Defending an ICS (Industrial Control System) requires additional considerations beyond the approach of traditional IT Security. For example, ICS incident responders are tasked with extracting forensic data for threat analysis and implementing indicators of compromise for threat mitigation as quickly as possible. All of this is expected while continuing to maintain the physical safety and reliability of operations as their priority.
This presentation draws attention to specific examples of emerging ICS threats found in the wild and presents practical strategies for incident response (IR) and industrial defence for commonly targeted ICS assets. The talk will conclude with a reminder to dust off (or create) your IR jump bag. After all, we are moving into a future where ICS and critical infrastructure is increasingly threatened year after year.