Webinars

  • ICS Vulnerability Management

    Reduce ICS Cyber Risk: Find and Remediate Hidden ICS Vulnerabilities


    February 28, 2018


    11:00 AM EST | 10:00 AM CST | 8:00 AM PST (17:00:00 UTC)  Attacks on ICS systems are rapidly escalating in terms of both frequency and sophistication. 2017 saw 193 new published ICS-CERT advisories – that is a 1035% jump from the 17 vulnerabilities published in 2010. ICS systems (Level 1 and 0) are the endpoints that matter most, as they are the endpoints primarily responsible for safety and production in power generation plants, chemical facilities, and refineries. However, far too many organizations lack vi... View >

  • Recorded: Effective ICS Vulnerability Management


    The Debate Over When, Where, and How to Invest. Even with a good ICS vulnerability management process, most companies struggle to keep up with the myriad ICS alerts and advisories issued by ICS-CERT and automation vendors each month. Typically lacking automated inventory capabilities, industrial process companies struggle to identify new risks to systems responsible for process reliability and safety. It is tough to remediate a vulnerability when you don’t know what you have. Without effective, automated processes... View >

  • How to secure ICS against insider threats

    Recorded: Securing Against Insider Threats and Tribal ICS Knowledge


    The long-held belief that security by obscurity, system and process complexity, air gapping, and IT security controls are sufficient to protect chemical plants is no longer valid in the wake of WannaCry's attack on Honda and Renault plants earlier this year. Insiders, though, are not constrained by the same security controls that defend against outsiders. Insiders have exactly the right tribal knowledge of systems, security, and process to act maliciously.This webinar focuses on fundamental security best prac... View >

  • Learn best practices to manage OT vulnerabilities

    Recorded: What Lies Beneath - Avoiding the Unseen Dangers of OT Vulnerabilities


    Remember the movie Jaws? On the surface, the ocean seemed quiet and unaffected, but lurking just beneath was a 25-foot great white shark waiting to strike without warning. In today’s power plants and facilities, process control networks (PCNs) have their own sharks swimming just below the surface: vulnerabilities. In this recorded webinar, Steven Parker, Managing Partner of Archer Security Group and President of Energy Sector Security Consortium (EnergySec), and Scott Hollis, Director of Product Management at PAS, discuss... View >

  • Recorded: Protecting the Industrial Endpoints That Matter Most


    Hosted by Infosecurity Magazine, our panel of experts discuss how critical national infrastructure (CNI) must focus on securing the endpoints that matter most – proprietary ICS endpoints that control production. Failure to reduce attack surfaces on these cyber-assets will result in malicious changes and unintended misconfigurations that impact compliance, reliability, safety, brand and ultimately the bottom line. Our expert panel of speakers discuss best practices around CNI cybersecurity as well as real-life case studies of CNI s... View >

  • SANS ICS Survey Webinar - Part 2

    Recorded: The 2017 State of ICS Security, Part 2


    How secure are your industrial control systems (ICS)? The 2017 ICS Survey was designed to determine the safety and security challenges involved with control system cyber assets, their communication protocol and supporting operations.  The second part of this two-part webinar focuses  on protection, prevention and convergence issues. View >

  • SANS ICS Survey Webinar - Part 1

    Recorded: The 2017 State of ICS Security, Part 1


    How secure are your industrial control systems (ICS)? The 2017 ICS Survey was designed to determine the safety and security challenges involved with control system cyber assets, their communication protocol and supporting operations. The first part of this two-part webinar discusses personnel, threats and tools involved in security for industrial control systems. View >

  • Recorded: The Top 5 Myths of ICS Cybersecurity - Debunked!


    What are the top five ICS cybersecurity myths, and are they hindering you from securing your industrial process control environment? Hear from a panel of industry experts as they dive into the top five ICS cybersecurity myths – including air gapping and system complexity effectively provide protection from attack, cybersecurity personnel have visibility into most cyber assets in a facility, and more.PANELISTS• Mike Assante, Director of Critical Infrastructure & ICS, SAN... View >

  • Recorded: Protecting Cyber Assets & Manifest Destiny from the Industrial Internet of Threats


    During the 1800s, settlers saw it as their “Manifest Destiny” to settle the American West; but, found their lands under attack by the cattlemen surrounding them. The Manifest Destiny of industrial process and power generation companies is under similar assault. Bands of outlaws, or hackers, are cutting down perimeter-based defenses and successfully infiltrating process control networks (PCN). They are aided by growing attack surfaces created by the Industrial Internet of Things (IIoT) adoption; it is why IIoT is often referred to as t... View >

  • Recorded: The Power of Regulation Versus Well-Oiled Industry Standards


    It has become an ongoing debate – does government or self-regulation work better to secure an industry? The power industry is currently on NERC CIP Version 6 of its regulatory requirements with future regulations expected on supply chain security. Oil & Gas (O&G) has no such regulatory regime, but does have standards that it uses to reduce cybersecurity risk, such as NIST 800-82 and IEC 62443. For O&G, compliance is an internally generated activity. Which of these two different drivers for industrial control system ... View >

  • Recorded: See Through the Noise with Industrial Control System Configuration Baselines


    Industrial process control facilities need baselines to secure both production- and IT-centric endpoints. Baselines allow facilities to monitor more easily the configuration changes that impact security, compliance, governance, and operations. By focusing on the configuration data deemed most critical, Cyber Integrity’s enhanced baseline capabilities significantly reduce the time that engineering and cybersecurity personnel spend investigating and pinpointing configuration changes.   Cyber Integrity uniquely addresses the p... View >

  • Recorded: How Do We Move to a Production-Centric Cybersecurity Model?


    Successful industrial control system (ICS) cybersecurity programs are carefully planned, progressively implemented, and consistently maintained.  Best practices prescribe an “inside-out” defense-in-depth approach that moves from perimeter-based monitoring and protection to automatically inventorying and securing the proprietary systems most responsible for production and safety.  Companies that include these systems in a comprehensive cybersecurity program reduce cyber risk and sustainability costs.Resources are a c... View >

  • Recorded: ICS Cybersecurity - What You Do Not Know Can Hurt You


    Careers end when security breaches make the news. Doing nothing is not an option. You can’t solely rely on air gaps or firewalls to protect your production environment from increasingly sophisticated attack vectors. And of course, there are internal threats you need to guard against - sabotage and inadvertent engineering changes.In this webinar, we discuss how plant personnel, OT engineering, and corporate IT can reach beyond the limitations of today’s IT-centric solutions and adopt a more production-centric approach to ICS c... View >

  • Recorded: ICS Cybersecurity - You Cannot Secure What You Cannot See


    In this session, we discuss requirements for a comprehensive, evergreen cyber asset inventory as prescribed by ICS-CERT to provide the necessary foundation for effective operational and cyber risk management. We explore the required elements of a layered defense cyber security program and examine three documented cybersecurity scenarios that illustrate how having a proper inventory can remediate cybersecurity breaches before they affect productivity, safety, or company liability. View >

  • Recorded: Three Things You Need to Know to Ace Your Cybersecurity Report Card


    Hosted by POWER Magazine, in this webinar, we’ll explore the takeaways and case studies that illustrate how leaders in the Power industry are addressing compliance and cybersecurity standards. We’ve gathered a panel of industry leaders to discuss emerging best practices, and the top three considerations for ensuring secure, safe, and compliant operations.  View >

  • Recorded: Determine Company-Wide Exposure to Published ICS Vulnerability in Minutes


    (1 in 3 Series) When you get call from corporate asking what the enterprise exposure is to a newly published ICS-CERT vulnerability, how long will it take you to assess the threat? How accurate will your answer be? Can you monitor for exposure to that vulnerability in the future? Find out how you can know within minutes whether that vulnerability applies to your plant. View >

  • Recorded: Detect an Unauthorized Change to an SIS Using Cyber Integrity


    (2 in 3 Series) Find out how operations personnel can receive alerts when an unauthorized configuration change occurs (in this case, an SIS) and how you can remediate the change and validate within an audit ready system. View >

  • Recorded: Automate NERC CIP V5 Testing Using Cyber Integrity


    (3 in 3 Series) Find out how Cyber Integrity automates change control and configuration management through tracking for all modifications to critical change assets (hardware or software) and ports, services, and programs. View >

  • Recorded: A Cybersecurity Checkup for the Power Industry


    We are getting closer to the July deadline for NERC CIP v6. While we’ve come a long way, we have much further to go before we reach ICS cybersecurity standards that ensure industry reliability goals. After the December 2015 Ukrainian attack in which 225,000 people lost power due to a malicious attack, we should all be asking have we done enough to prevent a similarly successful attack on our own operations? Hosted by EnergyCentral, in this session, Chuck Tickles and David Zahn as they delve into this question and several timely to... View >

  • Recorded: ICS Inventory Discovery: The First Step in Implementing ICS Cybersecurity


    (1 in 3 series) As the saying goes, “You can’t manage what you don’t measure.” This especially applies to security for industrial control systems. Many organizations do not have a reliable inventory of equipment at the process control layer, simply because it is a time-intensive and manual process that requires precious engineering resources.  The effort is often passed over with the hopes that protecting the perimeter will protect the core.    The increase in the number of attacks on industrial con... View >

  • Recorded: ICS Cyber Threat Assessment: How Vulnerable Are You?


    (2 in 3 series) Once an organization implements an inventory discovery process, the next step is to identify and prioritize cyber security controls based on potential risk. No amount of security control completely eliminates risk.  Rather, the proper application of cybersecurity controls reduces residual risk to an acceptable level for the business.    The stakes are high for industries with process control networks, as the consequences of a successful cyber attack can be particularly devastating – resulting in lost ... View >

  • Recorded: ICS Cybersecurity: What Happens when the Eggshell Breaks


    (3 in 3 series) Are you aware that your critical proprietary automation infrastructure is still at risk – even if you’ve implemented firewalls, intrusion detection systems, and whitelisting protection?  Current cybersecurity practices focus mostly on the perimeter of our control systems – much like the shell of an egg.  Once through the shell, an intruder can compromise the entire control system.  Guarding the perimeter is not enough.   A centralized configuration management program for industrial co... View >