To secure Industrial Control System from cyber-attacks, networks and systems must vigorously defend against a variety of internal and external threats. Defense must be prepared to detect and thwart follow-on attacks inside a network. The goal of this presentation is to provide an insight to participants on how to strengthen the defensive posture of their organization. The presentation will cover ten critical controls to mitigate targeted cyber intrusions to ICS.
Inventory of Authorized & unauthorized devices
Inventory of Authorized & unauthorized software
Secure Configuration for hardware and software
Data recovery Capability
Security Skills assessment and appropriate Training to fill the gap
Controlled use of administrative privileges
Maintenance, Monitoring and analysis of audit logs
Within each control, the presentation will cover four (4) critical tenets;
Offense Inform defense: The use of knowledge of actual attacks to provide foundation to build effective defense
Metric: Establish common metrics to measure the effectiveness of the security measure implemented
Continuous monitoring: Carry out continuous monitoring and auditing to test and validate these controls
Automation: Automate defenses so that you can achieve reliable, scalable and continuous measurements.
Number of Pages
Looking for more?
Some of the OnePetro partner societies have developed subject- specific wikis that may help.