{"id":46605,"date":"2022-05-12T00:00:00","date_gmt":"2022-05-12T00:00:00","guid":{"rendered":"urn:uuid:c0c5e787-a01b-bf35-a3c0-c798fb4f7c99"},"modified":"2022-05-12T00:00:00","modified_gmt":"2022-05-12T00:00:00","slug":"s4x22-ics-security-creates-the-future","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/s4x22-ics-security-creates-the-future\/","title":{"rendered":"S4x22: ICS Security Creates the Future"},"content":{"rendered":"

<\/p>\n

<\/div>\n

Technology and International Relation<\/span><\/b><\/p>\n

Niloofar Razi Howe one of the unique and strong influencers in the cybersecurity world, investor of technology ventures, directors of consulting firms, and advisors to public agencies such as the Department of Defense delivered the keynote speech for the event.<\/p>\n

Howe spoke about how technologies are affecting real-world international relations, saying that decentralized, distributed and personalized capabilities blur the line between cybercrime and national attacks. She added that the modern war from three perspectives: technology, social media, and data.<\/p>\n

She mentioned that Ukraine hacked into Russian car charging stations as an example of the effect of technology, indicating that vulnerabilities in connected devices can have a direct impact on the lives of people in the physical world. Secondly, she talked about the positive impact of social media. For instant, Ukrainian President Zelenskyy is increasing domestic and international approval by speaking to the world through social media.<\/p>\n

With regard to data, Howe discussed how China combines physical and digital data to make social scores. However, this isn’t limited to China. She mentioned the fact that the United States can also process data and make decisions, suggesting that it’s becoming more difficult to keep secrets as secret around the world. Moreover, it is increasingly difficult to tell the difference between truth and false.<\/p>\n

“The velocity of change is outstripping our ability to mastery,\u201d Howe said, calling on the audience to act creatively with new look at the impact of technology on society and international affairs.<\/p>\n

History Accumulated Provides Practices<\/span><\/b><\/p>\n

During the event, two projects were shared as a progress of community activities in the history of S4 over 15 years. One is Incident Command System for Industrial Control Systems (ICS4ICS), which is a framework for incident commands in ICS, and the other is Top 20 PLC Secure Coding Practices.<\/p>\n

ICS4ICS employs FEMA’s Incident Command System Framework. This is the system used by first responders around the world to respond to hurricanes, floods, earthquakes, occupational accidents, and other high-impact situations. The ICS4ICS approach guides businesses, organizations, and municipalities to identify incidents, assess damage, address imminent challenges, communicate with the right agencies and stakeholders, and resume day-to-day operations. This framework applies traditional incident command system best practices to cybersecurity incidents, ensuring common terminology and enabling diverse incident management and support resources to work together. To learn more about ICS4ICS, download the document here<\/a>.<\/p>\n

The second is the Top 20 PLC Secure Coding Practices, which have been developed the last two years after a S4x20 session. The purpose of the project is to provide guidelines to engineers that are creating software to help improve the security posture of Industrial Control Systems. These practices leverage natively available functionality in the PLC\/DCS. Little to no additional software tools or hardware is needed to implement these practices. They can all be fit into the normal PLC programming and operating workflow. Details are at here<\/a>.<\/p>\n

Related to this project, various researchers presented practical research such as patch verification for PLC vulnerabilities, anomaly detection by secure coding, digital forensics of embedded devices, etc. in the 2022 technical track.<\/p>\n

Extensive Discussion not only for ICS technology<\/span><\/b><\/p>\n

S4, which consisted of more than 60 sessions on three stages, covered a wide range of hot topics. Here are some topics that stood out from the event:<\/p>\n