Explore the critical aspects of Industrial Control Systems (ICS) vulnerabilities in this 24-minute conference talk from the DISC-SANS ICS Virtual Conference. Delve into the 2019 vulnerability year in review report with Katherine Vajda, Dragos Senior Intelligence and Vulnerability Analyst. Gain insights on processes and drivers for prioritizing and understanding vulnerability risks within ICS environments. Learn how to maximize return on investment for mitigation efforts. Examine key findings, the Purdue Model, and Dragos' approach to vulnerability assessment. Understand the importance of answering crucial questions about vulnerabilities, prioritization techniques, and the Dragos Threat Score. Analyze specific examples involving Rockwell Automation and General Electric products. Explore patching, mitigation strategies, risk-based approaches, and monitoring techniques. Conclude with valuable recommendations for vendors and ICS-CERT to enhance overall ICS cybersecurity.
Evaluating ICS Vulnerabilities - Prioritization and Mitigation Strategies
Dragos: ICS Cybersecurity via YouTube
Overview
Syllabus
Intro
Key Findings
Goofy Venn Diagram
Purdue Model Example
Dragos Process
Dragos Sources
Answer the Three Questions
Do we understand the vulnerability?
Prioritization
Dragos Threat Score
Rockwell Automation Connected Components Workbench
General Electric Communicator
Patching
Mitigation
Risk-Based Approach
Monitoring
Recommendations for Vendors and ICS-CERT
Taught by
Dragos: ICS Cybersecurity
Related Courses
-
Examining ICS Vulnerabilities: Analysis and Mitigation Strategies - Dragos Webinar
-
2022 ICS/OT Cybersecurity Year in Review - Vulnerability Trends and Mitigation Strategies
-
2021 ICS/OT Cybersecurity Vulnerability Briefing - Year in Review
-
2021 ICS/OT Cybersecurity Year in Review - Executive Briefing
-
ICS Vulnerabilities in 2018 - Year in Review Webinar
