This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2019 Singapore ICS Cyber Security Conference! (View the full conference website here)

Don’t miss the hottest ICS cyber security event in the APAC region -  Register Now

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Technical Track [clear filter]
Tuesday, April 16

1:30pm GMT+08

How Can Organizations Gain Situational Awareness of All Devices in Their Environments?
The convergence of IT and OT are putting new demands on CIOs and CISOs as they're being tasked with protecting the entire business ecosystem, well beyond enterprise IT systems. Over the last decade, we have seen malware begin to target non-enterprise devices and industrial control systems (ICS) at an alarming pace.  However, most critical infrastructure and ICS asset owners are ill-equipped for this changing cyber threat landscape. Plus, the number of connected ICS assets continues to grow. This new reality of inter-connected cities, industries and transportation systems has elevated the topic of OT cybersecurity to the executive level of most companies, organizations and governments. Today’s average enterprise requires more visibility and richer integrations between conventional IT systems and new OT security requirements.

Join us at this informative session to learn how Forescout can help organizations gain complete situational awareness of all devices in their interconnected environment.

avatar for Steven Hunter

Steven Hunter

Senior Director, System Engineering APJ, Forescout Technologies
Steven joined ForeScout in June 2016 as Director, System Engineering Asia Pacific & Japan. He is responsible for developing and managing a team of experienced systems engineers within the region to work with organizations as they adopt and implement the ForeScout security solution... Read More →

Tuesday April 16, 2019 1:30pm - 2:00pm GMT+08
Olivia Olivia (Stamford Ballroom)

2:00pm GMT+08

RF Exploitation: Demystifying IoT/OT hacks with SDR
Recent years have seen a flood of novel wireless exploits, from vulnerable medical devices to hacked OT devices, with exploitation moving beyond 802.11 and into more obscure standard and proprietary protocols.

This session will introduce audiences to the world of RF analysis. As we introduce each new attack, we will draw parallels to similar wired exploits, and highlight attack primitives that are unique to RF. During the session, we'll walk through wireless sniffing, spoofing, cloning, replay, and DoS attacks. These offensive exercises will give one brief idea of how to analyze the devices' security, and the best practices guidelines will help to design them properly.

There will be a demo on "How to reverse engineer RF signals", "Simulation of Dallas Siren Hack", "Silent gigs, quiet clubs or rave parties are a relatively emerging trend which widely works in 33Mhz/863MHz/915Mhz ISM Band, practical demonstration of exploiting such devices".
Session Objectives
  • Become familiar with common security concerns and attack surfaces in a wireless communication system
  • Understand the ease and prevalence of wireless exploitation, with sophisticated examples
  • Encourage the audience to view IoT devices, security, and privacy collectively.

avatar for Harshit Agrawal

Harshit Agrawal

Security Researcher, Security Researcher
Harshit Agrawal is a Security Enthusiast working as a UG Intern at BMC Software on Blockchain Technology as well as  volunteering for NULL and OWASP Pune chapter. He is a part of All Day DevOps Community, and Speaker at HAKON and various Universities. He is President for CSI chapter... Read More →
avatar for Himanshu Mehta

Himanshu Mehta

Senior Threat Analysis Engineer, Symantec
Himanshu Mehta is passionate about Computer Security and due to this reason he actively and responsibly discloses security vulnerabilities to vendors. He is also involved in several bug bounty and Capture the Flag programs. He is the board member of EC-Council Licensed Penetration... Read More →

Tuesday April 16, 2019 2:00pm - 2:30pm GMT+08
Olivia Olivia (Stamford Ballroom)

2:30pm GMT+08

ICS/SCADA – 0Day & Fileless Malware Hunting
Fileless attack techniques are being bypassed and even ignored by the defenders or so-called "Blue Teams" under their radar who just rely on their million-dollar arsenals and stay reactive until the average dwell time of 256-days lapses.

This presentation aims to enlighten not only the experienced incident responders but also the experts in digital forensics to a practical methodologies of dissecting phishing attacks to hunt Fileless attack and even discover zero-day malware on their targeted ICS/SCADA environment that mitigate the breach or lessen the dwell time using Free and Open Source Software (FOSS).

Key Takeaways:
  • Demystify Zero-day and Fileless malware hunting.
  • Share the seven Zero-Day Malware found by the speaker.
  • Empower audiences and encourage to share findings in the community for awareness and prevention.
  • Show the fun in Digital Forensics and Incident Response (DFIR) within the ICS/SCADA environment.
  • Leverage Open Source tool for practical analysis.

avatar for Mike Rebultan

Mike Rebultan

SecInt Head, Equinix
Mike Rebultan, aka “Art” has more than 16 years of experience combined as an IT and OT professional with a background in PCI-DSS audit management, Unix/Linux server lockdown, and systems administration, R&D, VAPT, and currently a DFIR/SecOps in an ICS/OT company. Holding a master's... Read More →

Tuesday April 16, 2019 2:30pm - 3:00pm GMT+08
Olivia Olivia (Stamford Ballroom)

3:15pm GMT+08

Fast-Tracking Defense-in-Depth in a New Zealand Industrial Facility
After being approached by an industrial organization wanting to capitalize on a full-plant turn-around and implement defense-in-depth best-practice security controls for their ICS network infrastructure.
Through a tight-timeline, we coordinated two vulnerability assessments (parent-company and
vendor-provided), determined target controls, designed and procured equipment and
implemented zone and conduit controls.

This presentation will outline the process followed to maximize return-on-investment and
minimize impact to plant operations, both during the shutdown and post-start-up. Although the
time-frame was restricted, subsequent plant-wide changes would not be possible for many years
until the next plant-wide shutdown so implementing best-practice design and flexibility was key.
Results and observations from before, during and after the process will be discussed as well as
post-project lessons-learned.

Learning Objectives:
  •  Lessons learnt from a fast-track ICS Cyber security project
  • Key decisions required in design, implementation, operate/maintain and close-out phases

avatar for Peter Jackson

Peter Jackson

Director of Cyber Security & Senior Systems Engineer, ECL Cyber New Zealand
Peter Jackson is an experienced IACS Cyber Security professional. Peter leads a team of Cyber Security engineers in supporting the industrial sector in NZ. Peter’s background includes control and safety systems experience as a TÜV certified Function Safety Engineer. Peter has... Read More →

Tuesday April 16, 2019 3:15pm - 3:45pm GMT+08
Olivia Olivia (Stamford Ballroom)

3:45pm GMT+08

Using OSINT Technology for Pen-testing Critical Infrastructure
NSHC Inc. has been building a system that crawls and parses every page on the deep/dark network. We put this system and OSINT up together for critical infrastructure security. specially, When you start an OT security investigation for critical infrastructure, the first phase you will face is the data reconnaissance and intel gathering about your target information to find bypass the air-gap. This talk will cover how important data is just on the web and how to put together for threat analysis and investigation of OT Area. Furthermore, how to apply machine learning to this intelligence service will be covered.

avatar for Louis Hur

Louis Hur

Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four people in 2003 while... Read More →

Tuesday April 16, 2019 3:45pm - 4:30pm GMT+08
Olivia Olivia (Stamford Ballroom)

4:30pm GMT+08

Anatomy of an Attack: Two Real-World Industrial Control System Attack Vectors and How to Defend Against Them
What are your blind spots when it comes to protecting critical ICS from attacks that can impact production and safety? Compromising a Level 1 or 0 Industrial Control System (ICS) cyber asset is a not a difficult thing to do for someone with knowledge of industrial control systems.

Traditionally, industrial processing facilities have relied on security by obscurity, system complexity, air gapping, network segmentation, and perimeter-based security protection for process control networks (PCNs). Many organizations have put IT-centric security technologies in place that primarily focus on securing Level 3 and 2 systems within the PCN, such as operator systems and workstations.
This IT-centric approach fails to protect Level 1 and 0 production-centric assets sufficiently, thus leaving them vulnerable. This creates a huge blind spot, which leaves industrial processing facilities vulnerable to common ICS attack vectors.

This presentation provides an overview of two simple Level 1 and 0 attack vectors that challenge most industrial processing facilities to defend proactively against. It provides an in-depth examination of the thought processes used by an attacker, along with a detailed anatomy of each attack. It then discusses the required technical controls needed to defend against each type of attack.

Attendees will learn:
  • How an attacker approaches an ICS environment
  • How two real-world attack vectors can lead to process and safety disruption as well as how to defend against them
  • Security controls that protect against these two scenarios

avatar for Anand Makhija

Anand Makhija

Technical Director APAC, PAS
Anand Makhija is the Technical Director at PAS with over 12 years of experience in the Oil and Gas and Energy industry. Anand is a subject matter expert in control systems, process safety, automaton integrity, cybersecurity, and IPL assurance. Over the years, he has conducted several... Read More →

Tuesday April 16, 2019 4:30pm - 5:00pm GMT+08
Olivia Olivia (Stamford Ballroom)
Wednesday, April 17

1:30pm GMT+08

Securing Critical Infrastructure With Active OT Protection
Today’s manufacturing, oil & gas and utilities for the most part involve standardized, layered systems with in-depth production rules, guidelines, and regulatory oversight. While connecting processes, networks, and applications promises to drive significant economic benefits for manufacturers, this interconnection also creates new cyber threat attack surfaces, including the possibility of safety concerns, operational disruptions and downtime, and costly physical damage to equipment and products. However, majority of operational systems cannot support best practices from IT security.  They can’t be patched routinely, they run outdated versions of operating systems, and their host networks enable unfettered movement for malware and human attackers.  In some cases connections to the corporate network provide a pathway to OT via lateral movement.   Different protocols and systems use enterprise networks and the plant’s operational technology, making them difficult to secure. In 2019 we will face a new set of sophisticated attacks on critical infrastructure.  The elite hackers emerge: well-funded and highly skilled, making it almost impossible for all manufacturing companies to protect themselves.  Hoping you are not targeted is not a proactive security measure.
In this session the attendees will learn from Andres Andreu, CISSP-ISSAP and CTO of Bayshore Networks, what can we do to better protect critical infrastructure with active OT protection, security beyond viability. Adding security to a production environment, while not violating the bounded latency constraints the environment needs to adhere to, is not easy. Modern day ethernet networks operate within boundaries where the traffic flow of data is indeterminate. This means that intervening devices (i.e. security devices) can delay stream data and generally speaking the delays are acceptable. IIoT/OT networks have no such luxury yet need security functionality in order to properly protect their resources and productivity. There is a great and unique challenge in finding that middle ground.

In this session Andres will dive into the impact of active protective action and what happens or the lack thereof is rapidly growing. The session will cover ICS/SCADA mitigation measures and vulnerability assessments and how active enforcement will need to take place to actually secure resources in manufacturing (and most other IIoT environments for that matter) and why Critical infrastructure protection requires active OT security to all endpoints.

avatar for Andres Andreu

Andres Andreu

CTO, Bayshore Networks
Andres has over 20 years of hands-on dynamic security architecture and engineering experience, including extensive backgrounds in SCADA/ICS, web services security/integration, and federated ID technology. He is also the author of a number of open source projects, including yextend... Read More →

Wednesday April 17, 2019 1:30pm - 2:00pm GMT+08
Olivia Olivia (Stamford Ballroom)

2:00pm GMT+08

Technical Reference on Autonomous Vehicles – (Part 2 : Safety - TR 68 – 2 : 2019)
This session touches on the safety aspect on autonomous vehicle that is based on Part 2 : Safety - TR 68 – 2 : 2019



avatar for Niels de Boer

Niels de Boer

CETRAN Program Director, Nanyang Technological University
Niels de Boer is the program director for CETRAN, which is tasked by the Singapore Land Transport Authority to develop technical standards and regulations to enable trial testing and deployment of Autonomous Vehicles on public roads. CETRAN is also supporting ESG, SMF-SDO and the... Read More →

Wednesday April 17, 2019 2:00pm - 2:30pm GMT+08
Olivia Olivia (Stamford Ballroom)

2:30pm GMT+08

Technical Reference on Autonomous Vehicles – (Part 3 : Cybersecurity Principles and Assessment Framework - TR 68 – 3 : 2019)
This session touches on the cyber security aspect on autonomous vehicle that is based on Part 3 : Cybersecurity Principles and Assessment Framework - TR 68 – 3 : 2019

avatar for Soon Chia Lim

Soon Chia Lim

Director (CSEC), Cyber Security Agency of Singapore, Cyber Security Agency of Singapore (CSA)
Mr. Lim Soon Chia is Director (Technology) of Cyber Security Agency. In his current role, he is responsible for capability development, evaluation and certification, technology management, and R&D for cyber security. Mr Lim started his career with the Ministry of Defence and the Republic... Read More →

