Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

2014 ICS Cyber Security Conference Agenda Update

Our team is busy putting together the best ICS Cyber Security Conference to date.

Our team is busy putting together the best ICS Cyber Security Conference to date. As always, the conference will address real world problems and discuss actual ICS cyber incidents, many of which have never been told before.

The 14th ICS Cyber Security Conference will have 5 major themes: Actual ICS cyber incidents; ICS cyber security standards; ICS cyber security solutions; ICS cyber security demonstrations; and ICS policy issues.

ICS Cyber Security Conference

The Conference focuses on what has really happened and what is being done that affects the control systems.

 

While we sift through the many great speaker submissions and build the agenda, we can share a bit about some select sessions that we have planned, including:

 

– A case history of a very significant control system cyber incident and what has happened since. A broadcast storm resulted in complete and simultaneous failure of two interconnected power plant units (over 200 DCS processors with complete loss of logic with the plants at power). The discussion will provide details of the utility’s response to the incident including improving the robustness of the upgraded processor firmware and hardening its network against overloads or broadcast storms.

– A real case history of a recent cyber attack of an off-shore oil platform. The presentation will discuss how big data was used to identify a cyber attack that caused the tilting and resultant shutdown of the platform.

Advertisement. Scroll to continue reading.

– Details of a vulnerability that may actually be more significant than Stuxnet as it affects any controller and may not be detectable. It is possible to sniff and inject packets into field device networks such as Modbus over RS-485, HART, Profibus, etc. Devices and applications residing on this control network can be vulnerable to specially crafted packets and instructions (the developers didn’t expect that packets could have correct CRC and incorrect content.)Moreover, some of the data that is collected at the field device level is passed to the higher levels. This “feature” can be used to attack not only the lower layers of network and/or industrial processes, but also corporate networks. Imagine hacking one small transmitter to gain remote command execution on the SAP system.

– Aurora is still not well understood and affects every electric substation and substation customer. This presentation will include a detailed discussion of what is Aurora, why it is a gap in protection, and what can it affect. It will also discuss the first sets of Aurora hardware mitigation data from two utilities.

 – There is minimal guidance on how to identify the potential consequence from cyber vulnerability disclosures. An end-user control system cyber security expert will provide a general methodology for determining the potential consequence of vulnerabilities. That is, what you have to do and when.

 – A utility has been acting as a test bed for evaluating control system cyber security solutions for reliability. The utility is monitoring their control system network and using this information to improve reliability and reduce maintenance costs. The utility will provide a status of the efforts including the close integration of IT, OT, and Operations.

 – Recent studies such as the Unisys Ponemon report have attempted to indicate the state of critical infrastructure security without significant input from the ICS community. Consequently, the results and conclusions may be suspect. This presentation and associated survey will be the start of an assessment of the state of ICS cyber security based on input from the ICS community.

 – Cyber insurance is becoming an important consideration in IT. However, providing cyber insurance to the ICS community where business continuity and personal safety are critical is a more difficult problem. A major international insurance carrier will provide their perspectives on the carrot and stick approach necessary to provide cyber insurance for ICS operators.

 As with previous ICS Cyber Security Conferences, the agenda will not be complete until shortly before the conference to accommodate the most current issues and findings.

 Much More to Come! This Event Sold out Last Year,  Register Now and Hold Your Spot.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

CISO Strategy

The question for 2023 and beyond is whether the cyberinsurance industry can make a profit without destroying its market.

Cyber Insurance

MGM Resorts said costs from a disruptive ransomware hack has exceeded $110 million, including $10 million in one-time consulting cleanup fees.

Cyber Insurance

Court says insurers must pay Merck for losses related to the Russia-linked NotPetya cyberattack.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.