DIY insider threat presentation CS3sthlm – elaboration on questions received

During my presentation at the CS3sthlm conference (DIY insider threat detection/prevention within ICS environments), I’ve received some questions on this topic. Within this post I’ll elaborate a bit more on these.

A majority of the people in the audience claim they know their environments. Do you believe them?

Continue reading “DIY insider threat presentation CS3sthlm – elaboration on questions received”

DIY insider threat detection/prevention within ICS environments

This is a summary of the talk I gave during the CS3sthlm conference in October (link to topic: https://cs3sthlm.se/program/presentations/dieter-sarrazyn/)

The goal of the presentation was to help people and organisation in setting up an internal “insider threat detection/prevention” program without looking at the big/expensive products out there. I will explain some (sometimes simple) things and tricks can be used to tackle the insider threat within ICS environments.

Continue reading “DIY insider threat detection/prevention within ICS environments”

Hidden dangers of remote management

In Secure remote management for ICS I have written and stated that you can have a secure remote management solution / setup for ICS environments.

Having a centralized, time based, source IP controlled, strong authenticated, monitored and logged solution is good and secure – but remains limited to your environment. Nevertheless, there are hidden dangers to any remote management solution which focuses solely on the internal environment.

Continue reading “Hidden dangers of remote management”

Importance of data integrity for safety in industrial environments

* DISCLAIMER * This is a copy of the original blogpost posted on the Toreon website (https://www.toreon.com) * DISCLAIMER *

It is well known that the most important factor within the process industry is the availability of the systems and environment. The plant must be running at all times. That’s why most security improvement efforts are made in that area. However, the integrity of the information and data within the industrial control systems environment can’t be neglected. Not only because we need correct data to let the process run correctly, but also because data integrity failures can lead to safety issues. More precisely to human and environmental safety.

Continue reading “Importance of data integrity for safety in industrial environments”

Secure remote management for ICS

* DISCLAIMER * This is a copy of the original blogpost posted on the Toreon website (https://www.toreon.com) * DISCLAIMER *

When performing security assessments for ICS (industrial control system) customers, it is often noticed that several different remote access paths for suppliers are used for remote management purposes. Most of these are established through a separate DSL line. Makes sense, right? A solution like this makes it easier for the vendor to provide remote maintenance. The setup is simple for the customer and the IT department can be bypassed.

Continue reading “Secure remote management for ICS”

Building a (modest) ICS testing & training lab

* DISCLAIMER * This is a copy of the original blogpost posted on the Toreon website (https://www.toreon.com) * DISCLAIMER *

Part of training people into becoming ICS security specialists is providing them the opportunity to test or train certain things in a ‘safe’ environment. Which means you’ll need a (modest) ICS testing & training lab. There are some great labs out there (Idaho National Labs for example), that offer every test set-up you can think of. But not all companies have the resources to build a lab of that scale. For most companies or organisations a testlab environment limited to simulations of their own processes is just fine. There’s quite a bit of information you can find online about building such a lab. And usually it’s suggested that building it is fairly easy. Is it really?

Continue reading “Building a (modest) ICS testing & training lab”

Becoming an ICS Security Specialist

* DISCLAIMER * This is a copy of the original blogpost posted on the Toreon website (https://www.toreon.com) * DISCLAIMER *

During one of my recent lectures on ICS Security one of the students asked me where he had to start to become an ICS Security Specialist. Since I couldn’t give a clear answer right away, I put some thought into the subject and tried to gain more insights on the most important requirements and potential career paths.

Continue reading “Becoming an ICS Security Specialist”