About

Conference

SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions.

Registration is Open!
Be a Speaker (CFP)
Watch Sessions from 2022
Be a Sponsor

<We_can_help/>

What are you looking for?

>ICS (Page 2)

(Eduard Kovacs – SecurityWeek) – The US House of Representatives has passed a new cybersecurity bill named the “Industrial Control Systems Cybersecurity Training Act.”

The bill was introduced in May by Rep. Eric Swalwell (D-CA), and it was approved by the House last week. Swalwell said the goal of the legislation is to help strengthen the US’s cybersecurity protections “in light of increased Russian cyber threats.”

Specifically, the Industrial Control Systems Cybersecurity Training Act would amend the Homeland Security Act of 2002 to authorize the Cybersecurity and Infrastructure Security Agency (CISA) to establish a cybersecurity training initiative focusing on industrial control systems (ICS).

The bill aims to provide the IT workforce with free ICS security training. This includes virtual and in-person training and courses that would be available at different skill levels to help participants develop and strengthen their skills.

The courses will cover ICS cyber defense strategies and they will be available to both government agencies and private sector entities.

Learn more about security initiatives focusing on industrial control systems at  SecurityWeek’s 2022 ICS Cyber Security Conference

If the bill becomes law, the House and Senate will receive yearly reports describing the courses and participants. The reports will also include information on the plans to expand access to the training, as well as recommendations for strengthening the state of ICS education and training.

“With the increased threat of Russian cyberattacks, we must be cognizant of cyberwarfare from state-sponsored actors,” Swalwell said. “This bill would help train our information technology professionals in the federal government, national laboratories, and private sector to better defend against damaging foreign attacks.”

The lawmaker introduced the bill after the US government issued a warning in April over a Russia-linked piece of malware named Incontroller/Pipedream that is designed to manipulate and disrupt industrial processes in energy facilities by targeting ICS.

Related: Biden Signs Two Cybersecurity Bills Into Law

Related: Lawmakers Introduce Combined Bill for Strengthening Critical Infrastructure Security

Related: House Passes Several Critical Infrastructure Cybersecurity Bills

<ICS/>

(SecurityWeek - Eduard Kovacs) - An unusually high volume of malicious internal reconnaissance and lateral movement have been observed in the manufacturing industry, which experts believe is a result of the rapid convergence between IT and OT networks. The data comes from the 2018 Spotlight Report on Manufacturing released on Wednesday by threat detection company Vectra. The report is based on observations from another report released on Wednesday by the company, the 2018 Black Hat Edition of the Attacker Behavior Industry Report, which shows

by
<ICS/>

By Edgard Capdevielle, CEO of Nozomi Networks Power generation, substation and electric grid operators and many other critical infrastructure sectors typically use equipment from a heterogenous assortment of vendors. This equipment runs thousands of real-time processes generating a huge volume of data. Increasing the interconnectedness and digitization of these systems is a pillar of improved operational efficiencies, however, it isn’t risk free. Analyzing and monitoring this data to detect anomalies that might be caused by a cyberattack is akin to searching for

by
<ICS/>

By: Rick Grinnell, co-founder and managing partner of Glasswing Ventures. In this modern connected age, there’s no shortage of risks to fret about. I hate to add one more, but cyberattacks against utilities and power plants have recently rocketed to the top of the list of major security concerns. For instance, a June report from ESET released new research revealing that the Ukrainian power grid was taken down in late 2015 by the Win32/Industroyer malware. This malware has been considered the biggest threat to

by
<DHS, ICS, OT Attacks/>

By: Eduard Kovacs (SecurityWeek) - The assessments conducted by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in 2016 showed that inadequate boundary protection has remained the most prevalent weakness in critical infrastructure organizations. ICS-CERT conducted 130 assessments in the fiscal year 2016, which is more than in any previous year. Monitor newsletters published by ICS-CERT this year show that it has already conducted 74 assessments in the first half of 2017. Assessments are offered to both government organizations and private sector companies

by
<ICS, OT Attacks/>

By Cameron Camp, Security Researcher, ESET Industroyer, the recent complex malware targeting industrial control systems, offers attackers a modular complex way to attack systems like the power grid. What are the implications of this? For years, adversaries have been quietly testing the defenses of bulk critical infrastructure like gas and oil systems, hydroelectric dams and the power grid. In recent years, starting with Stuxnet in 2010, more focused attempts at directly manipulating industrial systems have started to gain prominence, including Industroyer, which

by