Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
• Why An Industrial Cybersecurity Standard
• What Is IEC 62443 About
• How It Impacts On You - The Security Lifecycle
• IEC 62443 Certificates
• Reference: Some Ongoing Projects
• Summary
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
Presented at ISACA's EuroCACS 2015 (Copenhaguen).
Understand the impact of Industrial Control Systems (ICS) on the security ecosystem.
Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
With the recent publication of ANSI/ISA-62443-3-3-2013, it is possible for end-users, system integrators, and vendors to qualify the capabilities of their systems from an ICS cyber security perspective. This process is not as simple as it may seem, though. In many cases, the capabilities of individual components of a system can be determined from specifications and manuals. The capabilities of the system also needs to be evaluated as a whole to determine how those individual components work together. Component-level and System-level certifications are common practice in the safety environment, and will eventually become common in the ICS cyber security environment as well. Certification bodies, like the ISA Security Compliance Institute (ISCI), have begun the process to develop certification efforts around ISA-62443-3-3. Until many more groups of components and systems have been officially certified, third-party assessments and evaluations will be common. This presentation will discuss an example of how Kenexis Consulting has evaluated a particular vendor’s components and systems to determine compliance with ISA-62443-3-3. The presentation will go through the evaluation methodology used and describe how Kenexis used the evaluation to develop a series of real-world use-cases of the components and system in the ICS environment.
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
This webinar will help you get more informed on PenTesting in SCADA and also best practices and methods used on risk assessment. Learning about the criticality in industry, makes you more flexible to boost the skills.
Main points covered:
• The SCADA ICS function in critical infrastructure industry
• Risk exposure of IT vs. SCADA ICS from Cyber Security Perspective
• Do's and don’ts of Vulnerability Assessment and Penetration Testing in SCADA ICS Environment
Presenter:
This webinar was presented by Pedro Putu Wirya, an IT and ICS Security Consultant with an extensive experience in ISMS, and PECB Certified Trainer.
Link of the recorded session published on YouTube: https://youtu.be/icq-RTwusZ8
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
• Why An Industrial Cybersecurity Standard
• What Is IEC 62443 About
• How It Impacts On You - The Security Lifecycle
• IEC 62443 Certificates
• Reference: Some Ongoing Projects
• Summary
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
Presented at ISACA's EuroCACS 2015 (Copenhaguen).
Understand the impact of Industrial Control Systems (ICS) on the security ecosystem.
Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
With the recent publication of ANSI/ISA-62443-3-3-2013, it is possible for end-users, system integrators, and vendors to qualify the capabilities of their systems from an ICS cyber security perspective. This process is not as simple as it may seem, though. In many cases, the capabilities of individual components of a system can be determined from specifications and manuals. The capabilities of the system also needs to be evaluated as a whole to determine how those individual components work together. Component-level and System-level certifications are common practice in the safety environment, and will eventually become common in the ICS cyber security environment as well. Certification bodies, like the ISA Security Compliance Institute (ISCI), have begun the process to develop certification efforts around ISA-62443-3-3. Until many more groups of components and systems have been officially certified, third-party assessments and evaluations will be common. This presentation will discuss an example of how Kenexis Consulting has evaluated a particular vendor’s components and systems to determine compliance with ISA-62443-3-3. The presentation will go through the evaluation methodology used and describe how Kenexis used the evaluation to develop a series of real-world use-cases of the components and system in the ICS environment.
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
This webinar will help you get more informed on PenTesting in SCADA and also best practices and methods used on risk assessment. Learning about the criticality in industry, makes you more flexible to boost the skills.
Main points covered:
• The SCADA ICS function in critical infrastructure industry
• Risk exposure of IT vs. SCADA ICS from Cyber Security Perspective
• Do's and don’ts of Vulnerability Assessment and Penetration Testing in SCADA ICS Environment
Presenter:
This webinar was presented by Pedro Putu Wirya, an IT and ICS Security Consultant with an extensive experience in ISMS, and PECB Certified Trainer.
Link of the recorded session published on YouTube: https://youtu.be/icq-RTwusZ8
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Standard IEC 62443, Series of standards that define procedures for
implementing electronically secure Industrial Automation and Control
Systems (IACS). *Equivalence to ISO 27001 and NIST Cybersecurity Framework.
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
How to Build Security and Risk Management into Agile Environmentsdanb02
Many organizations have adopted the agile methodology for software development and/or moved to DevOps IT support models, micro-services, containers, and the like. Often, these practices leave Information security pros tearing their hair out for lack of assurance and verification processes, or an absence of separation of duty. Insisting on traditional waterfall-based security processes may not be an option. As one security engineering staff member put it, “Business developers come to central IT asking for solutions to a problem and are told it will take 6 months. Then its late. They won’t be back.”
