Kaspersky’s seventh international conference dedicated to industrial cybersecurity took place on September 18–20 in Sochi, Russia. The conference has established itself as one of the main events of the year among industrial security system experts, industrial enterprise specialists and managers.
This year the conference brought together more than 300 participants from 20 countries around the world, including Russia, Germany, the US, China, Austria, Italy, Spain, France, Saudi Arabia, the UAE, India, Turkey, Singapore and Japan.
Among them were representatives of industrial enterprises and companies – developers of information security products, manufacturers of industrial equipment and automation facilities, such as Siemens, Schneider Electric, Moxa and others, employees and professors from universities and research institutions (Clemson University (US), Singapore University of Technology and Design). The conference was also attended by specialists from the .
ICL and ARinteg acted as the conference’s gold partners.
The conference’s agenda included talks and presentations delivered by 38 speakers, as well as demos of new products and technological innovations in the industry.
The conference featured presentations by internationally renowned cybersecurity experts, including Eugene Kaspersky, Dale Peterson (Digital Bond), Patrick Miller (Archer International), Stephan Gerling (ROSEN Technology & Research Center GmbH), Eduardo Honorato (Munio Security), Susana Asensio (Industrial Cybersecurity Center), Marina Krotofil and others.
Kaspersky ICS CERT’s contribution to the conference included several reports.
Vladimir Dashchenko, Vulnerability Research Group Manager at Kaspersky ICS CERT, delivered a talk in the business stage of the conference on the problems surrounding Bug Bounty programs for industrial automation systems.
Ekaterina Rudina, System Analyst Team Lead, talked about the use of the industrial IoT cybersecurity maturity model that was developed within the framework of the Industrial Internet Consortium.
Kaspersky ICS CERT security researcher Alexander Nochvai in his report on CoDeSys Runtime security research not only demonstrated the vulnerabilities detected during the research but also spoke about the fundamental problems of information security when using OEM products and technologies in general.
Artem Zinenko, senior researcher and developer at Kaspersky ICS CERT, analyzed the main public sources of information about vulnerabilities in industrial automation systems. The main conclusion of his presentation was that none of the existing public databases of vulnerabilities fully meets the security needs of industrial objects.
Kaspersky ICS Vulnerabilities Database, a new service for reporting vulnerabilities in industrial automation systems, was announced at the conference as one of the solutions to this problem. It will provide access to a constantly updated database of vulnerabilities in automated control systems and industrial IoT devices, as well as the rules and algorithms necessary to detect potential attacks that could exploit them.
In addition, Kirill Kruglov, senior researcher and developer at Kaspersky ICS CERT, spoke about the threat landscape for industrial automation systems in smart buildings and smart cities in H1 2019.
There were stands at the conference’s technological exhibition demonstrating the work of ICS security solutions. They gave conference participants the opportunity to get acquainted with the products and technologies of Kaspersky as well as Jet Infosystems, Fortinet, MOXA, ICL System Technologies and PcVue Inc.
“Information on the real situation – problems, attacks, incidents and practical experience of protection – is vital to ensure the best, most informed decisions are made for the safety of industrial enterprises. Unfortunately, many currently lack this information in industry. The main purpose of our conference is to solve this problem. Every year it goes from strength to strength,” said Evgeny Goncharov, Head of Kaspersky ICS CERT.
All the conference content and materials will be made available on the official website.
The conference is held each year. Stay tuned so you don’t miss your chance of participating next year.