MITRE ATT&CK® for ICS Live Demonstration
ฝัง
- เผยแพร่เมื่อ 3 ก.พ. 2021
- MITRE released its new ATT&CK for Industrial Control Systems (ICS) as a community resource on the tactics and techniques of ICS threats and a common lexicon for the community. This framework is an important tool in developing an ICS cybersecurity program and threat detection strategy. Dragos contributed significantly to the framework with our threat intelligence on the 11 different ICS specific threats tracked. In this presentation, the Dragos team will conduct a technical demonstration of an ICS cyber attack from both the attacker and defender perspective. The attacker perspective will be orchestrated by a member of Dragos' red team and the defender perspective will be done leveraging the Dragos Platform.
Attendees will experience:
-Detailed understanding of ICS ATT&CK and how to leverage it
-Use-cases for threat detection and response scenarios
-Technical demonstration of the Dragos Platform
-Technical demonstration of an attack on an ICS range
Speaker Bios
Austin Scott
Austin started his career in the early 2000’s as a software developer working on Supervisory Control and Data Acquisition (SCADA) products for Schneider Electric. In 2006, Austin launched a boutique ICS Cybersecurity consulting company in Calgary, Alberta Canada called Synergist SCADA Inc. Synergist SCADA provided system integration and cybersecurity for power plants, pipelines and other critical assets around the world. In 2013 Synergist was acquired by Cimation, a leader in industrial automation and cybersecurity consulting based in Houston, Texas. Cimation was later acquired by Accenture in 2015.
In 2016, Austin joined San Diego Gas and Electric (SDG&E) as a Senior ICS/SCADA Cybersecurity Engineer. At SDG&E, Austin provided security assessment and oversight on for Transmission, Distribution, Generation, Electric Vehicle and DERMS projects.
Austin joined Dragos in 2018 as a Principal ICS Security Analyst and is part of the Dragos Threat Operations Center (TOC). Austin is a published author with two books on PLC Programming:
Learning RSLogix 5000 - PACKT Publishing - ISBN 9781784396039 - 2015
PLC Programming RSLogix 5000 - PACKT Publishing - ISBN 1849698449 - 2013
Austin was nominated by Shell for his ICS Cybersecurity program contributions for the SANS Cybersecurity Difference Maker 2015 Award and won. He is also the president of San Diego Chapter for Control System Cybersecurity Association International (CS2AI) and founder of the Calgary, Alberta chapter.
Robert M. Lee
Rob is a recognized pioneer in the industrial security incident response and threat intelligence community. He started in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).
Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine’s power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine’s grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.
The topic is amazing, but for most parts, Austin's voice is choppy from around 28 minutes until he gets disconnects. It would be great if the session can be recorded again. Thanks.
Whats the different between Dragos Platform vs other OT security detection products such Nozomi or Claroty?
Not much
Good content but AWFUL sound quality, e.g. at [32:20] and subsequent minutes.