Analysis
Control device security
Critical infrastructure
Events
Malware, Phishing & Ransomware
News
OT Network security
Regulation, Standards and Compliance
Risk & Compliance
SOC & Incident Response
Threat Landscape
Vulnerabilities

S4x22 event lives up to its theme ‘No Limits!,’ with focus on driving change in ICS community

April 22, 2022
S4x22 event lives up to its theme ‘No Limits!,’ with focus on driving change in ICS community

The must-awaited S4x22 event, spread over three days, has just concluded in Miami, Florida. The conference lived up to its theme ‘No Limits!,’ providing the OT and ICS (industrial control systems) security industry with back-to-back sessions, opportunities to meet and exchange ideas, and create an environment that spurs new thinking and creativity. 

The S4x22 event provided an occasion to spend time with peers and luminaries in the operational technology (OT) and ICS industry, while also establishing and renewing relationships. There was a women-only social event at the conference that provided an opportunity for all of the women attendees to establish and renew relationships with other women in ICS security at all different points in their career paths. With only about 10 percent of women in the ICS security community, it is often considered difficult for women to enter and thrive in the male-dominated, sometimes hostile, and often intentionally and unintentionally discriminatory ICS security field. 

In addition, a 301-Level ICS Security Training called ‘The Autobahn,’ was held, which analyzed how collecting and analyzing forensic data is a core component of the incident response process, inspected the Top 20 PLC secure coding practices, and explored the use and management of software defined networking (SDN) technology in ICS environments.

The important announcement from the S4x22 event came from the Cybersecurity and Infrastructure Security Agency (CISA) expanding its Joint Cyber Defense Collaborative (JCDC) initiative to include the ICS industry consisting of security vendors, integrators, and distributors. The move will strengthen and bolster the U.S. government’s focus on building cybersecurity posture and resilience of ICS and OT environments.

Industrial Cyber reached out to some of the speakers at the S4x22 event and gathered their insights, along with key takeaways from the conference.

“The energy at S4 was high. On one hand, we had many community members reconnecting from the pandemic,” Ben Miller, vice president for professional services and R&D at Dragos, told Industrial Cyber. “On the other- the conference nearly doubled from 2020 and the excitement and focus from new attendees was palpable,” he added. 

Ben Miller, vice president of professional services and R&D at Dragos
Ben Miller, vice president of professional services and R&D at Dragos

The JCDC announcement is exciting, according to Miller. “CISA has always recognized the value of engaging industry and has done so in a variety of task forces and working groups over the years but this takes it to a new level where government, industry, and solutions providers have a continuing venue to work together,” he added.

Providing a feeling of the ‘vibe’ at the S4x22 event, after the over two years break, Marty Edwards, vice president for OT security at Tenable, told Industrial Cyber that the vibe was ‘extremely positive.’  

Marty Edwards, vice president for OT security at Tenable

“Everyone here is overwhelmingly happy to see old friends and to meet new friends after being cooped up behind a Zoom screen for 2.5 years. The event has record attendance – close to 800 people I believe,” Edwards added.

The vibe at S4x22 is electric, Eric Byres, founder and chief technical officer at aDolus, told Industrial Cyber. “People are just so happy to be getting together face to face once again. Old friends and colleagues are sharing stories and new attendees are often meeting people they’ve only ever seen over Zoom. In my opinion, canceling the event last year was the right call; S4 is all about building those personal connections,” he added. 

Eric Byres, founder and chief technology officer at aDolus
Eric Byres, founder and chief technology officer at aDolus

“Whether you’re heartily agreeing—or disagreeing—with a fellow ICS professional, it’s best done in person,” Byres added.

Exploring how has the S4x22 event changed since the last one, and looking closer into the key factors that brought about these changes, Edwards said that the “main changes are Dale’s expansion of the event to the new Stage 2 and Stage 3 venues across the street from the Fillmore – which are all attributable to the growth in attendance over the years. I believe that everyone I have spoken with thinks this is a positive change and all of the sessions have been well attended,” he added.

“At previous S4 events, you heard a common lament from the technical experts about ICS cybersecurity lacking enough visibility at the executive level. That has definitely changed,” Byres said. “The conversation has transitioned from ‘how can we get the budget we need’ to ‘how can we get the information that the board is demanding,’” he added. 

The dramatic rise in high-profile attacks like the ones on SolarWinds or Colonial Pipeline is almost certainly behind this shift, Byres said. “S4 is still true to its technical roots, but better ICS risk visibility is now accepted as a business imperative and you see that in the sessions,” he added.

On the same page, “I think this underscores the increasing threats to OT and emphasizes a need for greater visibility of industrial operations to detect malicious activity earlier in the kill chain to thwart adversaries before they can impact operations,” Matt Cowell, vice president of business development at Dragos, told Industrial Cyber. “Additionally, as a community, we need to ensure we’re better prepared (incident response plan and readiness) when a cyber event occurs, this was a point well described by Solarwinds CISO, Tim Brown during his S4x22 presentation,” he added.

Matt Cowell, Vice President of Business Development at Dragos, Inc.
Matt Cowell, Vice President of Business Development at Dragos, Inc.

Taking a closer look at the CISA’s move to include the OT sector into its JCDC initiative and whether the decision suggests that OT can no longer be ignored, Edwards pointed out that “there have been several public-private partnerships in place with the US Government and the ICS/OT community over the years such as ICSJWG and the CSWG (Control Systems Working Group) – so I wouldn’t necessarily want to portray that the US Government has ignored the ICS or OT sector.”

“CISA has increased their interaction with companies like Tenable through the JCDC, and it is a natural evolution of this organization to incorporate ICS and OT companies into the mix,” Edwards said. “I see it as a positive move to continuously improve their engagement with companies like ours,” he added.

“The US government, and CISA in particular,  has absolutely recognized that OT needs to come out of the shadows. IT/OT convergence is a done deal and you cannot protect critical infrastructure without protecting both,” Byres said. “But OT has a whole different level of complexity with its many operating systems, vendors, protocols, and devices—not to mention all the legacy equipment still in service,” he added. 

“It’s very encouraging to see the expertise and unique capabilities of the OT community put to work in this public-private partnership,” Byres highlighted.

The S4x22 event was the first time that the ICS community met after the SolarWinds attack, Colonial Pipeline incident, U.S. President Joe Biden’s Executive Order 14028, and in the wake of rising geopolitical cyberattacks. Addressing the largest challenges that have to be tackled by the ICS community, as it works toward focusing on rising cybersecurity threats and attacks, Edwards said that “although we may be meeting physically for the first time in a while – the ICS community has had many virtual events around the world to address the ever-expanding attack surface and threat landscape.”  

The geopolitical situation with the Russian invasion of the Ukraine certainly has increased the attention across the board being paid to critical infrastructure and for good reason, according to Edwards. “As a community, we need to continue to increase visibility into these systems in order to address any security deficiencies or weakness, and do this via a vendor-agnostic, technology-neutral, standards-based approach,” he added.

“We believe software supply chain visibility is the number one security concern for critical systems. You cannot protect what you don’t know about,” Byres said. “We’ve seen an alarming rise in supply chain attacks, where the attacker goes after a supplier of their real target (or targets) rather than a direct attack. It’s a hugely efficient approach: compromise one victim and gain access to thousands. And because both ICS vendors and asset owners lack visibility into the vast trees of embedded third-party components hiding in their software, they don’t know what their exposure is,” he added.

Anna Ribeiro

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow's emergency detection systems
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow’s emergency detection systems