ICS Consequence-Driven Incident Response Solutions Forum

Consequences of modern cyber-attacks impacting control systems can range from large power grid blackouts to large cities or major regions, failure of critical manufacturing equipment with massive financial loss, paralyzing smart city infrastructure such as transportation in large municipalities, inflict serious environmental damage, or worse, cause injury or death to facility workers.

The obvious choice for ICS security managers and technical defenders is to focus on pre-incident defense – prevention – which has a lot of value! However, facility owners and security managers must not become fatigued by a prevention-only approach and forget to focus on regularly refining steps for effective and optimal engineering MTTR (mean time to recover) for a rapid return to operations.

Establishing ICS-specific network visibility, threat detection based on evolving sector specific threat intelligence, and specific incident response for control networks – are all critical! They are all requirements of the first stages of maturity towards any effective ICS Security Defense Program.

However, for resilience, with the consequences these imminent intrusions bring, plant owners and operators will do well to ensure the ICS incident response includes effective and rapid engineering system recovery plans. That is, technology solutions and processes combined with ICS-trained defenders, security managers and engineering teams are able to work to restore control systems to trusted restore points after events from cyber incidents, natural disasters, human error, or possible malicious insiders that threaten engineering operations.

This ICS Forum will bring to light lessons learned through a 2022 ICS year in review and reveal suggested actions for ICS incident response with a focus on ICS specific threat detection and rapid engineering system recovery. Topics include the following:

  • You Are Not Alone – 5 Critical Controls for Consequence-Driven Incident Response in ICS/OT Environments
  • Pre and Post Incident Network Collection at the Edge – A Practical Guide for Asset Owners
  • Implementing a Zero Trust Framework for Secure Remote Access in ICS
Register

Applying a Zero Trust Framework to Securing the Oil and Gas Industry

In this webinar, you will learn more about Secure Remote Access and applying a Zero Trust Framework to securing the Oil and Gas industry.

  • Digital Transformation is unlocking business value but is also putting once “air gapped” critical OT assets at risk
  • Complexity of IT in Oil and Gas companies makes OT systems vulnerable to increased cyber-attacks, and proses challenges for secure remote access and third-party vendor management
  • How to implement a Zero Trust framework to enable more security, efficiency, and scalability in Oil and Gas OT environments

Presented at the Oil & Gas Automation & Digitalization Conference (OGAD), November 2022.

Speaker:

Bill Moore

Bill Moore is the CEO and Founder of XONA, providers of a unique zero-trust user access control and analytics platform for critical infrastructure. Currently focused on helping global power, oil and gas, and manufacturing customers reduce their remote operations costs and cyber risks, Bill has 20+ years of experience in security and the high-tech industries, including positions in sales, marketing, engineering and operations.

The State of OT/ICS Cybersecurity in 2022 and Beyond

Speakers: Bill Moore (XONA Systems), Dean Parsons (SANS), William Noto (Fortinet), and Danielle Jablanski (Nozomi Networks)

Operational technology (OT)/industrial control system (ICS) security is an ever-changing and evolving field required to continually adapt defense strategies to meet new challenges and threats—all while maintaining the safety and reliability of facility operations. This event will focus on how OT/ICS defenders across all industries meet these challenges and will highlight key areas to help defend critical infrastructure moving forward, including:

  • Actual and perceived risks/threats
  • Operational implementation challenges
  • Active ICS cyber defense goals
  • Cyber defense investment levels

Join SANS Certified Instructor Dean Parsons as he illustrates concerns among respondents, identifies risks and threats impacting critical infrastructure, and gives direction on effectively managing ICS risk to maintain the safety and reliability of operations.

Current Trends, Threats, and Potential Solutions for IIoT, OT, and Critical Infrastructure

In today’s digital world, cybersecurity threats have become more advanced while the industrial world continues to evolve and get more connected. Because of this, it is crucial to ensure you have a solid understanding of the importance of Industrial Cyber Security, keep a keen eye on cybersecurity trends and threats, and be informed about existing solutions.

Speaker:

Bill Moore

Bill Moore is the CEO and Founder of XONA, providers of a unique zero-trust user access control and analytics platform for critical infrastructure. Currently focused on helping global power, oil and gas, and manufacturing customers reduce their remote operations costs and cyber risks, Bill has 20+ years of experience in security and the high-tech industries, including positions in sales, marketing, engineering and operations.

Preventing Network Breaches with Secure Vendor Access Management – Connected Plant Webinar

Manufacturers worldwide are adopting capabilities that allow for more remote operations. While the benefits of remote and mobile access are multifaceted, remote operations can pose new risks to critical infrastructures. When workers and third-party vendors use remote communication technologies to directly access critical OT systems, the attack surface can become increasingly complex with new vulnerabilities.

To prevent direct access to network access, manufacturers must prioritize security measures that ensure any remote vendor access is closely managed and monitored.

In this webinar, attendees will learn:

  • How a zero-trust architecture immediately eliminates common attack vectors in critical infrastructures
  • How components of a zero-trust architecture can make vendor access management more secure, efficient, and scalable
  • How manufacturers can grant third-party vendors with temporary, controlled access to their systems

Cybersecurity Challenges Facing Remote Operators of OT and other Critical Infrastructure Systems – SANS Webinar

U.S. critical infrastructure must guard against malicious cyberattacks by implementing encryption and authentication at all access points for connected OT assets or continue to face an increased level of cyber risk.

Russian hackers are attempting to broadly penetrate Ukrainian infrastructure to disrupt critical services such as electricity, transportation, finance, and telecommunications.

Watch this video and learn simple methodologies for building a zero-trust architecture to protect against such cyberattacks, including:

  • Ensure all communication from IT/Internet to OT network is encrypted
  • Ensure there is no data-in-transit for any user sessions not associated with a multi-factor authenticated session
  • Isolate all data communication protocols to OT network
  • Ensure all user access session data to critical OT systems are logged and recorded
  • Ensure plant-level controls for allowing remote access through “software lockbox” and “virtual wait lobby,” including visual and audible alarms
  • Monitor all non-read-only user access sessions
  • Verify acceptable risk level for access to critical assets through asset monitoring, threat (IOC) feeds, and vulnerability detection tools.

 

Speakers:

Mark Weatherford

Mark Weatherford is the (virtual) Chief Information Security Officer at AlertEnterprise, the Chief Strategy Officer (and a Board member) at the National Cybersecurity Center, and the Founding Partner of Aspen Chartered Consulting, where he provides cybersecurity consulting and advisory services to public and private sector organizations around the world.

Mark has held a variety of executive level cybersecurity roles including Global Information Security Strategist at Booking Holdings, Chief Cybersecurity Strategist at vArmour, a Principal at The Chertoff Group, Chief Security Officer at the North American Electric Reliability Corporation, and Chief Information Security Officer for the state of Colorado. In 2008 he was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer and in 2011 he was appointed by the Obama Administration as the Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security.

 

Bill Moore

Bill Moore is the CEO and Founder of XONA, providers of a unique zero-trust user access control and analytics platform for critical infrastructure. Currently focused on helping global power, oil and gas, and manufacturing customers reduce their remote operations costs and cyber risks, Bill has 20+ years of experience in security and the high-tech industries, including positions in sales, marketing, engineering and operations.

Protecting Industrial Control Systems (ICS) from Modern Threats – Dark Reading Webinar

A 2021 attack on an industrial control system (ICS) at a water treatment plant in a small town in Florida raised eyebrows and surfaced new fears about the risks these kind of systems face. Unfortunately, many ICS systems are working on legacy technology and are unprepared for modern cyber attacks. In this Dark Reading webinar, experts discuss the current threat posed to ICS systems, the tools and practices needed to defend them, and the skill sets required to operate those defenses.

Watch this video to learn:

  • Better understand the differences between ICS and IT security, as well as what they have in common.
  • Be able to more accurately identify potential risks with ICS infrastructure.
  • Gain new insight into the unique threats posed by industrial controls, and how you can bolster your defenses.
  • Learn new techniques for protecting your organization’s most valuable industrial assets.

Speakers:

Jason Clark, Independent Security Researcher

Dr. Jason Clark is a subject matter expert in cyber security with nearly 20 years of real-world experience within the intelligence community, academia, and industry. He has extensive knowledge and experience on a variety of technology related topics. Currently, his main area of interest is researching and analyzing better methods to detect, deter, and mitigate insider threats.

 

Bill Moore, CEO & Founder, XONA

Bill Moore is the CEO and Founder of XONA, providers of a unique zero-trust user access control and analytics platform for critical infrastructure. Currently focused on helping global power, oil and gas, and manufacturing customers reduce their remote operations costs and cyber risks, Bill has 20+ years of experience in security and the high-tech industries, including positions in sales, marketing, engineering and operations.

Demystifying Zero Trust to Protect Connected Assets in OT – Webinar

What Zero Trust Really Means in Complex OT Environments and How it Ensures Reliable Protection from Intrusion

Over the past few years, “zero trust” has become a commonly used phrase for security professionals. While we may understand that a zero-trust framework or architecture should be implemented as part of network or cybersecurity measures, what does this practically mean for operational technology? What does zero trust actually entail, and how does it keep critical assets safe?

In this webinar, Peter Gregel, Chief Architect for XONA and a veteran in IT security operations with extensive experience deploying mission-critical systems for the U.S. government and critical infrastructure, will answer these questions while discussing:

  • A clear and simple analogy that makes zero trust easy to understand
  • Features like multi-factor authentication and their role in zero trust
  • How and why to keep a close eye on your attack surface
  • Why complexity does not make you more secure and, in fact, introduces more risk
  • Tips to validate your network scanning and protection efforts
  • The role certifications like NERC CIP play in zero trust

 

Speaker:

Peter Gregel
Chief Architect, XONA 

Originally from Cleveland, Ohio, and currently living in Frederick, Maryland, Peter is a veteran IT security operations and architecture expert with more than 20 years of experience. Peter has led projects at some of the largest security and hardware vendors, specializing in U.S. government intelligence operations. He has served in the United States Navy and at the National Security Agency and has extensive experience deploying mission critical systems for the U.S. government and critical infrastructure.