Error Code

When critical infrastructure is shut down due to ransomware or some other malicious attack, who gets notified and when? Chris Warner, from GuidePoint Security, discusses the upcoming Cyber Incident Reporting for Critical Infrastructure Act or CIRCIA and what it will mean for critical infrastructure organizations.

When an enterprise network goes down, you call in the Incident Response team and they do forensics. When your SCADA goes down, who do you call? Meet Lesley Carhart, technical director of incident response at Dragos, who focuses on products and services for the non standard part of cybersecurity. That means things like performing digital forensics on SCADA, industrial control systems, and critical infrastructure. There’s still some normal enterprise computing involved, but very often the stories told by practitioners are … well, just plain weird. 

This is a story about how organizations are moving their SCADA systems to the cloud and how they need to secure them or they’ll be attacked. Chris Doman, co-founder and CTO of Cado Security discusses the new NSC guidelines on SCADA in the Cloud and whether the guidelines are prescriptive enough.

If you knock down an email server, you could stand up a parallel server or you could find workarounds. If you knock down a factory floor, there is no real parallel, alternative to a factory floor.  Dane Grace, product manager at Brinqa talks about how the risks to OT carries with it an outsized kinetic response in the real world. For example, what would happen if someone managed to put a botnet on a defibrillator?

One of the problems with security is ROI. If I put in next gen this and next gen that and no security events happen, am I justified in making those expenditures? How do you quantify a risk like that?  Padraic O’Reilly, founder and Chief Innovation Officer at CyberSaint, walks us through the risk analysis for IoT and OT systems, and why it’s important to understand this as we secure our critical infrastructure.

This is the story of how a researcher turns commercial and commonly used EDRs and Cloud-based backup systems into wipers against the very data they’re designed to protect. Or Yair, security research team lead at Safe Breach, talks about his two presentations at SecTor 2023 that consider how to turn common security tools into potentially malicious weapons.

There’s a lot of talk about using AI and LLM in security. For example, could ChatGPT detect the vulnerable spots for power for analysis in particular pieces of code using Advanced Encryption Standard?  Witold Waligora, CEO of CloudVA, talks about his Black Hat Europe presentation, How We Taught ChatGPT-4 to Break mbedTLS AES With Side-Channel Attacks.

You might think that internet connected cameras would be limited in use by a bad actor. Actually such devices can be an entry point into an organization, providing yet another means of accessing the internal network. Mohammad Waqas, a field CTO at Armis, spoke at SecTor 2023 about the threat posed by IoT and OT devices in future cyberwarfare and discusses here why we need to broaden our attack surface defenses to include them. 

There’s a fake news report about three million internet-enabled toothbrushes contributing to a botnet. Unfortunately the mainstream media ran with the story before questioning its basic assumptions. This is a story about IoT devices and the fact that we still don’t understand how they are vulnerable. Tom Pace, co-founder and CEO of NetRise, talks about vulnerabilities inherent in the IoT space that are often misconstrued and how we need to ask more questions about the software and the hardware being used if we want to secure critical infrastructure tomorrow.

Ransomware groups have bifurcated with some doing pure ransomware and others going straight to extortion; it's whether the data is ransomed on your network or theirs. Nick Biasini from Cisco Talos talks about the threats he’s seeing, in particular, SapphireStealer which is open source and using GitHub to crowdsource new features.