Wednesday April 17, 2019 2:30pm - 3:00pm GMT+08
Olivia Olivia (Stamford Ballroom)

3:00pm GMT+08

IACS Security Audit - Why We Failed the Pentest
Having conducting several security assessment, penetration testing, and security audits, there is a time when we failed the security audits or penetration testing exercise. Worst, is when we failed year after year. Audit reports are written by auditors, penetration testing are conducted by pen-tester, and the person who manages the IACS are the OTs. Reports, results and action items may not address the root cause of the findings. The writer may not have the same experience as the OTs on site. They play different roles with different experiences. I have seen reports that are similar each year from the same organization. Even when governance have been enforced and tracked, yet sometimes things do recurs.

This presentation will discuss:
  • Recurring findings of penetration testing exercises
  • How to assist the auditors / pen-tester on corrective actions
  • Importance of  a Security Baseline
This presentation will help you prepare and defend yourself during audits and penetration testing exercises. Stop recurring findings by reviewing previous reports and implementing long term and short term actions. Making your action plans achievable and not over-promising.  Plus improving your process on developing security baselines and its implementation. With this, you will be able to explain and assist the senior management on the findings and to improve their organizations in coming audit and penetration testing exercise. This will benefit and create more value for the organization during audit and penetration testing exercise.

avatar for Muhammad Reza Shariff

Muhammad Reza Shariff

Industrial Cyber Security Practitioner
Reza is a highly motivated professional with 15 years of experience in IT and information security for Oil & Gas and healthcare industry which includes knowledge on Plant Control System (PCS), Data Control System (DCS) and SCADA systems. He first started off as a Lead Engineer at... Read More →

Wednesday April 17, 2019 3:00pm - 3:30pm GMT+08
Olivia Olivia (Stamford Ballroom)

3:45pm GMT+08

Targeted Attacks and Security Testing ICS Devices Through Smart Fuzzing
The speaker will use a smart fuzzing tool, which is one of ISA Security Compliance Institute recognized CRT tool for Embedded Device Security Assurance (IEC62443 EDSA Certification), to demonstrate how targeted attacks can be generated and security testing done for ICS/SCADA devices. 

avatar for YK Pang

YK Pang

Director, Network and Software Security, Beyond Security Asia
YK Pang is the technical lead for software and network security testing tools at Beyond Security Asia. He started his career as a software programmer, financial systems, at one of the largest computer software house in South East Asia. He has over 25 years of IT work experience having... Read More →

Wednesday April 17, 2019 3:45pm - 4:15pm GMT+08
Olivia Olivia (Stamford Ballroom)

4:15pm GMT+08

The “Late Mover’s” Advantage in Maritime Cyber Security
Today, we are not short of headlines on sophisticated cyber-attacks in onshore IT and OT systems. The day would come when more attack vectors start to expand and focus on critical info infrastructures onboard ships and rigs. While IMO has stipulated cyber safety mandate by 1 Jan 2021, followed by various guidelines brought forth by shipping and classification bodies, the maritime cyber safety landscape is still in its infancy and is seriously lacking effective actionable insights. What exactly should ship owners cyber-protect their assets cost-effectively? We frequently hear of “First Mover” advantage and not the opposite. In this speaking session, Ken Soh will share his notion of “Late Mover” advantage in cyber safety landscapes, since the best of onshore practices could be fine-tuned for off-shore purposes. He  also cautions the adoption of mainstream traditional cyber protection paradigms which are no longer effective, hence resources should not be wasted by “porting” such approaches and technologies over.

avatar for Ken Soh

Ken Soh

CIO at BH Global / CEO at Athena Dynamics, Athena Dynamics
Mr Soh has more than 28 years of working experience in the ICT industry. Prior to joining BH Global, Mr Soh held various senior positions in public and private sectors at CxO and business leader levels with Master Planning and P&L responsibilities. In BH Global, he has spearheaded... Read More →

Wednesday April 17, 2019 4:15pm - 4:50pm GMT+08
Olivia Olivia (Stamford Ballroom)
Filter sessions
Apply filters to sessions.