Conference attendees can choose from three optional full-day ICS cybersecurity training sessions.
Applied ICS Security Training Lab (9AM-5PM ET – $495 Fee)
(Overview: Register )This full-day lab course gives participants hands-on experience attacking and hardening a simulated power plant network to learn about common ICS vulnerabilities and defenses. Participants will attack historians, HMIs, and PLCs to cause a power outage in the 3D simulation, and then implement defenses like firewalls and network monitoring to harden it.
In this session attendees will learn:
- Deeper understanding of common vulnerabilities in ICS networks and devices
- Techniques for testing ICS devices for various vulnerabilities
- Practical experience hardening ICS device configurations and using network defenses
- Scanning ICS networks
- Exploiting web vulnerabilities in the DMZ
- Sniffing industrial network traffic
- Password cracking
- PLC and HMI programming
- Using Yara to scan for ICS malware
- Writing host and network firewall rules for ICS
- ICS network intrusion detection
Participants must bring their own laptop with either Chrome or Firefox installed. Some Linux experience is helpful but not required.
Attacking ICS with Python (9AM-5PM ET – $495 Fee)
(Overview: Register) Limited to just 20 students, this 8-hour workshop will be a crash course in ICS vulnerabilities and exploitation, providing hands-on, practical training in the carrying out of attacks against various common types of ICS equipment found in the field, including an HMI, PLC and automated circuit breaker. Students will learn:
- Common ICS terminology and system architecture, including inherent flaws and typical mistakes made in system design which should be considered when planning an attack.
- Modbus and Modbus/TCP architecture and functionality
- Python modules for interacting with Modbus-based systems, and writing scripts to interrogate and attack these systems
- Defensive methodologies and considerations in the face of how simple these attacks can be to carry out
Students should come prepared with the following equipment and knowledge:
- A laptop running either Virtualbox, VMWare Workstation (not Player), Parallels, or VMWare Fusion
- An available Ethernet port on the laptop
- Ability to read technical documents written in English
- Experience writing basic Python scripts which incorporate modules and leverage functions and loops
- Basic Linux command line experience, including the ability to navigate directories, and launch application
ICS/OT Cybersecurity Incident Preparedness & Response Workshop
It is critical to understand how to effectively train, prepare for, and response to a cyber incident effectively to minimize the impacts to your safety, production, and business. This workshop is designed to equip you with the essential skills and knowledge to effectively create, implement, and manage an incident response plan in the realm of ICS and OT.
This workshop goes beyond theory, offering a practical learning experience that dives deep into real-world ICS/OT cybersecurity challenges. You’ll explore key aspects of cybersecurity incident preparedness and response, including threat monitoring, threat hunting, threat and risk assessment, incident response procedures, and the development of an incident response program.
The course is designed to give you a solid, practical baseline in cybersecurity incident preparedness and response.
The curriculum will cover:
- Crafting an effective incident response plan and program
- Best practices for threat monitoring and threat hunting to better contribute to threat detection and incident response
- Threat and risk assessment best practices to better contribute to incident preparedness and response
- Proper implementation and execution of incident response procedures
- How to perform proper incident response exercise for maximum value and effectiveness
- At the end of the workshop, you’ll participate in a tabletop exercise using the ThreatGEN® Red vs. Blue Tabletop Exercise platform.
What You’ll Get:
- A focused, practical workshop led by Clint Bodungen, a world-renowned ICS/OT cybersecurity expert, author of the book Hacking Exposed: Industrial Control Systems.
- Access to all course materials and templates
- 30 days access to the ThreatGEN® Red vs. Blue Tabletop Exercise Platform
- 8 CPE credit hours
- An opportunity to learn and apply practical ICS/OT cybersecurity incident preparedness and response skills
Participants must bring their own laptop with either Chrome, Firefox, or Microsoft Edge installed. Connection to the internet will be required (access provided by the conference). Nothing will be installed onto your laptop.
The Colonial Pipeline is working on a restart plan after a ransomware attack triggered the company to halt all pipeline operations on May 7, 2021.
(SecurityWeek - Eduard Kovacs) - Remote administration tools (RATs) installed for legitimate purposes in operational technology (OT) networks can pose a serious security risk, allowing malicious actors to abuse them in attacks aimed at industrial organizations, Kaspersky Lab warns. A report published on Friday by the security firm reveals that, on average, in the first half of 2018, legitimate RATs were found on more than two-thirds of computers used for industrial control systems (ICS). The highest percentage of ICS computers with RATs
(SecurityWeek / Eduard Kovacs) - There have been several incidents recently where a critical infrastructure organization’s IT systems were breached or became infected with malware. SecurityWeek has reached out to several ICS security experts to find out if these types of attacks are an indicator of a weak security posture, which could lead to control systems also getting hacked. Security incidents involving critical infrastructure organizations There are only a few publicly known examples of cyberattacks targeting an organization’s industrial control systems (ICS), including