The Autobahn will be held on Thursday on Stage 3. Your S4x22 ticket will give you access to these sessions. No additional fee is required, and those that have paid for the Autobahn will receive a refund.
The Autobahn is four 1 hour and 15 minute sessions, with time for your questions, on the following topics:
Digital Forensics and Incident Response for PLCs
Instructors: Glen Chason and Ken Proska of Mandiant
Collecting and analyzing forensic data is a core component of the incident response process. This process is central to determining the scope of a compromise, the tools used by adversaries, and their capabilities. However, obtaining digital forensics and incident response (DFIR) data in PLCs and other level 1 devices. Embedded systems are normally outside of the scope of traditional forensic methodologies, defenders need to identify or define tools and new methodologies to gather data from these systems.
This session will help students take a systematic approach is to gather forensic data, build collection frameworks, set security baselines, and establish structured incident response processes related to PLC’s. Where possible native functionality built into OT devices will be used. Specialized tools will also be introduced that support this methodology.
Top 20 PLC Secure Coding Practices
Software Defined Networking (SDN) Technology, Use and Management in ICS
Instructor: Tim Watkins of SEL
The zero trust principle and buzzword have been getting a lot of attention in 2021. SDN is one technical approach to achieving zero trust and is being deployed in leading/bleeding edge ICS. This session will begin by briefingly describing SDN and its benefits. The marjority of the session will provide examples and lessons learned from early SDN deployments. Learn what systems are good candidates (and what are not) for SDN; what are some of the major challenges in deployments and ongoing operations; and how the SDN deployment can provide network resilience.
As an added bonus, the session will describe how the SDN controllers can be deployed as containers.
Security, Orchestration, and Automation (SOAR) in ICS
Sure, data from OT is being exported to SIEM and then SOAR, but is anyone doing anything with it? Yes, and in this session you’ll learn where some of the early, low risk wins are and the who and how much is required to get those wins. Learn how automated isolation, workflow tickets, updates to asset management and more can be achieved. The session will use Swimlane, QRadar, Tripwire and other systems as examples, but the techniques can be used with any vendor systems.