This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2021 APAC ICS Cyber Security Conference! (View the full conference website and register for the conference here)   -- LOGIN TO VIRTUAL EVENT HERE

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tech Track [clear filter]
Tuesday, June 22

1:00pm GMT+08

Why Hasn’t SOAR Taken Off in ICS?
Besides the typical reluctance to embrace new technology in the ICS world, security orchestration, automation and response (SOAR) tools haven’t been as widely adopted as they probably should be because of the contextual data deficiency found in most security alerts. To create an appropriate automated response, you need to know exactly which devices are compromised and whether you can/should isolate them, which up until recently has been extremely difficult to do for industrial control systems.

Let’s say you’re alerted that an HMI has a banking Trojan. That’s not great, but not likely something you’d feel compelled to take offline. However, if there was a cryptolocker in an HMI, you have a serious problem. So, what should you do? Well, if you have 7 HMIs, it’s likely fine to just disconnect the infected one to stop the spread, but if that’s your only one, then it’s definitely not ok. This is a prime example of why having access to contextual data about both the threat AND the affected asset is so critical to informing automated security management.

avatar for Jeremy Morgan

Jeremy Morgan

Principal Risk and Solutions Consultant, Industrial Defender
In his role as Principal Risk and Solutions Consultant at Industrial Defender, Jeremy helps ICS asset owners build a strong foundation to apply security controls in OT environments. With a diverse career spanning compliance management at a utility to cybersecurity product management... Read More →

Tuesday June 22, 2021 1:00pm - 1:30pm GMT+08

1:30pm GMT+08

The Evolution of OT Systems Management (OTSM)
Organizations should embrace the concept of OT Systems Management (paralleling ITSM practices) within the unique environments of operating systems. Achieving a mature level of security is critical to improve overall ROI from increasingly connected industrial systems, and to ensure foundational elements are in place to protect critical infrastructure from targeted and non-targeted attacks.

Join Rick Kaun for a discussion around the natural progression of OTSM from basic asset inventory to comprehensive data for effective lifecycle management, risk reduction (from patching to compensating controls) and even contextual risk thresholds (such as calculated risk scores).

During this session you will learn:

  • What OT systems management really is and why it’s critical in OT security
  • How to establish a strong asset inventory as the foundation of your security program
  • How automation, aggregation of data and support for a central, specialized team is the most important consideration towards reducing risk and minimizing cost for OT security going forward

avatar for Rick Kaun

Rick Kaun

VP of Solutions, Verve Industrial Protection
Rick Kaun is the VP of Solutions for Verve Industrial Protection: An OT cyber security solution provider. For over 16 years he has worked with all manner of industries on all sizes of projects around the word from front end scoping to large scale design and deployment of end to end... Read More →

Tuesday June 22, 2021 1:30pm - 2:00pm GMT+08

2:00pm GMT+08

Harmonizing ICS/SCADA with Cyber Defense: A Perspective on ATT&CK for ICS
In the past few years, with the emergence of new kinds of security incidents and the resultant vigorous development of the cyber security industry, the government, security vendors, and some Critical Infrastructure service providers have begun to attach higher importance to the security of ICS/SCADA in Critical Infrastructure. However, maintenance personnel in different critical industries have a large cognitive gap due to the high degree of diversity and uniqueness between their respective verticals, not to mention the professional gap between maintenance personnel and information security personnel. This talk will discuss the causes of this gap in mutual understanding, as well as use the MITRE ATT&CK for ICS framework as a basis to allow OT operators and security personnel to share a common language. In this way, we will develop an effective information security defense model adapted to the industrial control environment which can be used to achieve a true integration of industrial control systems and network security.

avatar for Mars Cheng

Mars Cheng

Threat Researcher, TXOne Networks
Mars Cheng is a threat researcher for TXOne Networks, blending background and experience in both ICS/SCADA and Enterprise cybersecurity systems. Mars has directly contributed to more than 10 CVE-IDs, and has had work published in three Science Citation Index (SCI) applied cryptography... Read More →

Tuesday June 22, 2021 2:00pm - 2:30pm GMT+08

2:45pm GMT+08

Substation Security - What CoMMS around GOOSE around
Join this session  with Justyna Chromik Wagenaar to learn about:
  • Modern Substation architecture 
  • Protocols and weaknesses 
  • Pitfalls and typical gaps in existing deployment – Big 4 (Siemens, ABB, SE, GE) 
  • Secure substation – cyber & physical best practices 

avatar for Justyna Chromik Wagenaar

Justyna Chromik Wagenaar

Senior OT Security Consultant, Applied Risk
Justyna is a researcher at heart. She joined consultancy world after completion of her PhD thesis addressing challenges of detecting anomalous commands and measurements in SCADA network traffic. As a Senior OT Security Consultant at Applied Risk, she performs network architecture... Read More →

Tuesday June 22, 2021 2:45pm - 3:15pm GMT+08

3:15pm GMT+08

Hacking The Security Protection Mechanism of Siemens SIMATIC S7 PLCs
Siemens SIMATIC PLCs are widely used worldwide and are used in control scenarios for critical information infrastructure, such as energy, water, power, oil and gas, and manufacturing. To protect user's applications and to prevent unauthorized operation, Siemens has designed the PLC protection mechanism. This function effectively prevents attacks from the network, and also protects application programs designed for specific processes, critical equipment PID parameters, etc. but can it really protect your PLC perfectly from attacks or theft of intellectual property (algorithms, engineering designs)?

This session will focus on the SIMATIC S7 PLCs, starting from the S7-200 up to the S7-1200/1500, and disclose in detail design flaws in the protection mechanisms of each series PLCstake these flaws as a point of attack and look for methods to bypass the protection policies,Final capture of the protected PLC application programs - the core intellectual property. Of course, bypassing the protection mechanism also allows various sensitive operations to be performed, for example, an attacker can control the irregular start and stop of the device, causing a series of chain reactions and leading to safety incidents.

This presentation will cover:
  • How to bypass the S7-200 security mechanism by using hardware disassembling and soldering, modifying flash content, and creating rogue clients; 
  • Disclosing the S7-200 SMART PLC password protection encryption algorithm, and capturing key information from traffic to crack the protection mechanism.
  • How to find mysterious information in S7-300 project files and use the mysterious information to bypass security mechanisms.
  • Crafting a dump memory tool based on the Windows platform, Searching for password information from the memory in dump


Gao Jian

ICS Security Researcher, GEWU Lab at NSFCOUS

Tuesday June 22, 2021 3:15pm - 4:00pm GMT+08
Wednesday, June 23

9:45am GMT+08

The Changing Landscape Of Software Supply Chain Security for ICS
The late 2020 SolarWinds hack introduced the world to the extreme risk posed by supply chain attacks to critical systems. By penetrating the software development process of the SolarWinds company, the attackers managed to infiltrate multiple branches of the US government, the US military, and most of the Fortune 500 companies. Known in the press as the SolarWinds or SUNBURST attack, over 18,000 companies were affected.

This talk will start by diving into the technical details of the SolarWinds incident. We will compare that attack with previous supply chain attacks against industrial control systems (ICS) and show why the high Return on Investment (RoI) for attackers means the ICS supply chain will face many more attacks in the future. We’ll review research on the current exploitability of the ICS software supply chain, as well as specific recommendations from the Atlantic Council on how to guard against these kinds of attacks. We’ll also discuss how Software Bill of Materials (SBOMs) are an essential, defensive tool for supply chain security and describe why advanced AI techniques are going to be essential to stay ahead of these well-funded, sophisticated attacks.

Learning Objectives
  • Understand the anatomy of the SolarWinds attack and the implications for ICS software supply chain security
  • Learn recommended best practices, including using SBOMs, to best prepare for and guard against these types of attacks
  • Learn how the Financial Industry is using SBOMs to manage risk sharing across parties.

avatar for Eric Byres

Eric Byres

Chief Technology Officer, aDolus Technology
Eric Byres, the Chief Technology Officer at aDolus Technology Inc., is widely recognized as one of the world’s leading experts in the field of Operational Technology (OT) cybersecurity. He is the inventor of the Tofino Security technology – the most widely deployed OT-specific... Read More →

Wednesday June 23, 2021 9:45am - 10:15am GMT+08

10:15am GMT+08

OT Cyber Security Best Practices Demo and Use cases
An effective security transformation needs to account for visibility to all users, devices and applications on the network, defining access controls to continuously monitor the level of trust given and leverage the data being collected for continuous analysis and situational awareness.  According to a report, 9 out of 10 organizations experienced at least one intrusion in the past year, with 72% experiencing three or more, indicating that organizations are facing ever more sophisticated cyber-attacks in recent years. Lack of visibility, control and unpatched legacy windows HMI, workstation and PLC/RTU firmware are major challenges faced by most organizations today.

During this session, we will explore tools, techniques and procedures deployed by threat actors and how we can take measures to mitigate such attacks by providing better visibility, control through virtual patching and situation awareness.

avatar for Chew Poh Chang

Chew Poh Chang

Principal Industrial Cyber Security Strategist, Fortinet
Poh Chang is the Principal Consultant for Industrial Cyber Security/Critical Infrastructure & Global Alliances, APAC. With over 20 years of IT experience in Info Security, Virtualization & Cloud under his belt, he has been advocating best practices, governance and compliance with... Read More →

Wednesday June 23, 2021 10:15am - 10:45am GMT+08

11:00am GMT+08

Undermined by Infrastructure – Industry 4.0 and Zero Trust Architecture
The current discussion points of Industry 4.0 and Zero Trust Architectures both have a common pain point, your existing infrastructure. Examples from real world OT architectures will be used as the basis of examining what is possible, what isn’t possible, and the concessions which may be necessary to achieve your interconnectivity, data flow, and security goals. Brownfield sites are challenging and by developing an understanding of the technical options available and the questions which need to be answered by the engineering teams, a path forward can be found.

avatar for Alan Raveling

Alan Raveling

OT Architect, Interstates
Alan Raveling is an OT Security Architect and leads the OT Cybersecurity Team within Interstates. Alan has been walking alongside companies in their journeys of digitization, IT/OT convergence, and cybersecurity enhancements for over 15 years.

