Defending Industrial Control Systems (closed)

Presented at DeepSec 2020 „The Masquerade“, Unknown date/time (Unknown duration).

Smarter industrial systems require smarter defenses. In addition to increased security requirements on manufacturers, system integrators and operators of industrial plants, technical changes in the area of industrial security have become a new challenge. These rapid changes lead to the fact that industrial security today works completely different compared to the familiar world of automation of the past decades. In this training we provide clarity by giving guidelines for action on how to correctly handle security issues in an industrial environment. Technicians and engineers in particular are increasingly required in industrial operations to make or prepare the right decisions concerning appropriate technical security measures and security technologies. This requires deeper security knowledge and a good understanding - be it of threats, current attack campaigns or the use of technical protection measures. Thus, the contents of the "Defending ICS" trainings have been selected based on the experience gained from many industrial projects and are aimed at the challenges that technicians in the industry face in practice today. Through practical examples the participants develop all the skills required for secure digitization in industry. The training is aimed at persons that want to deepen their existing knowledge in IT and OT security and improve their skills regarding how to technically implement security measures in OT operations. The central theme of the training is securing an initially insecure OT network architecture. The training starts with a risk analysis to define possible impacts and identify threats and risks. After that the training is divided in chapters covering the most important security measures in OT. Every chapter starts with imparting theoretical know how regarding the topic, paired with hands-on exercises for better understanding and ends with the definition of additional threats based on the covered topics. In this way the security aspects of industrial protocols such as - the choice of most common wired and wireless industrial protocols, - how to secure insecure industrial protocols, - vital OT network security topics like Network segmentation, ICS firewalls, and Honeypots, - and well-established network-based attacks such as denial of service, man in the middle, spoofing, and smb relay are covered. The last chapter is dedicated on how to implement certain security measures in OT. For this we have chosen the most common problem areas and the corresponding security measures in ICS: Defense in depth (what is it and how is is relevant for OT) User Management (centralized vs. decentralized user management, advantages of separate user management for OT, how to securely configure user management) Credential Management (what is credential management, ways for implementing credential management in OT, consideration for ICS) Host Hardening (most important hardening measures, considerations for OT) System Monitoring and Network Detection (importance for OT, what to consider when implementing network monitoring and detection) Remote Access (policies for implementing secure remote access for OT, discussion of TeamViewer for remote access) Backup and Recovery (definition of RTO und RPO, common pitfalls, considerations for OT) By the end of the training the participants have a basic understanding of OT transmission technologies and protocols as well as different network protection measures. Furthermore, they know the procedure for partitioning and zoning of an architecture according to the IEC 62443 standard. In addition, the participants acquire the knowledge on how to start implementing the most important security measures in their own OT as well as what to consider when doing so.

Presenters:

  • Tobias Zillner - Limes Security
    Tobias Zillner is general manager and IT/OT-Security specialist at Limes Security, specialized in consulting for industrial security and security assessments. In addition to industrial security Tobias mainly focuses on current hacking techniques and reverse engineering wireless communication. He has been speaking at several international security conferences (Black Hat, Defcon, DeepSec, BSides,...) and is engaged in teaching at the University of Vienna and the University of Applied Sciences in St. Pölten. Prof. Thomas Brandstetter is a widely-recognized industrial cybersecurity expert, with more than 15 years of industry experience. He is well known for being the founder of the Siemens Hack-Proof Products Program, the incident handler for the Stuxnet incident as well as the founder of the Siemens Product Cyber Emergency Readiness Team, which is still one of the most effective industrial vulnerability and incident response teams worldwide today. Since 2013, he is the co-founder and managing director of Limes Security, one of Europe's leading cyber security companies specializing in top-class industrial security consulting and secure software development coaching. He also holds a Professorship in IT Security at University of Applied Sciences St. Poelten and was appointed as Honorary Professor for Cyber Security at the esteemed Cyber Technology Institute of DeMontfort University Leicester, UK. Thomas was a speaker at security conferences like Blackhat USA, Blackhat Europe and SANS SCADA, Meridian, IFIP WG11.10 CIIP and CIRED. He is conference chair of the industrial control system cyber security research (ICS-CSR) research conference series as well as ITSECX conference. He served as program committee member of the International Conference on Availability, Reliability and Security (ARES) and editorial board member of the European Alliance for Innovation's (EAI) endorsed Transactions on Security and Safety.
  • Thomas Brandstetter - Limes Security
    Tobias Zillner is general manager and IT/OT-Security specialist at Limes Security, specialized in consulting for industrial security and security assessments. In addition to industrial security Tobias mainly focuses on current hacking techniques and reverse engineering wireless communication. He has been speaking at several international security conferences (Black Hat, Defcon, DeepSec, BSides,...) and is engaged in teaching at the University of Vienna and the University of Applied Sciences in St. Pölten. Prof. Thomas Brandstetter is a widely-recognized industrial cybersecurity expert, with more than 15 years of industry experience. He is well known for being the founder of the Siemens Hack-Proof Products Program, the incident handler for the Stuxnet incident as well as the founder of the Siemens Product Cyber Emergency Readiness Team, which is still one of the most effective industrial vulnerability and incident response teams worldwide today. Since 2013, he is the co-founder and managing director of Limes Security, one of Europe's leading cyber security companies specializing in top-class industrial security consulting and secure software development coaching. He also holds a Professorship in IT Security at University of Applied Sciences St. Poelten and was appointed as Honorary Professor for Cyber Security at the esteemed Cyber Technology Institute of DeMontfort University Leicester, UK. Thomas was a speaker at security conferences like Blackhat USA, Blackhat Europe and SANS SCADA, Meridian, IFIP WG11.10 CIIP and CIRED. He is conference chair of the industrial control system cyber security research (ICS-CSR) research conference series as well as ITSECX conference. He served as program committee member of the International Conference on Availability, Reliability and Security (ARES) and editorial board member of the European Alliance for Innovation's (EAI) endorsed Transactions on Security and Safety.

Links:

Similar Presentations: