Learn to Trust Your Insecure ICS Networks – Webcast
Tuesday, May 03, 2016 at 1:00 PM EDT (17:00:00 UTC)
Lisa Lorenzin and David Mattes
Even as ICS security incidents and breaches explode around the world, there are many legacy ICS networks that remain vulnerable to attacks, malware, and other potential security lapses. These legacy networks lack basic security features but may not be replaced for many years. This webinar will explain a relatively simple approach to securing these existing ICS networks using specifications created and vetted by industry experts from the Trusted Computing Group (TCG), working with other industry standards groups on the issue. Attendees will learn how standards-based solutions address the problem of implementing, monitoring, and managing cybersecurity defenses for ICS networks.
The webcast will address how TCG standards support implementation of the ISA/IEC-62443 zone-and-conduit strategy for ICS security. Zones are layers or subdivisions of the logical or physical assets of a control system, based on their control function. Conduits connect the zones, providing a path for data flow, and must be managed to protect network traffic. TCG standards developed by the Trusted Network Communications (TNC) workgroup enable execution of the concepts defined in the ISA/IEC specifications, providing increased security and protection from unauthorized ICS access. Specifically, the Interface for a Metadata Access Point (IF-MAP) Metadata for ICS Security specification facilitates the creation of virtual overlay networks on top of standard shared Internet Protocol (IP) network infrastructure, simplifying deployment, management, and protection of large-scale industrial control systems.
Lisa Lorenzin is a Principal Solutions Architect with Pulse Secure, specializing in secure access and mobility solutions, and co-chair of Trusted Network Communications, a work group of the Trusted Computing Group that defines an open architecture and standards for endpoint compliance and network security. She has worked in a variety of Internet-related roles since 1994, with almost twenty years of focus on network and information security, and is currently concentrating on enterprise security including end-to-end context-based access, network segmentation, security automation, and mobile security.
David Mattes originally founded Asguard Networks in 2012 to create standards-based products that address the challenge of managing connectivity and information security for industrial control systems (ICS). In 2014, he and Jeff Hussey co-founded Tempered Networks based on Asguard Networks’ technology. Prior to Asguard Networks, Mattes spent 13 years in The Boeing Company’s R&D organization. As an Advanced Research Technologist at Boeing, he focused on ICS security issues and solved the challenge of segmenting connectivity for ICS devices into private networks, while ensuring secure connectivity to and through Boeing’s enterprise networks. Mattes was the co-creator and technical and implementation lead on an architecture that not only addressed Boeing’s stringent InfoSec governance and security requirements, but also satisfied the needs of end users. Mattes has patents pending in distributed network configuration and orchestration. He holds an M.S.E.E. degree in electrical engineering from the University of Washington and a B.S. degree in electrical engineering from the University of New Mexico.