2019 - PI World - San Francisco - Transmission and Distribution
Utilizing operations data for enhanced cyber threat detection and response in industrial control systems (SRP,Dragos)
Adversary groups and activities targeting industrial control systems are on the rise. Security teams are now tasked with defending increasingly complex and critical control systems without interrupting operations. This presentation highlights plans and progress of a large public electric utility to extend threat detection capability using PI system data sets. Integration with a threat detection platform improves situational awareness and adds value in three ways. It first provides confidence for quickly eliminating threat activity as a root cause of operational upsets. The second benefit is improved likelihood of detecting malicious tradecraft targeting control systems. Finally, the integrated approach provides data in support of control system incident response and forensic activities.
Mark Johnson-Barbier is a Senior Principal Analyst at Salt River Project. He is responsible for cyber security architecture in the IT and OT systems. Mark has 18 years of experience in the utility industry, holds a BS in Business Management from BYU, and maintains GICSP, GCWN, GCIH, GCIA, and GRID certifications.
Dan Gunter is a Principal Threat Hunter at the industrial cyber security company Dragos, Inc. where he discovers, analyzes and neutralizes threats inside of ICS/SCADA networks. In this capacity, he performs threat hunting, incident response, and malware analysis for the industrial community.