Announcement

Collapse
No announcement yet.

Arnaud Soullie, Alexandrine Torrents - Securing Industrial Control Systems from the core: PLC sec...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Arnaud Soullie, Alexandrine Torrents - Securing Industrial Control Systems from the core: PLC sec...

    Arnaud Soullie, Alexandrine Torrents - Securing Industrial Control Systems from the core: PLC secure coding practices

    Abstract:

    Friday from 1400 to 1800
    EventBrite Link: https://www.eventbrite.com/e/arnaud-...s-379303836987

    Securing Industrial Control Systems from cyberattacks often starts by properly segmenting the network, securing remote accesses and overall focusing on traditional “IT” cybersecurity measures. However, we can also leverage existing technology to detect and protect from cyberattacks.
    The Top 20 Secure PLC Coding Practices (www.plc-security.com) is a community-led effort to identify best practices in Programmable Logic Controllers (PLC) code development that improve cybersecurity.
    In this workshop, you will learn how to program a PLC and connect it to a SCADA system. You will then perform attacks on this system and finally implement a sample of the TOP20 coding practices to block or detect such attacks.
    You will be provided with access to cloud VMs preconfigured with a SCADA software as well as a PLC simulator. Some demonstrations will also be performed on-site on real hardware PLCs.

    The workshop is accessible to anyone, even with no prior ICS experience.

    Skill Level: Beginner to Intermediate
    Materials Needed: Just a laptop with a modern web browser. Students will be provided with cloud VMs to perform the exercises.

    Bio:
    Arnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 12 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an open­source data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015.

    Twitter:
    https://twitter.com/arnaudsoullie

    Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.

    Twitter:
    []

    Max Class Size: 40
    Last edited by number6; July 4, 2022, 16:35.
Working...
X