An alarming number of headline-grabbing cyber-attacks, viruses and data breaches (i.e. attacks on U.S. Department of Energy, U.S. Chamber of Commerce and the NSA leak) have targeted critical infrastructure. These incidents have put many organizations dealing in critical infrastructure on high alert and many are struggling to figure out how the protect themselves from these potentially devastating attacks.
This has led to an industry-wide debate between isolating sensitive and critical network assets vs. allowing connectivity to other networks for operational and business benefits. Connecting Industrial Control Systems (ICS) and other Operational Technology (OT) has introduced known risks from the IT environment to the OT environment. A recent alert from The Department of Homeland Security's ICS-CERT highlighted that the combination of network connectivity with these known vulnerabilities would "significantly increase the ICS threat landscape." The problem for the thousands of businesses using OT is that these technologies were not designed with security in mind. Instead, they were built to be segregated and not designed to address the security issues that arise when you connect to a network.
This session will explore the challenges of separation and methods for providing secure connectivity through the management of privileged accounts and access points - the most highly targeted attack vector for cyber attackers.
- Attendees will learn from high-level industry research and will gain a better understanding of where cyber-attacks on critical infrastructure originate.
- Attendees will witness the deconstruction of the 'privileged account pathway' to learn how securing privileged accounts can protect their organization from a devastating breach.
- Attendees will learn the steps that need to be taken to meet the requirements of NIST 800-53 rev 4.