DeepSec2020 Press Release: Industrial control systems put to the test. DeepSec conference organizes forum for the protection of Industrial Control Systems (ICS)
When one talks about digitization, one usually means networked control and measurement systems. The associated technical term Industrial Control Systems (ICS) covers a wide area and extends into Industry 4.0, in which information security plays a very important role. The right design and secure code thus become part of critical infrastructure. This year’s DeepSec security conference offers a forum for the first time – the ICS Village – in which developers and security experts can exchange ideas and experience. The stated goal is to design control systems securely, to implement them robustly, to test them properly, and to protect these systems appropriately.
Servant spirits of the infrastructure
Control systems and automated process control normally lead an invisible existence. Production lines, building management, lighting control, traffic systems, industrial plants or power supply are indispensable parts of the operational business. If everything works, all you can see is production and the results. Only when malfunctions occur do you see the key role played by these technologies. The COVID-19 pandemic in particular has shown that processes in companies and organizations have to work even in exceptional situations. Since ICS can consist of thousands of components, there are many potential sources of error. It is important to keep an overview, to test very well and to develop systems that have to reliably prevent damage in exceptional situations.
Digitization has long found its way into this area. For a long time now, all data from a system have been brought together centrally and digitally in control centres. Modern hardware and software is used. And it doesn’t work without networking. However, it is not possible to introduce any arbitrary changes, quickly adapt or replace existing interfaces, since systems in this area must be designed for operation over several decades. There are clear standards for the interacting systems in order to steer the integration in a clear direction.
OT – IT – Information Security
Operations Technology (OT) refers to the industrial control systems used in production. Due to the history of development, the ICS components used in it come from a world that is not globally networked. Modern information technology, on the other hand, can hardly do without the Internet. If you now connect both worlds, you cannot simply add them up. It takes a secure design. In the past, certain control systems were provided with Internet access and protected by filter systems. Since remote access may be necessary for maintenance purposes, attackers naturally look for these – hopefully closed – doors. In the past, security experts have found gaps in remote access time and time again. So combining any arbitrary technologies may not be the right way to go.
The rattling of locked doors is just the beginning. The code used in the entire control system, connections to measuring points or control systems, network protocols, storage of data, hardware used and much more are also potential weak points that can be attacked. Nobody runs their head through the wall, which means for attacks that they can also come through relationships of trust and thus from within. It is therefore important to build information security right into the design. This is where the DeepSec ICS Village comes in, as this step is an interdisciplinary effort.
Interdisciplinary Development
In November, experts from the field of information security, researchers and companies will present and discuss modern solutions for industrial control systems during the DeepSec conference. All users are invited to take part in the ICS Village and benefit from it. In the exhibition area there are research projects of the University of Applied Sciences Burgenland for the administration of IoT systems. In addition, the development company sematicon AG will be represented, which has a strong focus on information security and cryptography in industry, electronics and the IioT world. Among other things, the se.MIS™ solution for the maintenance of industrial plants will be presented. It is about the possibility of complete self-administration by system technicians with a digital maintenance book, which documents all changes and accesses. Conventional remote access methods such as Virtual Private Networks (VPN) only ever cover parts of the requirements. se.MIS™ allows operation with its own data sovereignty, complete logging for later audits and secure access.
Use the opportunity. Let yourself be connected with expert knowledge. The DeepSec conference has a long history of dealing constructively with information security issues with an emphasis on defence and improvement. Take advantage of it.
Schedule and Booking
The DeepSec 2020 conference takes place on November 19th and 20th. The DeepSec trainings will take place on the two preceding days, November 17th and 18th. Due to the restrictions on travel and stable implementation, some of the training courses are of a virtual nature (please refer to the program for details or contact us directly). The DeepINTEL Security Intelligence Conference will take place on November 18th.
Both events are carried out under COVID-19 health measures, which we publish constantly updated under this link https://deepsec.net/docs/Counter_Covid-19.pdf.
The venue for the DeepSec and DeepINTEL events is The Imperial Riding School Vienna – A Renaissance Hotel, Ungargasse 60, 1030 Vienna.
You can order tickets for the DeepSec conference itself and the training courses at any time under the link https://deepsec.net/register.html.
Please note that due to planning security we are dependent on timely ticket orders.