In this presentation, FireEye's Allison Wong discusses the fundamentals of industrial cybersecurity and the evolving threat environment, while offering practical advice to protect industrial control systems, endpoints and networks.
The Subversive Six: Hidden Risk Points in ICSTripwire
n the past, Industrial Control Systems (ICS) were separate from other business technologies, operating as on-premise systems. However, as ICS becomes more dependent on IT infrastructures and devices for command and control functions, new unforeseen risks are being discovered.
Industrial cyber security experts from Tripwire, FireEye and Tofino/Belden examine the six key weaknesses attackers use to compromise critical infrastructure and industrial controls operation. You will get real-life threat breakdowns and mitigation options available to proactive security teams.
Key Takeaways:
· Learn how to protect legacy ICS systems not designed with security in mind
· Understand the risks associated with an interconnected OT environment
· Discover available remediation options to your system's vulnerabilities
MobileIron shares the benefits of using Tripwire's File Integrity Monitoring solution in their environment, and the "Golden Rules" for building an effective enterprise information security program.
The answer is no for about 90% of the cyber assets due to the very minimal risk reduction achieved. Spend your effort elsewhere. Presentation goes over categories of security patching in ICS and recommends prioritized security patching.
IIoT Endpoint Security – The Model in Practiceteam-WIBU
What is your first line of defense against cyberattacks? Secure endpoints! Endpoints are everywhere in the IIoT landscape. Without proper security, Industrial Internet of Things (IIoT) systems are not trustworthy, putting organizations, their missions and the greater public at increased risk. The viability of the IIoT depends on proper implementation of security to counter the growing and ever changing threats that are emerging.
Addressing this challenge is critical to the success of the Industrial IoT, Industrie 4.0 and the Industrial Internet revolution. To that end, Industrial Internet Consortium members have developed a common security framework and an approach to assess cybersecurity in Industrial Internet of Things systems: The Industrial Internet Security Framework (IISF).
Watch the webinar: https://youtu.be/t0GC4Fp-NXQ
Kevin Wheeler, Founder and Managing Director, InfoDefense
Securing Industrial Control Systems
Our nation’s critical infrastructure is controlled by SCADA and other industrial control technologies. Water utilities, petroleum refineries, oil pipelines, food processors, manufacturers and power companies all use SCADA systems to control and monitor operations. The vast majority of these industrial control systems have been in place for decades with few, if any, enhancements to effectively protect against today’s advanced threats. As a result, industrial control system vulnerabilities are currently a major concern.
Legacy SCADA systems can be secured using many of the same best practices that are used to protect the enterprise. This presentation provides an overview of SCADA threats as well as practical solutions for protecting industrial control systems.
The Subversive Six: Hidden Risk Points in ICSTripwire
n the past, Industrial Control Systems (ICS) were separate from other business technologies, operating as on-premise systems. However, as ICS becomes more dependent on IT infrastructures and devices for command and control functions, new unforeseen risks are being discovered.
Industrial cyber security experts from Tripwire, FireEye and Tofino/Belden examine the six key weaknesses attackers use to compromise critical infrastructure and industrial controls operation. You will get real-life threat breakdowns and mitigation options available to proactive security teams.
Key Takeaways:
· Learn how to protect legacy ICS systems not designed with security in mind
· Understand the risks associated with an interconnected OT environment
· Discover available remediation options to your system's vulnerabilities
MobileIron shares the benefits of using Tripwire's File Integrity Monitoring solution in their environment, and the "Golden Rules" for building an effective enterprise information security program.
The answer is no for about 90% of the cyber assets due to the very minimal risk reduction achieved. Spend your effort elsewhere. Presentation goes over categories of security patching in ICS and recommends prioritized security patching.
IIoT Endpoint Security – The Model in Practiceteam-WIBU
What is your first line of defense against cyberattacks? Secure endpoints! Endpoints are everywhere in the IIoT landscape. Without proper security, Industrial Internet of Things (IIoT) systems are not trustworthy, putting organizations, their missions and the greater public at increased risk. The viability of the IIoT depends on proper implementation of security to counter the growing and ever changing threats that are emerging.
Addressing this challenge is critical to the success of the Industrial IoT, Industrie 4.0 and the Industrial Internet revolution. To that end, Industrial Internet Consortium members have developed a common security framework and an approach to assess cybersecurity in Industrial Internet of Things systems: The Industrial Internet Security Framework (IISF).
