CDT). By employing data and simulation models, the CDT serves as a virtual representation of an ICS, seamlessly mirroring the behavior of physical and digital assets. Taking the concept of Digital Twin to the next level, the CDT integrates cybersecurity measures into virtual models, enabling a proactive approach to cybersecurity that identifies and mitigates potential vulnerabilities in the virtual environment before they impact the physical world. Key Points: 1. Integrating available technologies: Outline the technologies and integrations that can catalyze the development of Digital Twins. 2. Exploration of Use Cases: Discuss the myriad of use cases made possible through the combination of virtual reality and cyber technologies, including threat simulation, risk assessment, incident response training, non-invasive red team assessment, and more. 3. Attack Path and Business Impact Analysis: Insights into how the CDT allows security teams to identify mission-critical assets and virtualize key components, enabling in-depth analysis of attack paths and the assessment of potential business impacts. 4. Agile Re-testing and Active Attack Surface Management: Explore how the virtual nature of the CDT facilitates an agile re-testing schedule to effectively manage active attack surfaces, ensuring continuous improvement and adaptation to evolving cyber threats. This presentation delves into the transformative potential of the Cyber Digital Twin and highlights how it can reshape the landscape of ICS cybersecurity in an evolving threat landscape.

Rishabh Das

Manager, Deloitte and Touch LLP

<p>Dr. Rishabh Das is an Advisory Specialist Master within Deloitte's cyber and strategic risk services. He has hands-on experience in operating, troubleshooting, and supervising control systems used in the oil and gas industry. Rishabh's research experience ranges over 11 years, with a specialization in embedded Intrusion Detection Systems (IDS) inside industrial controllers. His other research experiences are in topics such as virtualization of Industrial Control System (ICS), Threat modeling, penetration testing in ICS, active network monitoring, and use of Machine Learning in IDS.During his Ph.D., Rishabh has advised military associations and commercial companies on their critical infrastructure cybersecurity needs.</p>

Anne Robbins

OT Cybersecurity Senior Manager, Deloitte

<p>Anne leads teams in developing cutting-edge solutions to support the ever-changing regulatory and risk landscapes. She has led teams to develop policies, programs, and standards to secure enterprise IoT and OT products, services, and initiatives. In her current role at Deloitte, she focuses on securing Cyber Physical Systems (CPS) or anything that is digitally connected that has a physical impact or monitors something in the physical world and works with smart operations across various industries, including manufacturing, mining, energy generation, transmission, and distribution, oil and gas, and more. She enjoys solving complex problems in creative and sustainable ways, always striving to deliver optimal results for her clients.</p>

time icon 09:00

Defining OT System Criticality; Communicating Priority, Supportability, and Business Impact

Stuart Powell

OT Security Engineer, Elanco Animal Health

<p>Stuart has 40 years of professional experience with varying tenure lengths in; college level technical instruction, project management, industrial control systems engineering, business IT administration for Unix, Windows, and infrastructure and now OT security.</p>

time icon 09:35

Securing the Future: Advanced Strategies for OT GRC in Industrial Control Systems

Roger Hill

Founding Partner of Hillstrong Group Security

<p>Roger Hill, is an inventor, thought leader and founder of Hillstrong Group Security, brings over 30 years of expertise in industrial automation and cybersecurity. Specializing in OT GRC (Operational Technology Governance, Risk, and Compliance), he has guided global manufacturing enterprises in fortifying their cyber defenses. Known for his strategic insights and practical advice, Roger is a trusted advisor and thought leader in the cybersecurity field, dedicated to advancing ICS security practices.</p>

time icon 09:35

Cyber-Informed Engineering for Microgrids

time icon 10:10

Three-Layered Operational Technology Design for Process and Manufacturing Industries

