OT security has a wide-reaching influence on people's livelihoods and national security as it is critical for the operation of key facilities. Learn from experts to address the challenges and threats in OT security.
5/11 (Thur.) 09:30 - 12:15 | 703 Meeting Room
Policy priorities and initiatives for securing Industrial Automation and Control Systems (IACS) in the Netherlands
• Importance of IACS: an assessment of risks for the Netherlands
• Threats: overview of current threats taken into account
• Resilience: priorities and initiatives from the central government
- Objectives set by the Dutch Cyber Strategy (2022-2028)
- Initiatives from the central government
• Challenges and next steps:
- Setting of priorities
- Developing the OT-ISAC
- NIS2 and increase in constituents
The manufacturing industry is constantly innovating its processes and optimizing production. Protecting the operational technology (OT) that underpins this innovation is essential. Strong cybersecurity starts with the proper isolation of IT and OT domains. An effective cross-domain solution reduces the chances of an IT-level attack impacting OT-level operations. You need a cross-domain solution that prevents risks from data transfers and threats hidden in files and devices entering your facilities. During this session, you will learn how to deploy Zero Trust in the OT environment and protect your manufacturing process from external attacks. Innovate, optimize, and secure your production environment.
Cyber attacks resulting in physical operations downtime and equipment damage changed from a theoretical problem to a real problem in 2020 - the world changed and nobody noticed. Cybersecurity systems are changing as well - "engineering grade" security solutions are increasingly demanded when public safety is at risk. Such solutions are deterministic - the degree of protection they provide is constant, no matter how sophisticated the cyber attacks launched at them. Join us to understand how both cyber attacks are changing and how cyber defenses are evolving to meet the threat.
During the two years of the epidemic, many automotive industries, which are accustomed to the physical factory production, realized the importance of digital transformation gradually, and the way to safely and effectively manage the robot arm in the factory on the cloud is an essential topic. Among the many communication specifications, OPC-UA standard has been proved in 2016 by the cooperation between Renault and Google that it can efficiently and securely help the factory to do data exchange and PLC control management, so that the major car manufacturers in recent years have started to adopt OPC to build a digital transformation.
However, is the OPC-UA spec really as secure as it is officially claimed to be ;)? In this session, we will share the design architecture, security principles and flaws in the specification level of OPC-UA, which led to 80% of the major brand products in the market being easily hacked.
In recent years, malicious program attacks on the semiconductor manufacturing industry have become more serious and the subject of increasing attention. The industry’s heavy reliance on automated production combined with its tremendous economic value means that it faces great pressure to ensure high availability, high production capacity, and high yield rates. In January 2022, global semiconductor industry association SEMI launched the new SEMI E187 Equipment Information Security Standard, aimed at eliminating potential vulnerabilities that facilitate external supply chain attacks, internal threats, and network attacks. This seminar proposes a protection paradigm based on the asset life cycle, analyzes the key challenges accompanying the SEMI E187/E188 standards, and provides practical recommendations to help asset owners and equipment suppliers together achieve standard compliance.
Whenever starting the project of complying 62443-4-2 to the products, there should be a committee to develop a 62443-4-2 complianc table for products, and that is composed by different departmens. However it is difficult to bring out a consensuse of process and specification to fulfill the requirement of 62443-4-2 especially after an intense discussion. It would be a big problem whenever some ergent issues are coming from key account during developing 62443 functionalities. How to mange resouce and reschedule the milestone become a very cirtical consideration.
By the way, the developer would must account to the different way of considering criteria of 62443-4-2 requirement between issuer and developer, maybe because of some assumption, regulatory, or some restriction, it become a restriction to comply some requirements in 62443-4-2. whenever reason, it should be solved by closly honestly discussing with consultant. Therefore the speaker will share the experience about such situation.
Since 2010 Stuxnet caused substantial damage to the nuclear program of Iran, ICS security issues have been raised.Lots of researchers dig into the hacking skills and path and those known attacks in the history and more malwares and events happened.We summarize the experience of reviewing over 20 factories traffic and analyzing 19 MITRE defined ICS malwares, PIPEDREAM/Incontroller in 2022. We found the main trend of ICS malwares changes from single protocol targeting to modularized , multiple protocols supporting. In this talk , we will also share how we making an OT adversary emulation tool according to what we summarized and MITRE ICS matrix.
CYBERSEC 2023 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy .