• Black LinkedIn Icon
  • Black Facebook Icon
  • Black Twitter Icon

Conference Program - Day 2

Day 2 AM - SCADA Security

9:00 AM CST

Mission Critical SCADA Operations & Security Deconstructed

Michael Rothschild, Senior Director of OT Solutions • Tenable

The rise of the intelligent SCADA environments across utilities, water & wastewater, oil & gas, telecommunications and transportation requires operations to be more flexible than ever before. To face these challenges, SCADA is becoming increasingly intelligent, interconnected and digitized. An interconnected network, while creating great efficiencies, also yields a much wider attack surface with the capacity to easily move from one provider to the next. Therefore, industrial cyber threats have become core risks to safety, reliability and business continuity.


This Session will Cover:

  • The current SCADA deployment models and changes in requirements

  • New OT (5) challenges facing SCADA

  • Unpacking of recent OT security incidents. What went wrong?

  • Best practices for securing SCADA given the new security paradigm

9:45 AM CST

How Low Should you go? Establishing Security for Levels 1 and 0 in the Industrial Control System Network

Mark Baggett, VP of Industrial Control Systems • Mission Secure, Inc.

When today’s adversaries breach the business network and subsequent segments, what is protecting the control systems managing physical processes from manipulation or disruption? Traditional ICS cybersecurity says protect control systems by layering barriers to keep adversaries at bay. But what happens when they fail?


Level 0 in the OT network is the last line of defense. Protecting Level 0—field devices controlling physical processes like temperature, pressure, flow, and speed—should be at the core of any industrial cybersecurity approach. Three questions must be addressed to protect physical processes and ensure operational resiliency:


  1. How do you maintain operability during a cyber attack?

  2. How do you safely bring down processes when compromised by or under attack?

  3. How do you recover and restore cyber-physical systems after the attack?


Using comparative analysis and change detection between digital command and control signals (operator activity; ethernet, TCP/IP, or serial) and raw physical analog signals (physical component activity; 24 VDC, 4-20 mA) with system awareness at the network traffic level, operators gain unprecedented insight and protection for their critical processes.

10:30 AM CST

A Growing need for SCADA Communications Protection

Stan Pietrowiczc, Director, Applied Cybersecurity & Network Modernization • Perspecta Labs

In current practice, most operators inherently trust their control systems despite the lack of evidence asserting the integrity of their protective systems. Utilities need concrete and timely evidence to answer difficult questions of every critical infrastructure operator, i.e., “Can I trust my control system today?” and “What evidence to do I have to validate my trust in the system?” Operators need a multi-axis cyber integrity solution that independently analyzes traffic, power, binary integrity and cyber emissions to support defensive cyber operations and hunt cyber-weapons in SCADA environments by applying “non-TCP channels” for cybersecurity analysis of real-time systems. Recent research and development has proven the value of a sensor-based solution in substations to analyze substation assets, collect independent, secondary telemetry and provide intervention solutions to recover from and defend during active cyberattack.

Independent analysis tools that run concurrently are united through a probable cause threat reasoning engine that provides guidance on malicious scenarios. An Asset Readiness HMI built upon a one-line diagram familiar to system operators and protection system engineers visualizes the energy state of each substation asset by correlating multiple sources of telemetry that include passive relay and RTU point extraction, direct relay metering, AMI/DA probe telemetry, AMI Outage Detection and substation secondary telemetry sources to predict bus and breaker states. Insights from recent advanced government R&D projects, firsthand experience, and high level results and discoveries made during recent deployments are shared.

11:15 AM CST

Industrial Control Systems and Cybersecurity

Craig Reeds, Cybersecurity Systems Engineer • Velta Technology

Industrial Control Systems are used in almost every industry and due to things like IT/OT Convergence they are being connected to the Internet and being put at risk. This speech addresses the problems with IT/OT Convergence and the dangers that having ICS connected to the Internet. Then what we can do to fix the problem.

12:00 PM

Conference Conclusion

Sign up for updates

© 2020 TWST Events