Conference Program - Day 2

Day 2 AM - SCADA Security

9:00 AM CST

Mission Critical SCADA Operations & Security Deconstructed

Michael Rothschild, Senior Director of OT Solutions • Tenable

The rise of the intelligent SCADA environments across utilities, water & wastewater, oil & gas, telecommunications and transportation requires operations to be more flexible than ever before. To face these challenges, SCADA is becoming increasingly intelligent, interconnected and digitized. An interconnected network, while creating great efficiencies, also yields a much wider attack surface with the capacity to easily move from one provider to the next. Therefore, industrial cyber threats have become core risks to safety, reliability and business continuity.


This Session will Cover:

  • The current SCADA deployment models and changes in requirements

  • New OT (5) challenges facing SCADA

  • Unpacking of recent OT security incidents. What went wrong?

  • Best practices for securing SCADA given the new security paradigm

9:45 AM CST

How Low Should you go? Establishing Security for Levels 1 and 0 in the Industrial Control System Network

Mark Baggett, VP of Industrial Control Systems • Mission Secure, Inc.

When today’s adversaries breach the business network and subsequent segments, what is protecting the control systems managing physical processes from manipulation or disruption? Traditional ICS cybersecurity says protect control systems by layering barriers to keep adversaries at bay. But what happens when they fail?


Level 0 in the OT network is the last line of defense. Protecting Level 0—field devices controlling physical processes like temperature, pressure, flow, and speed—should be at the core of any industrial cybersecurity approach. Three questions must be addressed to protect physical processes and ensure operational resiliency:


  1. How do you maintain operability during a cyber attack?

  2. How do you safely bring down processes when compromised by or under attack?

  3. How do you recover and restore cyber-physical systems after the attack?


Using comparative analysis and change detection between digital command and control signals (operator activity; ethernet, TCP/IP, or serial) and raw physical analog signals (physical component activity; 24 VDC, 4-20 mA) with system awareness at the network traffic level, operators gain unprecedented insight and protection for their critical processes.

10:30 AM CST

Cyber Integrity in SCADA Systems – Assessing Trustworthiness of Energy Controllers and Communication Networks

Stan Pietrowicz, Director, Applied Cybersecurity & Network Modernization • Perspecta Labs

SCADA and protection systems have become high value targets for cyber-attacks, some of which can lie undetected for months and poised to strike at an adversaries command.  In current practice, most operators inherently trust their control systems, banking that their network defenses were up to the challenge but lacking any firm evidence to positively assert the integrity of their system. Every critical infrastructure operator should ask the questions, “Can I trust my control system today?” and “What evidence to do I have to affirm the trust I place in the system?” These questions are difficult to answer because means to assess cyber health of protection relays, Intelligent End Devices, and energy controllers are very limited and gaps exists.  Most utilities recognize an underlying and cyber and reliability risk with the feeder, bus and transformer protection systems in their transmission and distribution substations due to limited security monitoring.

This presentation will introduce innovative technologies and active research Perspecta conducts under different government research programs that provides utilities with a risk reduction opportunity.  By measuring cyber integrity of critical infrastructure assets through “non-TCP channels” and performing analysis in an evidence-based manner, these technologies enable a utility operator to challenge and establish the confidence in the cyber integrity of its control system on a daily basis instead of assuming its system is trustworthy until an event indicates otherwise.  These new capabilities raise questions about how this technology should be deployed, what groups/organizations within a utility should have access or control of it, and whether cybersecurity should have a role in day-to-day system operations within the energy command center.  We explore these topics and close with a discussion of upcoming pilots in 2021.

11:15 AM CST

Industrial Control Systems and Cybersecurity

Craig Reeds, Cybersecurity Systems Engineer • Velta Technology

Industrial Control Systems are used in almost every industry and due to things like IT/OT Convergence they are being connected to the Internet and being put at risk. This speech addresses the problems with IT/OT Convergence and the dangers that having ICS connected to the Internet. Then what we can do to fix the problem.

12:00 PM

Lunch Break

1:00 PM CST

Protecting against Downtime with Hardened Backup & Disaster Recovery

John Downey, Vice President of Sales • Acronis SC

COVID-19 has changed how we operate day to day. Cyber attackers are becoming smarter and getting more intuitive as this crisis continues. The growing threats to supervisory control and data acquisition (SCADA) and industrial control systems (ICS) are of particular concern.


These systems’ vulnerability is often amplified by the use of software designed with high connectivity in mind, rather than air gapped network security requirements. Compounding the risk further is the fact that many of the assets keeping critical services running rely on proprietary applications and outdated legacy systems to function.


This session aims to help attendees understand the shortfalls of using non-tailored cyber protection and data security solutions within hardened networks and identify a more effective, DoDIN APL and Common Criteria certified alternative for full-disk image backup and disaster recovery.

1:45 PM

Conference Conclusion