Risk management should be front and center in security. However, risk management is also a challenge in the iterative agile environment – especially for a number of companies that use agile project management for most or all projects, even outside development. a challenge in the agile environment. In this presentation, Blum will address:
1) Challenges of implementing security and risk management in agile or DevOps models
2) Good practices for embedding security services in the pipeline
3) Developing an agile risk management framework
Tim Mackey is a principal security strategist with the Synopsys Cybersecurity Research Center(CyRC). Within this role, he engages with various technical and business communities to understand how application security is evolving with ever-expanding attack surfaces and increasingly sophisticated threats. He specializes in container security, virtualization, cloud technologies, distributed systems engineering, mission critical engineering, performance monitoring, and large-scale data center operations. Tim takes the lessons learned from these activities and delivers talks globally at conferences like RSA, KubeCon and InfoSec. For more information, please visit www.synopsys.com/software.
Standard IEC 62443, Series of standards that define procedures for
implementing electronically secure Industrial Automation and Control
Systems (IACS). *Equivalence to ISO 27001 and NIST Cybersecurity Framework.
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
How to Build Security and Risk Management into Agile Environmentsdanb02
Many organizations have adopted the agile methodology for software development and/or moved to DevOps IT support models, micro-services, containers, and the like. Often, these practices leave Information security pros tearing their hair out for lack of assurance and verification processes, or an absence of separation of duty. Insisting on traditional waterfall-based security processes may not be an option. As one security engineering staff member put it, “Business developers come to central IT asking for solutions to a problem and are told it will take 6 months. Then its late. They won’t be back.”
Risk management should be front and center in security. However, risk management is also a challenge in the iterative agile environment – especially for a number of companies that use agile project management for most or all projects, even outside development. a challenge in the agile environment. In this presentation, Blum will address:
1) Challenges of implementing security and risk management in agile or DevOps models
2) Good practices for embedding security services in the pipeline
3) Developing an agile risk management framework
Tim Mackey is a principal security strategist with the Synopsys Cybersecurity Research Center(CyRC). Within this role, he engages with various technical and business communities to understand how application security is evolving with ever-expanding attack surfaces and increasingly sophisticated threats. He specializes in container security, virtualization, cloud technologies, distributed systems engineering, mission critical engineering, performance monitoring, and large-scale data center operations. Tim takes the lessons learned from these activities and delivers talks globally at conferences like RSA, KubeCon and InfoSec. For more information, please visit www.synopsys.com/software.
Over the past few years, PCI compliance in the public cloud has been a growing topic of concern and interest. Like us, you probably have heard assertions from both sides of the topic - some stating that one can be a PCI compliant merchant using public IaaS cloud, others stating that it is impossible. Join us in this webinar as our Director of Security and Compliance, Phil Cox, addresses these concerns and demonstrates how PCI compliance in the public IaaS cloud is indeed possible.
In this webinar we’ll discuss:
- Foundational principles and mindsets for PCI compliance
- How to determine system/application scope and requirement applicability
- Top-level PCI DSS (Data Security Standard) requirements and how to meet them in the public IaaS cloud
This webinar is perfect for those who are searching for solid answers on security in the public cloud. Our goal with this webinar is to educate you with the information you need to have confidence and make the most of your public cloud, while dispelling any myths surrounding the topic of security and the public cloud.
This was a presentation that DSI International, Inc. presented at the 2016 Autotestcon Conference in Anaheim, CA. It is an overview of the field of Diagnostic Engineering.
Enumerating software security design flaws throughout the SSDLCJohn M. Willis
A tool and methodology to enumerate security functional requirements arising in the solution space is described. A proof of concept tool for use by security architects and security engineers is described. The tool facilitates use of community-developed security requirements packages, security functional requirements, threat model taxonomy including mitigations. A risk-based decision making process is facilitated. Tool outputs used for change checklist, new test requirements, system security plan, risk decision documentation, deferred controls, and inherited controls.
Enumerating software security design flaws throughout the ssdlc cosac - 201...John M. Willis
A tool and methodology to enumerate security functional requirements arising in the solution space is described. A proof of concept tool for use by security architects and security engineers is described. The tool facilitates use of community-developed security requirements packages, security functional requirements, threat model taxonomy including mitigations. A risk-based decision making process is facilitated. Tool outputs used for change checklist, new test requirements, system security plan, risk decision documentation, deferred controls, and inherited controls.
Integrating the Alphabet Soup of StandardsJim Gilsinn
Presented @ 2014 ICS Cyber Security Conference
October 21, 2014
It’s been over a year since the NIST Cybersecurity Framework and ISA-62443-3-3 were published, ISA-62443-2-1 has been out for almost 5 years, and ISO/IEC 27001 & 27002 have been out for nearly a decade. NIST has already started their process for revisions, ISA is actively working to overhaul 62443-2-1, and ISO/IEC just published a major revision to their standard. In addition to these cross-domain standards, there are a multitude of local and sector-specific standards as well. As a consultant, we are often asked to use one of these as a baseline to help our customers generate an ICS cyber security program. This presentation will discuss some of the strengths and weaknesses of these different standards and the effort to integrate them into a realistic set of ICS cyber security program requirements.
The basics of Security Architecture
A high level introduction to what you can do to improve the security of your organisation's systems and data.
If you have any questions visit rheinberry.com, send us an email or make a call.
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
Vast amounts of your organization's sensitive data are accessible, stored, and used by authorized employees and partners on a host of devices and servers. Protecting that data where ever it is stored or travels is a top priority.
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
HP Protect 2015 Presentation with Denim Group's John Dickson and HP's Bruce Jenkins - Software security historically has been a bolt-on afterthought, frequently a "nice to do" and not a "must do" activity in many organizations. Despite the obvious need to build security in from the outset, organizations continue to struggle to gain momentum and focus resources in support of a structured and measurable software security assurance program. How can organizations determine the best-fit activities and appropriate resource allocation levels to adequately address software risk? How can security leaders know what other organizations are doing to produce more secure software? This session provides an overview of the Open Software Assurance Maturity Model (OpenSAMM) framework and illustrates how organizations can use it to give their security program the edge necessary to stay competitive in today's DevOps world and need-for-speed go-to-market strategies. The session includes case studies on how organizations are using comparative data and OpenSAMM benchmarking to realize measurable software security improvement.
Originally shared here - https://sessioncatalog.hpglobalevents.com/go/agendabuilder.sessions/?l=19&sid=4026_2744&locale=en_US
Cyber Resilient Energy Delivery Consortium - OverviewCheri Soliday
Brief overview of cutting edge R&D that is used to increase cybersecurity and cyber resiliency of Energy Delivery Systems (EDS). Authored by Dilhan Rodrigo, Information Trust Institute, University of Illinois at Urbana-Champaign.
All regulatory requirements (HIPAA, PCI, etc.) include a mandate for assessing vulnerabilities in systems that manage or store sensitive data. Organizations often opt to conduct vulnerability assessments on an annual, quarterly, or even monthly basis. But while vulnerability assessment tools can identify unpatched or misconfigured code bases, these tools overlook a large portion of an organization’s attack surface: known vulnerabilities in applications that are built in-house. These applications will not have public updates, nor will the thousands of open source components they utilize be included in public disclosures. This is concerning because over 6,000 vulnerabilities in open source projects have been reported since 2014. Register for this webinar to discover how to protect yourself.
The security practitioner's role is changing significantly. Trends like mobile, cloud, DevOps, and Zero Trust are creating new roles and erasing others. This presentation navigates these changes and makes some recommendations for folks wanting to keep up with the curve.
Tim Mackey, Senior Technology Evangelist, Synopsys presented, "Creating a Modern AppSec Toolchain to Quantify Service Risks." For more information on his presentation, please visit https://www.synopsys.com/blogs/software-security/application-security-toolchain/
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016
The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.
Presented @ Frederick Linux Users Group (KeyLUG)
May 7, 2016
A presentation on protecting Small Office/Home Office (SOHO) networks that I made at the Frederick Linux Users Group (KeyLUG). I work virtually from my home, and this presentation goes through some of my experiences setting up my home network to be better and more secure. I ditched my consumer-grade NAT router and have installed a firewall, commercial-grade wireless access points, and an intrusion detection system (IDS). I'm not finished yet, but this presentation will give you an idea of some of the things that I've done, where I'm thinking about going, and as some things to consider as you setup your own network.
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
Presented: BSidesDC 2015, Washington, DC, October 18, 2015
YouTube Video @ https://youtu.be/v3LBywLthjY
Determining the overall health and security of an industrial control system (ICS) network is currently done by looking at the negative case. If the network infrastructure devices indicate that all the devices are connected and communicating, then the network must be operating correctly. If the controllers indicate that they are able to communicate with the other devices in the system, then the system must be operating correctly. If the network security monitoring (NSM) or security information and event management (SIEM) system are not indicating any security events, then the system must be operating correctly. In each of these cases, the assumption is that the system is operating correctly if there are no errors or events being indicated by any of the devices. In reality, the actual health and security of the system can only be determined by positive conditions. The communication streams need to be measured to determine that they are operating within certain limits based upon a desires set of conditions, like rate and maximum latency. Many controllers keep track of these factors for real-time communications, however they are often only recorded as averages and not high-fidelity measurements.
This paper presents an approach to analyzing the real-time network traffic performance of an ICS by measuring the jitter and latency associated with individual network traffic streams in the system. By using statistical and mathematical analysis of the high-fidelity jitter and latency data, a network reliability factor can be determined and used to indicate the health of those traffic streams. The author will present a method to combine the individual network reliability factors into a network reliability monitoring system. Lastly, the author will discuss how network reliability monitoring can be used to indicate potential security problems by observing the network traffic patterns.
Presented @ BSidesDE, November 14, 2014
Cook like a hacker, and I don’t mean Ramen noodles, take-out pizza, and a bowl of cereal. A lot of hacking involves using a basic set of equipment, learning a powerful set of tools, following a basic set of procedures, a lot of improvising and experimenting, and learning from your mistakes. Cooking is the same. You can cook amazing meals, but it means that you have to be willing to apply a hacker-type mindset to an area that doesn’t involve computers.
Presented @ ISA Process Control & Safety Symposium
October 8, 2014
Description of the Kenexis project to build a ICS performance and security lab-in-a-box. This talk accompanies a live demo of the lab equipment.
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
Presented @ Emerson Exchange
October 7, 2014
Industrial control systems (ICS) are large information technology (IT) systems. Office IT systems, failure of ICS can cause plant outages and even physical damage. Management of ICS needs to be different and smarter. IT vendors frequently recommend patches and configuration changes. Most have no impact to the ICS, which cannot implement changes in real time. ICS typically get one chance every few years to make changes - the turnaround. This paper describes optimization of ISC turnaround work, using cyber-vulnerability assessment to focus turnaround work to only what is necessary.
Cyber & Process Attack Scenarios for ICSJim Gilsinn
Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014
This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.
Network performance testing for devices and systems can be a daunting task for vendors and end-users given the cost of test equipment and the investment that the companies have to spend in developing relevant tests and understanding the results. During the last couple years, a group of low cost computing systems have been introduced that are very capable from a functional point of view, but how well do they actually perform? Can they be used in a low-cost performance testing lab system to validate ICS devices before they go into production? Can end-users use them to capture live traffic in their network and get reliable performance results? This talk will discuss how and when different types of equipment can be used to develop a low-cost network performance testing lab. It will also show results from a series of performance tests conducted on some of the equipment and with different testing architectures.
With the ever increasing number of networking protocols, it can be difficult for vendors, integrators, and end-users to determine how well different products and systems perform in real-world networking situations. Each protocol has their own method of defining traffic streams and message structures. Packet analyzers, like Wireshark, have been developed to interpret individual network packets and can perform rudimentary analysis of traffic streams for well-known packet types. Analyzing industrial protocols usually requires much more massaging of the data and in many cases requires a user to do much of the work by hand. This session will present a method to break-down industrial traffic streams into the core components necessary to analyze their performance. By identifying a few key fields in each protocol, a user can define their own method to identify individual traffic streams and analyze their performance.
Presented in May 2010
This presentation goes through the Wireshark network analyzer. It presents an overview of the different features that I've found useful while doing network performance analysis for ICS network protocols.
Presented @ ISA Safety & Security Symposium 2012
Aneheim, CA, April 2012
Wireshark is the de facto network packet analysis tool used in the industry today. It is an easily extensible open–source tool that provides a large number of capabilities for users. It’s not just for IT–based protocols either. Many industrial protocols have created packet decoders for Wireshark. This tutorial will provide the user with:
* An introduction to protocol layering
* A basic overview of packet capture and analysis
* A demonstration of how Wireshark can be used for packet capture and analysis
* Examples of some industrial protocol in Wireshark
* An explanation of some more advanced features available in Wireshark
Test Tool for Industrial Ethernet Network Performance (June 2009)Jim Gilsinn
Presented @ 55th International Instrumentation Symposium
League City, Texas, 1–5 June 2009
Ethernet is being used by a wider variety of industrial devices and applications. Industrial applications and systems require deterministic operations that traditional Ethernet and Transport Control Protocol / Internet Protocol (TCP/IP) suites were not originally designed to support. A standardized way to describe and test industrial devices is needed in order to aid users to characterize the performance of their software and hardware applications.
The Manufacturing Engineering Laboratory (MEL) of the National Institute of Standards & Technology (NIST) has been working to develop a set of standardized network performance metrics, tests, and tools since 2002. NIST has cooperated with standards organizations and other groups during that time.
