OT:ICEFALL – How to Tackle a Decade of Insecure-by-Design Practices in OT

Logo
Presented by

Daniel Dos Santos, Head of Security Research, Vedere Labs

About this talk

Forescout's Vedere Labs announced on June 21 the disclosure of "OT:ICEFALL": 56 vulnerabilities related to insecure-by-design functions affecting devices from 10 major operational technology (OT) manufacturers. Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts. The products affected by OT:ICEFALL are known to be prevalent in industries that are the backbone of critical infrastructure such as oil and gas, power generation and distribution, manufacturing, water treatment and distribution, and building automation. Many of these products are sold as “secure by design” or have been certified with OT security standards. Tune in to understand: • Why the lack of basic security controls, which has been exploited in the past by real-world malware, is the biggest issue facing OT security • The impact of OT:ICEFALL on OT certification, risk management, supply chains and offensive capabilities • Strategies and actions that asset owners should take to mitigate risk

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (141)
Subscribers (15573)
Forescout Technologies is the leader in device visibility and control. Our unified security platform enables enterprises and government agencies to gain complete situational awareness of their extended enterprise environments and orchestrate actions to reduce cyber and operational risk. Learn more about our products, hear about new cybersecurity trends and see how Forescout helps you address these.