In the movie IT, the red balloon means danger. The red balloon says you are not safe because something very, very bad is coming for you. Instead of an intensely scary clown, our OT foe is the outsider threat who uses those vulnerabilities to seize situational control and inflict harm. In an industrial facility, we don’t have a red balloon to portend danger, but we do have hidden vulnerabilities on cyber assets responsible for production and safety that should cause concern.
So, how do we face such danger? Like the movie’s protagonists, we must band together to move beyond the security of Level 2 in a process control network, where we’ve implemented perimeter- and endpoint-based security, and go beneath the surface. We must confront the real and present risk to the cyber assets that matter most in a facility – Level 0 and 1 proprietary industrial control systems (ICS) and smart field instruments. Fortunately, there is a prescription for reducing ICS security risk at these levels that does not involve descending into a labyrinth of sewers.
In this presentation, we will discuss fundamental ICS security controls that address risk specific to proprietary ICS. We will examine how best to gain visibility into assets traditionally opaque to cybersecurity personnel including tracking configuration detail, such as firmware and control logic. We will also detail how to automate the difficult tasks of vulnerability management in a multi-vendor process control network.
This presentation explores:
1) The state of inventory and vulnerability management practices today
2) Best practices to automating inventory and vulnerability management for Level 0 to 3 cyber assets
3) Audience Q&A with red balloons going to those who ask questions of the presenter