ICS SCADA Webinar: Assessing & Protecting Critical Infrastructure
This webinar will aim to provide an overview of ICS security by reviewing several important lessons learned. Join our ICS SCADA free webinar, addressing the threats, risks, state-of-the-art security practices and relevant standards related to critical infrastructure!
Date: 29 November 2018
Time: 3:00 PM - 3:45 PM CET
Presenters: Razvan Venter, Senior Certification Specialist & Jos Wetzels, independent security researcher specializing in embedded systems security.
Industrial Control Systems (ICS) have been historically built to last for a long time while keeping their performance parameters at a high level. As a result of this, cybersecurity issues related to the manufactured and deployed systems were not strongly considered until recently. In the context of Industry 4.0, where the systems and components are more and more connected to each other and to the Internet, cyber-attack vectors have multiplied enormously. Security simply cannot be ignored anymore, also considering the high risks and impacts associated with these systems, as well as the organizations which are deploying and making use of them.
ICS security lessons learned and concrete follow up
A history of the most relevant ICS security developments and attacks will be provided. Building on these facts, the threat landscape of ICS systems and components will be derived. Based on the possible threats, various attack scenarios, together with their associated impacts, will be presented. Once a good understanding of the risks associated with ICS technology is in place, designing, implementing and mitigating security controls is a must. The webinar will briefly go over various types of controls, explaining the benefits and complexity of implementing them in practice.
Standardization to increase ICS cyber security maturity
The last part of the webinar will go towards the standardization and regulation environments related to ICS security. In the absence of uniformly enforced regulations, manufacturers and users of ICS systems and components have serious issues in ensuring the completeness, correctness and sufficiency of the security controls which they implement. What can be done to solve this issue? Internationally recognized standards addressing security features, requirements, procedures and processes can be followed in order to improve security and create a common language among stakeholders. The webinar will present the state of the art with respect to relevant standards, while focusing especially on the IEC 62443 family, as the most relevant for addressing the security needs of the whole ICS supply chain.
Jos Wetzels, independent security researcher in embedded systems security. Jos holds a Master's Degree in Computer Science & Engineering from Eindhoven University of Technology (TU/e). He previously worked as a researcher at the Distributed and Embedded Security group (DIES) at the University of Twente (UT) where he developed exploit mitigation solutions for constrained Industrial Control Systems (ICS) used in critical infrastructure, performed various security analyses of state-of-the-art network and host-based intrusion detection systems and has been involved in the AVATAR research project regarding on-the-fly detection and containment of unknown malware and Advanced Persistent Threats.
Jos has spoken at various international security conferences such as Black Hat, USENIX Enigma, Chaos Communication Congress, REcon, OffensiveCon, CanSecWest, Infiltrate, hardwear.io and Swiss Cyber Storm and has assisted teaching hands-on offensive security classes for graduate students at the Dutch Kerckhoffs Institute for several years.
Razvan Venter, Senior Certification Specialist at Secura. Razvan has more than four years’ experience in the field of security benchmarking and certification by working for internationally known security evaluation companies. The past experience includes evaluation and certification of payment systems, network elements, biometric devices and secure hardware storage modules against standards such as Common Criteria or PCI PTS POI. Currently, Razvan is working on managing security assessment and certification programs in domains in which security benchmarking initiatives are emerging. These include medical devices, industrial control systems, automotive or consumer IoT products. Razvan has experience with analyzing a broad range of international standards, as well as applying them in practice for the assessment of components, systems or organizational policies.