CS2AI Global - Control System Cyber Security Association International

Over 65 billion smart devices in use. That’s 10 times more xIoT devices than all traditional endpoints combined. Most of these—including OT, ICS, IIoT, & adjacent IoT Cyber-Physical Systems (CPS)—are unknown, unmanaged, & unmonitored – posing significant security & operational risks. This massive, vulnerable attack surface is exploited for cyber espionage, data exfiltration, sabotage, & extortion, as businesses gain powerful business benefits converging OT/ IT infrastructures. Historically, active discovery & remediation of OT/ICS/IoT devices in sensitive environments has been a HELL NO for fear of disrupting operations, risking lives, & costing millions. This has limited operators & security practitioners to legacy passive security tools – yielding limited visibility, incomplete/inaccurate inventory, vulnerable assets, & operational impact on sensitive, mission-critical devices. Done right, active solutions are scalpels, not cudgels, focusing on what devices need. This increases discovery speed, visibility completeness, classification accuracy, & risk assessment with no operational impact, while allowing proactive hardening & remediation. Bad actors count on passivity. They want you to fail so they can continue to evade detection & maintain persistence on your mission-critical OT/IoT devices. We’ll help you take control of your embedded devices. We’ll detail findings from threat research across millions of CPS, demonstrate how IoT/ OT devices can be hacked, recognize where they’re most vulnerable, & employ strategies – including new Intelligent Active Discovery (IAD) technology – to safely find, harden & remediate assets at scale. Attendees will understand: ● Issues with active discovery in the past ● How to leverage safe, fast, accurate methods of IAD  ● How devices are hacked ● Why active discovery is the path forward safely FIND, FIX, & MONITOR OT & IoT CPS Speaker: John Vecchi, Cybersecurity Evangelist, Phosphorus https://lnkd.in/eTVrtX32 This event is sponsored by Phosphorus

ICS/OT cyber security author, researcher and gamification expert is joining us to talk about his books, including: “Hacking Exposed: Industrial Control Systems" and ChatGPT for Cybersecurity Cookbook - for cybersecurity professionals, IT experts, and enthusiasts looking to harness the power of ChatGPT and the OpenAI API in their cybersecurity operations. Whether you're a security researcher or a red, blue (or purple!) teamer, this book will help you revolutionize your approach to cybersecurity with generative AI-powered techniques. The ChatGPT for Cybersecurity Cookbook shows you how to automate and optimize various cybersecurity tasks, including penetration testing, vulnerability assessments, risk assessment, and threat detection. Each recipe demonstrates step by step how to utilize ChatGPT and the OpenAI API to generate complex commands, write code, and even create complete tools. You’ll discover how AI-powered cybersecurity can revolutionize your approach to security, providing you with new strategies and techniques for tackling challenges. As you progress, you’ll dive into detailed recipes covering attack vector automation, vulnerability scanning, GPT-assisted code analysis, and more. By learning to harness the power of generative AI, you'll not only expand your skillset but also increase your efficiency. Author/Speaker: Clint Bodungen, Author of "ChatGPT for Cybersecurity Cookbook" & "Hacking Exposed: ICS," Creator of "ThreatGEN® Red vs. Blue" & "ThreatGEN AutoTableTop™" Founder of ThreatGen, Founder of CyberSuperhuman, Dir. of Cybersecurity Innovation at MorganFranklin Consulting, and (CS)²AI Founding Fellow. #CS2AIOnline #OTCyberSecurity #Cybersecurity

The very first discussion nearly ten years ago that has led to what CS2AI is today was on a rooftop in Atlanta, GA with Fred Gordy who I think can safely say he was association member #2. Just like with Fred, and others since him, including Charles Hosner who a decade ago (at 2 am in Amsterdam) introduced me via email to Gavin M. who later introduced me to Brad Raiford who later introduced me to Walter Ariel Risi, I am amazed how often I get to meet these kind of people, who I know instantly will be great to work with but will also be a great people to know outside of that single dimension. In addition to cyber security, I share passion for food, wine, adventure, scuba diving, cooking, gaming, family, and more with each of them. Life is too short to work with anything less than talented, friendly, caring, sociable, passionate, humorous, adventurous people that are putting their best efforts forward to do good and important things for the benefit of all. PS I would @ so many of you that the attempt to do so would risk leaving someone out. If you meet the above criteria consider yourself on the list!

In recent years, industry experts were periodically informed on many new vulnerabilities related to Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), Human Machine Interface (HMI) and Intelligent Electronic Devices (IED), supplied by a range of well-known vendors. These exposures lead to growing concerns among systems’ operators about possible cyber-attacks against Industrial Control Systems (ICS) / Operation technology (OT) systems. However, the published incidents worldwide contradicts those publications, and the number of attacks impacting the ICS-OT operation was low.  Among the published internally and externally generated cyber security incidents, we find attacks that may directly or indirectly affect the industrial process and cause operation outages, damage to machinery, and risks to lives. Attacks can be internally and externally generated or caused by negligent supply chain. The session will explain why ICS/OT directed Ransomware is not likely to happen. To protect the business operation continuity of your plants, you must be more concerned about the incidents caused by failures, uncorrected actions by authorized personnel, and internal or external or supply chain-initiated cyber-attacks. This session aims to help readers understand the IT and OT-related cyber incidents and select suitable and cost-effective cyber defense solutions that ensure the facility's operating safety, reliability, and performance (SRP). Speaker: Daniel Ehrenreich, BSc. is a consultant and lecturer acting at Secure Communications and Control Experts (SCCE) and periodically teaches and presents at industry conferences on the integration of cyber defense with industrial control systems; Daniel has over 33 years of engineering experience with ICS and OT systems for electricity, water, gas, and power plants as part of his activities at Tadiran, Motorola, Siemens, and Waterfall Security. Guest Host: Justin Searle, Director of ICS Security at InGuardians #CS2AIOnline #OTCybersecurity

In today's interconnected business and digital ecosystem, safeguarding against cyber threats, enterprise risk, and operational vulnerabilities is paramount. Join us for an insightful panel discussion where experts from diverse domains converge to address the critical intersections of Operational Technology (OT) security, Information Technology (IT) security, and Enterprise Security. Explore the imperative need for a holistic approach to risk management that encompasses the intricacies of business functions, IT infrastructure, operational technologies, physical security, engineering systems, financial, and executive management perspectives. Gain practical insights into effectively representing and mitigating risks to business operations, ensuring resilience, and fortifying against evolving threats in an ever-changing landscape. Topics:  • Understanding Critical Intersections • Information Technology (IT) Security Challenges • Operational Technology (OT) Security Challenges • Physical Security & Operational Safety Challenges • Evolving Threat Landscape • Overcoming Differences • Executive Management:  • Business-Centric Approach Speakers: Taha Mughir • VP Engineering and Hardware Products, ISSQUARED Inc. Kristin Demoranville • Founder and CEO of Anzensage • Co-Founder and CEO AnzenOT  • Podcast Host: Bites and Bytes Podcast Roya Gordon • Executive Industry Consultant Hexagon, Operational Technology (OT) Cybersecurity • Founding Board Member, Houston Chapter, IoT Security Foundation Najo Ifield • Executive Director CyberRisk Alliance • B-sides NOLA Event Producer  • Member of the Executive Committee, Outreach Chair, Control System Cyber Security Association International - (CS)2AI #CS2AIOnline #OTCybersecurity

The backend of responding to a cybersecurity incident in OT is recovery, and if the incident is significant, it will spur a larger Disaster Recovery (DR) effort. Currently most Incident Response (IR) focus is around detection, containment, and eradication. However, with OT systems, significant recovery plans often lack detail given a response to any actual or perceived cybersecurity threat that disrupts the environment. The events of WannaCry are a stark reminder of the importance of having a DR plan where near total environment disruption occurred. To handle such large-scale human made disasters, a DR plan should specify systematic reconstitution activities contingent on different impact scenarios and provide a pathway for rapid recovery. This talk will introduce a vendor-agnostic framework that aims to parallel well-defined practices in process safety engineering (such as the commonly used four steps of process shutdown, ESD 0 - 3) and apply them to disaster recovery, considering cyber events that trigger a process loss event. Instead of focusing on data and technical recovery alone, commonly the scope of DR plans, the ICS/OT disaster recovery framework will view restoration considering process and control & automation system dependencies and location, following a methodology of 4 levels of automation system compromise. Next, the framework considers different loss scenarios for the individual asset under consideration and develops recovery strategies for the respective functional components of the environment. In turn this framework provides a stepwise functional method to resume operations of automation and process control systems and ensures recovery details are measured and operationalized.  Speaker Saltanat Mashirova, Product Management Lead (ICS/OT Cybersecurity) at Honeywell Connected Enterprise Guest Host Bryson 🦄 Bort , CEO & Founder of Scythe, Co-Founder of the ICS Village, #CS2AIOnline #OTCybersecurity

