S4x22: ICS Security Creates the Future

Technology and International Relation

Niloofar Razi Howe one of the unique and strong influencers in the cybersecurity world, investor of technology ventures, directors of consulting firms, and advisors to public agencies such as the Department of Defense delivered the keynote speech for the event.

Howe spoke about how technologies are affecting real-world international relations, saying that decentralized, distributed and personalized capabilities blur the line between cybercrime and national attacks. She added that the modern war from three perspectives: technology, social media, and data.

She mentioned that Ukraine hacked into Russian car charging stations as an example of the effect of technology, indicating that vulnerabilities in connected devices can have a direct impact on the lives of people in the physical world. Secondly, she talked about the positive impact of social media. For instant, Ukrainian President Zelenskyy is increasing domestic and international approval by speaking to the world through social media.

With regard to data, Howe discussed how China combines physical and digital data to make social scores. However, this isn’t limited to China. She mentioned the fact that the United States can also process data and make decisions, suggesting that it’s becoming more difficult to keep secrets as secret around the world. Moreover, it is increasingly difficult to tell the difference between truth and false.

“The velocity of change is outstripping our ability to mastery,” Howe said, calling on the audience to act creatively with new look at the impact of technology on society and international affairs.

History Accumulated Provides Practices

During the event, two projects were shared as a progress of community activities in the history of S4 over 15 years. One is Incident Command System for Industrial Control Systems (ICS4ICS), which is a framework for incident commands in ICS, and the other is Top 20 PLC Secure Coding Practices.

ICS4ICS employs FEMA’s Incident Command System Framework. This is the system used by first responders around the world to respond to hurricanes, floods, earthquakes, occupational accidents, and other high-impact situations. The ICS4ICS approach guides businesses, organizations, and municipalities to identify incidents, assess damage, address imminent challenges, communicate with the right agencies and stakeholders, and resume day-to-day operations. This framework applies traditional incident command system best practices to cybersecurity incidents, ensuring common terminology and enabling diverse incident management and support resources to work together. To learn more about ICS4ICS, download the document here.

The second is the Top 20 PLC Secure Coding Practices, which have been developed the last two years after a S4x20 session. The purpose of the project is to provide guidelines to engineers that are creating software to help improve the security posture of Industrial Control Systems. These practices leverage natively available functionality in the PLC/DCS. Little to no additional software tools or hardware is needed to implement these practices. They can all be fit into the normal PLC programming and operating workflow. Details are at here.

Related to this project, various researchers presented practical research such as patch verification for PLC vulnerabilities, anomaly detection by secure coding, digital forensics of embedded devices, etc. in the 2022 technical track.

Extensive Discussion not only for ICS technology

S4, which consisted of more than 60 sessions on three stages, covered a wide range of hot topics. Here are some topics that stood out from the event:

  • Architecture
    Practical examples of adaptive IEC62443 standard to current environment. Traditional refinery systems and new solar and wind power systems in the energy industry, port and container ship maritime, building security.
  • Real Story of Incident Response
    Learn from SolarWinds CISO’s experience. Ransomware incident response for Norwegian energy service provider VOLUE.
  • Collaboration
    Joint Cyber Defense Collaborative (JCDC) established by CISA in August 2021. Build new mechanism to solve the problems of confusion of authority and ambiguity of responsibility, learned from mistakes in history.
  • Organizational Silos
    Bridge of technical and non-technical. Classification of maturity with an assessment model.
  • Risk Management
    Reason why attackers target corporate mergers and acquisitions. Will cyber insurance for ICS be common in the next 2-3 years?
  • SBOM, Vulnerability
    Standardization by the Common Security Advisory Framework (CSAF) enables machine processing and reduces barriers between vendors and asset owners. Vulnerability Exploitability eXchange (VEX) that evaluates the exploitability of vulnerabilities.
  • Technology
    LF Edge, which is an Open-source Framework. OT-SDN, which embodies zero trust in control systems. DevOps in Containerized ICS.
  • Threat
    INCONTROLLER / PIPEDREAM, the latest attack tool targeting industrial control systems.

Overall, I was particularly interested in the two topics, Risk Management and Decentralization. Investing in ICS security is not always a priority for business owners. In order to protect their organization, CISO needs to understand the risks correctly and obtain an appropriate investment. The first important thing in ICS risk management is to discuss with board members what is the worst-case scenario for their organization. It’s also about forming an agreement on what will happen and what to do if it has negative impacts. Moreover, it would be the basis of risk management to avoid the worst consequences.

Decentralization has a broad meaning in modern cybersecurity. It may pertain to technologies used by ordinary individuals to influence national conflicts, where infrastructure is open, intelligence is shared, and multiple leaders make decisions according to each responsibility within an organization.

Trend Micro Research and Zero Day Initiative Contribute to the Future

Read More HERE