Ralph Langner challenged us at S4x18 to grow the ICS Security Community by 10X. At S4x19 we introduced the OnRamp 101-Level ICS Security Training to a sold out class of 78 students, and now those videos are available on the S4 Events YouTube Channel for everyone who needs the basics.

At S4x20 we introduced The Highway 201-Level ICS Security Training to a sold out class of 150 students. The Highway Videos are now available as a YouTube Playlist.

  • It’s faster. What you need to know to shape the future of ICS and IIOT security.
  • It’s focuses on today and the future … not the past.
  • 8 videos from top talent in ICSsec recorded at a one-time live event in Miami Beach.
  • IT’S FREE! 

Our goal with the Highway is to get a lot of people up to speed on ICS security.

Teachers and Content

NIST CSF and Maturity Models – Joel Langill of AECOM

Learn how to use the NIST CSF and the most respected Maturity Models to develop and measure your ICS / OT Security Program.

Security Requirements and Acceptance Testing – Mark Heard

Putting in or upgrading your ICS is the best time to specify the security requirements and include it in your selection criteria. You also have to make sure what the vendor or integrator installs it properly as well. Mark Heard has done this as an asset owner and seen it done well and poorly as a consultant and incident responder.

ICS Asset Management and Security – Ralph Langner of Langner, Inc.

Rob Joyce of NSA’s TAO said they knew the systems they were attacking better than the owner of those systems. Don’t let that happen to you. Ralph Langner will show you what you need to know about your ICS cyber assets and how asset management interacts with your security program.

ICS Cyber Security Assessments – Jonathan Pollet of Red Tiger

Jonathan has been performing and teaching ICS cyber security assessments for almost two decades. In this session he will describe what to expect from your assessment and how to use the information you get from an assessment.

Cyber / Physical Attacks – Jason Larsen of IOActive

Attacking the ICS cyber assets is often just an initial step to reaching the end goal of affecting the underlying process being monitored and controlled. Marina will build on the cyber security assessment Jonathan has provided and look at how cyber attacks and knowledge of the physical process can be used by both attackers and defenders.

Consequence Reduction As A Risk Management Strategy – Andy Bochman of INL

Many thought leaders in the ICS security space are urging asset owners to pay more attention to the consequence side of the risk equation. Andy will explain how to make the consequence case to both executive management as well as the operations and IT teams.

ICS Incident Response: The Tabletop Exercise – Kai Thomsen of SANS

One of the best ways to learn about incident response and train your team is through tabletop exercises. Kai Thomsen will provide some tabletop exercise examples and use them to drive home key points in building an effective ICS incident response capability.

Edge, Fog and SDN – Tim Watkins of SEL

We like to finish the training with a forward looking session. These technologies are important for ICS cloud services and next generation network infrastructures. While they are forward looking from an ICS deployed base standpoint, they are available now and should be considered.