Wednesday June 23, 2021 11:00am - 11:30am GMT+08

12:15pm GMT+08

The Role of a Cross-Domain Solution in Modern OT Networks
In this session, Mostafa Al Amer, a cybersecurity project lead at Saudi Aramco, will discuss the role of a cross-domain solution (CDS) in modern OT networks, and cover:
  • What OT needs for protection when connected to external network
  • What a CDS is and its functions
  • The role / advantages of having a CDS for industrial networks
  • Implementation lessons learned

avatar for Mostafa Al Amer

Mostafa Al Amer

Cybersecurity Project Lead and Senior Expert, Saudi Aramco
Mostafa Al Amer is a cybersecurity Project Lead and Senior Expert with Saudi Aramco. He has more than 15 years' experience in Information Security having worked in both theoretical and practical field. His recent works include data center security, SCADA security and application security... Read More →

Wednesday June 23, 2021 12:15pm - 1:00pm GMT+08

1:15pm GMT+08

Operational Integrity: Safeguarding Your OT Systems with Cyber AI
Join Hayley Turner, Darktrace’s Director of Industrial Security, as she uncovers the security challenges facing industrial environments and cyber-physical ecosystems.  

In addition to advances in attacker techniques, such as the rise of ICS ransomware, these include evolutions in the technological architecture of ICS, including digitized OT, exponential connections to Industrial IoT, and expanding internet-connected supply chains.

Here, self-learning AI provides the ideal solution to keep pace with rapid changes in the threat landscape and industrial technologies, with its ability to detect never-before-seen attacks and adapt to any changes in infrastructure.

In this session, Hayley will explore:
  • A new generation of threats facing the industrial sector 
  • Threat discovery: Advanced ICS attack at an international airport 
  • Threat discovery: Targeting sensitive data via an air-conditioning unit  

avatar for Hayley Turner

Hayley Turner

Director of Industrial Security, Darktrace
Hayley is Director of Industrial Security at Darktrace, a leading autonomous cyber security AI company and the creator of Autonomous Response technology. Hayley works with organizations across industries such as critical infrastructure, finance, healthcare and utilities, helping them... Read More →

Wednesday June 23, 2021 1:15pm - 1:45pm GMT+08

1:45pm GMT+08

Evaluation of Real-Time Automation Controller (RTAC) Resilience under Cyber Stress
Exclusive research from Oak Ridge National Laboratory

RTACs typically function as mid-level data aggregators or protocol translators in cyber-physical system applications. They collect data from multiple hardware components such as a Programmable Logic Controller (PLC) and sensors in order to transmit the aggregated data to an Human Machine Interface (HMI) or a Historian. Due to this central role in the data path, RTACs represent a valuable target for cyber-induced events. In this presentation we will describe results from an experimental study that we conducted to assess the resilience of an RTAC’s performance while subjecting it to varying degrees of cyber stress. Our findings indicate that, under moderate to heavy cyber stress rates, the RTAC function experiences degradation. Specifically, an input sine-wave signal to the RTAC suffers a notable distortion on the output (RMSE > 25%), and an input On-Off pulse train also suffers a significant distortion (RMSE > 50%). This study is among the first methodical approaches towards assessing the significance and mitigation approaches towards improving the resilience of Operational Technology components.


Lance Wetzel

Oak Ridge National Laboratory

Kalyan Perumalla

Oak Ridge National Laboratory

Dr. Juan Lopez Jr.

Oak Ridge National Laboratory

Wednesday June 23, 2021 1:45pm - 2:15pm GMT+08

3:00pm GMT+08

Reducing Attack Surface Using Integrity MAC Security Kernel for PLCs
Security for cyber systems built without a trustworthy operating system (OS) is simply a scientific impossibility. Industrial Control Systems are just that - systems - that require a systematic approach to securing their operations, beginning with a trustworthy Class A1 OS. Our research has demonstrated how ICS can effectively leverage Class A1 OSes to dramatically reduce the attack surface of even hostile Programmable Logic Controller applications, making them more secure, more resilient, and improving control system availability. Join this session to see how.

avatar for Ed Reed

Ed Reed

Sr. Director, Development Services, Aesec Corporation

Wednesday June 23, 2021 3:00pm - 3:30pm GMT+08
Filter sessions
Apply filters to sessions.