Last week on November 5th Dragos hosted the 4th annual Dragos Industrial Security Conference (DISC). DISC is a practitioner-oriented conference for industrial asset owners and operators in industries including energy, chemical, manufacturing, transportation, water, mining, etc. The conference program is a mix of technical and research-oriented topics and provides actionable advice based on lessons from the frontlines of industrial cybersecurity.
This was the largest and most successful DISC ever! While attendance is limited to practitioners and asset owners and operators, we were thrilled to have over 1,600 attendees representing 48 countries.
DISC was a virtual event for the first time this year. What was missed in terms of personal interaction was offset by the high level of engagement enabled by attendees being connected digitally. During the 8-hour conference, there were over 300 questions asked and answered, on a range of topics from technical, to best practices, to policy, to practical “how-to.” The engagement was heartening especially during a global pandemic that has limited travel and physical meetings.
DISC presentations covered topics ranging from MITRE ATT&CK for ICS, how it’s different from ATT&CK for Enterprise, and how Dragos Activity Groups are covered in the ATT&CK for ICS framework (interactive chart online here); EKANS ransomware; the importance of using consequence-based analysis for penetration testing; and much more.
One of the highlights from DISC was the presentation on “Applying the Bow Tie Model to Destructive Malware.” The presentation was delivered by Josh Carlson and Daniel Michaud-Soucy of Dragos, but the content was created in collaboration with Bryan Owen, security architect, and Lubos Mlcoch, customer success program manager, at OSIsoft. The presentation was the result of a 3+ month joint effort between OSIsoft and Dragos, informed by actual incidents (and near misses) of historian servers compromised by destructive malware. A recording of the presentation is available here: Bow Tie Model of Destructive Malware.
Another highlight of the conference was the presentation by Mark Johnson-Barbier and Brent Heyen, cybersecurity architects from Salt River Project (SRP). SRP provides energy and water to more than 1 million customers in the greater Phoenix metropolitan area. Mark and Brent described in detail their “OT Visibility Journey” from having limited visibility with inconsistent and time-consuming monitoring and event handling, to asset verification, identification of misconfigurations, with monitoring of vendor and remote access, which ultimately translates into “sleeping better at night.” They included practical advice and lessons learned, including how to build rapport with engineering and ops teams who are critical to a successful OT cybersecurity program. Mark and Brent are two of the most community-oriented cybersecurity professionals you will ever meet. They want their slides and presentation recording to be publicly available, so other community members can benefit and learn from their experience. A recording of the SRP presentation is here SRP: Lessons Learned, the slides are available here.
Each person/group that presented at DISC submitted a list of useful resources for the community that are available here along with the agenda: https://hub.dragos.com/disc-2020-agenda
All of us at Dragos are heartened by the participation and engagement at this year’s DISC and want to express our thanks to the community.
Next year’s DISC will be even better! It will be held on November 5, 2021, and will be a hybrid physical-virtual event, with the physical location in the Hanover, Maryland area. Please register your interest today, and we’ll keep you informed as the details are confirmed: https://www.dragos.com/disc/
Ready to put your insights into action?
Take the next steps and contact our team today.