Compliance & Audit Track
Effective threat assessment for ICS/SCADA Systems
1545hrs - 1615hrs
Daniel Ehrenreich,
5th ICS Cybersec 2020, Israel
Daniel Ehrenreich, BSc. is a consultant and lecturer acting at Secure Communications and Control Experts, periodically lecturing at industry conferences cyber defense for industrial control systems; Daniel has over 26 years’ experience with ICS systems for: electricity, water, gas and power plants as part of his activities at Tadiran, Motorola, Siemens and Waterfall Security. Reselected 5th time as the Chairman for ICS Cybersec 2021 taking place on 21-3-2021 in Israel
Synopsis:
ICS cyber security experts know well the famous slogans “you cannot protect what you don’t know” and “there is not silver bullet for absolutely preventing cyber-attacks”. Prior diving deeply into analyzing their ICS-SCADA architecture, we need to clarify with 3 important topics/considerations.
-
Listing the critical assets in the organization which might cause operating outage and damage and in worst cases risking lives of people
-
Listing possible adversaries/ organizations which may target our organization and define the probability of such attack
-
Defining the list of damages/impacts caused by cyberattack against the victim’s organization
During the process, the cyber security expert will select the assessment process, which the organization is well prepared to use. This shall be applicable for internally and externally generated attacks as well a supply-chain related-attack. As we cannot allocate the same defense method for protecting parts and zones, the selected method must match the criticality of each asset deployed with the inspected organization.
