Webinars

  • Recorded: Effective ICS Vulnerability Management


    Even with a good ICS vulnerability management process, most companies struggle to keep up with the myriad ICS alerts and advisories issued by ICS-CERT and automation vendors each month.  It is tough to remediate a vulnerability when you don’t know what you have. In this recorded webinar, Sid Snitkin from ARC Advisory Group and Scott Hollis from PAS Global exchange views on the current state of industrial vulnerability management maturity and critique the relative effectiveness of existing approaches.  View now >

  • How to secure ICS against insider threats

    Recorded: Securing Against Insider Threats and Tribal ICS Knowledge


    The long-held belief that security by obscurity, system and process complexity, air gapping, and IT security controls are sufficient to protect chemical plants is no longer valid in the wake of WannaCry's attack on Honda and Renault plants earlier this year. Insiders, though, are not constrained by the same security controls that defend against outsiders since they have tribal knowledge of systems, security, and process to act maliciously. This recorded webinar focuses on fundamental security best practices that address the insider threat, but also help prevent the burgeoning outsider one.  View now >

  • Learn best practices to manage OT vulnerabilities

    Recorded: What Lies Beneath - Avoiding the Unseen Dangers of OT Vulnerabilities


    In today’s power plants and facilities, process control networks (PCNs) have their own sharks swimming just below the surface waiting to strike: vulnerabilities. In this recorded webinar, Steven Parker, Managing Partner of Archer Security Group and President of Energy Sector Security Consortium (EnergySec), and Scott Hollis, Director of Product Management at PAS, discuss the state of vulnerability management within the power industry and exchange best practices that leading power companies are employing to address risk.  View now >

  • Protecting ICS Endpoints

    Recorded: Protecting the Industrial Endpoints That Matter Most


    Hosted by Infosecurity Magazine, our panel of experts discuss how critical national infrastructure (CNI) must focus on securing the endpoints that matter most – proprietary ICS endpoints that control production. Failure to reduce attack surfaces on these cyber-assets will result in malicious changes and unintended misconfigurations that impact compliance, reliability, safety, brand and ultimately the bottom line. View now >

  • SANS ICS Survey Webinar - Part 2

    Recorded: The 2017 State of ICS Security, Part 2


    How secure are your industrial control systems (ICS)? The 2017 ICS Survey was designed to determine the safety and security challenges involved with control system cyber assets, their communication protocol and supporting operations. The second part of this two-part webinar focuses  on protection, prevention and convergence issues. View now >

  • SANS ICS Survey Webinar - Part 1

    Recorded: The 2017 State of ICS Security, Part 1


    How secure are your industrial control systems (ICS)? The 2017 ICS Survey was designed to determine the safety and security challenges involved with control system cyber assets, their communication protocol and supporting operations. The first part of this two-part webinar discusses personnel, threats and tools involved in security for industrial control systems. View now >

  • Debunk the top 5 myths of ICS cybersecurity

    Recorded: The Top 5 Myths of ICS Cybersecurity - Debunked!


    What are the top five ICS cybersecurity myths, and are they hindering you from securing your industrial process control environment? Hear from a panel of industry experts as they dive into the top five ICS cybersecurity myths – including air gapping and system complexity effectively provide protection from attack, cybersecurity personnel have visibility into most cyber assets in a facility, and more. View now >

  • Manifest Destiny of the Industrial Internet of Things

    Recorded: Protecting Cyber Assets & Manifest Destiny from the Industrial Internet of Threats


    During the 1800s, settlers saw it as their “Manifest Destiny” to settle the American West; but, found their lands under attack by the cattlemen surrounding them. Now, bands of outlaws, or hackers, are cutting down perimeter-based defenses and successfully infiltrating process control networks (PCN). Watch this recorded webinar for a discussion on the current landscape of ICS cybersecurity solutions. ISA shares how it advises companies to proceed and discusses “gotchas” that can derail an ICS cybersecurity initiative. View now >

  • The Power of Regulation Versus Well-Oiled Industry Standards

    Recorded: The Power of Regulation Versus Well-Oiled Industry Standards


    It has become an ongoing debate – does government or self-regulation work better to secure an industry? Which of these two different drivers for industrial control system (ICS) cybersecurity is better? Who is more prepared for the ever-evolving threat landscape facing today’s critical infrastructure? Listen to two industry veterans – one from Power and one from O&G – debate the merits of both approaches. Learn from their experience working within their respective areas and what companies must do to secure process control networks. View now >

  • See through the noise with ICS baseline

    Recorded: See Through the Noise with Industrial Control System Configuration Baselines


    Industrial process control facilities need baselines to secure both production and IT-centric endpoints. Baselines allow facilities to monitor more easily the configuration changes that impact security, compliance, governance, and operations. In this webinar, learn how PAS Cyber Integrity's enhanced baseline capabilities significantly reduce the time that engineering and cybersecurity personnel spend investigating and pinpointing configuration changes. View now >

  • How to move to a production-centric cybersecurity model

    Recorded: How Do We Move to a Production-Centric Cybersecurity Model?


    Successful industrial control system (ICS) cybersecurity programs are carefully planned, progressively implemented, and consistently maintained.  Best practices prescribe an “inside-out” defense-in-depth approach that moves from perimeter-based monitoring and protection to automatically inventorying and securing the proprietary systems most responsible for production and safety.  In this webinar, speakers address how organizations can become more production-centric in their cybersecurity posture. View now >

  • ICS Cybersecurity - What You Do Not Know Can Hurt You

    Recorded: ICS Cybersecurity - What You Do Not Know Can Hurt You


    Careers end when security breaches make the news. Doing nothing is not an option. You can’t solely rely on air gaps or firewalls to protect your production environment from increasingly sophisticated attack vectors. And of course, there are internal threats you need to guard against - sabotage and inadvertent engineering changes. In this webinar, we discuss how plant personnel, OT engineering, and corporate IT can reach beyond the limitations of today’s IT-centric solutions and adopt a more production-centric approach to ICS cybersecurity. View now >

  • ICS Cybersecurity - You Cannot Secure What You Cannot See

    Recorded: ICS Cybersecurity - You Cannot Secure What You Cannot See


    In this recorded webinar, we discuss requirements for a comprehensive, evergreen cyber asset inventory as prescribed by ICS-CERT to provide the necessary foundation for effective operational and cyber risk management. We explore the required elements of a layered defense cyber security program and examine three documented cybersecurity scenarios that illustrate how having a proper inventory can remediate cybersecurity breaches before they affect productivity, safety, or company liability. View now >

  • Cybersecurity: Three Things You Need to Know to Ace Your Cybersecurity Report Card

    Recorded: Three Things You Need to Know to Ace Your Cybersecurity Report Card


    Together with POWER Magazine, we explore the takeaways and case studies that illustrate how leaders in the Power industry are addressing compliance and cybersecurity standards. We gathered a panel of industry leaders to discuss emerging best practices, and the top three considerations for ensuring secure, safe, and compliant operations. View now >

  •  Determine Company-Wide Exposure to Published ICS Vulnerability in Minutes

    Recorded: Determine Company-Wide Exposure to Published ICS Vulnerability in Minutes


    When you get call from corporate asking what the enterprise exposure is to a newly published ICS-CERT vulnerability, how long will it take you to assess the threat? How accurate will your answer be? Can you monitor for exposure to that vulnerability in the future? Find out how you can know within minutes whether that vulnerability applies to your plant. (Part 1 in a 3-part series) View now >

  • Detect an Unauthorized Change to an SIS Using Cyber Integrity

    Recorded: Detect an Unauthorized Change to an SIS Using Cyber Integrity


    Find out how operations personnel can receive alerts when an unauthorized configuration change occurs (in this case, an SIS), and how you can remediate the change and validate within an audit ready system.(Part 2 in a 3-part series) View now >

  • Automate NERC CIP V5 Testing Using Cyber Integrity

    Recorded: Automate NERC CIP V5 Testing Using Cyber Integrity


    Find out how Cyber Integrity automates change control and configuration management through tracking for all modifications to critical change assets (hardware or software) and ports, services, and programs.(Part 3 in a 3-part series) View now >

  • A Cybersecurity Checkup for the Power Industry

    Recorded: A Cybersecurity Checkup for the Power Industry


    While we’ve come a long way, we have much further to go before we reach ICS cybersecurity standards that ensure industry reliability goals. After the December 2015 Ukrainian attack in which 225,000 people lost power due to a malicious attack, we should all be asking have we done enough to prevent a similarly successful attack on our own operations?
      View now >

  • ICS Inventory Discovery: The First Step in Implementing ICS Cybersecurity

    Recorded: ICS Inventory Discovery: The First Step in Implementing ICS Cybersecurity


    Many organizations do not have a reliable inventory of equipment at the process control layer, simply because it is a time-intensive and manual process that requires precious engineering resources.  The effort is often passed over with the hopes that protecting the perimeter will protect the core. However, the increase in the number of attacks on industrial control systems and recent successful attacks exemplify the dangers of not monitoring the process control layer. In this webinar, we explore the process of architecting security controls for a process control network – the first step being building and maintaining an accurate inventory of devices within the PCN. (Part 1 in a 3-part series) View now >

  • ICS Cyber Threat Assessment: How Vulnerable Are You?

    Recorded: ICS Cyber Threat Assessment: How Vulnerable Are You?


    Once an organization implements an inventory discovery process, the next step is to identify and prioritize cyber security controls based on potential risk. The stakes are high for industries with process control networks, as the consequences of a successful cyber attack can be particularly devastating – resulting in lost production, damage to equipment, injury or death.  In this webinar, discover a methodology for documenting and prioritizing the security threats to the PCN. (Part 2 in a 3-part series) View now >

  • What happens when the cybersecurity eggshell breaks

    Recorded: ICS Cybersecurity: What Happens when the Eggshell Breaks


    In this webinar, we discuss how to utilize the inventory and threat assessment to develop a layered defense architecture for a process control network.  We explore the most common vulnerabilities of perimeter-based cybersecurity approaches and in-depth defenses that will help your organization immediately detect improper changes. The pros and cons of different approaches are also discussed. (Part 3 of a 3-part series) View now >