We are hosting a session and would request all interested to join us and have your security team members join us too. You could also share it with others who would find value

Workshop : How To Perform Penetration Testing On Industrial Control Systems And Operational Technology Safely

17th December, Thursday (6:30 PM India or 8 AM EST)

Duration : 6 hour

About Session : 

Industrial control systems (ICS), including supervisory control and data acquisition (SCADA) are found in many national critical infrastructure industries such as oil and natural gas, electric utilities, transportation, petrochemical and refining, water and wastewater, pharmaceutical, and manufacturing. Due to the high availability nature of these systems, any security testing must ensure that these systems are not affected operationally. Traditional IT Penetration Testing techniques are too harsh and potentially damaging to these sensitive systems. This educational presentation will first provide an overview of how ICS systems work, their vulnerabilities, and threats to these systems. The second part of this short training course will dive into proven methodologies and tools that our team has used to safely perform penetration testing on these systems. Lastly, this talk will conclude with best practices to secure and defend ICS and OT systems from cyber incidents.

( Link To Register Click Here )

Agenda

  • ICS Systems Overview
    • ICS Inputs, Outputs, and Sensor Networks
    • Controllers, Embedded Systems and Protocols
    • SCADA and ICS Protocols

  • Penetrating ICS Systems Safely
    • Recent Threats to ICS-SCADA Systems
    • ICS System Testing Methodology
    • Penetration Testing ICS Systems - OSINT and Internet Layer
    • Penetration Testing ICS Systems - Corporate Layer
    • Penetration Testing ICS Systems - OT DMZ and HMI Layers (3 and 2)
    • Penetration Testing ICS Systems - ICS Protocols and Controllers Layer

  • ICS Defense-in-Depth and Risk Management Strategy
    • SCADA DMZ Design and Network Segmentation
    • SCADA Remote Access Design Considerations        
    • Deployment of IDS/IPS - Including Custom Signatures
    • Security Event Monitoring and Logging for SCADA
    • Overview of Security Frameworks that impact SCADA (NIST 800-53, NIST 800-82, ISA S99, CFATS, NERC CIP)

( Link To Register Click Here )

Speaker Details : 

Jonathan Pollet
Founder at Red Tiger Security, Black Hat USA Trainer

He has over 20 years of experience in both Industrial Process Control Systems and Cyber Security. In 2001 he began to publish several white papers that exposed the need for security for Industrial Control Systems (ICS). Pollet and his team have conducted over 300 security assessments of live Industrial Control Systems globally. Throughout his career, he has been involved with SANS, IEEE, ISA, ISSA, EEI, UTC, CSIA, NERC, and several other professional societies and has spoken in over 200 conferences and workshops around the world. He has also been featured on Fox News, CNN, CNBC, Vanity Fair, Popular Mechanics, CIO Magazine, and several security publications.

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform