Importance of Defining Security Functions to Obtain Visibility in Assets from Level 1 of the Purdue Model
For years many practitioners in the ICS security community realized that guidelines and best practices around secure PLC programming practices were lacking. To address this problem, ICS security professionals in the community pulled together to develop the Top 20 PLC controls. Beyond these controls, however, it is essential to define abnormality detections to display the information on the HMI clients. This allows operations staff to respond to an incident at an early stage and provides the capability to forward the same information to SIEM systems for further analysis. These functions can be developed by using the PLC’s own capabilities and adding operational conditions that infer cyber events.
This webinar explains the importance of having detections from assets that belong to the lower layers of the Purdue Model, as is the case of the PLCs or controllers. The webinar highlights first the importance of visibility in security and the correct selection of the security controls involved in the systems abnormalities detection. It describes the security functions classification and how the security functions will interact with the primary functions contained in a control system. Lastly, the paper elaborates on implementing the functions and describing the alarms and detections generated.
Speaker and Presenter Information
Gloria Cedillo, Sr Industrial Consultant, Dragos
Alejandro Cadena, Data Scientist II, SMS
Michael Hoffman, Principal Industrial Consultant, Dragos
Relevant Government Agencies
Other Federal Agencies, Federal Government, State & Local Government
Event Type
Webcast
When
Mon, Nov 7, 2022, 1:00pm
ET
Cost
Complimentary: $ 0.00
Website
Click here to visit event website
Organizer
SANS Institute