Watch the webinar: https://youtu.be/t0GC4Fp-NXQ
Kevin Wheeler, Founder and Managing Director, InfoDefense
Securing Industrial Control Systems
Our nation’s critical infrastructure is controlled by SCADA and other industrial control technologies. Water utilities, petroleum refineries, oil pipelines, food processors, manufacturers and power companies all use SCADA systems to control and monitor operations. The vast majority of these industrial control systems have been in place for decades with few, if any, enhancements to effectively protect against today’s advanced threats. As a result, industrial control system vulnerabilities are currently a major concern.
Legacy SCADA systems can be secured using many of the same best practices that are used to protect the enterprise. This presentation provides an overview of SCADA threats as well as practical solutions for protecting industrial control systems.
IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.
This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
The Industrial Internet is an internet of - things, machines, computers and people, enabling intelligent industrial operations using advanced data analytics for transformational business outcomes.
Industrial domain is expected to be largest consumer of IoT devices and systems in terms of value
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
This presentation will review lessons learned from a deployment of behavior-based intrusion detection system (IDS) on a SCADA network that was part of a large-scale energy management system. The IDS architecture, sensor features, and sensor placement within the target SCADA environment proved to be key for successful detection of malicious activity. Challenges included simultaneous monitoring of multiple SCADA protocols (DNP3 and ICCP) across multiple network segments; monitoring of both encrypted and unencrypted network traffic; adapting to slow environment changes to minimize false positive output; and integration of the behavior-based IDS output into an existing monitoring system/SIEM
With 73% of all cyber attacks happening on web applications* last year, there’s little doubt application layers and web-related attacks pose a significant risk to most organizations. However typical investment to protect common attack targets (content management systems and ecommerce platforms) don’t correspond.
This webinar examines the growth of applications in enterprise architecture and the risks associated with agile development, plus expert advice and real world examples on how to scope and build an successful application security program that will maximize coverage and optimize your limited resource
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
We are all aware of the current risks when developing a connected product, especially with vehicles since much is at stake both from an information and safety perspective. In this workshop, we will learn how to build Security requirements, architect, design, test and produce Safety and Security critical components using a methodology that works in harmony both with Engineering and Security
Integrating the Alphabet Soup of StandardsJim Gilsinn
Presented @ 2014 ICS Cyber Security Conference
October 21, 2014
It’s been over a year since the NIST Cybersecurity Framework and ISA-62443-3-3 were published, ISA-62443-2-1 has been out for almost 5 years, and ISO/IEC 27001 & 27002 have been out for nearly a decade. NIST has already started their process for revisions, ISA is actively working to overhaul 62443-2-1, and ISO/IEC just published a major revision to their standard. In addition to these cross-domain standards, there are a multitude of local and sector-specific standards as well. As a consultant, we are often asked to use one of these as a baseline to help our customers generate an ICS cyber security program. This presentation will discuss some of the strengths and weaknesses of these different standards and the effort to integrate them into a realistic set of ICS cyber security program requirements.
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
In this presentation with Chris Poulin, you'll gain the insight you need to stay ahead of the threats and to be prepared to respond before, during and after an attempted breach. Chris Poulin is Industry Security Systems Strategist and former CISO for Q1 Labs.
CONTENT:
• What is Security Intelligence?
• Why do we need Security Intelligence?
• What are the benefits of Security Intelligence in the enterprise?
ICS (Industrial Control System) Cybersecurity TrainingTonex
ICS Cybersecurity training is intended for security professionals and control system designs in order to give them propelled cybersecurity aptitudes and learning in order to ensure the Industrial Control System (ICS) and keep their mechanical task condition secure against digital dangers.
Audience:
Control engineers, integrators and architects
System administrators, engineers
Information Technology (IT) professionals
Security Consultants
Managers who are responsible for ICS
Researchers and analysts working on ICS security
Vendors, Executives and managers
Information technology professionals, security engineers, security analysts, policy analysts
Investors and contractors
Technicians, operators, and maintenance personnel
Price: $3,999.00 Length: 4 Days
Training Objectives:
Understand fundamentals of Industrial Control Systems (ICS)
Recognize the security architecture for ICS
Identify different kinds of vulnerabilities in ICS network, remote devices, software, or control servers
Learn about active defense and incident response for ICS
Learn the essentials for NERC Critical Infrastructure Protection (CIP)
Understand policies and procedures for NERC critical infrastructure protection (CIP)
List strategies for NERC CIP version 5/6
Apply risk management techniques to ICS
Describe ICS Active Defense and Incident Response
Describe techniques for defending against the new ICS threat matrix
Assess and audit risks for ICS
Apply IEC standard to network and system security of ICS
Implement the ICS security program step by step
Protect the ICS network from vulnerabilities
Understand different types of servers in ICS and protect them against attacks
Apply security standards to SCADA systems based on NIST SP 800-82
Detect different types of attacks to SCADA systems
Tackle all the security challenges related to ICS cybersecurity
Training Outline:
ICS Cybersecurity training course consists of the following lessons, which can be revised and tailored to the client’s need:
Fundamentals of Industrial Control Systems (ICS)
ICS Security Architecture
Common ICS Vulnerabilities
ICS Threat Intelligence
NERC Critical Infrastructure Protection (CIP)
Risk Management and Risk Assessment
ICS Auditing and Assessment
IEC 62443: Network and System Security for ICS
Implementation of ICS Security Program Development
ICS Incident Response
Network Protection for ICS
ICS Server Protection
SCADA Security Policies and Standards
Detection of Cyber Attacks on SCADA Systems
Our instructors at Tonex will assist you with mastering every one of the ICS Cybersecurity plan strategies by presenting the hazard administration framework, chance evaluation methods, episode reaction, constant monitoring, SCADA security change, and network security approaches for ICS.
ICS Cyber security Training
https://www.tonex.com/training-courses/ics-cybersecurity-training/
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
The energy and utilities industry needs to take extraordinary steps to protect its critical infrastructure. Gone are the days where treating physical security, process control security, and cybersecurity as separate functional areas can suffice. As the threats to our nation’s electric utility enterprises continue to rise, we must use all available information resources and security tools in highly integrated total security systems. As described in this presentation, recognizing and capitalizing upon the broad commonality of security domains across all the three security functional areas can open many more possibilities to enhance an enterprise’s defenses. Based upon this unique systems concept, already proven effective for cybersecurity, a methodology for an integrated total security defense is described that begins with threat and vulnerability intelligence-driven security processes. By extending this methodology to all three security functional areas, organizations can better organize and utilize all their security resources and processes, including threat and vulnerability information, pre-emptive defense strategies, real and near-real time situation awareness capabilities, and incident response/ recovery actions; regardless of whether they are part of the physical, process control, or cybersecurity functional areas. In addition to methods and tools for highly efficient collection and analysis of “all source” threat and vulnerability information, also described are systems approaches for fusing and correlating the high volume and wide variety of available security relevant information. These can assist the security professionals to quickly analyze and initiate actions as needed across each of the physical, control process, and cyber security areas.
Cyber & Process Attack Scenarios for ICSJim Gilsinn
Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014
This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016
The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
Top 10 tips for effective SOC/NOC collaboration or integration. In 5 years the security operation center and IT operation center will integrate and bring more context to security events and help to search, store, and analyze machine data for operational intelligence
Excellence in the Essentials: It's Not Whether You Implement Foundational Con...Tripwire
Tripwire's Maurice Uenuma argues there's a difference between doing the basics and doing them well. Learn how Tripwire solutions can help you achieve operational excellence in the essentials.
3 Success Stories on the Tripwire Enterprise JourneyTripwire
Chris Campbell from KeyBank shares various success stories of how Tripwire Enterprise met the needs of three organizations with different implementations, viewpoints and business drivers.
IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.
This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
The Industrial Internet is an internet of - things, machines, computers and people, enabling intelligent industrial operations using advanced data analytics for transformational business outcomes.
Industrial domain is expected to be largest consumer of IoT devices and systems in terms of value
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
This presentation will review lessons learned from a deployment of behavior-based intrusion detection system (IDS) on a SCADA network that was part of a large-scale energy management system. The IDS architecture, sensor features, and sensor placement within the target SCADA environment proved to be key for successful detection of malicious activity. Challenges included simultaneous monitoring of multiple SCADA protocols (DNP3 and ICCP) across multiple network segments; monitoring of both encrypted and unencrypted network traffic; adapting to slow environment changes to minimize false positive output; and integration of the behavior-based IDS output into an existing monitoring system/SIEM
With 73% of all cyber attacks happening on web applications* last year, there’s little doubt application layers and web-related attacks pose a significant risk to most organizations. However typical investment to protect common attack targets (content management systems and ecommerce platforms) don’t correspond.
