DISC-SANS ICS Virtual Conference Gratis (1 Mayo)

hkm · 620

0 Usuarios y 1 Visitante están viendo este tema.


  • Full Member
  • ***
    • Mensajes: 111
    • Karma: +1/-0
    • Ver Perfil
    • http://hak.im
on: Marzo 26, 2020, 04:31:36 pm

SANS and Dragos join forces to provide a fully virtual conference on Friday May 1st open to the community to share technical insights, lessons learned, and best practices for ICS/OT cybersecurity presented by SANS Institute instructors and Dragos staff.

The content is focused around being widely acceptable for both IT Security and OT/ICS audiences and the theme is focused around education especially during times when many folks are at home and working remotely. Special focuses are being given in the talks to what work and efforts can be accomplished with minimal effort during slow down periods.

The DISC SANS ICS Virtual Conference will also host a NetWars CTF jointly developed by SANS and Dragos with 4-8 hours with of cyber defense and ICS network security related challenges on Thursday April 30. The winner will be announced at the conference and the answers provided to all attendees. Registration details coming soon.


10:00am - 10:30am - Welcome & Opening Remarks, Tim Conway & Robert M. Lee @robertmlee, Conference Co-Chairs

10:30am - 11:05am - The ICS Security Crucible: Forging Programmatic Armor and Weapons Jason Christopher, Principal Cyber Risk Advisor, Dragos Inc. and SANS Certified Instructor

When we think of cybersecurity, we often think of new technologies that can help us manage all the threats we hear about. That said, our industry also knows that technology cannot solve this problem alone. We further understand that cybersecurity capabilities are defined as a combination of technology, people (like you), and processes (including documentation!). These three ingredients, when merged together, make a powerful compoundand define successful ICS security programs. This presentation will introduce an "ICS Security Crucible" where you will combine people, processes, and technology to create custom-fitted armor and defenses for your industrial operations based on unique risks, associated impacts, budgets, and known threats. Leveraging real use-cases, participants will learn practical next steps in either creating or refining their ICS-specific security program. When we combine technology with the right people and robust processes, organizations create a strong culture of security and forge lasting legacies for critical infrastructure protection. And we sure could use more of that these days...

11:05am - 11:40am - ICS Ranges and DIY For Home Learning, Tom VanNorman, Director of Engineering Services, Dragos Inc

Are you thinking about building your own ICS Range, but you have no idea where to start? Whether you are looking to build something for personal enrichment, or you are looking to build something at work this talk will cover what you need to know to start your project. I will cover pros and cons of different configurations as well as provide you with firsthand knowledge of things that I found that work and do not work.

11:40am - 12:10pm - Break

12:10pm - 12:40pm - Cyber Physical Assessments, Dean Parsons @deancybersec, Instructor, SANS ICS515

12:40pm - 1:10pm - Operationalizing Threat Intelligence in ICS, Sergio Caltagirone, VP of Threat Intelligence, Dragos Inc., Amy Bejtlich, Director of Threat Intelligence, Dragos Inc.

Threat intelligence allows asset owners and operations to make better cybersecurity decisions for ICS/OT environments. However, it's not easy. In this presentation, we'll discuss how to consume and digest threat intelligence to make it usable, and your operations better than before. Do you need a "threat intelligence team?" How would you form one? Does your SOC need to know about threat intelligence? How do you measure the benefit of threat intelligence? We'll answer these questions and more.

1:10pm - 1:40pm - Evaluating ICS Vulnerabilities, Katherine Vajda, Senior Intelligence and Vulnerability Analyst, Dragos Inc.

Managing and understanding the risk of vulnerabilities within ICS is crucial in protecting the delivery of the function. In this presentation, we'll discuss highlights from the 2019 vulnerability year in review report, what we've learned about these vulnerabilities, and what you can do with this information. We'll go in-depth into our process and drivers for prioritizing and understanding the risks of vulnerabilities within ICS and how to get the best ROI on your efforts involving mitigation.

