Help Us With The S4x19 ICS Detection Challenge

We held the first ICS Detection Challenge at S4x18. Claroty, Gravwell, Nozomi Networks and Security Matters competed. The competitors were challenged to 1) create an asset inventory and 2) detect cyber attacks … all from anonymized packet captures.

We are planning on having an even better ICS Detection Challenge at S4x19. Better because we have the experience from S4x18. Better because we have more time and resources dedicated to the Challenge. And better because many more vendors have already requested to compete in the S4x19 ICS Detection Challenge. (8 to date and we haven’t even asked yet)

Email If Interested

How You Can Help

Asset Owners – Provide Packet Captures

The ICS Detection Challenge at S4x18 used anonymized, but real world packet captures from a mid-stream oil and gas asset owner. It included pipeline SCADA as well as ICS at terminals. And we felt this realism was essential.

For the S4x19 version of the Challenge we are trying to have a wider variety of packet captures to test the rapidly maturing solutions in this space. If you are considering

How It Works

  • We work with the asset owner to connect a passive device to the span port of one or more switches. This can be done by your team, or we can come in and do it. IMPORTANT: No communication is introduced on the ICS. It is passive only.
  • We collect “normal” communication in the form of pcap files.
  • If possible, we work with the asset owner to generate and capture “interesting” legitimate communication such as diagnostic commands, project downloads, etc. This is done from your legitimate and authorized engineering workstation or operator station.
  • If possible, we collect an asset inventory file from the asset owner. This is used to help create the score sheet. It is not provided to the Challenge competitors, even in the anonymized form.

Asset Owner Benefits

  1. Help determine or short list the solution that would be best for your specific environment (the “best” product varies by sector and ICS)
  2. See what this product category can and cannot do for your ICS (great way of getting beyond the marketing buzz and FUD)
  3. Learn about potential security issues in your ICS (last year competitors found numerous issues the asset owner was not aware of)
  4. Educate your team on ICS detection

ICS Security Pro’s – Get On The Challenge Team

This is not a small ask. A large team with everyone doing a small amount of work isn’t a fit for this type of project. We are looking for a 5 Person Team that will be responsible for the entire Challenge. This includes anonymizing the packet captures, completing the asset inventory, creating and inserting additional packets, creating the score sheet, and setting up and running the Challenge.

Of course all involved will get a free S4x19 ticket and the glory. You will also get a first hand view of the capabilities of the product category and individual solutions, how to perform a bake off in this category and hopefully a lot of technical and market knowledge and experience.

Email If Interested