Compliance & Risks
S4x22: ICS Security Creates the Future
The ICS Security Event S4 was held for the first time in two years, bringing together more than 800 business leaders and specialists from around the world to Miami Beach on 19-21 Feb 2022. The theme was CREATE THE FUTURE.
Save to Folio
Technology and International Relation
Niloofar Razi Howe one of the unique and strong influencers in the cybersecurity world, investor of technology ventures, directors of consulting firms, and advisors to public agencies such as the Department of Defense delivered the keynote speech for the event.
Howe spoke about how technologies are affecting real-world international relations, saying that decentralized, distributed and personalized capabilities blur the line between cybercrime and national attacks. She added that the modern war from three perspectives: technology, social media, and data.
She mentioned that Ukraine hacked into Russian car charging stations as an example of the effect of technology, indicating that vulnerabilities in connected devices can have a direct impact on the lives of people in the physical world. Secondly, she talked about the positive impact of social media. For instant, Ukrainian President Zelenskyy is increasing domestic and international approval by speaking to the world through social media.
With regard to data, Howe discussed how China combines physical and digital data to make social scores. However, this isn't limited to China. She mentioned the fact that the United States can also process data and make decisions, suggesting that it's becoming more difficult to keep secrets as secret around the world. Moreover, it is increasingly difficult to tell the difference between truth and false.
"The velocity of change is outstripping our ability to mastery,” Howe said, calling on the audience to act creatively with new look at the impact of technology on society and international affairs.
History Accumulated Provides Practices
During the event, two projects were shared as a progress of community activities in the history of S4 over 15 years. One is Incident Command System for Industrial Control Systems (ICS4ICS), which is a framework for incident commands in ICS, and the other is Top 20 PLC Secure Coding Practices.
ICS4ICS employs FEMA's Incident Command System Framework. This is the system used by first responders around the world to respond to hurricanes, floods, earthquakes, occupational accidents, and other high-impact situations. The ICS4ICS approach guides businesses, organizations, and municipalities to identify incidents, assess damage, address imminent challenges, communicate with the right agencies and stakeholders, and resume day-to-day operations. This framework applies traditional incident command system best practices to cybersecurity incidents, ensuring common terminology and enabling diverse incident management and support resources to work together. To learn more about ICS4ICS, download the document here.
The second is the Top 20 PLC Secure Coding Practices, which have been developed the last two years after a S4x20 session. The purpose of the project is to provide guidelines to engineers that are creating software to help improve the security posture of Industrial Control Systems. These practices leverage natively available functionality in the PLC/DCS. Little to no additional software tools or hardware is needed to implement these practices. They can all be fit into the normal PLC programming and operating workflow. Details are at here.
Related to this project, various researchers presented practical research such as patch verification for PLC vulnerabilities, anomaly detection by secure coding, digital forensics of embedded devices, etc. in the 2022 technical track.
Extensive Discussion not only for ICS technology
S4, which consisted of more than 60 sessions on three stages, covered a wide range of hot topics. Here are some topics that stood out from the event:
Practical examples of adaptive IEC62443 standard to current environment. Traditional refinery systems and new solar and wind power systems in the energy industry, port and container ship maritime, building security.
- Real Story of Incident Response
Learn from SolarWinds CISO's experience. Ransomware incident response for Norwegian energy service provider VOLUE.
Joint Cyber Defense Collaborative (JCDC) established by CISA in August 2021. Build new mechanism to solve the problems of confusion of authority and ambiguity of responsibility, learned from mistakes in history.
- Organizational Silos
Bridge of technical and non-technical. Classification of maturity with an assessment model.
- Risk Management
Reason why attackers target corporate mergers and acquisitions. Will cyber insurance for ICS be common in the next 2-3 years?
- SBOM, Vulnerability
Standardization by the Common Security Advisory Framework (CSAF) enables machine processing and reduces barriers between vendors and asset owners. Vulnerability Exploitability eXchange (VEX) that evaluates the exploitability of vulnerabilities.
LF Edge, which is an Open-source Framework. OT-SDN, which embodies zero trust in control systems. DevOps in Containerized ICS.
INCONTROLLER / PIPEDREAM, the latest attack tool targeting industrial control systems.
Overall, I was particularly interested in the two topics, Risk Management and Decentralization. Investing in ICS security is not always a priority for business owners. In order to protect their organization, CISO needs to understand the risks correctly and obtain an appropriate investment. The first important thing in ICS risk management is to discuss with board members what is the worst-case scenario for their organization. It’s also about forming an agreement on what will happen and what to do if it has negative impacts. Moreover, it would be the basis of risk management to avoid the worst consequences.
Decentralization has a broad meaning in modern cybersecurity. It may pertain to technologies used by ordinary individuals to influence national conflicts, where infrastructure is open, intelligence is shared, and multiple leaders make decisions according to each responsibility within an organization.
Trend Micro Research and Zero Day Initiative Contribute to the Future
Trend Micro researcher, Charles Perine presented the findings of the risks of cyber threats in environments where cellular networks are embedded in ICS. The research suggested recommendation for verification and defense of attack scenarios in a situation where 4G and 5G private networks are built in an environment that imitates a steel mill in a laboratory. You can read the full research here.
Additionally, TXOne researcher, Ta-Lun Yen gave a lecture on Trend Micro Research's study on the DDS protocol. The Trend Micro Zero Day Initiative (ZDI) also conducted a Pwn2Own, where analysts exhibited their skills in vulnerability research.
I was proud of that our researchers had a stage at S4 and that ZDI contributed to the advancement of ICS security. At the same time, I recognized our responsibility for the future. Trend Micro will continue to contribute to the future of ICS security with advanced solutions and intelligence that solve the challenges asset owners facing.
To learn more about our forward-looking ICS security solutions, check out our solutions page here.