1:40pm - 2:40pm - Lunch

2:40pm - 3:25pm - Future Things: Simple Yet Effective ICS Cyber Attacks, Jason Dely and Jeff Shearer, SANS Institute, Instructors and ICS612 Co-Authors

ICS focused attacks have a sliding scale of impacts with the largest effect being hardware manipulation to cause product quality issues, product manufacturing disruption or the highest effect of all; loss of life. This presentation and demonstration will walk through some common attack objectives and interesting ways to achieve those goals by attacking the control system through the control system itself.

3:30pm - 4:10pm - Simple Wins During Slow Downs, Austin Scott, Principal Industrial Penetration Tester, Dragos Inc.

Recent events have added some additional constraints to our ability as an industry to move ICS cyber security programs forward. How do we continue to identify and reduce cyber risk in our ICS environments when we cannot hire consultants or meet with vendors? As ICS operations team are actively working to minimize contact with the outside world, how do we add implement new technology or improve the security posture of our environments? In my presentation, I will detail several ways that ICS cybersecurity teams can work with existing technologies and infrastructure to identify and reduce cyber risk. Many of these recommendations can be done remotely and have a very low chance of inadvertently causing any operational issues.

4:10pm - 4:45pm - Networking Break

4:45pm - 5:25pm - Electric Sector Incident Response, Tim Conway, SANS Institute

This talk will discuss current Incident Response requirements for North American Electric sector asset owners and operators, as well as some IR guidance beyond the current requirements. Looking forward we will also discuss the benefits and challenges that organizations need to consider in relation to the new CIP-008-6 Standard going into effect starting Jan 1 next year.

5:30pm - 6:10pm - ICS CTF Results and Answers, Austin Scott, Principal Industrial Penetration Tester, Dragos Inc., Jon Lavender, Chief Technology Officer and Co-Founder, Dragos Inc.

Cyberville is in an isolated desert town fed only by a single sub-transmission line. The 4444 residents of Cyberville is largely made up of retirees who have come to the desert to escape from cold weather altogether. During the summer, the average high is over 102F, and without air-conditioning, the elderly residents of Cyberville are at risk. A microgrid has been created to protect the residents of Cyberville from high-winds or a lightning strike from cutting power to the town for an extended period. Cyberville's microgrid includes local power generation (solar, wind, and gas turbine), local energy storage, and automated switching. Cyberville's microgrid can disconnect and function independently during emergencies, supplying vital electricity to the local community.

We believe that an adversary has compromised the Cyberville microgrid network. You have been tasked with performing the incident response work on Cyberville's microgrid and removing the threat before it can put the lives of our residents at risk.

Speaker Bios
Tim Conway

Technical Director - ICS and SCADA programs at SANS. Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.

Robert M. Lee

Rob is a recognized pioneer in the industrial security incident response and threat intelligence community. He started in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).

Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine’s power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine’s grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.

John Lavender

Jon Lavender is the Chief Technology Officer, head of engineering and Founder of the critical infrastructure cyber security company Dragos, Inc. In this role he is responsible for delivering the Dragos Platform and Customer Portal as well as the development of ICS/SCADA specific technologies as well as the technologies that enable the Dragos Threat Operations Center analysts to hunt advanced threats. His focus is on the automation of processes to help scale engineering, incident response and threat hunting efforts to cover a wide range of industries and networks.

Previously, Jon was a member of the National Security Agency where he led diverse teams in challenging environments experiencing both red and blue team type operations. Notably, he was lead of a hand-selected team tasked with developing analytics, tools, and best practices for identifying national-level cyber adversaries breaking into U.S. government and infrastructure networks. There he managed and built relationships with key partners around the U.S. Intelligence Community and its allied partners. Jon received his bachelors in Management Information Systems from Wake Forest School of Business and later his Masters in Cyber Security from the University of North Carolina at Charlotte.

