The Future of Securing Intelligent Electronic Devices Using the IEC 62351-7 Standard for Monitoring

Presented at Black Hat USA 2019, Aug. 8, 2019, 9 a.m. (25 minutes).

Until recently, passive monitoring has been the standard approach for OT networks because of the critical processes these networks support. However, as industrial organizations embrace Industry 4.0 and with the increasing convergence of IT and OT, industrial infrastructure is now exposed to new advanced threats coming from the external perimeter. Addressing this requires OT security solutions that are more effective and efficient.

Today there is a better understanding of OT devices and protocols and the availability of dedicated security monitoring protocols. Standards like IEC 62351 define network and system management data object models that can be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure.

This makes it possible for industrial security systems to increase their environment awareness by introducing an active interaction with the devices deployed inside the network. This new approach opens an unprecedented number of detection scenarios not possible before, increasing the detection rate, providing better visibility during an incident and offering a cost-effective solution for distributed scenarios.

In this session, Nozomi Networks Co-founder and CPO Andrea Carcano and security researchers from Nozomi Networks Labs will present a live coverage analysis of detecting threats with IEC 62351 and SNMP.


Presenters:

  • Younes Dragoni - Security Researcher, Nozomi Networks
    Younes Dragoni is a member of the World Economic Forum's Global Shaper Community, a worldwide network of young people actively shaping our future through solution building, policy-making and lasting change. His fascination with computer security, and desire to be on the offensive side, began many years ago. Now, as Security Researcher with Nozomi Networks, Younes thrives on hunting down vulnerabilities in automation devices (ICS/SCADA) and examining malicious software to understand the nature of threats to industrial operations. He co-authored the research paper TRITON: The First ICS Cyber Attack on Safety Instrument Systems.
  • Alessandro Di Pinto - Security Research Manager, Nozomi Networks
    Alessandro Di Pinto is an Offensive Security Certified Professional (OSCP) with an extensive background in malware analysis, ICS/SCADA security, penetration testing and incident response. He holds GIAC Reverse Engineering Malware (GREM) certification, which recognizes technologists with the skills and knowledge to reverse engineer malware and conduct forensic investigations. In his role as Security Researcher with Nozomi Networks, he co-authored the research paper TRITON: The First ICS Cyber Attack on Safety Instrument Systems; and authored the research paper GreyEnergy: Dissecting the Malware from Maldoc to Backdoor.
  • Andrea Carcano - Co-founder and CPO, Nozomi Networks
    Andrea Carcano is an expert in industrial network security, artificial intelligence and machine learning, and has published a number of academic papers on the subject. His passion for cybersecurity and solving the unique challenges around ICS became the focus of his PhD in Computer Science from the Università degli Studi dell'Insubria. Carcano worked on the European Commission Power Plant Security Program, was a Senior Security Engineer for global oil and gas supermajor Eni, and most recently (through his work at Nozomi Networks) developed software that detects intrusions to critical infrastructure control systems. In his current role at Nozomi Networks, Carcano is helping build a new generation of ICS Security products.

Links:

Similar Presentations: