Michael Schroeder of 3 Territory Solutions will discuss some of the not-necessarily-so ‘facts’ about ICS cybersecurity.
In discussing control systems cybersecurity, we tend to use and accept as fact overly broad and generalized statements, only some of which are true. These tend to include:
- “Don’t use active scanning on control networks as you will brick or reset devices”
- “Protocol xyz was not designed to be secure”
- “IT tool abc simply won’t work in an OT environment”
- “Compliance will lead to security”
- “Wifi and other forms of RF should be fine as the range is short and it is already pretty secure”
- The non-security boss says “It is unrealistic to think someone would actually create and deploy CS malware in our environment”
In this semi-demonstration talk, we will show you applied examples of what these types of general statements mean in practice, as well as outline mitigations or alternate approaches.
President & Director of Programs