Sergio Caltagirone

Sergio Caltagirone hunts evil. He spends his days tracking hackers and his evenings chasing human traffickers. In 9 years with the US Government and 3 years at Microsoft, Sergio has hunted the most sophisticated targeted threats in the world, applying intelligence to protect billions of users while safeguarding civilization through the protection of critical infrastructure and industrial control systems. He co-created the Diamond Model of Intrusion Analysis, helping thousands of others bring more pain to adversaries by strengthening hunters and analysts. He also serves as the Technical Director of the Global Emancipation Network, a non-profit, non-governmental organization (NGO), leading a world-class, all-volunteer team dedicated to ending human trafficking and rescuing victims through data science and analytics, saving tens of millions of lives.

Amy Bejtlich

Amy Bejtlich is a Senior Adversary Hunter at Dragos, Inc. She has over 10 years of intelligence experience across multiple Intelligence Community (IC) disciplines including Signals Intelligence (SIGINT), Measures and Signatures Intelligence (MASINT), Counterterrorism, and Cyber Threat Intelligence. Amy began her career as an Intelligence Officer in the US Air Force, where she served as a Watch Officer for the Information Operations Center at Air Intelligence Agency. Following her military service, Amy joined the FBI as a counterterrorism analyst. After her federal service, Amy transitioned into cyber threat intelligence, first for a financial institution, then for a Fortune 15 telecommunications company.

Katherine Vajda

Kate Vajda is a Senior Vulnerability Analyst for Dragos Intelligence Team. Kate analyzes public advisories for accuracy, understanding, and correction to feed Intelligence and the Platform. She also performs vulnerability research and assessments of software and hardware, as needed. Kate believes in leaving everything better than she found it with her top two priorities being process and automation.

Prior to Dragos, Kate was a senior security consultant at Secure Ideas, focusing on network penetration testing, architecture reviews, and security program maturity guidance. She also has 8 years experience at a Fortune 500 utility where she worked with several aspects of the company, including business, IT, OT, and security. She started her profession in a network research lab where she was free to explore technology and utilize different techniques for implementation and automation.

Kate is also an adjunct professor in the security program at a local college and a network admin for her local church. She spends her free time playing board games, breaking escape room records, organizing security conferences, and running or playing in CTFs.

Tom Van Norman

Tom is the Director of Engineering Services at Dragos, where he is responsible for ensuring the Dragos Platform is successfully deployed. Tom has an extensive back ground in industrial controls and enjoys getting into the field and making things work. Prior to joining Dragos Tom held various roles all focused on the operation, engineering and security of industrial control systems.

Tom started his career in the U.S. Air Force, eventually retiring with a total of 24 years between Active Duty, Reserves and Air Guard. He spent the last half of his service serving on a National Mission Team in a Cyber Operations Squadron. In addition to Dragos, Tom is the co-founder of the ICS Village and consults with SANS on the construction and operation of Cyber Ranges. The ICS Village is a non-profit educational organization that equips industry and policymakers to better defend industrial equipment through experiential awareness, education, and training.

Tom calls the Lehigh Valley Pennsylvania home with his six kids. In his spare time, he enjoys outdoor activities and riding motorcycles.

Dean Parsons

Dean Parsons is a SANS instructor for ICS515: ICS Active Defense and Incident Response, a member of the SANS/GIAC advisory board, an active member of the cybersecurity community, and OT Cyber Security Officer. With 20 years combined experience in IT, Industrial Control System cyber defense across the telecommunications to critical infrastructure sectors, Mr. Parsons lead's an active ICS Cybersecurity Program for an electric utility in Canada across facilities for generation (hydro, thermal, gas turbine), transmission and distribution.

As an ICS security practitioner and ambassador for safety and operational resilience, he frequently speaks at high-profile cybersecurity events across North America, and has a natural way of engaging his audience.

His enthusiasm in the field started at an early age writing ethical hacking tools on his custom compiled versions of Linux; password crackers, host-based intrusion detection systems, network sniffing tools, smart port scanners, kernel modules and exploits. Any given day Dean could be dissecting packets from plant operations, writing policies, or presenting to a board of directors.