This webinar examines the growth of applications in enterprise architecture and the risks associated with agile development, plus expert advice and real world examples on how to scope and build an successful application security program that will maximize coverage and optimize your limited resource
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
We are all aware of the current risks when developing a connected product, especially with vehicles since much is at stake both from an information and safety perspective. In this workshop, we will learn how to build Security requirements, architect, design, test and produce Safety and Security critical components using a methodology that works in harmony both with Engineering and Security
Integrating the Alphabet Soup of StandardsJim Gilsinn
Presented @ 2014 ICS Cyber Security Conference
October 21, 2014
It’s been over a year since the NIST Cybersecurity Framework and ISA-62443-3-3 were published, ISA-62443-2-1 has been out for almost 5 years, and ISO/IEC 27001 & 27002 have been out for nearly a decade. NIST has already started their process for revisions, ISA is actively working to overhaul 62443-2-1, and ISO/IEC just published a major revision to their standard. In addition to these cross-domain standards, there are a multitude of local and sector-specific standards as well. As a consultant, we are often asked to use one of these as a baseline to help our customers generate an ICS cyber security program. This presentation will discuss some of the strengths and weaknesses of these different standards and the effort to integrate them into a realistic set of ICS cyber security program requirements.
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
In this presentation with Chris Poulin, you'll gain the insight you need to stay ahead of the threats and to be prepared to respond before, during and after an attempted breach. Chris Poulin is Industry Security Systems Strategist and former CISO for Q1 Labs.
CONTENT:
• What is Security Intelligence?
• Why do we need Security Intelligence?
• What are the benefits of Security Intelligence in the enterprise?
ICS (Industrial Control System) Cybersecurity TrainingTonex
ICS Cybersecurity training is intended for security professionals and control system designs in order to give them propelled cybersecurity aptitudes and learning in order to ensure the Industrial Control System (ICS) and keep their mechanical task condition secure against digital dangers.
Audience:
Control engineers, integrators and architects
System administrators, engineers
Information Technology (IT) professionals
Security Consultants
Managers who are responsible for ICS
Researchers and analysts working on ICS security
Vendors, Executives and managers
Information technology professionals, security engineers, security analysts, policy analysts
Investors and contractors
Technicians, operators, and maintenance personnel
Price: $3,999.00 Length: 4 Days
Training Objectives:
Understand fundamentals of Industrial Control Systems (ICS)
Recognize the security architecture for ICS
Identify different kinds of vulnerabilities in ICS network, remote devices, software, or control servers
Learn about active defense and incident response for ICS
Learn the essentials for NERC Critical Infrastructure Protection (CIP)
Understand policies and procedures for NERC critical infrastructure protection (CIP)
List strategies for NERC CIP version 5/6
Apply risk management techniques to ICS
Describe ICS Active Defense and Incident Response
Describe techniques for defending against the new ICS threat matrix
Assess and audit risks for ICS
Apply IEC standard to network and system security of ICS
Implement the ICS security program step by step
Protect the ICS network from vulnerabilities
Understand different types of servers in ICS and protect them against attacks
Apply security standards to SCADA systems based on NIST SP 800-82
Detect different types of attacks to SCADA systems
Tackle all the security challenges related to ICS cybersecurity
Training Outline:
ICS Cybersecurity training course consists of the following lessons, which can be revised and tailored to the client’s need:
Fundamentals of Industrial Control Systems (ICS)
ICS Security Architecture
Common ICS Vulnerabilities
ICS Threat Intelligence
NERC Critical Infrastructure Protection (CIP)
Risk Management and Risk Assessment
ICS Auditing and Assessment
IEC 62443: Network and System Security for ICS
Implementation of ICS Security Program Development
ICS Incident Response
Network Protection for ICS
ICS Server Protection
SCADA Security Policies and Standards
Detection of Cyber Attacks on SCADA Systems
Our instructors at Tonex will assist you with mastering every one of the ICS Cybersecurity plan strategies by presenting the hazard administration framework, chance evaluation methods, episode reaction, constant monitoring, SCADA security change, and network security approaches for ICS.
ICS Cyber security Training
https://www.tonex.com/training-courses/ics-cybersecurity-training/
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
The energy and utilities industry needs to take extraordinary steps to protect its critical infrastructure. Gone are the days where treating physical security, process control security, and cybersecurity as separate functional areas can suffice. As the threats to our nation’s electric utility enterprises continue to rise, we must use all available information resources and security tools in highly integrated total security systems. As described in this presentation, recognizing and capitalizing upon the broad commonality of security domains across all the three security functional areas can open many more possibilities to enhance an enterprise’s defenses. Based upon this unique systems concept, already proven effective for cybersecurity, a methodology for an integrated total security defense is described that begins with threat and vulnerability intelligence-driven security processes. By extending this methodology to all three security functional areas, organizations can better organize and utilize all their security resources and processes, including threat and vulnerability information, pre-emptive defense strategies, real and near-real time situation awareness capabilities, and incident response/ recovery actions; regardless of whether they are part of the physical, process control, or cybersecurity functional areas. In addition to methods and tools for highly efficient collection and analysis of “all source” threat and vulnerability information, also described are systems approaches for fusing and correlating the high volume and wide variety of available security relevant information. These can assist the security professionals to quickly analyze and initiate actions as needed across each of the physical, control process, and cyber security areas.
Cyber & Process Attack Scenarios for ICSJim Gilsinn
Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014
This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016
The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
Top 10 tips for effective SOC/NOC collaboration or integration. In 5 years the security operation center and IT operation center will integrate and bring more context to security events and help to search, store, and analyze machine data for operational intelligence
Excellence in the Essentials: It's Not Whether You Implement Foundational Con...Tripwire
Tripwire's Maurice Uenuma argues there's a difference between doing the basics and doing them well. Learn how Tripwire solutions can help you achieve operational excellence in the essentials.
3 Success Stories on the Tripwire Enterprise JourneyTripwire
Chris Campbell from KeyBank shares various success stories of how Tripwire Enterprise met the needs of three organizations with different implementations, viewpoints and business drivers.
8 Tips on Creating a Security Culture in the WorkplaceTripwire
October is National Cyber Security Awareness Month (NCSAM). We asked experts in the field how companies can motivate their workforce to help strengthen their IT security posture. Read the full article on The State of Security here: http://tripwire.me/2d2INVY
Survival of the Fittest: How to Build a Cyber Resilient OrganizationTripwire
Cyber threats are growing increasingly complex, and with the explosion of the internet of things (IoT), organizations need to take steps to protect themselves and their customers. Intel has projected there will be over 200 billion IoT devices by 2020, and online data volumes are expected to grow up to 50 times what they are today. Infotech and security leaders are now evaluating a new cyber resilient architecture that can adapt and scale with rapid business digitalization and new IT models. Simplifying the security stack is no longer just a cost-saving priority – with cybercrime threatening to cost $6 trillion by 2021, it is also a prerequisite for uninterrupted visibility, responsiveness and resilience.
In this webinar, guest speaker Jeff Pollard, Principal Analyst at Forrester, and David Meltzer, Chief Technology Officer at Tripwire, discuss the growing challenges of cyber threats and share steps you can take now to build a cyber resilient organization.
Topics include:
-How to identify and cut the technology bloat in your security operations.
-Challenges and opportunities as IT transitions from on-premise to in the cloud.
-Eliminating blind spots and dark spots for uninterrupted visibility, regardless of the endpoint or its location.
-How to re-evaluate strategic planning so that you can align your security programs to new business models.
The RMF: New Emphasis on the Risk Management Framework for Government Organiz...Tripwire
The realities of security, compliance and IT Operations are forcing Federal organizations to rethink risk management. The Risk Management Framework (RMF), created by the DoD, provides a solid foundation for security program design and FISMA compliance that can help reduce risk in your environment.
Federal Security and Compliance Expert Sean Sherman and Tripwire Senior Systems Engineer Steven Tipton discuss:
· The RMF process and requirements
· Pragmatic advice on getting started with RMF
· How Tripwire solutions fit into each step of the RMF process
Join us for an in-depth look at NIST-RMF and its cost effective organizational benefits.
Check out some of the thought-provoking presentations delivered at the 2017 BSidesSF conference. For more on BSidesSF, visit: https://www.tripwire.com/state-of-security/security-awareness/events/heres-missed-bsidessf-2017/
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire
In this presentation, Gajraj Singh, VP of Product Marketing, defines “cyberwar,” explains the implications of breaches on an organization, and shows how Tripwire addresses cybersecurity challenges.
The agile framework and ideology are hardly new. Many organizations are successfully using it and reinvent the way they build and deliver software. But agile isn't only for development. In this webinar, Todd Eby explores how you can reinvent the way you approach delivering Success using an agile mindset and framework.
Según Hilda Marchiori, en el capitulo 3 de su libro psicología criminal existen diferentes tipos de criminales, pero también muchas veces estos caen en una conducta criminal según sus padecimientos mentales, y estudiar acerca de estas nos ayuda a tener mayor capacidad de entendimiento sobre estas personas.
Security Mentors: Honoring Those Who Inspired Our Love of InfosecTripwire
With Thanksgiving right around the corner, we wanted to show appreciation and say 'thank you' to those who have helped shape the world of cyber security.
With more to protect, fewer resources, and more data, scan failures, delays and false positives can impact response during critical incidents. View this presentation to learn how to overcome these challenges by building resiliency in your organization’s vulnerability management program.
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
Cyber security experts David Meltzer, Chief Research Officer at Tripwire; Tony Gore, CEO at Red Trident Inc.; and John Powell, Senior Critical Infrastructure Engineer at Red Trident Inc., discuss the practical 1-2-3 basics of industrial cyber security and how to get started automating asset management. Attendees will also learn how to build an effective strategy for protecting industrial assets – networks, endpoints and controllers.
Key Takeaways:
· Learn how to automate and simplify the inventory process and secure your assets
· Understand what cyber security standards may apply to your unique environment
· Hear real-world tips on how to prioritize and work across functional silos within your company
· Receive an industrial cyber security assessment checklist to help gauge your starting point
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
Confidence 2017: SCADA and mobile in the IoT times (Ivan Yushkievich, Alexand...PROIDEA
Several years ago we made a security assessment of SCADA & ICS mobile clients. We reviewed remote HMIs, historian and MES clients and even PLC configuration and programming applications for your Android smartphone. The results were a little scary: through all reviewed apps, only one(!) was without major security flaws. By that time mobile SCADA client was a kind of caprice, however now, with the widespread IoT, which even touched ICS infrastructures, more and more vendors start to create mobile application for their industrial software and hardware.
In this talk we want to make another review of current status of mobile applications for ICS systems. One task is to compare the security of today's applications and how it's changed in accordance to the previous years. Also, we will discuss the most common vulnerabilities in such systems, however with main targeting on risks that arise with using mobile apps in your industrial infrastructure. In the end of the talk, possible attacks on ICS infrastructure through compromised smartphone with mobile SCADA/whatever client will be shown, along with discussion whether it is SAFE to allow mobile applications to interact with your ICS infrastructure. Also, we will provide the detailed statistics of found flaws and invalid security(& safe!) approaches.
Security Requirements in IoT Architecture Vrince Vimal
Security Requirements in IoT Architecture - Security in Enabling Technologies - Security Concerns in IoT Applications. Security Architecture in the Internet of Things - Security Requirements in IoT - Insufficient Authentication/Authorization - Insecure Access Control - Threats to Access Control, Privacy, and Availability - Attacks Specific to IoT. Vulnerabilities – Secrecy and Secret-Key Capacity - Authentication/Authorization for Smart Devices - Transport Encryption
Marcellus Buchheit (Wibu-Systems) and Terrence Barr (Electric Imp) talk about how to secure IIoT endpoints, why they are so vital to secure, and how the Industrial Internet Security Framework (IISF) can help. This talk was given during a webinar as part of the #IICSeries, a continuous series of webinars on the industrial internet hosted by the Industrial Internet Consortium.
Building enterprise Internet of Things (IoT) systems must start with reviewing and strengthening your current IT security to prepare for potential additional risk exposure. Then, understanding the security posture of connected devices being added to the network determines what smarter edge architectural components, such as IoT gateways, are needed to establish and defend functional integrity and enable protection from risks of less capable connected sensors and legacy equipment. This session will discuss the unique security risks in IoT ecosystems and the strategies and tools for addressing them.
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Dawn Yankeelov
"Understanding Cyber Industrial Controls in the Manufacturing and Utilities Environment," By Dr. John Naber, Co-Founder & Partner in True Secure SCADA, which is KY-based and holds 2 key patents in this area. This was given at the TALK Cybersecurity Summit 2018 in Louisville, KY.
