Industrial Control Systems: how to secure them in practice!

Presented at DEF CON 32 (2024), Aug. 10, 2024, 9 a.m. (240 minutes).

"Pentesting ICS is too easy and you are looking for a new challenge? Attend this workshop to discover and practice how to secure Industrial Control Systems! This workshop is designed to show some key cybersecurity measures to implement on Industrial Control Systems. We’ll bring a realistic but simple ICS setup and let you secure it step by step. After a short introduction, we’ll deep dive in several hands-on exercises: ICS inventory, backups, network security, system hardening and detection. "

Presenters:

• Alexandrine Torrents - Cybersecurity Expert at Wavestone
  Alexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.

Similar Presentations:

• BSidesLV 2017 / Industrial Control System Network Analysis
• DEF CON 31 (2023) / Pentesting Inductiral Control Systems: OCP-U-HACK Workshop
• DEF CON 32 (2024) / Hack the connected plant! Workshop