Speaker Daniel Paillet,
Designation: Cybersecurity Lead Architect at Schneider Electric
Topic: Threat Modeling for Industrial Control Systems and IoT
Date of Webinar: 15th Oct, 2020
Time and Location: 09:00 am CDT/ 07:30 pm IST/ 03:00 pm BST
Daniel Paillet is currently Cybersecurity Lead Architect within the Schneider Electric, Energy Management Business Unit. He has written white papers and is published in Industrial Control System trade magazines focusing on cybersecurity and has spoken and presented at various Industrial Control System Security conferences.
His background includes working in the US Department of Defense on various security projects, Operational Technology, Retail, Banking, and Point-of-Sale. He holds the CISSP, CCSK, CEH and other agnostic and vendor-specific certifications. His current role is to architect, improve, and develop secure solutions and offerings within Schneider Electric.
Topic Abstract:
The goal of cybersecurity is to protect networks and systems from potential attacks that cause harm to an organization. ICS Security, also known as OT (Operational Technology), differs from IT Networks in that IT relies on the triad tenant of Confidentiality, Integrity, and Availability. The ICS triad is concerned with the Safety of ICS systems in which Integrity and Availability are encapsulated within Safety, followed by Confidentiality. Safety is of paramount importance in ICS networks, on which our modern society relies upon for electrical distribution, water, manufacturing, and other critical services.
ICS threat modeling focuses on this ICS paradigm, thereby securing systems from an attacker getting into a process that controls critical systems with the potential of causing a catastrophic event. In this presentation, we will look at threat modeling from an ICS perspective leveraging cybersecurity best practices, risk analysis, and looking at threat modeling the Industrial Internet of Things sending information to the cloud while protecting data privacy.
Key Takeaways:
- Understanding Risk Management and Threat Analysis
- Threat Analysis based on STRIDE vs. Cyber Kill Chain Methodology
- How to perform threat modeling
- Assessing Risk from Threat Model results
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)