I am honored to again be presented at the Industrial Control System Joint Working Group (ICSJWG) meeting scheduled for June 3-5 in Indianapolis, Indiana. I will be participating in a panel discussion on Heartbleed and its impact to control systems where I will be sharing some of my research findings and sharing with you my point-of-view based on ICS systems at large.
I will also have a session presentation entitled "Can you hear me now? Standing up a SEM to improve Situational Awareness". This sessions in tentatively scheduled for Wednesday, June 4 at 1:00-2:00pm.
I am looking forward to seeing many of you
A great deal has been learned in the four years since Stuxnet was publicly discovered. Organizations are seeing the value of implementing advanced security technologies like application-aware industrial firewalls, unidirectional gateways, and application control. The problem is, how can you leverage these technologies to not only prevent a potential cyber event from occurring within your industrial environment, but also to be notified when such an attempt has occurred in order to possibly adjust your defensive strategies, improve attribution efficiency, and understand what assets in your industrial network the threats are targeting.
Many vendors provide basic reporting applications, while others may do nothing as they feel their devices are designed to provide "preventative" measures while failing to look at the value of "detective" controls as well. The only way site support personnel and system administrators can effectively managed this significant amount of raw "data" is through the creation of informative security dashboards that aid in the consolidation, visualization, and analysis that turns this to useful "information".
This session looks at the creation of a security event management solution and a ICS Security Dashboard showing how data from heterogeneous suppliers is aggregated, extracted, transformed and visualized, including a live demonstration of the proposed solution set. Everything shown in the solution is based on proven technologies that can be deployed at little or no cost.