June 2014 Whitepaper and Presentation Submissions

These are the whitepapers and presentations that ICSJWG members submitted in conjunction with the 2014 Spring Meeting in Indianapolis, IN. These documents are ‘as received’ from the respective authors, who have released them for public distribution but may retain copyrights of the presentation matter. Please contact the authors for additional information regarding specific rights retained. Content and opinions are those of the authors and do not represent DHS opinions, endorsements, or recommendations. The advice and instructions provided in the attached are provided as is, with no warranties, and should be confirmed and tested prior to implementation, as applicable.

Should you wish a copy of any of these, please contact us at ICSJWG.Communications@hq.dhs.gov and we will gladly send a copy.

ICS Security Convergence:  Don’t Miss the Big Picture
Ron Fabela, AlertEnterprise
Using Hardware-Based Solutions for Improved Security of Electronic Devices in Connected Systems
Shrinath Eswarahally, Infineon Technologies
Monitoring Control System Cybersecurity: Digging Deeper
Gib Sorebo, Leidos
Extending Traditional Cyber Security Practices
Chris Fogle, Delta Risk
Cyber Security Threats in Critical Infrastructure – The Bottom of the Iceberg
Alexey Polyakov and Andy Nikishin, Kaspersky Lab
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Jim Gilsinn, Kenexis Consulting
Network Segmentation and System Reliability
Daniel Chew, Securicon
Attack Tree Analysis for Industrial Control Systems
Terry Ingoldsby, Amenaza Technologies
Evaluating and Improving Cybersecurity Capabilities of the Electricity and Oil & Natural Gas Critical Infrastructure Components
Nader Mehravari and James Stevens, Carnegie Mellon University - SEI
The State of ICS Cyber Security: A Panel Discussion on the Findings of Recent Surveys
Sid Snitkin, ARC Advisory Group
The Cloud Needn't Lead to ICS Storms
Unavailable due to format - please contact speaker directly for a copy
Dale Peterson, Digital Bond
Can Litigation Play a Useful Role In Helping Government Agencies Take the Threat of Kinetic Cyber Attacks More Seriously?
Ross Scott, Ross Scott Law Firm
Securing Remote Access for ICS Systems
Yariv Lenchner, CyberArk
Can You Hear Me Now? Standing Up a SEM to Improve Situational Awareness
Joel Langill, Infrastructure Defense Security Systems
U.S. Navy Case Study - Implementing a Cyber Secure Enterprise Industrial Control System
Mark Benedict, Ultra Electronics, 3eTI
Advanced Honeypot Techniques as Detection and Intelligence Tools in Utilities
Brent Huston, MicroSolved
Breaking a Whitelisting System - No Silver Bullets
Andrew Ginter, Waterfall Security Solutions
Post-Apocalyptic SCADA (includes demonstrations notes)
Corey Thuen and Ken Shaw, Southfork Security
Shared Situational Awareness: The Achievable Path
Chris Blask, ICS-ISAC
Industrial Control Systems Census 2014
John Matherly, Shodan
Framework for Improving Critical Infrastructure Cybersecurity
Victoria Pillitteri
Network Simplicity leads to Greater Security
Art Conklin, College of Technology, University of Huston
Life After Shodan: Characterizing Internet-facing ICS Devices
Paul Williams and Jonathan Butts, AFIT and Mike Glover, Prime Controls
Pass-the-Hash: Detecting Privileged Threats using CyberArk’s DNA Tool
Sara Lofgren, CyberArk
                                  Whitepapers submitted in tandem with the Indianapolis Meeting
The New Paradigm for Information Security: Assumption of Breach
Ernie Hayden, Securicon