Thursday 1 October 12:00 - 12:30, Red room
Daniel Kapellmann Zafra (FireEye)
Throughout the last 10 years, those in the nascent operational technology (OT) security community have consistently strived to highlight the unique characteristics that differentiate them from IT security professionals. Stressing the differences between the two communities has made it possible to increase awareness about the various challenges we face to protect industrial control systems (ICS) and critical infrastructure. However, recent analysis of major OT security incidents and attacker techniques, tactics and procedures (TTPs) shines a light on the need to re-evaluate this posture.
Most sophisticated OT attacks leveraged computers and servers, and the same or similar operating systems and protocols as used in IT as a conduit to their ultimate targets. This infrastructure served as an avenue for impacting physical assets or controlling physical processes. As a result, advanced skills from IT security professionals represent a unique opportunity for defenders and incident responders to explore and understand the intrusion methods, or TTPs, that take place in intermediary systems across the OT attack lifecycle.
In this talk, I will discuss a series of cases and war stories observed by our cyber physical threat intelligence team to showcase the impact of IT threats to OT security and highlight some challenges that can only be solved with both advanced IT security skills and a strong understanding of OT environments. This presentation seeks to encourage the audience to embrace a new perspective and bring their skills to task on some of the most compelling challenges of cyber physical security.
Daniel Kapellmann Zafra Daniel Kapellmann works as a technical analysis manager for FireEye Threat Intelligence cyber-physical team. As a former Fulbright scholar, he holds an information management Master’s degree from the University of Washington specialized in information security and risk management. His background is multidisciplinary, with past work experience that ranges from consulting for the International Telecommunication Union and Mexican market research firm The Competitive Intelligence Unit, to IT planning & architecture for Puget Sound Energy. He is also a frequent speaker on novel industrial control systems (ICS) / operational technology (OT) topics at both local and international conferences, including RSA, Virus Bulletin UK, NATO’s CyCON (Estonia), DHS ICSJWG, AFPM Operations & Process Technology Summit, and ICS Village Hack the Capitol. In 2017, he was awarded first place in Kaspersky Academy Talent Lab's competition for designing an application to address security beyond anti-virus. |
Michał Leszczyński (CERT Polska)
Krzysztof Stopczański (CERT Polska (Former))