|

ISC-CPH November 2024

BySecudea

This year it was the 3rd time visiting the ISC-CPH conference for me, one of the better ICS focused security conferences within Europe. This year again as attendee compared to last year being a presenter (Last year’s talk was about the practical side of FAT/SAT testing – Practical side of FAT/SAT testing)

This year, a different conference location, and a slight different approach in the conference itself. Now there was a choice to be made each day to what tracks one was going to attend to. Which means more choice, but also choice-stress as all talks/workshops were equally interesting in my opinion.

Anyhow, back to the conference itself, as it is on multiple days, I’ve created 2 more pages, one for each day on which I highlighted the talks I attended with addition of some of my thoughts during these presentations. This is not a full description/transcription of these presentations yet an overview of key takeaways that can help you to either get into OT security, understand OT security or increase OT security in your own environment.
ISC-CPH November 2024 – Day 1
ISC-CPH November 2024 – Day 2

As a summary, from the 2 days, I’m pointing out the following take-aways that might be important to you:

  • There is still a silo approach between IT and OT, that didn’t change over the years unfortunately. Teams need to work together instead of against each other as (OT) security is for everyone.
  • Network segmentation
    • Make sure the entire company is included in the segmentation exercise
    • Make sure that site isolation is possible, which means having as few centralized solutions as possible, or at least have this functionality deduplicated
    • Make sure enough training is provided and information is distributed
  • We should be more resilient against attacks and we should be able to always come back in a known good state. Which means that your OT environments should be well protected by all possible ways.
  • Devices
    • Combining the knowledge of your environments’ context and the knowledge of vulnerabilities within your devices, you can properly assess the risk that particular devices are posing to your environment.
    • Knowing the DNA and the history of a product is critical to find and detect vulnerabilities in a device, and calculate overall risk to your environment.
  • Finding out possible outbreaks to the Internet quicker through using (automated) Beacons in your network before something bad happens allows you to focus on other important things.
  • Logging
    • you should define what you really want to be seeing within your environment and focus your logging on that aspect
    • your logging infra should/must follow your network zoning approach
  • Risk Assessments
    • There is a lot in the standard stating that you should you do something but the how to actually perform or execute this is missing within the standard.

A method that can be used to tackle the missing how with regards to risk assessments is for example Cyrias – Cyrias – conducting cybersecurity risk assessments

Similar Posts