Review of presentations of the sixth industrial cyber security conference (Sochi, 09.19.09.2018)
Kaspersky Lab has published a press release about the sixth conference on industrial cyber security (Sochi, September 19-21, 2018), which it also organized.
The organizers have kindly provided the slides of the presentations, promising to soon publish in the network and video reports. Unfortunately, I was not able to attend the conference, but I decided to familiarize myself with the presentations and was not disappointed. Everything looks relevant, useful, and even inspiring. And yet, the scope is impressive, it seems that Kaspersky Lab is engaged in "everything", both in terms of vertical and horizontal markets. I first made a review "for myself", and then decided to publish.
A total of 40 reports in the conference program, I divided them into several categories. This classification is my own and does not pretend to be the only correct one, since part of the reports can be attributed to several categories at once. However, some generalizations will allow this. So, the following topic was presented at the conference.
')
1. Reviews on the state of affairs in industrial cyber security in general - 5 reports
From the overview reports, of course, it should be noted “Think like a hacker, but act like an engineer” (Marty Edwards, International Society of Automation) , who opened the conference and set the tone for it. Here is a comparative analysis of information and operating technologies (IT-OT), and trends in cyber defense weaknesses based on US ICS-CERT , an analysis of the consequences of incidents, a typical attack scenario and much more, on the one hand, obvious and well-known, on the other hand systematically and originally stated. Two trends sounded important to me: a rapprochement with the area of ​​safety (functional safety) and the importance of using the NIST framework for cybersecurity . A multi-faceted, interesting overview with high-quality infographics is presented in the “50 shades of ICS security controls” (Ibrahim Samir Hamad, An Oil & Gas Company) . The report “Five myths of industrial cybersecurity” (Evgeny Goncharov, Kaspersky Lab) impressed with interesting and informative statistics.
2. Presentations of companies and products - 10 reports
“Grocery” or “corrupt” presentations cause the most criticism, although everyone understands that vendors go to conferences to “sell”. In Sochi, I think, the balance was respected, since the product presentations were accompanied by a general theoretical component and interesting technical details. In my opinion, “KICS * HICS = Tested and Protected” (Ruslan Stefanov, Honeywell) and “A complex approach to industrial cyberdefense in the age of digitalization” (Yan Sukhikh, Schneider Electric) turned out to be especially interesting .
3. Selected cybersecurity technologies - 7 reports
In the field of technology, you can go into an attempt to grasp the immensity, or in obvious things, or in complex technical details that only hackers can understand. The organizers managed to present several interesting and important areas: problems of cloud technologies, analysis of attacks using remote administration tools, honeypots fingerprinting, monitoring of threats, compromise of systems disconnected from the Internet. An excellent analysis of targeted APT (Advanced Persistent Threat) attacks was made in the report "Attribution in a world of cyber espionage" (Yury Namestnikov, Kaspersky Lab) .
Perhaps one of the most important presentations of the conference is “Security PHA review for analyzing process plant vulnerability to cyberattack” (Edward Marszal, Kenexis) . Edward became involved in cybersecurity with extensive experience in risk analysis and functional security. Therefore, its main thesis - cybersecurity should be based on the risks of the process. This assessment is based on the HAZOP method (Hazard and Operability study) and its variations for processes, PHA (Process Hazard Analysis). These methods have been used for several decades in the field of functional safety. The report speaks only about quantification (a deterministic approach), although if we add event probabilities to the tables, we can proceed to quantification. Kenexis has a lot of useful information (which is rare for consulting companies): table templates for analysis, guidelines, articles. They write that even the basic version of their tool, OPEN PHA , they provide for free.
