Industrial Cybersecurity Webinars

Full recordings are located on our Cybersecurity Knowledge Center (CKC).  *Some videos require membership to view.

Auditing and Optimizing your OT firewalls*


Preview: Businesses are realizing the significant benefits of converging Information Technology (IT) and Operational Technologies (OT) to meet evolving business requirements. However, as a result, the attack surface of the OT environment is expanding. At the same time, persistent and targeted cybersecurity attacks against Industrial Controls System (ICS) are on the rise. The first line of defense is often a firewall at the perimeter between the business network (IT) and the OT network (a.k.a. process control network). Having a firewall installed is great but it may be providing you with a false sense of security if it hasn’t been properly configured, optimized, and regularly audited. This webinar will discuss the firewall configuration lifecycle, the role of audit, firewall rule rationalization techniques, common firewall misconfigurations and how to remediate them, and will wrap up with a couple of case studies. Watch the full presentation on the Cybersecurity Knowledge Center.




Building a Cybersecurity Program*


Preview: With the present situation in the United States and across the world, our typical method of advancing cybersecurity initiatives has been affected. The OT Cybersecurity conferences and gatherings have been canceled or postponed. I am sure we all have taken steps in our own lives to mitigate the risk to our families, while trying to balance our work objectives. Traditionally, our industry tends to concentrate on the assessment and implementation of recommendations; however, a cybersecurity program is much more than assessment and implementation of deliverables. The Industrial Cybersecurity team at aeSolutions feels there are specific deliverables for an asset owner’s cybersecurity program that can currently be completed to advance their OT Cybersecurity program even with the current travel and social distancing advisories in place. However, it requires a methodical approach in defining, structuring and developing the correct balance of Policies, Standards, Procedures, Job Aids, Checklists and Training. The aeSolutions 5 Pillar Cybersecurity program model is the best-in-class approach to sustain an asset owner’s cybersecurity program, while ensuring the lowest cost to serve over time. Our upcoming webinar will walk asset owners through the ae Solutions 5 Pillar model, its attributes and the interaction within the model. Specific content will be shared in the form of templates ,best practices, checklists and job aids as we discuss our program model with our aeSolutions end-user community. Watch the full presentation on the Cybersecurity Knowledge Center.




Building Cybersecurity into a Greenfield Project Industrial Control System Project


Preview: This presentation is a case study on a capital project to build a greenfield facility and the efforts taken, under the direction of the CISO, to integrate cybersecurity into the project. The presentation will discuss the project justification, the business challenges, the process of integrating cybersecurity into the industrial control system (ICS) project lifecycle as well as the benefits and critical success factors. While not without its challenges, the result was a system that was designed, implemented, documented and tested for security before it left the factory floor and before it was commissioned onsite. Watch the full presentation on the Cybersecurity Knowledge Center.




Design and Implementation of PCN DMZ


Preview: An enterprise wide Industrial Control Systems (ICS) landscape consists of a large array of applications, tools and endpoints spread across multiple facilities at the very core of plant management and manufacturing. This dependency on automation systems mandates companies to develop specific criteria to adequately protect the infrastructure that supports their production processes. Creating strong boundaries between business networks and process control networks (PCN) potentially minimizes the number of vulnerabilities and attack paths that an internal or external attacker may use to manipulate certain critical systems and gain unauthorized access. A PCN Demilitarized Zone or DMZ is considered one of the key security protection mechanisms in the isolation and segmentation of client networks from the underlying OT networks. This presentation will highlight key concepts on how to effectively design and implement a PCN DMZ, based on various use cases across multiple plants and sites as well as any functional specifications crucial to the design and implementation of this security control. Watch the full presentation on the Cybersecurity Knowledge Center.




Digital Transformation and IIoT​ : Cyber-Safety Challenges and Opportunities


Preview: Please join us for the special Live Webcast as we discuss Digital Transformation and IIoT "Cyber-Safety Challenges and Opportunities" to aid, advance, and provide a significant shift in managing the risk of cybersecurity and safety within your organization.

On this webcast, we'll be considering how the technologies and platforms have evolved. We will discuss the high-level goals of Digital Transformation or IIoT programs and projects and how their project execution typically unfolds. We will also discuss how these programs can create unintended consequences within the OT environment if cybersecurity and safety are not evaluated.

This presentation will put forth 5 simple areas of focus for plant personnel when impacted by Digital Transformation or IIoT projects or programs. The 5 areas of focus ensure a fundamental work process and approach to mitigating plant cybersecurity and safety risks. Watch the full presentation on the Cybersecurity Knowledge Center.




Implementing an ICS Vulnerability and Patch Management Program*


Preview: Applying critical security updates and patches issued by Microsoft for Windows-based hosts is fundamental to any ICS cybersecurity program. What makes this seemingly mundane task so complicated? While Microsoft tests and approves patches for the various Windows OS versions, control system vendors must also test and validate those patches for compatibility with their systems. Once the vendor has approved the patches, the asset-owner needs to obtain them, do their own evaluation, schedule deployment, deploy, verify and document. Adding to the challenge is the difficulty of gaining access to these systems due to the infrequency of scheduled shutdowns and maintenance turnarounds. Despite these challenges, there is real urgency to improve the patching of OT computers driven by the alarming increase of ransomware attacks on industrial operations and the frequency of critical security vulnerability alerts that impact OT systems. Join us as we co-present with our industry partner, Panacea Technologies, and highlight tools, work processes and patch management products available to meet this urgent need. Watch the full presentation on the Cybersecurity Knowledge Center.




Evaluating Cybersecurity Risk from an Operational Reliability and Process Safety Perspective: The aeCyberPHA® Method


Preview: There is has been a wide degree of variability in how industry defines and performs OT/ICS cybersecurity risk assessments. Many of the approaches in use today fail to capture the true risk to operations because they don't "drill down" to study the actual consequences if the facility's control and safety systems were to be compromised by a cyber incident. For example, some methodologies overstate the risk by not taking "credit" for existing safeguards and countermeasures. Other approaches understate this risk because they don't consider health, safety, environmental (HSE) or other operational consequences such as lost production, off-spec product, interruption of service, equipment damage, etc.

The aeCyberPHA methodology solves this problem. aeCyberPHA is a standards-based, proven methodology to assess industrial control system cybersecurity risk by using well established practices and lessons learned from process safety process hazard assessments (PHAs). It provides a realistic representation of risk because it integrates information from PHA’s with a detailed cybersecurity risk assessment of the control system and related IT infrastructure.
Watch the full presentation on the Cybersecurity Knowledge Center.




ICS Asset Inventory and Network Diagrams*


Preview: Most people would agree with the statement, "You can't secure an asset if you don't know it exists". In other words, ICS asset inventory is fundamental to assessing, protecting, monitoring and maintaining your ICS systems and networks. Furthermore, since ICS assets are typically part of a networked system, it is also critical to understand how these assets are networked and interact with one another. So, in addition to asset inventory, network diagrams are also fundamental. However, developing and maintain accurate ICS asset inventory and drawings is much easier said than done.

Join us for a two-part webinar on ICS Asset Inventory and Network Diagrams. In Part 1 we will discuss a variety of tools and techniques to gather and maintain an ICS Asset Inventory. In Part 2 we will talk about types of ICS Network Diagrams and present a variety of tools and techniques to develop and maintain them. Watch the full presentation on the Cybersecurity Knowledge Center.




Maritime Cybersecurity: Addressing Cyber Risks at MTSA Regulated Facilities


Preview: In this presentation, Marco Ayala of aeSolutions is joined by a United States Coast Guard representative to speak about the cyber risks to maritime industry including ports, terminals and offshore operational assets. They discuss recent real-world cybersecurity attacks focused on maritime targets, followed by a presentation of the current regulations and guidance that have been published by the Coast Guard to address cybersecurity as it relates to the maritime industry under the Maritime Transportation Security Act, including the latest release of Navigation and Vessel Inspection Circular (NVIC) 01-20. Marco is also joined by John Cusimano, aeSolutions VP of Cybersecurity, and Greg Villano, Industrial Cybersecurity Senior Principal Specialist for aeSolutions. Watch the full presentation on the Cybersecurity Knowledge Center.