Aravind Ganesan

OT Security Tech Lead, Bosch Global Software Technologies

<p>A passionate ICS /OT/IOT Cyber Security Enthusiast looking forward to competitive and challenging work. A people person, leader, and team player. Armed with 14+ years of experience in ICS /OT/IOT Cybersecurity, Industrial Automation, Safety Instrumented Systems, and Control Systems,I have global project exposure I have stayed on the long term in Norway, Saudi Arabia, Ghana, Abu Dhabi, and Bahrain. Actively supporting compliance programs in IACS cybersecurity (IEC62443). I am a Cybersecurity Tech Lead known for delivering effective and profitable projects have also completed my Masters's in Project Management and completed my Masters's in Cybersecurity.</p>

time icon 10:10

Cybersecurity Assessment Frameworks & Tools Applied to Critical Infrastructure OT

time icon 11:00

Agriculture at Risk: Recognizing and Securing Our Forgotten Critical Infrastructure

Kristin Demoranville

CEO of AnzenOT & AnzenSage, also the host of the Bites and Bytes Podcast

<p>Kristin Demoranville is the visionary founder and CEO of AnzenSage, a cybersecurity firm focused on the food &amp; agricultural industry, and co-founder/CEO of AnzenOT, an OT Cybersecurity Risk management solution. With 25 years in tech, Kristin intertwines cybersecurity and food protection culture, emphasizing the pivotal role of people and processes. Her work with Fortune 500 companies, academic background in Environmental Management, and research in Gorilla behavior give her a unique perspective in the OT/ICS sector. A recognized figure in leading publications and a sought-after speaker, Kristin is the charismatic host of the "Bites &amp; Bytes Podcast," bridging food industry, IT, and cybersecurity professionals.</p>

time icon 11:00

Securing Legacy ICSs in Mission Critical Scenarios

time icon 11:35

Practical Strategies for Managing Cyber Risk in ICS Environments

Ali Corl

Senior Principal Consultant, ABS Consulting

<p>Ali Corl is a seasoned Senior Principal Consultant with a strong background in cybersecurity and technical solutions. With three years at Dragos, Ali excelled as both a Principal Technical Account Manager and a Senior Solutions Architect, delivering expertise across various industries including Energy, Oil &amp; Gas, and Chemical. Before Dragos, Ali served as a Cybersecurity Engineer at Ginna Station in Ontario, NY, where she honed her skills in nuclear security. Ali's technical proficiency and commitment to cybersecurity excellence are underscored by her GRID certification. Residing in Texas with her husband and two daughters, Ali is also an active volunteer on the tech team at her local church.</p>

time icon 11:35

Stopping Volt Typhoon: OT Protection in Action

time icon 12:10

De-stigmatizing Vulnerabilities

Logan Carpenter

Principal Vulnerbility Analyst, Dragos

<p>Logan Carpenter, a CISSP-certified Principal Vulnerability Analyst at Dragos, brings over Seven years of expertise in the field of ICS/OT security. Proud to be an HBCU graduate from Norfolk State University, Logan also serves as a board member for the Information Assurance Research Education and Development Institute at his alma mater. He furthered his education with a Master of Computer Science from the renowned Georgia Institute of Technology.Logan has worked as a researcher at the renowned Sandia National Laboretory and Georgia Tech Research Institute. Today ge is a vital member of Dragos' intelligence research team. He dedicates his time to analyzing the latest vulnerabilities and reverse engineering industrial control equipment, hunting for zero-day vulnerabilities.</p>

time icon 12:10

Navigating CMMC: It's Not Just a Four-Letter Word!

Thomas Graham

VP, CISO, CCA, CMMC PI for Redspin

<p>Dr. Thomas Graham, Ph.D., is the VP and CISO at Redspin, the leading Cybersecurity Maturity Model Certification (CMMC) service provider. He is a recognized expert in CMMC and holds multiple certifications, including Certified Assessor (CCA) and CISSP, and CCSP. Dr. Graham played a pivotal role in Redspin becoming the first authorized C3PAO and having led over 30% of all JSVAP assessments. With a Ph.D. in Information Assurance and Security, he oversees internal security matters at Redspin. Dr. Graham's accomplishments include receiving a FedHealthIT award while supporting the Defense Health Agency and speaking at industry events like the National Cyber Summit and ISC2 Security Congress.</p>

time icon 13:45

System Hardening: Locking the Doors and Closing the Drapes

time icon 14:20

Correlating & Contextualizing OT Events/Alerts/Logs Using Weakly Supervised AI

Event Sponsors