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning.
However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!
As online sales surge, retail cybersecurity professionals are taking additional precautions to protect their organizations and their customers’ data. On top of this, the COVID-19 pandemic has driven even more consumers to turn to online shopping. Tripwire worked with Dimensional Research to better understand cybersecurity programs in the retail industry as they prepared for the holiday season.
Download the full report here: https://www.tripwire.com/solutions/solutions-by-industry/retail-and-hospitality/retail-holiday-cybersecurity-survey-report
Tripwire recently examined how organizations are experiencing the cybersecurity impacts of COVID-19 and shifts to working from home. Dimensional Research conducted the survey, which included responses from 345 IT security professionals, in April 2020. Check out some of the key findings from the survey.
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
How can IT and OT teams work together effectively to secure the entire infrastructure? We asked industry experts for their top tips. Read their full responses here: https://www.tripwire.com/state-of-security/ics-security/it-collaborate-ics-security/
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
The skills gap remains one of the biggest challenges for the cybersecurity industry. To gain more perspective on what organizations are experiencing, Tripwire partnered with Dimensional Research to survey 336 security professionals on this issue. For additional key findings, visit: https://www.tripwire.com/state-of-security/security-awareness/security-pros-skills-gap-worsened/
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
Major healthcare providers are tasked with protecting patient data and maintaining complex security compliance requirements enforced through rigorous audits. Mercy Health, a major Midwestern hospital system, became a Tripwire customer in 2013. Using Tripwire technology, they created a successful IT service by integrating their ITSM tool, streamlining their reporting process and more.
Mercy Health and Tripwire show you how to:
-Implement effective change management
-Strengthen security in Epic records systems
-Streamline the audit process
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
Tripwire examined how organizations are implementing security controls that the Center for Internet Security (CIS) refers to as "Cyber Hygiene." The survey, conducted in July in partnership with Dimensional Research, included responses from 306 IT security professionals.
Read the full report here: https://www.tripwire.com/misc/state-of-cyber-hygiene-report-register/?referredby=socialmedia/
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
MITRE is a not-for-profit organization that operates federally-funded research and development centers. Their ATT&CK framework is a useful cybersecurity model illustrating how adversaries behave and explaining the tactics you should use to mitigate risk and improve security. ATT&CK stands for “adversarial tactics, techniques and common knowledge.”
This presentation explores a methodology for pairing proven industry frameworks like MITRE ATT&CK with threat modeling practices to quickly detect and respond to cyber threats. With this approach, industrial organizations can slice their infrastructure into smaller components, making it easier to secure their assets and minimize the attack surface.
Takeaways include how to:
-Make the most out of their threat intelligence feeds
-Report on progress and compliance
-Negotiate trust relationships in the intelligence sharing cycle
-Improve their organization’s overall security posture
Defending Critical Infrastructure Against Cyber AttacksTripwire
In our increasingly connected world, networks of machines help critical infrastructure run more efficiently and prevent downtime. However, systems which were once isolated are now being exposed to digital security threats that operators never considered.
Joseph Blankenship of Forrester Research and Gabe Authier of Tripwire discuss the evolving threat landscape and how we can protect these critical assets from cyber threats.
Topics covered include:
-Examples of some of the most recent cyber-attacks to critical infrastructure
-Why traditional IT security approaches won't work
-Recommended approaches for securing critical infrastructure
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Let me lay out a few things that are important to consider when you look at how you can protect your ICS environment:
First – look for practical solutions. If you can not clearly see the actionable information you will get out of a system that will give you meaningful results, its not likely you are going to get real value out of it.
Second – look for people, tools, and processes that understand the ICS environment, and the priorities of safety and reliability, above all else. Look for solutions that are established and proven to be non-disruptive. If you are on the IT side, before you start trying to educate your OT counter-parts about what it is they could or should be doing about security, start by spending time learning from them about what is important – and learn about how they have been able to operate systems with uptime and reliability levels that are frankly unheard of in the IT world.
Third – we know this convergence between IT and OT is happening, so look for ways you can bring these two together. If you are coming from the OT side, think about what is it the IT security team needs from you, and if you are on the IT side, keep in mind the OT priorities and how you can layer security on without compromising those goals.
For the purposes of our talk today and given our industrial audience, we’ll focus on outsider attacks, malicious insiders and insider errors because these are the top categories of concern we see most within our customer base.
