What do Robert M. Lee, Eric Byres, Sean McBride, Dr. Oliver Kleineberg, and Sid Snitkin all have in common?
If any of these names do not ring a bell, they’re each industrial cybersecurity experts in different realms. Along with Tripwire customers and other industry leaders, they will be sharing fast-paced perspectives and challenging you to think differently about a range of topics relevant to industrial environments and critical infrastructure.
As an example, what is the 20 percent you could do to secure your ICS and SCADA environments that would give you an 80 percent gain against the cyber risks you’re most concerned about? What if ICS and plant cybersecurity could support requirements for availability/uptime, resilience when things go wrong, reduced cyber risk, and increased response efficiency?
Please join me as I host the line-up of speakers and topics below in short 15-minute topics covering the agenda below.
Future Challenges and Changes in Industrial Cybersecurity
Sid Snitkin – Vice President, Cybersecurity Services, ARC Advisory Group
ARC Research has its hand on the pulse of what’s going on with industrial and critical infrastructure organizations and their need for increased ICS and SCADA security. Real world industrial environments have specialized needs, and they span from Operations Technology (OT) to IT security requirements. Sid will share expanded challenges and gaps that exist with recommendations for whether you work in the corporate or plant side of your organization
Point-Counterpoint between IT Security and Control Systems Engineering
Robert Landavazo – Former PNM Systems Engineer, now ICS Sales Engineer at Tripwire
Jonathan Skeele – Former Intel Senior Business Development Manager, now ICS Senior Business Development Manager at Tripwire
Robert and Jonathan will spar over differing views and methods in a point-counterpoint between IT security and operations/plant engineering (often described as “Operations Technology”). Both gentlemen are knowledgeable and experienced professionals within what we might say are at times incompatible disciplines. Somehow they’ll get along as they enlighten us on how it works and sometimes doesn’t when ICS security is in the spotlight.
What Comes After Plant-Wide Ethernet? Industrie 4.0 and TSN
Dr. Oliver Kleineberg – Belden’s Manager of Advance Development
Dr. Kleineberg will share his thoughts on Time-Sensitive Networking (TSN) which contributes essential building blocks to enabling Industrie 4.0. Dr. Kleineberg is leading Belden’s participation in the coming new IEEE standards affecting TSN. Learn what it is and how it will influence what’s coming in the near future for your manufacturing processes and plant operations.
Customer Case Study – El Paso Electric
Rafael Garcia, MBA, CISSP, PMP – Information Security, Privacy & Risk Management at El Paso Electric Company
Rafael will share the use case at El Paso Electric where Tripwire was brought in to more rapidly achieve NERC CIP compliance. Since implementation, Rafael has a real-world perspective about how he can now maintain his audit readiness without unforeseen “drift” in his systems and processes. While being compliant obviously won’t guarantee security, Rafael will share important guidance about where EPE was and where they are now.
Detecting Counterfeit ICS/IoT Software
Eric Byres – CEO, aDolus, P.Eng, ISA Fellow
IoT asset owners depend on their vendors to supply valid software and firmware for system implementation and upgrades. If this chain of trust is compromised, then malicious software can be introduced that alters core system functionality, potentially impacting critical operations and human safety. Unfortunately, there are few safeguards available today to protect devices from the introduction of counterfeit firmware/software, and this is not a hypothetical risk. This talk reports on a US Department of Homeland Security (DHS) funded research project to investigate the viability of using trust anchor technologies for onsite validation of ICS upgrade packages.
Virtual ICSs – Risks and Rewards
Justin Cavinee – Chief Data Scientist at Dragos, Inc
There are obvious rewards to virtualized industrial control systems of all types. And there are also risks. When the inevitable security incident strikes, virtualized ICS can ease all aspects of incident response. Justin Cavinee of Dragos will walk through an incident response case study exploring the forensic and recovery actions performed on an HMI infected with Havex.
Whitelist Profiler and Saving Years of Time in ICS/SCADA environments
Gabe Authier – Senior ICS Product Manager at Tripwire
One of the most popular products at Tripwire is our Whitelist Profiler, a companion application to Tripwire Enterprise and an auditor favorite. Learn how this sophisticated application can document as you go, save resources, and protect your ICS environment using a blend of whitelisting techniques and other capabilities unique to Tripwire.
Preparing for a Bright Future: Shining Some Light on our Industrial Cyber Insecurities
Lane Thames – Senior Security Researcher at Tripwire
Lane is a member of the Tripwire Vulnerabilities, Exploits, and Research Team (VERT). As a researcher, author and speaker Lane delivers a balanced perspective – cyber threats and business risks v. the very real requirement for highly available and undisrupted operations and process controls. Lane will briefly review Dragonfly and provide you the suggested “short list” of what’s important now.
Developing Your ICS Security Workforce
Sean McBride – Cyber-Physical Systems Security Program Coordinator, Idaho State University, former FireEye/iSIGHT Lead Analyst – Critical Infrastructure
There are many challenges to securing industrial and critical infrastructure and one of the most pressing is lack of skilled personnel within industrial sites and plants. Your plant may rely heaviest on your vendors or perhaps a trusted system integrator for ICS security. Many organizations do not have adequate personnel, skills or even interest to learn the specialized skills required. Sean will share firsthand experience from his years as a critical infrastructure cybersecurity analyst and now in developing the next generation ICS security workforce.
The Human Attack Surface within Industrial Sites
Keirsten Brager – Security Engineer, Entergy, CISSP, CASP, Security+ MA
Industrial organizations operate with a high degree of internal trust – natural to the environment. However, there is also a high degree of cyber risk.
Securing the human is never easy and never done. It can be relatively simple to compromise “the human attack surface” across plant sites, and Keirsten will share from direct experience and give foundational guidance on what nearly every organization can do to reduce this cyber risk.
No “Easy Button” – The First Malware Platform and What’s Now True for Every Industry
Robert M. Lee – CEO of Dragos, Inc
Robert and his team at Dragos have thoroughly researched CRASHOVERRIDE, aka Win/Industroyer. While Robert is the first to say “Stay Calm (the sky is not falling),” CRASHOVERRIDE is truly a game-changer for those who defend industrial and critical infrastructure organizations. Also known as Win/Industroyer, this malware is the first true platform and is worth your time to understand the implications for your own organization. Robert’s organization has developed an informative whitepaper you may also want after getting the short story from Mr. Lee and Dragos’ team of researchers.
If you want to hear all of these fantastic speaking sessions, then you must sign-up for our webcast on November 7!
Click here to register