OT Cybersecurity Products: Evaluating, Selecting and Deploying*


Preview: Several OT cybersecurity products are available today featuring targeted functionality to address the unique requirements around asset management, intrusion detection, patch management, configuration management, threat intelligence, etc. While these products offer valuable insight into the real-time security posture of their ICS networks, asset owners are struggling with determining if, when and how they might deploy these technologies across their fleet of ICS systems. Grappling with these issues can be an incredibly complex challenge for organizations with multiple facilities and diverse ICS platforms. In this presentation we will share our experience working with asset owners and vendors on a structured process of selecting, testing and deploying OT cybersecurity products. We will also present typical requirements checklist, sample vendor questionnaire and other collateral during the presentation. Watch the full presentation on the Cybersecurity Knowledge Center.




PLC/SIS Security Are You Leveraging Available Technology to Ensure System Integrity?*


Preview: In the recent years, as the demand for real time analytics, predictive maintenance, and system monitoring technologies has risen in the Industrial Controls System (ICS) environment, Information Technology (IT) and Operational Technologies (OT) have been rapidly converging. In the past, OT has assumed on proprietary networks and air gapped systems were sufficient security measures. However, with the rise in targeted attacks on ICS environments and safety system controllers, it is more important than ever to incorporate PLC/SIS controller security solutions into your ICS defense in depth strategy. Vendors are beginning to provide better device level security solutions, but are you properly leveraging and deploying the available technology to meet your security needs? Watch the full presentation on the Cybersecurity Knowledge Center.




Using Bowtie to Graphically Visualize CyberPHA Results*


Preview: To assess the Cyber Risk to an industrial facility, a proven methodology called Cyber PHA has been developed and applied to conduct ICS cyber risk assessments throughout process industries. The results from a Cyber PHA provides valuable information such as the highest risk scenarios and practical solutions to mitigate the risk, however, the tabular format of this information may be difficult for leadership to interpret. A graphical depiction of the high-risk scenarios that shows the pathways from cause to consequence enables easier understanding of the Cyber PHA results.

Please join us for this webcast where we will describe the Bowtie methodology with examples to show the power of graphically portraying the range of causes and consequences of a cyber event. We will also demonstrate how to visualize “before and after” – the progression of a cyber event without countermeasures in place, and the same scenario shown with barriers. Watch the full presentation on the Cybersecurity Knowledge Center.




Discovering Vulnerabilities on Window based IC Workstations


Preview: This webinar will focus on tools and techniques to discover security vulnerabilities in Windows-based ICS workstations and servers (e.g. engineering workstations, operator stations, application servers, tag servers, etc.). The webinar will also address different types of applications used for the discovery of Settings, Services, Network Interfaces, Portable Media, Peripherals, and Application Inventory as well as Patch Levels to determine possible vulnerabilities and security risks. To round the discussion out the team will show reports from a specific tool that delivers ICS Workstations information for analysis to determine vulnerabilities. The discussion will conclude on the topic of vulnerability management and how the ability to discover and manage vulnerabilities is essential, as part of a defense in depth strategy and gain visibility to known vulnerabilities within ICS workstations. Watch the full presentation on the Cybersecurity Knowledge Center.




Cybersecurity Challenges in the Water and Wastewater Industry


Preview: There is a renewed focus on securing the nation’s water and wastewater critical infrastructure from a potential cyber-attack due to heightened awareness from cybersecurity incidents impacting industrial control systems (ICS). Several published standards, guidance, and best practices are available for this industry sector, but the community still lacks a cohesive and consistent approach to ICS cybersecurity. Adherence to standards, such as IEC 62443, raise many questions about roles and responsibilities and application requirements. Our presentation will highlight some of these major challenges facing the water and wastewater industries in developing good cybersecurity policies and practices.    This webinar will break down some of the different standards guiding this industry sector and how to apply them in a manner consistent with the goals and objectives of the utility.  We will discuss various assessment methodologies including gap analysis, maturity models, Security Levels, and risk analysis in the context of a typical water and wastewater plant cybersecurity lifecycle. Watch the full presentation on the Cybersecurity Knowledge Center.





* Videos marked with an asterisk require either a Partner or Premium membership to aeSolutions' Cybersecurity Knowledge Center (CKC).  Click the login button at the top right or you can click the Buy button and enter your membership credentials there for access. 

Introduction to aeSolutions’ ICS Cybersecurity Knowledge Center (CKC)

 

Current aeSolutions cybersecurity clients may request complementary Partner access at info@aesolns.com.

info@aesolns.com

United States

864-676-0600

Greenville, South Carolina
Corporate Headquarters

  • LinkedIn
  • Twitter
  • YouTube
  • Facebook

Contact Us