Behavior-Based Defense in ICS Environments: Leveraging Minor Incidents to Protect Against Major Attacks

August 10, 2018 1:50 PM

Successful cyber-attacks against cyber-physical systems require expert knowledge about the dynamic behavior of the underlying physical process (yes, it is actually required). This information is a crucial part during the attack preparation. Previous work has shown manual acquisition of knowledge about process dynamics to be prohibitively laborious (we will show why). This talk will present first insights into automated process-aware system discovery that goes beyond IT-related trivia and focuses on the physical core of an industrial plant. We will share the results of 12 months’ worth of work, which approaches worked and which did not (and why). Notably, our work already had a follow up work at S4x2017, we will share the insights into that work too. Reverse engineering of the physical processes es is a novel topic for which we yet to find workable/standardized approaches. We encourage you to be a part of the process.

Speaker Information

Panelist Information

Joe Slowik


Joe Slowik current hunts ICS-targeting adversaries at Dragos. Prior to this, Joe ran the incident response team at Los Alamos National Laboratory and served as an Information Warfare Officer in the US Navy.