ICS Security Summit & Training 2021

The SANS ICS Security Summit & Training 2021

The SANS ICS Security Summit and Training 20201 was streamed via Zoom and had a number of very interesting talks. To highlight a few:

Exorcising the Ghost in the Machine: A Critical Evaluation of ICS-Focused Supply Chain Attacks by Joe Slowik

Supply chain attacks appear to be among the most concerning threat vectors for many organizations - yet most descriptions of such threats appear to either ignore or be ignorant of the steps required to actualize an implant for offensive purposes. The talk covers the difficulties attackers are facing and also some of the advantages defenders have. Exorcising the Ghost in the Machine

A tale of two wireless RTUS – sinking titanic and ransoming it by Ron Brash

A technical follow up to the SANS oil & gas session – tale of the lost RTUs. A tale of two wireless RTUS

Cybersecurity FAT/SAT testing - Pitfalls and Wins by Dieter Sarrazyn

A talk on the various pitfalls and wins of cybersecurity fat/sat testing, completed with some key actionable takeaways. Cybersecurity FAT/SAT testing

TTPs from ICS cyber range by Salimah Liyakkathali

iTrust organizes an ICS cyber range, Critical infrastructure Security Showdown (CISS), where the red teams and blue teams were invited to attack these testbeds and detect those attacks. This talk covers the impressive platform and some of the TTPs learned from the participating teams. TTPs from ICS cyber range