Analysis
Attacks and Vulnerabilities
Control device security
Critical infrastructure
ICS Security Framework
News
Risk & Compliance
Vendors

S4x22 conference draws out future agenda for ICS sector

April 22, 2022
S4x22 conference draws out future agenda for ICS sector

As the curtains come down on another edition of the S4x22 event, one of the biggest conferences for the OT and ICS (industrial control systems) industry, the focus shifts now to the crucial outcome and end results from the conference. As the attendees head back, the larger ICS community will be looking for improved action and results on the ground. 

At the S4x22 conference, the initial Incident Command System for Industrial Control Systems (ICS4ICS) exercise was held. Designed to improve global ICS cybersecurity incident management capabilities, the S4 exercise demonstrated how ICS4ICS works and showcases how it improves cybersecurity incident response for ICS. In addition, it also displayed how an incident command system can be combined with cybersecurity processes and capabilities to manage cybersecurity incidents impacting ICS.

The key announcement from the S4x22 conference came from the Cybersecurity and Infrastructure Security Agency (CISA) adding its Joint Cyber Defense Collaborative (JCDC) initiative. Companies initially joining the JCDC-ICS effort include Bechtel, Claroty, Dragos, GE, Honeywell, Nozomi Networks, Schneider Electric, Schweitzer Engineering Laboratories, Siemens, and Xylem, as well as several JCDC alliance partners.

Industrial Cyber spoke to some of the speakers at the S4x22 event to call attention to advancements made by the change-resistant ICS community since such event, analyze the highlights of the S4x22, and bring out the difference that the ‘Women in ICS Security’ initiative will play in the larger industry context.

Danielle Jablanski, OT cybersecurity strategist at Nozomi Networks, told Industrial Cyber that the “key takeaways from my perspective so far have been new ways to meet the challenge of the increased pace of incidents and ramifications across critical infrastructure sectors.” 

Danielle Jablanski, OT cybersecurity strategist at Nozomi Networks
Danielle Jablanski, OT cybersecurity strategist at Nozomi Networks

She also pointed out that the “threat actors have been doing their homework about the systems we care about and this community is ready to partner in unprecedented ways to rise to that challenge – whether those efforts are to streamline data and automate processes for getting the most value out of that data, to share information, or to do the advocacy work of translating the problem set for key decision-makers,” Jablanski added.

Mark Carrigan, cyber vice president for process safety and OT cybersecurity at Hexagon PPM,
Mark Carrigan, cyber vice president for process safety and OT cybersecurity at Hexagon PPM,

“There is growing awareness that we cannot prevent all cyber attacks and prevent our way out of this problem,” Mark Carrigan, senior vice president for process safety and OT cybersecurity at Hexagon PPM, told Industrial Cyber. “We need to shift focus towards minimizing the consequence of a cyber attack, ensuring that when, not if we are infiltrated, we can reduce consequences to an acceptable level,” he added.

Cherise Esparza, co-founder and chief product officer at SecurityGate.io
Cherise Esparza, co-founder and chief product officer at SecurityGate.io

“The key takeaways for the ICS community were that the element of team was very present,” Cherise Esparza, co-founder and chief product officer at SecurityGate.io, told Industrial Cyber. “Teamwork was the word of the day, and we saw everyone was really striving to improve. People were there to learn and collaborate,” she added. 

Analyzing the advancements made by the change-resistant ICS community since the last S4 event, and the key drivers that the industry is adopting to safeguard from the evolving threat landscape, Carrigan said that “recent events including SolarWinds, Colonial Pipeline, and Log4j have increased awareness at the executive level. Companies have realized they are vulnerable and need to increase investments in OT cybersecurity.”

“I think the primary one is learning to work together across business lines and non-OT security resources. In terms of safeguarding threats, the belief system is that they are more real, and the likelihood is high given the instability and climate of the war,” Esparza said.

The S4x22 event had an exclusive ‘Women In ICS’ social event that provided women attendees to establish and renew relationships with other women in ICS security at all different points in their careers. Cybersecurity is typically considered a male bastion, with only about 10 percent of women in the ICS security community, it is often considered difficult for women to enter and thrive in the male-dominated, sometimes hostile, and often intentionally and unintentionally discriminatory ICS security field.

Women-in-ICS-Security-Thumbnail

“Dale Peterson has created an inclusive environment, for women, career experts, emerging leaders, diverse thinkers and nontraditional backgrounds to have creative interactions and intellectual deep dives at the same time,” Jablanski said. “Those impacts go beyond lip service to catalyze the shared goals we have as a community to fortify cyber-physical operations for the sake of their specific real-world objectives,” she added.

Carrigan highlighted that the good news is that this year over 25% of the participants at S4 are women, a record for this event. “The bad news is that we still have a long way to go to ensure broader inclusiveness of women in this important field,” he added.

“I think women will absolutely have a lot of influence in ICS security as they get more involved and have opportunities made available in ICS roles,” Esparza said.

Anna Ribeiro

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights