Industry experts share how to embrace the coming merger of information technology (IT) and operation technology (OT) – originally, two very distinct domains of business.
Read more at: http://tripwire.me/adaptitot and www.belden.com/adaptitot
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
Major healthcare providers are tasked with protecting patient data and maintaining complex security compliance requirements enforced through rigorous audits. Mercy Health, a major Midwestern hospital system, became a Tripwire customer in 2013. Using Tripwire technology, they created a successful IT service by integrating their ITSM tool, streamlining their reporting process and more.
Mercy Health and Tripwire show you how to:
-Implement effective change management
-Strengthen security in Epic records systems
-Streamline the audit process
Industry experts share how to embrace the coming merger of information technology (IT) and operation technology (OT) – originally, two very distinct domains of business.
Read more at: http://tripwire.me/adaptitot and www.belden.com/adaptitot
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
Major healthcare providers are tasked with protecting patient data and maintaining complex security compliance requirements enforced through rigorous audits. Mercy Health, a major Midwestern hospital system, became a Tripwire customer in 2013. Using Tripwire technology, they created a successful IT service by integrating their ITSM tool, streamlining their reporting process and more.
Mercy Health and Tripwire show you how to:
-Implement effective change management
-Strengthen security in Epic records systems
-Streamline the audit process
Almost 70 years since the first computer bug was discovered, there has been decades of research done on Information Security theory and practice. Yet, despite vast amounts of money being spent, innumerable academic papers, mainstream media obsession, and entire industries being formed, we are left with the impression that the risk is growing, not receding. Why? Some argue a lack of data, but data clearly exists. We’re likely generating it, in some areas, faster than humans will ever be able to process it. Perhaps, after all of this effort, we’ve managed to box ourselves into metaphors and first principles that might be inappropriately constraining how we think about “Information Security Risk”. In fact, it’s worth noting that we can’t even agree if there is a space between “Cyber” and “Security” when it’s written out. This talk will take an anecdotal look at “Information Security Risk”, “What IS Cyber Security?”, and use that perspective to suggest areas of research that are either lacking or should be made more accessible to the markets, industries, and individuals driving risk management change. In an industry filled with data, perhaps an examination of empty space might be helpful.
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Matthew Rosenquist
Intel® Cyber Security Briefing:Trends, Challenges, and Leadership Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp
In the digital world, the opportunities and risks coexist. To achieve and maintain a balanced Cyber Strategy by implementing a model of "connected security" has become a new imperative in business and society. Management can drive "cyber" leadership to create value and gain a competitive advantage in the digital world.
Security Redefined - Prevention is the future!!Daniel L. Cruz
Android is winning the mobile market in numbers of devices and applications. Soon, Android will also dominate the evolving IOT device and application market. Device+Application security certification testing must become embedded as a process and every piece of software capable of being exposed to hackers.
Accelerating Our Path to Multi Platform BenefitsIntel IT Center
This is a time of tremendous change for IT organizations everywhere.
Intel IT realized we need to enable enterprise applications to support the devices of today (touch) and also develop the applications so they are ready for the next big thing (voice and gesture). We’ve kicked-off a new initiative that focuses on accelerating delivery of applications to our business partners and employees on their mobile platform(s) of choice.
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
Executive Summary
No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. Evaluating cyber risk in industrial control system (ICS) networks is difficult, considering their complex nature. For example, an evaluation can consider (explicitly or implicitly) up to hundreds of millions of branches of a complex attack tree modelling of cyberattacks interaction with cyber, physical, safety and protection equipment and processes. This paper was written to assist cyber professionals to understand and communicate the results of such risk assessments to non-technical business decision-makers.
This paper proposes that cyber risk be communicated as a Design Basis Threat (DBT) line drawn through a representative “Top 20” set of cyberattacks spread across a spectrum of attack sophistication. These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. Many industrial cyber risk practitioners will find the list useful as-is, while expert practitioners may choose to adapt the list to their more detailed understanding of their own sites’ circumstances.
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
Big Data & Security Have Collided - What Are You Going to do About It?EMC
Big data has recently begun to impact enterprise security organizations. How can organizations use the flood of security-relevant data to improve overall security? How can organizations actually secure the big data systems themselves? This session discusses the opportunity for big data to improve security and reduce risk, focusing especially on the critical role of security strategy and management.
Objective 1: Identify the key current challenges of security and why improved security requires big data tools and techniques.
After this session you will be able to:
Objective 2: Describe strategies for using big data tools and techniques to improve security, in particular monitoring and analysis.
Objective 3: Identify best practices and technologies that can be used to secure big data systems themselves.
Access the recording via http://www.brainshark.com/emcworld/vu?pi=zIGzOvwlUzB8sLz0
REDUCING CYBER EXPOSURE From Cloud to Containersartseremis
REDUCING CYBER EXPOSURE From Cloud to Containers
(Sponsored by tenable)
Lessons Learned by Industry Leaders.
- Securing a Dynamic IT Environment.
- Rethinking Security for a Cloud Environment.
- Moving Security to the Application Layer.
- Focusing on Data Security.
- Automating Security Testing and Controls.
Security Testing for Testing ProfessionalsTechWell
Today’s software applications are often security-critical, making security testing an essential part of a software quality program. Unfortunately, most testers have not been taught how to effectively test the security of the software applications they validate. Join Jeff Payne as he shares what you need to know to integrate effective security testing into your everyday software testing activities. Learn how software vulnerabilities are introduced into code and exploited by hackers. Discover how to define and validate security requirements. Explore effective test techniques for assuring that common security features are tested. Learn about the most common security vulnerabilities and how to identify key security risks within applications and use testing to mitigate them. Understand how to security test applications—both web- and GUI-based—during the software development process. Review examples of how common security testing tools work and assist the security testing process. Take home valuable tools and techniques for effectively testing the security of your applications going forward.
Provided a demonstration about current information sharing and collaboration issues within the SCADA/control systems community, and some of the challenges (and advantages) encountered since its inception back in 2008.
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning.
However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!
Almost 70 years since the first computer bug was discovered, there has been decades of research done on Information Security theory and practice. Yet, despite vast amounts of money being spent, innumerable academic papers, mainstream media obsession, and entire industries being formed, we are left with the impression that the risk is growing, not receding. Why? Some argue a lack of data, but data clearly exists. We’re likely generating it, in some areas, faster than humans will ever be able to process it. Perhaps, after all of this effort, we’ve managed to box ourselves into metaphors and first principles that might be inappropriately constraining how we think about “Information Security Risk”. In fact, it’s worth noting that we can’t even agree if there is a space between “Cyber” and “Security” when it’s written out. This talk will take an anecdotal look at “Information Security Risk”, “What IS Cyber Security?”, and use that perspective to suggest areas of research that are either lacking or should be made more accessible to the markets, industries, and individuals driving risk management change. In an industry filled with data, perhaps an examination of empty space might be helpful.
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Matthew Rosenquist
Intel® Cyber Security Briefing:Trends, Challenges, and Leadership Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp
In the digital world, the opportunities and risks coexist. To achieve and maintain a balanced Cyber Strategy by implementing a model of "connected security" has become a new imperative in business and society. Management can drive "cyber" leadership to create value and gain a competitive advantage in the digital world.
Security Redefined - Prevention is the future!!Daniel L. Cruz
Android is winning the mobile market in numbers of devices and applications. Soon, Android will also dominate the evolving IOT device and application market. Device+Application security certification testing must become embedded as a process and every piece of software capable of being exposed to hackers.
Accelerating Our Path to Multi Platform BenefitsIntel IT Center
This is a time of tremendous change for IT organizations everywhere.
Intel IT realized we need to enable enterprise applications to support the devices of today (touch) and also develop the applications so they are ready for the next big thing (voice and gesture). We’ve kicked-off a new initiative that focuses on accelerating delivery of applications to our business partners and employees on their mobile platform(s) of choice.
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
Executive Summary
No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. Evaluating cyber risk in industrial control system (ICS) networks is difficult, considering their complex nature. For example, an evaluation can consider (explicitly or implicitly) up to hundreds of millions of branches of a complex attack tree modelling of cyberattacks interaction with cyber, physical, safety and protection equipment and processes. This paper was written to assist cyber professionals to understand and communicate the results of such risk assessments to non-technical business decision-makers.
This paper proposes that cyber risk be communicated as a Design Basis Threat (DBT) line drawn through a representative “Top 20” set of cyberattacks spread across a spectrum of attack sophistication. These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. Many industrial cyber risk practitioners will find the list useful as-is, while expert practitioners may choose to adapt the list to their more detailed understanding of their own sites’ circumstances.
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
Big Data & Security Have Collided - What Are You Going to do About It?EMC
Big data has recently begun to impact enterprise security organizations. How can organizations use the flood of security-relevant data to improve overall security? How can organizations actually secure the big data systems themselves? This session discusses the opportunity for big data to improve security and reduce risk, focusing especially on the critical role of security strategy and management.
Objective 1: Identify the key current challenges of security and why improved security requires big data tools and techniques.
After this session you will be able to:
Objective 2: Describe strategies for using big data tools and techniques to improve security, in particular monitoring and analysis.
Objective 3: Identify best practices and technologies that can be used to secure big data systems themselves.
Access the recording via http://www.brainshark.com/emcworld/vu?pi=zIGzOvwlUzB8sLz0
REDUCING CYBER EXPOSURE From Cloud to Containersartseremis
REDUCING CYBER EXPOSURE From Cloud to Containers
(Sponsored by tenable)
Lessons Learned by Industry Leaders.
- Securing a Dynamic IT Environment.
- Rethinking Security for a Cloud Environment.
- Moving Security to the Application Layer.
- Focusing on Data Security.
- Automating Security Testing and Controls.
Security Testing for Testing ProfessionalsTechWell
Today’s software applications are often security-critical, making security testing an essential part of a software quality program. Unfortunately, most testers have not been taught how to effectively test the security of the software applications they validate. Join Jeff Payne as he shares what you need to know to integrate effective security testing into your everyday software testing activities. Learn how software vulnerabilities are introduced into code and exploited by hackers. Discover how to define and validate security requirements. Explore effective test techniques for assuring that common security features are tested. Learn about the most common security vulnerabilities and how to identify key security risks within applications and use testing to mitigate them. Understand how to security test applications—both web- and GUI-based—during the software development process. Review examples of how common security testing tools work and assist the security testing process. Take home valuable tools and techniques for effectively testing the security of your applications going forward.
Provided a demonstration about current information sharing and collaboration issues within the SCADA/control systems community, and some of the challenges (and advantages) encountered since its inception back in 2008.
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning.
However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!
Securing the Internet of Things (IoT) requires new ways of thinking that can defend the enterprise and its customers against attackers and privacy abuses. Understand the threats, and map your plan of action.
To find out more please visit: www.accenture.com/SecurityIoT
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
How can IT and OT teams work together effectively to secure the entire infrastructure? We asked industry experts for their top tips. Read their full responses here: https://www.tripwire.com/state-of-security/ics-security/it-collaborate-ics-security/
An Internet of Things Reference Architecture Symantec
The Internet of Things (IoT) already helps billions of people. Thousands of smart, connected devices deliver new experiences to people throughout the world, lowering costs, sometimes by billions of dollars. Examples include connected cars, robotic manufacturing, smarter medical equipment, smart grid, and countless industrial control systems. Unfortunately, this growth in connected devices brings increased security risks. Threats quickly evolve to target this rich and vulnerable landscape. Serious risks include physical harm to people, prolonged downtime, and damage to equipment such as pipelines, blast furnaces, and power generation facilities. As several such facilities and IoT systems have already been attacked and materially damaged, security must now be an essential consideration for anyone making or operating IoT devices or systems, particularly for the industrial Internet.
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!DIGITALCONFEX
Dive into the dynamic world of innovation with inaugural edition of iTech Magazine, where cutting-edge technology meets insightful storytelling. Explore the latest trends, uncover groundbreaking advancements, and connect with the forefront of the tech landscape.
Elevate your tech journey with in-depth features, expert perspectives, and a spotlight on the innovations shaping our digital future. Welcome to iTech Magazine – Where Tomorrow's Tech Unfolds Today!
Visit to know more: https://digitalconfex.com/itech-magazine/
Daniel Ehrenreich, BSc. is a leading Industrial Control System (ICS) expert and acting as consultant and lecturer at Secure Communications and Control Experts (SCCE) consulting entity, based in Israel.
Periodically conducting workshop sessions via Internet and in person for educating international participants on ICS cyber security risks and defense measures for a broad range of ICS verticals.
Studied CISSP in 2014 and is certified as a Lead Auditor for the ISO 27001-2013 standard by the Israeli Institute of Standards.
Daniel has over 30 years of engineering experience with ICS for: electricity, water, oil and gas and power plants as part of his activities at: Tadiran Electronics, Motorola Solutions, Siemens and Waterfall Security.
Reselected as the Chairman for the 6th ICS Cybersec AI&ML 2021 hybrid conference, organized by People and Computers.
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
How to design secure software products for IoT, embedded application, smart metering, smart lighting, medical application with the help of Common Criteria
In the ever-evolving landscape of technology, enterprise software development is undergoing a significant transformation. Traditional coding methods are being challenged by innovative no-code solutions, which promise to streamline and democratize the software development process.
This shift is particularly impactful for enterprises, which require robust, scalable, and efficient software to manage their operations. In this article, we will explore the various facets of enterprise software development with no-code solutions, examining their benefits, challenges, and the future potential they hold.
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Launch Your Streaming Platforms in MinutesRoshan Dwivedi
The claim of launching a streaming platform in minutes might be a bit of an exaggeration, but there are services that can significantly streamline the process. Here's a breakdown:
Pros of Speedy Streaming Platform Launch Services:
No coding required: These services often use drag-and-drop interfaces or pre-built templates, eliminating the need for programming knowledge.
Faster setup: Compared to building from scratch, these platforms can get you up and running much quicker.
All-in-one solutions: Many services offer features like content management systems (CMS), video players, and monetization tools, reducing the need for multiple integrations.
Things to Consider:
Limited customization: These platforms may offer less flexibility in design and functionality compared to custom-built solutions.
Scalability: As your audience grows, you might need to upgrade to a more robust platform or encounter limitations with the "quick launch" option.
Features: Carefully evaluate which features are included and if they meet your specific needs (e.g., live streaming, subscription options).
Examples of Services for Launching Streaming Platforms:
Muvi [muvi com]
Uscreen [usencreen tv]
Alternatives to Consider:
Existing Streaming platforms: Platforms like YouTube or Twitch might be suitable for basic streaming needs, though monetization options might be limited.
Custom Development: While more time-consuming, custom development offers the most control and flexibility for your platform.
Overall, launching a streaming platform in minutes might not be entirely realistic, but these services can significantly speed up the process compared to building from scratch. Carefully consider your needs and budget when choosing the best option for you.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
3. Sponsored by 3
FOREWORD BY EDDIE HABIBI
Regards,
Eddie Habibi
Founder & CEO, PAS Global, LLC
Digitalization and Industrie 4.0 initiatives require tight integration between
the complex, heterogeneous, and highly complex Industrial Control Systems
(ICS) and the enterprise IT. However, the very components that enable
digitalization—sensors, connectivity and smart applications—also increase risk.
Digitalization enhances efficiency, improves safety, and optimizes production,
but it also creates more opportunities for bad actors to penetrate operational
technology (OT) environments and to wreak havoc.
To secure industrial facilities and ensure safe, reliable production, OT and IT
security—traditionally two separate disciplines with different priorities—must
come together to share cybersecurity and risk management best practices.
In this eBook, experts on the front lines of OT cybersecurity risk mitigation
share their strategies for making control systems more secure. The firsthand
experience collected here comes from experts across a diverse range of industries
– including oil and gas, chemicals and refining, and power generation. Their
essays illustrate the importance of understanding similarities and differences
between IT and OT environments. They also share proven experience on
adapting IT security controls and best practices to OT environments.
Apply the valuable insights provided in this guide within your own company to
protect the endpoints that matter most in your company’s industrial facilities—
the proprietary industrial control system (ICS) assets responsible for safe and
reliable production.
Founded in 1993, PAS is a leading
provider of software solutions for ICS
cybersecurity, process safety, and
asset reliability to the energy, process,
and power industries worldwide. PAS
solutions include industrial control
system cybersecurity, automation asset
management, IPL assurance, alarm
management, high performance HMI™,
boundary management, and control
loop performance optimization. PAS
solutions are installed in over 1,380
facilities worldwide in more than 70
countries. PAS was recently named the
#1 Global Provider of Safety Lifecycle
Management by ARC Advisory Group
including #1 rankings within Chemical,
Power Generation, Refining, and Oil &
Gas. For more information, visit
www.pas.com. Connect with PAS on
Twitter @PASGlobal or LinkedIn.
4. Sponsored by 44
In This Section...
Gabriel Agboruche
Strategies for Securing Digital Assets
in Nuclear Power Plants.................................. 26
Brian Foster
In Critical Infrastructure, Safety Comes First... 5
ADVICE FOR CISOs: HOW TO APPROACH
OT CYBERSECURITY
Agustin Valencia
OT Security Requires a Holistic
View of Plant Risk.............................................. 9
James Shank
Robust ICS Security Requires a
Multi-Layered Approach................................. 12
Spencer Wilcox
For Better OT Security, Control and
Monitor Your Environment............................. 23
Scott Saunders
Understanding Your Systems
Is Key to ICS Security....................................... 19
Everardo Trujillo
Security Professionals Need to Win
the Trust of OT Engineers................................ 16
5. 55Sponsored by
Our number one concern
is safety, and any security
in our networks has to be
designed in a way that
is safe. We can’t have
a machine fail and kill
someone.
O
ne of the great challenges in securing OT systems in the power generation and
distribution industry is the age of system components. “The average lifespan of
a typical ICS device is about 30 years,” says Brian Foster, OT/ICS cybersecurity
engineer for Portland General Electric. “And, of course, 30-year-old equipment was not
built with cybersecurity in mind.”
Although some vendors produce new
equipment that is forward-looking when it
comes to cybersecurity, many do not. “A few
are building products on a well-made, secure
PLC platform,” Foster explains. “They’re
good about patching in ways that don’t mess
up your controls. There’s a shift among ICS
product vendors, but it’s definitely not across
the board. I think because of the long lifespan
of the equipment, vendors are not pushed very
hard to come out with newer technology all the
time. It just won’t be adopted very quickly.”
In this environment of critical infrastructure controlled by a large variety of
new and older ICS, Foster believes there are three essential actions the person
responsible for OT security must do:
IN CRITICAL INFRASTRUCTURE, SAFETY COMES FIRST
LinkedIn
BRIAN FOSTER
OT Cybersecurity Engineer
Portland General Electric
Brian Foster is an OT/ICS cybersecurity
engineer. Having come to security from
controls engineering, he possesses a
deep understanding of the industrial
equipment and processes he is securing.
He builds security into OT systems
as a function of safety, and uses
quantitative math-based risk analysis
to provide meaningful measurements to
improvements.
6. Sponsored by 66
IN CRITICAL INFRASTRUCTURE, SAFETY COMES FIRST
Passive tools are unlikely to
affect anything. With active
tools, you run more of a
risk. Whether it’s passive or
active, these tools must be
carefully evaluated before
anything is put into place.
l Take the time to understand your OT space. It’s essential to
know what is in the environment before you can understand
what it needs, but Foster points out that every environment
is different. “It’s never the same from place to place in OT, and
there’s going to be many different varieties of equipment,”
he says. Part of understanding your environment is having a
comprehensive inventory of control system assets as well as
asset configurations and their changes. There are solutions
available to help discover and monitor OT assets, but they are
different than those used in IT environments.
l Recognize that safety trumps all other concerns in an
OT network. This is a fundamental cultural difference
between OT environments and IT security, and it affects
security strategy. For example, the traditional CIA model
(confidentiality, integrity, and availability) is not meaningful
in an OT network. “Our number one concern is safety, and
any security in our networks has to be designed in a way
that is safe. We can’t have a machine fail and kill someone.
That’s just not an acceptable outcome. We approach
everything with that safety mindset,” Foster says.
7. 7
1 2
KEY POINTS
7Sponsored by
IN CRITICAL INFRASTRUCTURE, SAFETY COMES FIRST
In the IT world, it’s common to prevent suspicious
packets from reaching their destination. You can’t do
that in critical infrastructure.
Securing 30 year-old-equipment which was not
built with security in mind is a great challenge in
the power generation and distribution industry.
l You must have visibility into the network. This means being able to see data packets that are moving
around and executing the many controls in an OT system. For critical networks like those in the power
generation and distribution infrastructure, scanning tools are more likely to be passive than active because of
the risk of active tools interfering with a process. “Passive tools are unlikely to affect anything,” says Foster.
“With active tools, you run more of a risk. Could it cause traffic on your network that causes a control signal
to be missed, which is completely unacceptable? Whether it’s passive or active, these tools must be carefully
evaluated before anything is put into place.”
How you respond to suspicious activity is very important. In the IT world, it’s common to prevent suspicious
packets from reaching their destination. But you can’t do that in critical infrastructure. “If I send a command to
open a breaker, that breaker has to open,” Foster notes. “I don’t care if that command is malicious or otherwise,
because someone’s life could be on the line. If we’re saying, ‘Cut the power,’ then regardless of where that
command comes from, we’re cutting the power. But I want to know that command occurred. Where did it come
from? What did the structure look like? Does it look like all the other times we’ve sent out commands to open
the breaker? We have to look at a baseline to determine if this is similar or not. We already opened the breaker
because that’s the safe thing to do, but we can look at it after the fact to see if that was the correct action.”
Download the full e-book: Reducing Industrial Risk:
20 Experts Share Strategies for Managing OT Cybersecurity
Reducing Industrial Risk:
20 Experts Share Strategies for
Managing OT Cybersecurity
Sponsored by
8. 88Sponsored by
Website
LinkedIn
The question most people ask is if process
sensors, actuators, and drives can be remotely
compromised. The answer is yes. We understand
the process risk that comes from compromising
Level 0,1 devices. There are methods for
separating ICS cybersecurity safety risk from
cybersecurity economic risk. This has to be done
at Level 0,1 and doing so gives management the
ability to make better business decisions.
JOE WEISS
Managing Partner
Applied Control Solutions
9. 99Sponsored by
Technology must be
chosen for the OT
environment and
adapted to the plant.
C
ybersecurity has always involved people, processes, and technology, and in a
homogeneous IT environment, people often think first about the technological
aspects of cybersecurity. But in the OT world that is found inside large industrial
plants, “Technology must be chosen for the OT environment and adapted to the
plant,” says Agustin Valencia. That leaves it up
to company processes to fill the cybersecurity
gaps. “Technology cannot be enough. In the case
of OT systems, procedures and awareness can
make the workers our best firewall.”
Much of the challenge comes from the
criticality of industrial processes, combined
with a great diversity of new and old control
systems. “Many new components integrate
with Ethernet communications and with
other things such as firewalls and antivirus
software,” Valencia says. “They can also
connect with the rest of IT software technology. But legacy systems do not provide
this capability.” To monitor and maintain these systems, it’s necessary to extract
information directly from the assets, but without affecting communications.
Some systems can only do this offline, when a process is stopped. But in many OT
environments, processes rarely shut down.
LinkedIn
OT SECURITY REQUIRES A HOLISTIC VIEW OF PLANT RISK
AGUSTIN VALENCIA
OT Cybersecurity Advisor
Iberdrola
Agustin Valencia is an ICS professional
who has held leading engineering,
operations, and maintenance roles in
the thermal and nuclear generation
industry. For the past six years, he has
focused on applying cybersecurity
controls to both new control systems
and legacy systems, from new designs
and projects from the operator and
maintenance engineer’s perspective.
10. Sponsored by 1010
In OT, it’s not a matter of interrupting
the service or losing data. You must
consider the impact of a failure that
causes damage to workers, or to the
environment, or to the community, the
extra cost of stopping production, or the
cost of waste if production systems are
altered, or damage to the plant itself if
systems are changed.
Valencia, whose role at Spanish electricity company Iberdrola
covers nuclear power plants and other sources of power
generation, approaches OT cybersecurity in this way:
l Look at risk holistically. You must first look at all the risks
to the entire business, and in the case of large industrial
plants and critical infrastructure, this is a much broader risk
assessment than is typical in the IT world. “In OT, it’s not a
matter of just interrupting the service or losing data,” says
Valencia. “You must consider the consequences of a failure
that causes damage to workers, to the environment, to the
community, the extra cost of stopping production, the cost
of waste if production systems are altered, or damage to the
plant itself if systems are changed.”
l Classify assets according to risk. Of course you must have
a complete inventory of assets and configuration status in
your OT environment so you know what you must protect.
But it’s necessary to take that a step further, to classify those
assets according to risk. “Once you know the assets and
risk, you can also establish their impact and risk profile,” he
notes. In this way, you are able to prioritize vulnerability-
management strategies and ICS maintenance.
OT SECURITY REQUIRES A HOLISTIC VIEW OF PLANT RISK
11. 11
1 2
KEY POINTS
11Sponsored by
Classify assets according to risk, so you know what
you need to protect and can prioritize vulnerability-
management strategies and ICS maintenance.
OT cybersecurity is not just an IT problem. Everyone
in the plant needs to understand their roles and
responsibilities for OT cybersecurity.
l Develop OT-specific policies, procedures, roles, and responsibilities. It’s important to recognize that OT
cybersecurity is not just an IT problem. There is too much in the OT world that is unique and different from
IT. This means everyone in the plant needs to understand their contribution to OT cybersecurity. “People
must know their responsibilities,” says Valencia. “When a problem arises in a specific environment, everyone
has a duty for detection, information, analysis, isolation, erradication, or restoration. In OT, the cyber part is
complementary to the process part, so the organization must train everyone on their role.”
In the OT world, many cybersecurity practices are unique to the industry and the plant. For instance, one can’t
rush into a plant and install the latest patches if there is an incident or a threat. This can trigger failovers that
stop a system or process, which cannot be allowed to happen in an OT environment. “Everything must be
tested,” Valencia stresses. “And you need that holistic approach. If a threat is coming from somebody who can
touch my legacy system, perhaps I have to deploy physical security. But if my problem comes from the network,
I can implement controls over that piece of hardware to cover that vulnerability in the legacy system.”
OT SECURITY REQUIRES A HOLISTIC VIEW OF PLANT RISK
Download the full e-book: Reducing Industrial Risk:
20 Experts Share Strategies for Managing OT Cybersecurity
Reducing Industrial Risk:
20 Experts Share Strategies for
Managing OT Cybersecurity
Sponsored by
12. 1212Sponsored by
If you have to exchange
information in a
bidirectional way, you
need to carefully evaluate
what data you’re allowed
to transfer in and out.
J
ames Shank is IT and Cybersecurity Program Manager at PSEG, where he
manages the ICS security program for a three-unit nuclear facility that must
adhere to the regulatory requirements of the Nuclear Regulatory Commission.
He feels that robust ICS security requires a multi-pronged approach incorporating
strategies such as network monitoring, control of
portable and mobile devices, and several layers
of defenses. When considering high-level ICS
security priorities, he recommends that chief
information security officers (CISOs) take these
steps to secure the plant OT/ICS environment
against cyber attacks:
l Examine your ICS environment’s
network connectivity with the
outside world. “If you have to exchange
information in a bidirectional way, you
need to carefully evaluate what data
you’re allowed to transfer in and out,” Shank says. This needs to include a detailed
understanding of all ICS device configurations in the environment and their
communications capabilities. Shank also recommends conducting a detailed
security analysis of the devices that are controlling data transfers, assessing their
ports and what types of communication you are allowing to flow through your
environment. “If I was going to allow any kind of communication back into the ICS
network, I’d also make sure I had real-time monitoring in place,” he adds.
ROBUST ICS SECURITY REQUIRES A MULTI-LAYERED APPROACH
LinkedIn
JAMES SHANK
IT and Cyber Security
Program Manager
PSEG
James Shank has over 20 years of
experience in design, development,
operations, and maintenance of
technology systems and solutions.
An expert in contract administration,
electromagnetic and radio frequency
interference, and personnel
management, he oversees a $3.5
million budget and approximately 30
IT professionals. He earned a BS in
Electrical and Electronics Engineering
from Penn State University and an MBA
from Drexel University.
13. Sponsored by 1313
A program that has
multiple layers of defense
with strong monitoring
will give you a better
chance of detecting
suspicious activity in your
environment.
“That way, I would know exactly what data was coming into
that environment.” Inbound commands or data must be
carefully scrutinized.
l Control all of the portable media and mobile devices
that come into and out of your ICS environment. High-
profile ICS-related exploits such as Stuxnet and BlackEnergy
have had an element of portable media or mobile devices
associated with them. To guard against similar attacks,
Shank advises implementing a robust personal media
device (PMD) program that allows only carefully controlled,
authorized devices to connect to the network. “For example,
you can secure portable media with passwords so that only
someone with the password can actually use the device,” he
says. You can also use application and device whitelisting
software to limit what employees can install on or plug
into their laptops and mobile devices. This technology is
especially crucial in ICS environments, whose legacy assets
rarely have the native capability to reject devices that
employees may attach to them.
ROBUST ICS SECURITY REQUIRES A MULTI-LAYERED APPROACH
14. 14
1 2
KEY POINTS
14Sponsored by
A single layer of defense can easily be defeated, but a
multilayered system is much harder to compromise
without being detected.
To defend your ICS environment against an attack,
analyze and assess network communications
touching the outside world—particularly inbound
transmissions.
l Integrate multiple layers of defense with threat intelligence. It’s easy for skilled hackers or insider threats
to compromise a single layer of defense. For this reason, it’s best to use a multilayered strategy. “A program
that has multiple layers of defense with strong monitoring will give you a better chance of detecting suspicious
activity in your environment,” Shank says. Seek up-to-date intelligence on emerging threats as well as relevant
vulnerabilities so that you can continually optimize your defenses against a potential attack.
Maintaining a strong ICS security posture is challenging, but you can go a long way toward succeeding by
keeping a close eye on connectivity with the outside world, controlling devices that enter and exit your
environment, and adopting a multi-layered defense strategy. If you take these steps and also make an ongoing
commitment to keeping your knowledge, skills, and tools up to date, you can better protect your plant against
both current and future cybersecurity threats.
ROBUST ICS SECURITY REQUIRES A MULTI-LAYERED APPROACH
Download the full e-book: Reducing Industrial Risk:
20 Experts Share Strategies for Managing OT Cybersecurity
Reducing Industrial Risk:
20 Experts Share Strategies for
Managing OT Cybersecurity
Sponsored by
15. 1515Sponsored by
The majority of ICS reliant operations have
troublesome gaps in knowledge of their assets
and an incomplete understanding of expected
communications. These deficiencies are exacerbated
by disjointed tools and limited points to achieve
network visibility. Native tools can be leveraged
to provide a partial view, but they can’t compete
with smart coverage and a well-designed capability
to identify new assets, first heard communication
sessions, and looking deeply into communications
between systems.
LinkedIn
MIKE ASSANTE
Director of Critical
Infrastructure & ICS
SANS
16. 1616Sponsored by
Twitter I LinkedIn
Typically, IT and OT folks
are not aligned, because
they come from different
environments.
U
nlike typical OT security managers who often have control engineering
backgrounds, Everardo Trujillo began his career in IT systems and worked as an
IT security architect. This has given him an edge in considering cyber risks and
vulnerabilities in the OT environment.
For example, some electrical power grids
have controls that rely on measuring time to
perform their functions, such as the system
that detects a broken or failing power-
transmission line. If a storm causes a power
line to break, controls are able to shut off
power to that line before it hits the ground.
From an OT operator’s perspective, this is
an important and necessary safety function.
“There are controls that rely on position
timing, syncrophasors that depend on time
measurements to the nanosecond. A common
practice is to use GPS clocks,” Trujillo says. But drawing on his IT background, he
points out a potential vulnerability here. “GPS clocks can be spoofed. They can
suffer an attack called time drifting, which is a very slow attack,” he says. That kind
of incident can seriously impact the function of time-sensitive controls causing
them to fail.
SECURITY PROFESSIONALS NEED TO WIN THE TRUST OF
OT ENGINEERS
EVERARDO
TRUJILLO
Manager, Cybersecurity
Operations
Sempra Energy Utilities
Everardo Trujillo has over 20 years
of experience and expertise in threat
intelligence, vulnerability management,
application security, security
engineering and architecture, security
assessments and security operations,
and developing and executing
cybersecurity strategy. He also serves as
a mentor for high school students who
participate in CyberPatriot, educating
the next generation of cybersecurity
professionals.
17. Sponsored by 1717
We install a monitoring tool so we
can see things from a cybersecurity
perspective. Suddenly OT engineers
have the ability to see a change in their
network that they didn’t expect. They
say, ‘That shouldn’t happen.’ Now they
are informed of these events and are
able to take action.
In this case, security architects worked with OT engineers and a
national lab to build a time-resilient system to protect against
this kind of attack. This is a good example of the importance of IT
working closely with OT to identify and remediate vulnerabilities.
To build an OT cybersecurity practice, Trujillo says there are
several things an organization must do:
l Security people need to gain the trust of OT engineers.
“Typically, IT and OT folks are not aligned, because they
come from different environments,” says Trujillo. “I
wouldn’t let my software developer from IT go into the OT
environment and change things, because he/she wouldn’t
understand that environment. And the OT engineers focus
to make things safe, but they’re not aware of some of the
cyber threats out there.” Trujillo says that OT cybersecurity
initiatives often start in IT because IT has more experience
dealing with cyber threats. To be successful, the first thing
security professionals must do is sit down with OT engineers/
personnel and learn from them. Gaining that trust is
essential. “Now that we have the support of the OT folks, we
come up with ideas for improved security, and they provide
us with devices to test. They helped us build our lab. We
have people from OT come over and learn about what we’re
doing, and it becomes a collaborative effort where they
come in and share great ideas.”
SECURITY PROFESSIONALS NEED TO WIN THE TRUST OF
OT ENGINEERS
18. 18
1 2
KEY POINTS
18Sponsored by
To be successful, the first thing security people
need to do is sit down with OT engineers and learn
from them. Gaining that trust is essential.
Tools that provide visibility into the OT network help
security gain a clearer idea of what they must protect,
but they help OT engineers as well, and this will help
win their trust.
l Get a clear understanding of the assets in the environment. This not only helps security professionals
gain a clearer idea of what they must protect, but it helps OT engineers too, and it can help win their trust.
There are solutions specifically designed for OT environments that identify assets and collect asset data. These
solutions can provide a level of visibility the OT engineers have never had before. “We install a monitoring tool
so we can see things from a cybersecurity perspective,” Trujillo explains. “Suddenly OT engineers have the
ability to see a change in their network that they didn’t expect. They say, ‘That shouldn’t happen.’ Now they
are informed of these events and are able to take action.”
l Manage your control system vendors. Vendors know the inner workings of their ICS, and OT engineers
depend on that knowledge. Vendors come into the plant to do the installation and configuration, or they
subcontract that to a third party. “That’s something we brought up to the OT folks. How does this company vet
the contractors they’re hiring? Do they have background checks?” Also, it is difficult to hold ICS vendors to a
security standard, in part because they don’t want to be contractually liable for cyber attacks. “We developed
a checklist of controls and protocols so we know if they are able to implement those things. We’ve also spun
up an R&D team specifically for industrial control systems, and we’ve come up with technologies to help
secure these systems,” notes Trujillo.
SECURITY PROFESSIONALS NEED TO WIN THE TRUST OF
OT ENGINEERS
Download the full e-book: Reducing Industrial Risk:
20 Experts Share Strategies for Managing OT Cybersecurity
Reducing Industrial Risk:
20 Experts Share Strategies for
Managing OT Cybersecurity
Sponsored by
19. 1919Sponsored by
I want to know what
I have and I want to
know what it’s doing.
H
aving served as cyber security consultant at Exelon for the past three years,
Scott Saunders is dedicated to improving security-event monitoring in the
OT world across the six Exelon utilities by creating a brand-new, centralized,
industrial control system security operations center. When considering high-level ICS
security priorities, Scott recommends that professionals keep these tips in mind:
l Learn about the plant and its systems.
Depending on your plant and its function,
your devices might have varying degrees
of capability. You’ll want to gain a clear,
precise understanding of what everything
does. “That’s always been a huge focus
of mine from the very beginning. I want
to know what I have and I want to know
what it’s doing,” Saunders says. Once
you’ve done that, then you should
look at how you can layer your security
controls, determining how they ought to be designed. “You can look at things like
segmentation, access controls, network monitoring... all of that goes into what
controls might be available to you, as well as how you manage your baseline
configurations,” he explains.
UNDERSTANDING YOUR SYSTEMS IS KEY TO ICS SECURITY
SCOTT SAUNDERS
Cyber Security Consultant
Company
Scott Saunders has more than 20 years
of information-security experience,
having worked for the Sacramento
Municipal Utility District and the
federal Medicaid program for the state
of California. Saunders is a Certified
Information Security Manager (CISM)
and a Certified Information Security
Systems Professional (CISSP). He
holds a BS in Information Technology-
Security and an MS in Information
Security Assurance, both from Western
Governors University.
LinkedIn
20. Sponsored by 2020
How do people remotely
access that device?
I guarantee you
somebody is accessing it.
l Consider how your plant’s devices are being accessed.
When you’re assessing devices and understanding their
function, it’s important to evaluate their access controls.
“How do people remotely access that device? I guarantee
you somebody is accessing it,” Saunders elaborates. “In a
lot of cases, plants are automated to the point where you
don’t even have operators there anymore. Instead, you have
centralized operation taking place. How is remote access
being done? Is there vendor management?” Your team will
want to develop a complete picture of precisely how these
devices are being accessed and by whom.
l Take special care to assess indicators from your legacy
devices. Although many plants are automated, there
may still be older substations within them that are not
automated. It’s important to monitor those systems, even
if that involves using electro-mechanical feedback from
indicators that are focused on physical security rather than
cybersecurity. It’s a good idea to tell the operator to be on
the lookout for certain alarms going off that might indicate
that something abnormal is happening on site. That could
point to a physical security threat that may be important
to respond to from an ICS security perspective.
UNDERSTANDING YOUR SYSTEMS IS KEY TO ICS SECURITY
21. 21
1 2
KEY POINTS
21Sponsored by
Security professionals must first acquire a clear
understanding of what they have and what it does
before designing security controls to match.
It’s important for plants to preserve institutional
knowledge of the OT environment proactively before
experienced professionals retire.
Saunders also advises plants to think proactively about preserving institutional knowledge. They often
use older devices and technologies, for example, such as serial to IP conversion, as well as newer protocol
conversion methods like SEL-3620. “People in the plant know what they have, but they may not have written
it down,” he explains. “We need to capture that institutional knowledge. If we don’t start doing that, that’s a
risk in our sector because of the age of our workforce.” Accordingly, he recommends that security professionals
make sure their understanding of the plant and its systems includes this important knowledge that, if lost,
could pose a future risk to the organization.
UNDERSTANDING YOUR SYSTEMS IS KEY TO ICS SECURITY
Download the full e-book: Reducing Industrial Risk:
20 Experts Share Strategies for Managing OT Cybersecurity
Reducing Industrial Risk:
20 Experts Share Strategies for
Managing OT Cybersecurity
Sponsored by
22. 2222Sponsored by
We are now seeing adversaries deliberately and
purposefully attacking safety instrumented
systems. This shows a willingness on the part of
an adversary to attack a system that is
not actually responsible for production, but
rather one that is responsible for keeping a
process safe. Defenders need to recognize that
adversaries have shown a willingness to attack
systems that if compromised, can lead to the
loss of human life.
Twitter
LinkedIn
DAVID BATZ
Senior Director,
Cyber & Infrastructure
Security
Edison Electric Institute
23. 2323Sponsored by
Once you’ve got a
baseline, it’s really
easy to detect if an
asset suddenly throws
an error or is doing
something that it
doesn’t normally do.
S
pencer Wilcox is an experienced ICS security leader who provides strategic
direction to teams responsible for protecting the grid. He believes that
controlling and monitoring network flows is key to improving ICS security. Wilcox
suggests three measures chief information security officers (CISOs) can take to make
the plant’s OT/ICS environment more secure from
cyber attacks:
l Instead of relying on a device-based
strategy, aim for absolute control of
your network flows. “This means not
just TCP/IP communications but also
protocols like DNP3 and Modbus that
may not be visible to your traditional
networking gear,” he says. Wilcox advises
against using VPN tunnels, recommending
that users be channeled through a
jump server to take their actions on
the network. “Having good logging and
monitoring of remote access activities through a jump server is very important,”
he adds. “That way, you can get attribution on who is taking those actions or
where that outbound communication is happening or where that inbound
communication is originating from.”
FOR BETTER OT SECURITY, CONTROL AND MONITOR YOUR
ENVIRONMENT
LinkedIn
SPENCER WILCOX
Director of Operational
Technology Cyber Security
Exelon
Spencer Wilcox is a recognized
speaker, and a regular contributor at
cybersecurity events. He has judged
industry awards and volunteered
on the boards of directors for the
Cybersecurity Association of Maryland
and the Fort Meade Alliance. His
specialties include strategic vision,
cybersecurity leadership, and
cybersecurity risk management. He
holds a BS in Information Security from
Pierce College and ISMA certification
from Georgetown and Northwestern
universities.
24. Sponsored by 2424
Changes to the ladder
logic result in changes
to the way the device is
operating.
l Limit remote access as much as you possibly can. It’s
important to limit remote access to the instances and
cases in which it is absolutely necessary. In doing so, you
will reduce the potential attack surface that a malicious
actor could exploit. Although it would be ideal to eliminate
remote access altogether, that may not always be realistic.
“Every one of your vendors is going to want to have
remote access to be able to support their products,” Wilcox
acknowledges, but it’s still best to keep a tight leash on the
connections you permit into your ICS environment.
l Identify security threats moving within and outside
your networks. “It’s critically important that you identify
security threats moving in and out of your network as well
as laterally within your network” Wilcox says. Security
professionals can monitor devices to see if they’re operating
as expected. “Once you’ve got a baseline, it’s really easy
to detect if an asset suddenly throws an error or is doing
something that it doesn’t normally do,” he says. In the near
future, Wilcox envisions leveraging big data to understand
what normal operations look like, accelerating the process
of identifying anomalous events in the ICS environment.
FOR BETTER OT SECURITY, CONTROL AND MONITOR YOUR
ENVIRONMENT
25. 25
1 2
KEY POINTS
25Sponsored by
It’s important not just to have a comprehensive
understanding of the types of communication
transpiring on your ICS network but detailed
monitoring in place as well.
Establishing a baseline for what normal behavior looks
like will allow you to identify anomalous events in the
ICS environment more easily.
Aside from these three key points, Wilcox recommends that security professionals also pay attention to the
ladder logic that is programmed into their ICS assets. “Changes to the ladder logic result in changes to the way
the device is operating,” he says. “So if you were to change ladder logic, you could remove a safety condition.”
With that in mind, it’s important to detect when there’s a change on the ladder logic within a device as well
as when there’s a change in its firmware. This is not so difficult to accomplish in a small environment, but it
becomes more challenging as you scale up. Regardless, you will want to keep this aspect of ICS security on your
radar so that you can better protect your infrastructure as it evolves and changes.
FOR BETTER OT SECURITY, CONTROL AND MONITOR YOUR
ENVIRONMENT
Download the full e-book: Reducing Industrial Risk:
20 Experts Share Strategies for Managing OT Cybersecurity
Reducing Industrial Risk:
20 Experts Share Strategies for
Managing OT Cybersecurity
Sponsored by
26. 2626Sponsored by
U
nlike some OT environments, nuclear power plants are heavily regulated.
Nuclear Regulatory Commission (NRC) inspections, which include an evaluation
of cybersecurity, typically occur every two years during scheduled outages for
plant refueling. This is also when other plant maintenance occurs, such as updating
and re-engineering control systems.
But even in this tightly controlled
environment there can be devices that
introduce vulnerabilities. “When systems are
out there in the plant, they often stay there
until they fail. One thing we evaluate is the
health of those particular assets,” says Gabriel
Agboruche, who has spent much of his career
as a cybersecurity engineer and specialist.
The OT environment in a nuclear power plant is made up of layers of criticality, each
one separated from the others by an air gap. One of the challenges in securing these
systems while using modern ICS components is preserving those air gaps. Agboruche
follows these practices in securing the plant’s OT systems:
l Have a correct, accurate account of all digital assets within your plant.
This includes knowing what you have, understanding how and what those
devices control, and working with IT people to understand the data inside those
control systems. This is important for safe and secure operation of the plant, and
it also helps with NRC inspections.
STRATEGIES FOR SECURING DIGITAL ASSETS IN NUCLEAR POWER
PLANTS
LinkedIn
GABRIEL
AGBORUCHE
Cybersecurity Specialist
Westinghouse Electric
Gabriel Agboruche is a cybersecurity
specialist in the field of nuclear energy
who is always looking for a challenge.
As an engineer, he enjoys developing
simple, easy-to-understand solutions to
today’s complex problems. As a person,
integrity, character development, and
commitment are the driving factors that
heavily influence all aspects of his life.
Having rogue devices in
your OT environment
that you don’t have
control over is a big
problem.
27. Sponsored by 2727
As soon as we learn of any
vulnerabilities or any possible
threats that might be coming
from anywhere, we have to
evaluate our systems to make
sure the plant is not vulnerable
to those things.
“Having rogue devices in your OT environment that you
don’t have control over is a big problem,” Agboruche notes.
l Assess critical vulnerabilities immediately. “As soon
as we learn of any vulnerabilities or any possible threats
that might be coming from anywhere, we have to evaluate
our systems to make sure the plant is not at risk,” says
Agboruche. These might be alerts from control system
vendors, or information about a new kind of ICS attack such
as Stuxnet. “We don’t just hear about things and say we’re
OK. We need to be able to evaluate our systems to make
sure that we’re not vulnerable to the same type of attack
with the same issues,” he comments.
l Carefully evaluate every piece of equipment that goes into
the plant. This is a continuous process that not only involves
looking at new equipment, but it also means evaluating
existing systems and comparing those to similar systems
in other plants. Agboruche notes that an important part of
nuclear power plant cybersecurity is sharing information
with other plants. “Sometimes we’ll hear from another plant
that may have a more mature cybersecurity program. We’ll
evaluate our systems compared to theirs. We’ll do our own
evaluation too on the back end, so we have a thorough look
at the different vulnerabilities,” he says.
STRATEGIES FOR SECURING DIGITAL ASSETS IN NUCLEAR POWER
PLANTS
28. 28
1 2
KEY POINTS
28Sponsored by
People often don’t recognize there are risks when
you open up your network to certain types of
technologies or even vendors.
Know what you have, all the current configurations of
those devices, understand what those devices control,
and understand how the data is actually working
inside those ICS systems.
Agboruche points out that there is no way to completely eliminate cyber risk, but people often don’t recognize
there are risks when you open up your network to certain types of technologies or even vendors. He cites as an
example one type of handheld communicator used to wirelessly configure different devices within the plant.
It sends and receives proprietary communication protocols. The newest versions of that device now have
Bluetooth capabilities. “There’s a new vector of interest for somebody who might have malicious intent. Are
we comfortable with this? There needs to be an evaluation. If we’re comfortable with it, what are we doing to
protect against it?”
Agboruche believes that inside an OT operation, data itself is ultimately the most critical asset, but not because
of the intrinsic value of the data. “Data is your primary asset because that is what is interacting with the
physical world,” he says.
STRATEGIES FOR SECURING DIGITAL ASSETS IN NUCLEAR POWER
PLANTS
Download the full e-book: Reducing Industrial Risk:
20 Experts Share Strategies for Managing OT Cybersecurity
Reducing Industrial Risk:
20 Experts Share Strategies for
Managing OT Cybersecurity
Sponsored by
29. 2929Sponsored by
LinkedIn
It all comes down to this: Cybersecurity has to be part
of your operations lifecycle. And in order to do that,
you have to make everyone, everywhere, responsible
for cybersecurity. We say this again and again, but
it’s true: Cybersecurity isn’t a destination; it’s a
journey. Security can never be viewed as a one-off
project. Attacks on industrial control systems in the
era of the IIoT are escalating, and they extend across
industries, geographies and broader society. The risk
for catastrophe is too great to ignore. New threats,
attack techniques, and technologies are continually
advancing. That means your people and your security
protocols must always be advancing too.
GARY WILLIAMS
Sr. Director, Cybersecurity
Service Offer Leader
Schneider Electric