Perhaps one of the most important presentations of the conference is “Security PHA review for analyzing process plant vulnerability to cyberattack” (Edward Marszal, Kenexis) . Edward became involved in cybersecurity with extensive experience in risk analysis and functional security. Therefore, its main thesis - cybersecurity should be based on the risks of the process. This assessment is based on the HAZOP method (Hazard and Operability study) and its variations for processes, PHA (Process Hazard Analysis). These methods have been used for several decades in the field of functional safety. The report speaks only about quantification (a deterministic approach), although if we add event probabilities to the tables, we can proceed to quantification. Kenexis has a lot of useful information (which is rare for consulting companies): table templates for analysis, guidelines, articles. They write that even the basic version of their tool, OPEN PHA , they provide for free.
4. Features of cybersecurity in selected industrial sectors - 7 reports
All presentations are very informative, because they talk about special areas that we do not encounter every day, and, often, we do not even guess about their amazing specificity. A good overview of the trends of the modern automotive industry is presented in “How digital transformation enables Ferrari to be even faster” (Remigio Armano, Ferrari) , although directly there is not much said about cybersecurity. The history of Kaspersky Lab's entry into the automotive market is enchanting: we first sponsor a racing team, and then ensure cybersecurity. A very interesting report was on the application of IoT solutions on yachts " Stephan Gerling, Rosen Group) , a real romance of cybersecurity. At the conference there were no presentations from "traditional" industries (energy, avionics, chemistry, oil and gas). Perhaps, information about these industries is more visible, and the organizers dug in the direction of the “exotic”, as water supply systems, smart homes, railway transport, video surveillance systems were presented.
5. Regulatory framework for cybersecurity - 4 reports
The presentations mainly affected FZ-187.
6. R & D - 4 reports
They talked about machine learning, the blockchain and MILS (Multiple Independent Levels of Security) .
7. Human factor and personnel management - 2 reports
A report was given on the creation of incident response teams and a report on the organization of trainings.
8. Sociological aspects of cybersecurity - 1 report
A presentation was made on the impact of mass media on public perception of cyber security issues. As expected, we have a lot of distortions of reality.
As you can see, the coverage of the subject of industrial security is quite wide. For me, perhaps the most important was the general trend, which is clearly seen in the reports - in the cybersecurity environment there is a certain movement towards the adoption and application of developments in the field of functional security. Apparently, in ISA, the importance of this is firmly convinced, and they set the tone for this to the whole world. The rest is still talking more than using something in practice. As a result, many things from the field of safety “open” for security anew (the same examples are the “rediscovered» HAZOP and MILS).
From what was not voiced at the conference (although it could possibly have been):
- there was nothing about the probabilistic assessment of cybersecurity; perhaps, the information security specialists have not reached this before (although they have already reached HAZOP and MILS), or this is not very relevant from a practical point of view; on the other hand, the probability of failure of the IS function would and could, and should be calculated, it would be an analogue of the SIS (Safety Instrumented Function);
- there were no detailed reports on the international regulatory framework, best practices, etc .; probably either too “academic” or everyone is already fed up.
From small additions or proposals (this is done by the organizers of other conferences). When I tried to put 40 reports “on the shelves”, it seemed to me that it would be convenient to use the short common key for referencing. You can make or through the numbering of all presentations in order or numbering by section, for example, plenary reports: P1, P2, etc., Business Track: BT1, BT2, etc. This, of course, is not the most important thing.
The most important thing is the noticeable positive sides of the conference, namely:
- a good level of the conference can be felt even remotely, since many “strong” speakers delivered speeches;
- the conference program provided comprehensive coverage of the most important aspects of industrial cybersecurity without “bias” in one direction or another;
- the conference turned out to be truly international, and “international” conferences are often organized, where a few “foreign consultants” are randomly involved; in Sochi everything was “fair”; although the majority of participants were from the Russian Federation, making slides in English so that foreign participants understand what is being said is a good practice, even if the presentations are on the Federal Law;
- as a rule, conference organizers can add as many reports as they like to the program, and this sometimes causes certain complaints; There were a lot of reports from Kaspersky Lab, but all of them were objectively of high quality, and they rather raised the general level of the conference than vice versa.
Everything turned out, thanks to the organizers for a great event!
Source: https://habr.com/ru/post/427645/
All Articles