The point of this timeline is that it illustrates a continuum and where we are now is the requirement to address the very real physical implications of a cyber threat no matter what the source
Create and maintain an accurate inventory of their industrial control systems
Obtain structured vulnerability and patch feeds that cover a wide variety of sources
Match asset inventories against vulnerability disclosures and patch announcements
Track vulnerable and unpatched products currently used in their industrial environments
Prioritize vulnerability remediation efforts by considering: ICS architecture location, simplicity of exploitation and possible impact on the controlled industrial process
During Q1 2016, iSIGHT Partners continued to observe cyber espionage activity targeting a variety of entities within various critical infrastructure sectors. When compared with previous quarters, Q1 shows no discernable trends, indicating instead that cyber espionage actors from around the world are interested in firms that operate critical infrastructure also throughout the world.
The most interesting activity was the Sandworm Team operating in Ukraine. We observed that power outages were caused by direct interaction with utility HMI software. The attackers demonstrated advanced planning and moderate process attack capability. Lacking security controls, including poor network segmentation, facilitated the outages. We believe other electricity distribution providers throughout the world are similarly vulnerable.
Of the hacktivist items identified in Q1, the Cyber Caliphate Army's attack on surveillance cameras had the highest potential consequence. One can envision a cyber attack to shut down video surveillance systems with a simultaneous physical attack on the facilities. The physical attacks at the Brussels airport and metro station on March 22, 2016 lend additional credibility to such a scenario. We suggest that security forces serving high traffic areas examine the cyber security of their video surveillance systems and create contingency plans should those systems be unavailable.
Image at right is a Schneider Electric Atlivar variable frequency drive (VFD). Reid Wightman described using unauthenticated ICS protocols to discover, then overwrite “skip” frequencies, potentially causing dangerous vibrations at an industrial facility.
Image at right is a 25 horse power boiler control system that the actor “intranet framework” offered for sale at 1,000 USD in an underground forum. We are uncertain what process the boiler is part of. It is the second time we have seen an actor selling VNC access to SCADA systems. Both HMI screens he shared as examples were in French.
Image at right is of CPNI’s guidance to secure building automation systems. It is by far the most comprehensive guidance we have observed to date for dealing with these widely-deployed, yet often-overlooked cyber-physical systems.
Explain
This is a reference architecture produced by academics at Purdue University, and adopted by the International Society of Automation (ISA)
The entire purpose of industrial automation and control systems is to remove humans from the loop. Program the logic into the machines so people don’t have to be at each location taking measurements and making adjustments.
Sensors and actuators operate at Level 0. Sensors measure things in the physical world; such as flow, temperature, pressure, level.
Actuators move. Things like valves and connect/disconnect switches for motors
They are wired into the controller
They are generally not TCP/IP enabled, but this is changing
Controllers are programmable devices found at Level 1
The programming specifies how the actuators move when the sensors provide certain readings.
They can also include Variable Frequency Drives and Protective Relays
Many of these are TCP/IP enabled
Level 2 includes more standard computing and networking technology
The SCADA stands for supervisory control and data acquisition. Supervisory means that it allows a human operator, normally seated at a human-machine interface screen to identify abnormalities (normally by viewing alarms that pop up on the screen), and step in and issue remote commands to the system. If a process loses SCADA, nothing is going to happen, at least for a while. The logic exists in the controllers themselves to regulate the process. The job of process operators has been described as 90% intense boredom, and 10% sheer panic.
The engineering workstation is used to program the control logic. You can think of this as a software development environment. Instead of languages such as python, C, and VisualBasic, the languages used are called “ladder logic”, “Fuction block” and “structured text”. This machine would normally have the ability to talk to any PLC on the network to push new logic
This layer also includes database technology called a process historian. The historian catalogs readings from the sensors and positions of the actuators to make available in other applications, such as predictive maintenance and process optimization efforts. The historian records data that is not displayed to the operator.
Ideally the SCADA network is segmented from the business network by a dual firewall DMZ. This facilitates firewall management, while limiting ingress and egress.
Leveraging FireEye ISIGHT Threat Intelligence and FireEye AX Advanced Malware analysis integrated with Tripwire Enterprise and the FireEye Threat Prevention Platform we are able to uniquely able to address threats to both IT and OT networks by bringing together Intel, detection, and prevention.