Dean earned a bachelor’s degree in computer science from Memorial University of Newfoundland and holds the CISSP, GSLC, GCIA and GRID accreditations.

Jason Christopher

His responsibilities include providing technical leadership on security and resilience issues relevant to Axio, its partners, and clients, and the development of all Axio technology platforms for security metrics and benchmarking.

Prior to Axio, Jason led the research for cybersecurity metrics and information assurance at the Electric Power Research Institute. Previously, he was the technical lead for cybersecurity capability and risk management at the US Department of Energy, where he managed the Cybersecurity for Energy Delivery Systems Operations program, which included the Cybersecurity Capability Maturity Model and other collaborative efforts. Jason also served as the program lead for both Critical Infrastructure Protection Standards and Smart Grid Security at the Federal Energy Regulatory Commission.

Mr. Christopher has worked on a variety of infrastructure projects, particularly in the field of industrial control systems design and implementation. He has also researched and designed technology systems across multiple industries, including energy, water, transportation, and communications. He has been a representative on the Federal Smart Grid Task Force, the Critical Infrastructure Protection Committee (CIPC), and other technical committees.

Independent of his work at Axio, Jason is a member on the Institute of Electrical and Electronics Engineers (IEEE-USA) Energy Policy, Communications Policy, and Research & Development Policy Committees. Over the past decade, Jason has focused on the development of cybersecurity standards and practices for the nation's critical infrastructure.

Outside of the workplace, Jason focuses on Science, Technology, Engineering, and Mathematics (STEM) education issues. He has lectured at several universities across the country and developed cross-disciplinary courses focusing on resilience, sustainable energy, and community design.

Mr. Christopher holds a Bachelor of Science and Master of Engineering from the State University of New York at Binghamton, and Master's of Engineering degree in electrical engineering from Cornell University.

Jason Dely

Jason Dely, SANS instructor for ICS515: ICS Active Defense and Incident Response, directs the ICS and critical infrastructure services and product business for Cylance Inc. He has more than 17 years of operational, technical and security experience, spanning multiple industry verticals, such as power utility, water utility, oil and gas, manufacturing, mining and chemical.

Jeff Shearer

Mr. Shearer is a member of the SANS Institute ICS team focused on developing courseware in support of the ICS curriculum. Jeffrey also acted as a Subject Matter Expert (SME) for the Global Industrial Cyber Security Professional (GICSP) certification and is a content contributor for ICS Netwars. He also participates as an advisory board member for the ICS Security Summit and Training events.

Prior to joining SANS Institute, Mr. Shearer worked at Rockwell Automation for twenty three years where his most recent role was a Sr. Security Architect for Rockwell Automation's Commercial Engineering group focused on network and security designs for Industrial Automation Control Systems (IACS) and Industrial Demilitarized Zones (IDMZ). Mr. Shearer was a contributing member of the Rockwell Automation and Cisco Systems Converged Plantwide Ethernet (CPwE) team where he participated in architecture design and validation efforts. He also co-authored publications such as Deploying Industrial Firewalls within a Converged Plantwide Ethernet Architecture, Site-to-Site VPN to a Converged Plantwide Ethernet Architecture and Securely Traversing IACS Data across the Industrial Demilitarized Zone.

Prior to joining the Rockwell Automation's Commercial Engineering team, Jeffrey was a Principal Security Consultant for Rockwell Automation's Network & Security Services where his consultancy targeted Automation, Industrial Control System (ICS), Distributed Control System (DCS) and SCADA asset owners. Jeffrey has also held the position of Product Manager, Controller Platform Security where he was responsible for security products provided by Rockwell Automation's ControlLogix business.

In addition to controller focused security initiatives, Jeffrey also represented Rockwell Automation to security bodies such as the Idaho National Labs (INL) Control Systems Cyber Security Vendor Forum, ISA-SP99, Manufacturing and Control Systems Security and Department of Homeland Security (DHS) Control System Security Program.