NIST is presently working on developing an open-source test tool, called Industrial Ethernet Network Performance (IENetP), to aid vendors in characterizing the performance of their devices. The IENetP test tool will be capable of conducting a full series of performance tests and reporting the results to the user. The current version of the software is capable of analyzing network traffic and producing statistics and graphs showing the network performance of a device.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
5. How Do You Pick The Right Standard?
• Regulation
• Regulated industries may have compliance requirements
• NERC CIP, NRC/NEI, API, CFATS
• Industry Guidance
• Some industries have preferred sets of requirements
• Chemical, Transportation, Oil & Gas
• Corporate Preference/Culture
• Who owns cyber security for production?
Sept. 21, 2017 All Rights Reserved5
7. ISA99 Committee
The International Society of Automation (ISA) Committee on Security
for Industrial Automation & Control Systems (ISA99)
• 500+ members
• Representing companies across all sectors, including:
• Chemical Processing
• Petroleum Refining
• Food and Beverage
• Energy
• Pharmaceuticals
• Water
• Manufacturing
Sept. 21, 2017 All Rights Reserved7
8. ISA99 & ISA/IEC 62443
• ISA/IEC 62443 is a series of standards being developed by two
groups:
• ISA99 ANSI/ISA-62443
• IEC TC65/WG10 IEC 62443
• In consultation with:
• ISO/IEC JTC1/SC27 ISO/IEC 2700x
Sept. 21, 2017 All Rights Reserved8
10. Roles
Sept. 21, 2017 All Rights Reserved10
General/Everyone
Asset Owners
System Integrators
Vendors
11. How Do We Use
ISA/IEC 62443?
Sept. 21, 2017 All Rights Reserved11
12. Creating a Security Program
• As a consultant, how do we help our customers create a security
program?
• No one standard has everything
• Don’t try to be an expert in everything
• Pick one and become an expert
• Pick one or two others and become knowledgeable
• Get exposed to the others
• Pick individuals to gain knowledge on different ones
• Many of them have similar requirements
• Customers generally have one in mind
• As part of RFP, customers generally indicate which one they want to use as
their base
Sept. 21, 2017 All Rights Reserved12
13. Creating a Security Program (cont’d)
• Try to avoid one-off solutions
• Start with a main standard
• Integrate good parts of other standards
• Create a repeatable process
• But, don’t create a cookie-cutter solution
• Customers all have different needs and priorities
• Security program will need to be tailored
• Include a checklist, but don’t focus on it
• Everyone talks about not using a checklist approach
• Customers want a simple assessment tool to evaluate whether they met
their design goals
• Checklists provide “add-on value” for customers
Sept. 21, 2017 All Rights Reserved13
14. Creating a Security Program (cont’d)
• Avoid approaching this from a purely security point of view
• If security is seen as insurance, it will be difficult to justify
• Risk management or incident response is a good tact
• System reliability and production uptime are also another tact
• A viable security program is difficult to design without an
assessment
• A security program shouldn’t exist in a vacuum
• Understand what you have and how you work
Sept. 21, 2017 All Rights Reserved14
15. Assess Current State
Identify the SUC
• Clear definition of
scope
• Identify organizations
as well
Conduct High-Level Risk
Assessment
• Reuse existing
information
• General risk
assessment categories
• Not comprehensive
Define Zones &
Conduits
• Network
segmentation
• Logical/physical
breakdown
• Consider safety,
wireless, temporary,
vendors/contractors
Conduct Detailed Risk
Assessment
• Identification &
classification
• Asset inventory
• Network diagrams
• Data captures
• Infrastructure
configs/rules
• Identify existing
vulnerabilities
• Define potential
consequences
• Determine potential
threats
Sept. 21, 2017 All Rights Reserved15
16. Design The Solution
Define Targets
• Don’t
overcomplicate
• Utilize similar
target levels
Evaluate
Countermeasures
• Evaluate data
from detailed risk
assessment
• Compare to
“industry”
recommendations
• Understand OT is
different
Design & Integrate
• Design solutions
• Pick equipment
• Integrate in test
environment, if
possible
Reevaluate
Countermeasures
• Redo detailed risk-
assessment
analysis
Sept. 21, 2017 All Rights Reserved16
17. Questions?
• Contact Information
• Jim Gilsinn
• jim.gilsinn@kenexis.com
• https://www.kenexis.com
• +1-614-323-2254
• @JimGilsinn
• ISA99 Information
• http://isa99.isa.org
Sept. 21, 2017 All Rights Reserved17
Security Is Not About Compliance!