On Monday 24th June 2019, the SANS ICS event took place in Munich (Germany). This international event, which is held in a different European city each year, anually brings together major reference companies of IT sector such as Blackberry, Microsoft or Petrobras. In this event, numerous lectures and presentations on industrial cybersecurity are given.
This year, a lot of lively debates about issues that are affecting the whole industry in Europe were raised in which the attendees were able to actively participate in, which made the experience more enriching. Among all of them, we would like to highlight 4 key papers:
- ICS down!: Christopher Robinson, main consultant, Industrial Control Systems, Cylance expressed his concern about the lack of knowledge that prevails in many companies about the assets which are actually connected to the internet within their network. In addition to this, he emphasized the role of the proper use of “OT-specific tools” instead of the traditional tools of the IT environment. He highly recommended following a reliable industrial cybersecurity standard, which encouraged the public to share their impressions on the various existing OT cybersecurity standards.
- Engineers worst day: Daniel Buhmann, Business Unit Manager Security Solutions, KORAMIS GmbH had first-hand experience managing cyber-incidents in factory environments and he related which were the main attack vectors on industrial networks. Moreover, he highlighted how the implementation of appropriate policies or procedures could have prevented these attacks.
- Using SCADA Honeypots: Mikael Vingaard, Preparedness Manager, Energinet gave an explanation about the good use of honeypots: those baits or simulated industrial networks that, strategically placed, can serve as bait for the attackers keeping them away from our real assets and, additionally, they might allow us to collect information about the attacks.
- OT Security requirements vs real life stories: Łukasz Maciejewski, Security Manager, Accenture provided attendees with an alternative perception about OT Security and how difficult it may sometimes be to carry out certain measures in a real customer environment such as upgrades of industrial systems, installation of antivirus…
The event, as many others related to the same subject, has proved to be a great success so there is no doubt that industrial cybersecurity involves difficulties, in which Inprosec Auto is focused on solving.