《研讨会 - 遏制危机倒计时 - 交互式 ICS_OT 网络危机演练.pdf》由会员分享,可在线阅读,更多相关《研讨会 - 遏制危机倒计时 - 交互式 ICS_OT 网络危机演练.pdf(59页珍藏版)》请在三个皮匠报告上搜索。
1、Countdown to Containment!ICS IR WorkshopDean Parsons B.SC.,GICSP,GRID,CISSP,GSLC,GCIAPrincipal SANS InstructorICS515:ICS Visibility,Detection and ResponseICS418:ICS Security Essentials for Mangers(co-author)NOTES:Countdown to Containment!ICS IR Workshop4NOTE SECTION IN THE BACK OF YOUR HANDOUT!YOUR
2、ICS MISSION TODAY CHOOSE TO ACCEPT IS TO CAPTURE:TOP 3 THINGS TO IMPROVE YOUR ICS/OT IR PLANVALIDATE IF YOU HAVE CONTROL#3 FULLY DEPLOYEDVALIDATE IF YOU CAN OBTAIN MEMORY FROM KEY ICS ASSETSVALIDATE WHO IS RESPONSIBLE FOR ICS IR IN YOUR ORGCONSIDER EXECUTING AN ICS IR TABLETOP WITH THREAT-INFORMED E
3、NGINEERING SCENARIOSHAVE FUN AND ASK TONS OF QUESTIONS!PEOPLEPROCESSTECHNOLOGYPeople,Process,TechPEOPLEOperatorsField TechniciansICS/OT Security DefendersIT Security DefendersPEOPLE51%of respondents do not hold any ICS/OT-specific certifications,indicating a critical gap in dedicated ICS/OT cybersec
4、urity knowledge.So who is conducting ICS IR?_ AND the Engineers!PROCESSDHS warned in 2009 that“standard cyber incident remediation actions deployed in IT business systems may result in ineffective and even disastrous results when applied to ICS cyber incidents.”Yet,15 years later,nearly a third(28%)
5、of respondents still lack an ICS-specific incident response plan.PROCESSICS/OT Incident responseONLY 56%of organizations have a dedicated ICS/OT ICS IR PlanTOP ICS/OT ATTACK VECTORSPROCESS46%of ICS/OT compromised comes from IT support networks,allowing the threats into ICS/OT.PROCESSScenario?Targete
6、d Assets?Mapping to MITRE ATT&CK ICS?Incident ResponseTabletopScenario?!PROCESSACTIVE CYBERDEFENSE CYCLERepeatable ProcessICS/OT Trained DefendersApply to any ICS/OT environmentTECHNOLOGYLimited AI adoption in ICS/OTOnly 10%of respondents to the 2024 ICS/OT Cybersecurity Survey are currently using A