We live in a new world, a world where the homeland is no longer a sanctuary and where you may have to be resilient to cyber-attacks impacting your power or water. In this talk, Mark will review some of the critical cases of his 20 year career in OT cybersecurity. The talk will conclude with a discussion on current adversary tactics and how adversaries like Volt Typhoon are changing the game of critical infrastructure security. The talk will conclude on how with a discussion on how "societal panic" goals change the game. Speaker: Mark Bristow, Director, Cyber Infrastructure Protection Innovation Center (CIPIC), Certified SANS Instructor, and CS2AI Fellow.

Cyber monitoring of industrial networks, known as OT Monitoring or OT Visibility, was introduced to the security market by modeling after Network-based Intrusion Detection Systems (NIDS), resulting in what we refer today as Network-based OT Monitoring. Soon afterwards, however, it was discovered that passive monitoring alone generates asset inventories with considerable gaps, incomprehensible network maps, and ill-defined vulnerabilities. To address some of these limitations, many vendors decided to augment their products with an active approach. Asset owners are often told that this active approach is a simulation of the day-to-day communications between endpoints, primarily PLCs, and their engineering software, thus posing minimal operational risk. Unfortunately, to date, there has been limited research on this subject, and asset owners are left with only the empirical evidence from vendors and / or peers. To address this gap and provide asset owners with an informed view on the active approach of OT Monitoring, this session will demonstrate the impact of different types of scanning on some of the most common PLCs. By using a systematic analysis, asset owners’ fears and vendors’ claims are finally put to test. Speaker: Raphael Arakelian has held senior positions at some of the largest ICS/OT cybersecurity firms in the world, presented at several of the premiere global ICS/OT cybersecurity events, and been a guest lecturer on these topics at MIT. #OTCybersecurity #Webinar #CS2AI #CS2AIOnline

Even though evidence suggests the internet is not actually a series of tubes, OT cybersecurity sure seems to be a whole lot like plumbing. Cyberattacks act like water, finding their way in any crack over time. The tools are the same: filters (firewalls), backflow preventers (data diodes), leak detection. Both have conflicts between designers and practitioners, and nobody seems to care about either plumbing or cybersecurity until something has gone terribly wrong. This session uses plumbing as a guide for those to want to better understand good OT cybersecurity practices, how to use forward thinking design to limit the impact of an attack (“if you didn’t put that pool on the roof, you wouldn’t have to worry about it leaking”), and how to explain exactly what it is you do in OT cybersecurity to people who influence your budget, staff, and quality of life. We’ve had over 2000 years of plumbing experience to learn what works. This was first presented at the S4x24 ICS cybersecurity conference. Speaker Colin Dunn, Founder & CEO of FEND

One of the privileges I enjoy through my involvement with CS2AI Global - Control System Cyber Security Association International, is the opportunity to engage with some of the foremost experts in our industry—those who have literally "written the book" on guidelines, standards, and regulations that ensure our safety and uphold manufacturing and critical infrastructure operations. Serving OT and ICS cybersecurity professionals worldwide, we leverage our access to invaluable experts to provide free community resources, such as our CS2 Standards & Regulations Guide. This curated resource database, an ongoing project managed by a dedicated member committee, is designed for easy navigation with sorting and filtering options. You can access it here: https://lnkd.in/eji9c9Yp Taking it one step further out of the theoretical and into practical, everyday impact, is what we are doing in this week's live seminar, in partnership with FM Approvals. Join us as we welcome two experts in this area (with nearly 50 years of experience between them!) to discuss the impact of cybersecurity regs, standards and certification on Digital Equipment Manufacturers. Patrick Byrne and Christopher Shaffer will be sharing their perspectives, and we hope to see you there! Registration is free, and we are granting CEU credits for those who actively attend. https://lnkd.in/e3N5-nK5