Keynote: Nexus between OT and IT threat intelligence

Thursday 3 October 12:00 - 12:30, Small talks

Selena Larson (Dragos)



We can’t defend against what we don’t understand. Come explore the nexus, differences, and complementary worlds of information technology (IT) and operational technology (OT) threat intelligence. Industrial control systems (ICS) are fundamentally different from your typical enterprise networks, but necessarily complementary, making a unique challenge for cybersecurity. In ICS, equipment is unique, high-value assets are different, and the cyber risk a company is willing to accept varies between organizations. The OT threat landscape is distinct from IT, and – much like adversaries targeting critical infrastructure – cyber threat intelligence needs to adapt to the OT environment. In this talk, I will discuss the similarities and differences between IT and OT threat intelligence, generating OT intelligence from an IT analytical perspective, and the threat surface and threat landscape differences. Attendees will take away a better understanding of the mind of an ICS adversary, and tips on how to differentiate and hunt for threats to critical infrastructure.

(This presentation forms part of the Threat Intelligence Practitioners’ Summit)

 

 

Selena-Larson-web.jpg

Selena Larson

Selena is a cyber threat intelligence analyst for Dragos, an ICS cybersecurity company. Selena researches and develops reports on technical behaviours, malware, and activity groups targeting ICS environments. She aims to combat fear, uncertainty, and doubt to help people better understand complex attack scenarios, concepts, and adversary behaviours.

   Download slides    Watch video

Back to VB2019 Programme page

Other VB2019 papers

Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry

Yonathan Klijnsma (RiskIQ)

The push for increased surveillance from fiction and its impact on privacy

Miriam Cihodariu (Heimdal Security)
Andrei Bogdan Brad (Code4Romania)

APT cases exploiting vulnerabilities in region-specific software

Shusei Tomonaga (JPCERT/CC)
Tomoaki Tani (JPCERT/CC)
Hiroshi Soeda (JPCERT/CC)
Wataru Takahashi (JPCERT/CC)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.