SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions.


What are you looking for?

>Posts tagged "ICS"

Conference attendees can choose from three optional full-day ICS cybersecurity training sessions.

Register Now

Applied ICS Security Training Lab (9AM-5PM ET – $495 Fee) 

(Overview: Register )This full-day lab course gives participants hands-on experience attacking and hardening a simulated power plant network to learn about common ICS vulnerabilities and defenses. Participants will attack historians, HMIs, and PLCs to cause a power outage in the 3D simulation, and then implement defenses like firewalls and network monitoring to harden it.

In this session attendees will learn:

  • Deeper understanding of common vulnerabilities in ICS networks and devices
  • Techniques for testing ICS devices for various vulnerabilities
  • Practical experience hardening ICS device configurations and using network defenses

Topics Covered:

  • Scanning ICS networks
  • Exploiting web vulnerabilities in the DMZ
  • Sniffing industrial network traffic
  • Password cracking
  • PLC and HMI programming
  • Using Yara to scan for ICS malware
  • Writing host and network firewall rules for ICS
  • ICS network intrusion detection


Participants must bring their own laptop with either Chrome or Firefox installed. Some Linux experience is helpful but not required.

Attacking ICS with Python (9AM-5PM ET – $495 Fee) 

(Overview: Register) Limited to just 20 students, this 8-hour workshop will be a crash course in ICS vulnerabilities and exploitation, providing hands-on, practical training in the carrying out of attacks against various common types of ICS equipment found in the field, including an HMI, PLC and automated circuit breaker. Students will learn:

  • Common ICS terminology and system architecture, including inherent flaws and typical mistakes made in system design which should be considered when planning an attack.
  • Modbus and Modbus/TCP architecture and functionality
  • Python modules for interacting with Modbus-based systems, and writing scripts to interrogate and attack these systems
  • Defensive methodologies and considerations in the face of how simple these attacks can be to carry out

Students should come prepared with the following equipment and knowledge:

  • A laptop running either Virtualbox, VMWare Workstation (not Player), Parallels, or VMWare Fusion
  • An available Ethernet port on the laptop
  • Ability to read technical documents written in English
  • Experience writing basic Python scripts which incorporate modules and leverage functions and loops
  • Basic Linux command line experience, including the ability to navigate directories, and launch application

ICS/OT Cybersecurity Incident Preparedness & Response Workshop

It is critical to understand how to effectively train, prepare for, and response to a cyber incident effectively to minimize the impacts to your safety, production, and business. This workshop is designed to equip you with the essential skills and knowledge to effectively create, implement, and manage an incident response plan in the realm of ICS and OT.

This workshop goes beyond theory, offering a practical learning experience that dives deep into real-world ICS/OT cybersecurity challenges. You’ll explore key aspects of cybersecurity incident preparedness and response, including threat monitoring, threat hunting, threat and risk assessment, incident response procedures, and the development of an incident response program​​.

The course is designed to give you a solid, practical baseline in cybersecurity incident preparedness and response.

The curriculum will cover:

  • Crafting an effective incident response plan and program
  • Best practices for threat monitoring and threat hunting to better contribute to threat detection and incident response
  • Threat and risk assessment best practices to better contribute to incident preparedness and response
  • Proper implementation and execution of incident response procedures
  • How to perform proper incident response exercise for maximum value and effectiveness
  • At the end of the workshop, you’ll participate in a tabletop exercise using the ThreatGEN® Red vs. Blue Tabletop Exercise platform.

What You’ll Get:

  • A focused, practical workshop led by Clint Bodungen, a world-renowned ICS/OT cybersecurity expert, author of the book Hacking Exposed: Industrial Control Systems.
  • Access to all course materials and templates
  • 30 days access to the ThreatGEN® Red vs. Blue Tabletop Exercise Platform
  • 8 CPE credit hours
  • An opportunity to learn and apply practical ICS/OT cybersecurity incident preparedness and response skills


Participants must bring their own laptop with either Chrome, Firefox, or Microsoft Edge installed. Connection to the internet will be required (access provided by the conference). Nothing will be installed onto your laptop.

(Eduard Kovacs - SecurityWeek) MITRE on Tuesday announced the initial release of a version of its ATT&CK knowledge base that covers the tactics and techniques used by malicious actors when targeting industrial control systems (ICS). MITRE’s ATT&CK framework has been widely used by cybersecurity professionals to describe and classify attacker behavior and assess an organization’s risks. The new ATT&CK for ICS knowledge base builds upon it in an effort to help critical infrastructure and other organizations whose environments house ICS. In addition to a

ICS Devices Vulnerable to Side-Channel Attacks: Researcher Shows (Eduard Kovacs - SecurityWeek)  Side-channel attacks can pose a serious threat to industrial control systems (ICS), a researcher warned last month at SecurityWeek’s ICS Cyber Security Conference in Atlanta, GA. Demos Andreou, a lead engineer at power management company Eaton, has conducted an analysis of protection devices typically used in the energy sector, specifically in power distribution stations. Side-channel attacks can be used to extract data from a system based on information gained by observing

Presented at SecurityWeek's 2018 ICS Cyber Security Conference Speakers: Robert Lee - CEO, Dragos Marc Seitz - Threat Analyst, Dragos The activity group responsible for the TRISIS/TRITON malware is identified as XENOTIME. After the attack on the safety instrumented system in 2017 the group remained active targeting other environments with different safety systems in other regions of the world. Hunting for the behaviors of this group allows defenders to not only search for existing threats but also identify new threats leveraging such

SecurityWeek is happy to be partnering with LEO Cyber Security to offer a half-day Red Team/Blue Team ICS Cyber Security Training workshop at SecurityWeek’s 2018 ICS Cyber Security Conference. The workshop will take place on Monday, October 22 and is available as an option for conference attendees. (Registration available here) What is Red Team/Blue Team Training? Security aware and knowledgeable users serve as the “front line” of your overall security posture. As such, training is one of the most essential components of your

(SecurityWeek - Kevin Townsend) - Security firm Cybereason established a sophisticated honeypot masquerading as a power transmission substation for a major electricity provider. The purpose was to attract attackers and analyze how they operate against the energy sector of the critical infrastructure. Within two days of going live on June 17, the honeypot developed and operated by Cybereason was found, prepped by a black-market reseller, and sold on in the dark web underworld. xDedic RDP Patch was found in the environment.

(Eduard Kovacs - SecurityWeek) - Siemens recently updated its security bulletin for the Meltdown and Spectre vulnerabilities to inform customers of the latest variants, specifically the ones known as LazyFP and Spectre 1.1. Several industrial control systems (ICS) vendors published security advisories for the CPU flaws shortly after they were disclosed in early January. Siemens published a bulletin on speculative side-channel vulnerabilities on January 11. In late May, the company updated its bulletin to include information about Variant 3a and Variant 4,