SecurityWeek’s 2019 ICS Cyber Security Conference, the largest and longest-running event dedicated to industrial and critical infrastructure cybersecurity, is set to take place in Atlanta, Ga. on October 21-24.
The conference will feature training sessions, case studies and various talks, including technical and strategy-focused presentations. The goal is to provide users, vendors and government representatives a platform for discussing threats and incidents, and to enable them to cooperate on finding solutions to modern problems faced by industrial and critical infrastructure organizations.
The 4-day conference will take place at the InterContinental Hotel in Atlanta, and will kick off on Monday, October 21, with several full day workshops and training, along with several general sessions.
Full day training options for 2019 include:
• Advanced ICS/SCADA Hacking Training
• Intro to Industrial Automation Security and ISA/IEC 62443 Standards
• ICS Red Team/Blue Team Training
Monday will also feature sessions and short workshops on the state of OT cybersecurity, attack methods and prevention techniques, cybersecurity assessments, securing access to ICS networks with open source two-factor authentication (2FA), creating and conducting a tabletop exercise, threats from the darknet, applying DevSecOps to ICS, analyzing industrial communication protocols, smart grid resilience, and an introduction to some new concepts.
Tuesday kicks off with Derek Harp, founder and chairman of Control Systems Cyber Security Association International (CS2AI), presenting the results of a survey focusing on the current state of ICS security.
The keynote of the ICS Cyber Security Conference is in the form of a fireside chat with Admiral Mike Rogers, former director of the National Security Agency (NSA), the former chief of the Central Security Service, and the former commander of the U.S. Cyber Command. Rogers will join SecurityWeek’s Mike Lennon for a discussion on topics such as geopolitical tensions, nation-state threats, protecting critical infrastructure, and others.
Following the keynote, Joe Slowik of industrial cybersecurity firm Dragos will discuss integrity-based attacks on ICS environments and provide recommendations for defense and recovery.
Patrik Chartrand, cybersecurity specialist in SNC-Lavalin’s Rail & Transit unit, will simulate a level 0 attack on the systems present in a train and demonstrate potential impact.
A researcher from Tenable will describe a theoretical attack scenario involving recently disclosed industrial system vulnerabilities and how they can be exploited to cause disruption to power systems.
Researchers from the Oak Ridge National Laboratory will demonstrate the capabilities of a prototype system, called Deep-CYBERIA, designed to enhance the monitoring, discovery and diagnosis of level 0 sensors.
On Wednesday, October 23, Eric Byres, CEO of aDolus, will detail the security of the ICS supply chain and the priorities of various stakeholders, as identified by a study conducted by the U.S. Department of Homeland Security.
IBM’s Robert Dyson will share some advice on eliminating blind spots from an organization’s OT security program, and Dragos’ Thomas Pope will show how adversaries are increasingly relying on the same attack tools in their operations.
Representatives of organizations in the water sector will discuss the challenges and lessons learned throughout their journey to securing industrial systems.
Matthias Niedermaier, a German researcher specializing in the security of embedded systems, will show how hackers can interact with the physical side of PLCs and the potential impact of such attacks.
Other interesting talks focus on accurately assessing one’s ICS cybersecurity posture, lessons learned from testing OT security solutions in cyber ranges, securing smart sensors in industrial machines, how threat hunters can reverse engineer binaries from OT equipment, the convergence of safety and cybersecurity, and myths surrounding IIoT security.
Networking & Parties
In addition to 4 full days of content from leading experts and end users, there are several opportunities to network and have discussions with your peers off the stage.
The complete agenda for the event is available on the ICS Cyber Security Conference website. SecurityWeek also provides a “justify your attendance” template for individuals who need to convince their employers that attending the conference will be beneficial to the organization.