This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec DC 2012/Vulnerabilities in Industrial Control Systems"

From OWASP
Jump to: navigation, search
(added Kevin Hemsley bio)
Line 2: Line 2:
 
__NOTOC__
 
__NOTOC__
 
== The Presentation  ==
 
== The Presentation  ==
[[Image:Owasp_logo_normal.jpg|right]]In 2011 ICS-CERT experienced a dramatic increase in reported disclosures of vulnerabilities in industrial control system (ICS) products. Security researchers (white, gray, and black hats) across the globe are increasing their research in the ICS product arena and the potential impact to critical infrastructure. Coordinated vulnerability disclosures of control system products are increasing rapidly, but so are the instances of unanticipated or full disclosures.
+
In 2011 ICS-CERT experienced a dramatic increase in reported disclosures of vulnerabilities in industrial control system (ICS) products. Security researchers (white, gray, and black hats) across the globe are increasing their research in the ICS product arena and the potential impact to critical infrastructure. Coordinated vulnerability disclosures of control system products are increasing rapidly, but so are the instances of unanticipated or full disclosures.
 
<br>
 
<br>
 
The once obscure world of ICS security is now a hot topic in the media and around the water cooler. This presentation will discuss the daunting trends in the disclosure of ICS product vulnerabilities, who is disclosing new vulnerabilities, and the coordination process used by ICS-CERT. We will also discuss what concerning trends ICS-CERT is seeing, including recent hacktivist and anarchist group activity.
 
The once obscure world of ICS security is now a hot topic in the media and around the water cooler. This presentation will discuss the daunting trends in the disclosure of ICS product vulnerabilities, who is disclosing new vulnerabilities, and the coordination process used by ICS-CERT. We will also discuss what concerning trends ICS-CERT is seeing, including recent hacktivist and anarchist group activity.
 
== The Speakers  ==
 
== The Speakers  ==
Kevin Hemsly
+
<table>
 
+
<tr>
Kevin Hemsley is the Vulnerability Handling Lead for the US Department of Homeland Security's Industrial Control System Cyber Emergency Response Team (ICS-CERT). ICS-CERT provides a control system security focus to improve the cyber security posture and assist owners and operators of US critical infrastructure assets. Kevin leads the ICS-CERT Vulnerability Handling team that works with independent security researchers and control system vendors from around the world to identify and mitigate vulnerabilities in control system products. Kevin has more than 20 years experience in cyber security ranging from network security to control system and SCADA security.
+
<td>
 
+
===Kevin Hemsley===
 +
[[Image:Owasp_logo_normal.jpg|left]]Mr. Kevin Hemsley is a Senior Critical Infrastructure Security Analyst and Vulnerability Handler within the Industrial Control Systems - Cyber Emergency Response Team (ICS-CERT). In this role, he provides all-source research, analysis, and reporting on all aspects of threats affecting domestic critical infrastructure protection, computer network operations, and industrial control systems.
 +
</td>
 +
</tr>
 +
</table>
 
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>
 
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>

Revision as of 00:59, 12 March 2012

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

In 2011 ICS-CERT experienced a dramatic increase in reported disclosures of vulnerabilities in industrial control system (ICS) products. Security researchers (white, gray, and black hats) across the globe are increasing their research in the ICS product arena and the potential impact to critical infrastructure. Coordinated vulnerability disclosures of control system products are increasing rapidly, but so are the instances of unanticipated or full disclosures.
The once obscure world of ICS security is now a hot topic in the media and around the water cooler. This presentation will discuss the daunting trends in the disclosure of ICS product vulnerabilities, who is disclosing new vulnerabilities, and the coordination process used by ICS-CERT. We will also discuss what concerning trends ICS-CERT is seeing, including recent hacktivist and anarchist group activity.

The Speakers

Kevin Hemsley

Owasp logo normal.jpg
Mr. Kevin Hemsley is a Senior Critical Infrastructure Security Analyst and Vulnerability Handler within the Industrial Control Systems - Cyber Emergency Response Team (ICS-CERT). In this role, he provides all-source research, analysis, and reporting on all aspects of threats affecting domestic critical infrastructure protection, computer network operations, and industrial control systems.

Gold Sponsors

 Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

 SPL-LOGO-MED.png

Small Business

 AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

 link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_AppSec_DC_2012/Vulnerabilities_in_Industrial_Control_Systems&oldid=125999"