This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2019 Singapore ICS Cyber Security Conference! (View the full conference website here)

Don’t miss the hottest ICS cyber security event in the APAC region -  Register Now
Back To Schedule
Wednesday, April 17 • 1:30pm - 2:00pm
Securing Critical Infrastructure With Active OT Protection

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Today’s manufacturing, oil & gas and utilities for the most part involve standardized, layered systems with in-depth production rules, guidelines, and regulatory oversight. While connecting processes, networks, and applications promises to drive significant economic benefits for manufacturers, this interconnection also creates new cyber threat attack surfaces, including the possibility of safety concerns, operational disruptions and downtime, and costly physical damage to equipment and products. However, majority of operational systems cannot support best practices from IT security.  They can’t be patched routinely, they run outdated versions of operating systems, and their host networks enable unfettered movement for malware and human attackers.  In some cases connections to the corporate network provide a pathway to OT via lateral movement.   Different protocols and systems use enterprise networks and the plant’s operational technology, making them difficult to secure. In 2019 we will face a new set of sophisticated attacks on critical infrastructure.  The elite hackers emerge: well-funded and highly skilled, making it almost impossible for all manufacturing companies to protect themselves.  Hoping you are not targeted is not a proactive security measure.
In this session the attendees will learn from Andres Andreu, CISSP-ISSAP and CTO of Bayshore Networks, what can we do to better protect critical infrastructure with active OT protection, security beyond viability. Adding security to a production environment, while not violating the bounded latency constraints the environment needs to adhere to, is not easy. Modern day ethernet networks operate within boundaries where the traffic flow of data is indeterminate. This means that intervening devices (i.e. security devices) can delay stream data and generally speaking the delays are acceptable. IIoT/OT networks have no such luxury yet need security functionality in order to properly protect their resources and productivity. There is a great and unique challenge in finding that middle ground.

In this session Andres will dive into the impact of active protective action and what happens or the lack thereof is rapidly growing. The session will cover ICS/SCADA mitigation measures and vulnerability assessments and how active enforcement will need to take place to actually secure resources in manufacturing (and most other IIoT environments for that matter) and why Critical infrastructure protection requires active OT security to all endpoints.

avatar for Andres Andreu

Andres Andreu

CTO, Bayshore Networks
Andres has over 20 years of hands-on dynamic security architecture and engineering experience, including extensive backgrounds in SCADA/ICS, web services security/integration, and federated ID technology. He is also the author of a number of open source projects, including yextend... Read More →

Wednesday April 17, 2019 1:30pm - 2:00pm GMT+08
Olivia Olivia (Stamford Ballroom)