Pre Conference Workshop

1:00 PM - 3:00 PM WORKSHOP A: HOW VULNERABLE ARE YOUR INDUSTRIAL CONTROL SYSTEMS TO CYBER ATTACKS?

Have you ever wondered how vulnerable your industrial control systems are to cyber-attacks? Now is your chance to find out by performing these attacks yourself! Not just in theory, not in a simulated environment, but against real industrial hardware!

This two hour session will cover essential ICS technologies and components and give the attendees a better understanding of the vulnerabilities these possess. During the hands-on part of this session a factory network containing industrial hardware will be our target. Using real world pen-testing techniques, the previously discussed vulnerabilities will be demonstrated by actively exploiting the industrial control system.

Delegates will get the chance to assess in real terms the susceptibilities of their industrial control systems, and implement this into their risk framework. This highly interactive format will also allow you to understand the best practices that others have implemented to help mitigate

3:30 PM - 4:00 PM NETWORKING BREAK

3:30 PM - 5:30 PM COMMUNICATING THE BUSINESS RISK OF CYBER ATTACKS ON INDUSTRIAL CONTROL SYSTEMS TO THE DECISION MAKERS AND BUDGET HOLDERS OF THE COMPANY – MAKING AN IMPACT

Cyber attacks on Industrial Control Systems (ICS), especially if being deployed in critical infrastructures, are having an increasingly negative impact on the private sector, governments and thus on the general public who depend on their services. At the same time, more and more companies are connecting their ICS to the internet to increase efficiency and control costs as they monitor and control their operations. Past security incidents have shown that connecting internal control systems to the internet exposes a new broad attack surface. However, communicating these risks to decision makers is notoriously difficult.

In this workshop, we will start with a demonstration of the current ICS global threat landscape with a special focus on the DACH region. Followed by a demonstration of exemplified risk assessment and mitigation strategies for companies deploying ICS. We will especially focus on a risk assessment via country specific ICS vulnerability monitoring such as a map-based visualisation of threat landscapes through scanning, and cyber insurances as risk mitigating strategies. The demonstrated strategies will be put in context by means of two attack scenarios. Our presentation closes with a proposition of an easy self-assessment tool helping the attendees to navigate their company’s risk potentials and monetary impacts in order to develop strategies for the communication of their business risks.


Benefit for the Attendees:

  • Overview of the current ICS threat landscape
  • Background knowledge on risk assessment and mitigation strategies beyond technical advises
  • Self-assessment tool to develop strategies for risk communication