Difference between revisions of "OWASP AppSec DC 2012/Vulnerabilities in Industrial Control Systems"

From OWASP
Jump to: navigation, search
(added Kevin Hemsley bio)
(updated with new bio.)
 
(One intermediate revision by one user not shown)
Line 2: Line 2:
 
__NOTOC__
 
__NOTOC__
 
== The Presentation  ==
 
== The Presentation  ==
[[Image:Owasp_logo_normal.jpg|right]]In 2011 ICS-CERT experienced a dramatic increase in reported disclosures of vulnerabilities in industrial control system (ICS) products. Security researchers (white, gray, and black hats) across the globe are increasing their research in the ICS product arena and the potential impact to critical infrastructure. Coordinated vulnerability disclosures of control system products are increasing rapidly, but so are the instances of unanticipated or full disclosures.
+
In 2011 ICS-CERT experienced a dramatic increase in reported disclosures of vulnerabilities in industrial control system (ICS) products. Security researchers (white, gray, and black hats) across the globe are increasing their research in the ICS product arena and the potential impact to critical infrastructure. Coordinated vulnerability disclosures of control system products are increasing rapidly, but so are the instances of unanticipated or full disclosures.
 
<br>
 
<br>
 
The once obscure world of ICS security is now a hot topic in the media and around the water cooler. This presentation will discuss the daunting trends in the disclosure of ICS product vulnerabilities, who is disclosing new vulnerabilities, and the coordination process used by ICS-CERT. We will also discuss what concerning trends ICS-CERT is seeing, including recent hacktivist and anarchist group activity.
 
The once obscure world of ICS security is now a hot topic in the media and around the water cooler. This presentation will discuss the daunting trends in the disclosure of ICS product vulnerabilities, who is disclosing new vulnerabilities, and the coordination process used by ICS-CERT. We will also discuss what concerning trends ICS-CERT is seeing, including recent hacktivist and anarchist group activity.
 
== The Speakers  ==
 
== The Speakers  ==
Kevin Hemsly
+
<table>
 
+
<tr>
Kevin Hemsley is the Vulnerability Handling Lead for the US Department of Homeland Security's Industrial Control System Cyber Emergency Response Team (ICS-CERT). ICS-CERT provides a control system security focus to improve the cyber security posture and assist owners and operators of US critical infrastructure assets. Kevin leads the ICS-CERT Vulnerability Handling team that works with independent security researchers and control system vendors from around the world to identify and mitigate vulnerabilities in control system products. Kevin has more than 20 years experience in cyber security ranging from network security to control system and SCADA security.
+
<td>
 
+
===Kevin Hemsley===
 +
[[Image:Owasp_logo_normal.jpg|left]]Kevin Hemsley is the Vulnerability Handling Lead for the US Department of Homeland Security's Industrial Control System Cyber Emergency Response Team (ICS-CERT). ICS-CERT provides a control system security focus to improve the cyber security posture and assist owners and operators of US critical infrastructure assets. Kevin leads the ICS-CERT Vulnerability Handling team that works with independent security researchers and control system vendors from around the world to identify and mitigate vulnerabilities in control system products. Kevin has more than 20 years experience in cyber security ranging from network security to control system and SCADA security.
 +
</td>
 +
</tr>
 +
</table>
 
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>
 
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>

Latest revision as of 10:01, 15 March 2012

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

In 2011 ICS-CERT experienced a dramatic increase in reported disclosures of vulnerabilities in industrial control system (ICS) products. Security researchers (white, gray, and black hats) across the globe are increasing their research in the ICS product arena and the potential impact to critical infrastructure. Coordinated vulnerability disclosures of control system products are increasing rapidly, but so are the instances of unanticipated or full disclosures.
The once obscure world of ICS security is now a hot topic in the media and around the water cooler. This presentation will discuss the daunting trends in the disclosure of ICS product vulnerabilities, who is disclosing new vulnerabilities, and the coordination process used by ICS-CERT. We will also discuss what concerning trends ICS-CERT is seeing, including recent hacktivist and anarchist group activity.

The Speakers

Kevin Hemsley

Owasp logo normal.jpg
Kevin Hemsley is the Vulnerability Handling Lead for the US Department of Homeland Security's Industrial Control System Cyber Emergency Response Team (ICS-CERT). ICS-CERT provides a control system security focus to improve the cyber security posture and assist owners and operators of US critical infrastructure assets. Kevin leads the ICS-CERT Vulnerability Handling team that works with independent security researchers and control system vendors from around the world to identify and mitigate vulnerabilities in control system products. Kevin has more than 20 years experience in cyber security ranging from network security to control system and SCADA security.

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg