The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region! This year’s conference will have THREE full days of content, and receptions and networking opportunities. You can register for the conference online to hold a spot.
Wednesday, April 25 • 10:00am - 10:45am
Overcoming the "Evil Twins" Attack: Lessons Learned from Triton/TRISIS

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Inside look at TRITON ICS Malware
Can you imagine what happens when the industrial safety controllers (SIS) at the one of the world’s largest oil company are being hacked? What if hackers could penetrate, take control and/or disable all nuclear plants and other critical infrastructure systems? Damage from the 2017 Triton attack could have reached epic proportions as the first malware of its kind to specifically target industrial safety controllers. Yet, as recent discoveries indicate, the world experienced the first-ever "evil twin" attack on both SIS and Industrial Control Systems (ICS) simultaneously. Learn what steps Schneider is taking to avoid escalation to grave consequences from these types of attacks.

Session Detail

If this was just a PLC then maybe we would not have been quite so enthralled.  In this case it was a triply redundant safety controller whose entire purpose is to protect people, equipment and the environment from disaster.  There is only one reason anyone would want to compromise such a device – to enable serious harm.  Yes, you could imagine that a plant shutdown would cause an economic outcome, but if that was the intent, this could have been accomplished with only a few lines of Python script and the elaborate manipulation of processor memory would have been a total waste of time.  No, the intent was much more than that.  It was a grave one.  
This session will discuss the issues and practical solutions to these three intriguing questions:
  1. What & Why do we need to know about the "Evil Twins" TRITON/TRISIS attack?
  2. Why do we need to change?
  3. Lessons Learned & Solutions

Session Objectives 
  • Bring clarity to the details of this attack
  • Highlight the way the much larger scope behind the Triton/Trisis Attack
  • Discuss how our industry should move forward from this state
There is much still to be said about the Triton attack and practitioners in our industry need to be fully aware of these details if they are to be effective in defending against this type of attack in the critical infrastructure.

avatar for Paul Forney

Paul Forney

Chief Security Architect, Schneider Electric
In supplement to being the Chief Security Architect at Schneider Electric Product Security Office, Mr. Forney is a founding board member of the ISA Security Compliance Institute (ISCI) which develops the conformance specifications to the ISA 99/IEC 62443 ICS cyber security standard... Read More →

Wednesday April 25, 2018 10:00am - 10:45am PDT
Stamford Ballroom