Edoardo
Montrasi

Cryptonet Labs

The hallmark of last year’s attack on the Ukrainian power grid was the extensive reconnaissance, performed by attackers on their target’s control networks, used to maximize system disruption. Situational awareness, incident response and recovery all depend on an accurate understanding of control system inventories, including normal process behavior. The Ukrainian attack has led our community to a key question; do we know our industrial control networks as well as our adversaries?

Despite the emergence of technologies that monitor data flows of industrial control networks, energy operators consistently cite inadequate real time views to control system the topology, devices, and behavior as a fundamental obstacle to securing their operations.   Historically, gathering and maintaining this information has proven incredibly labor intensive and disruptive to economic operations for energy operators.

The course will explore emerging technology and process-centric analytics that can facilitate more automated, passive methods of inventory collection, network monitoring and the definition of normal behavior of industrial control systems.  These emergent technologies can enable operators to baseline normal operational process behavior and measure network loading.  The course will explore the operational and safety benefits of automated inventory technologies such as improved visibility to misconfigurations and early detection of device failures. While improving operability, these technologies also hold the promise of expedited detection of adversaries’ reconnaissance activities and improved recovery times