Skip navigation
All People > Bryan Owen > Bryan Owen's Blog > 2018 > August
2018

The Industrial Control Systems Working Group (ICSJWG) is meeting in Cincinnati this week. 

Security conversations with OSIsoft customers, partners and industry subject matter experts have been excellent!  In private we hear many corporations struggling with security programs.  Stories about actual incidents that used to be rare are becoming more common.  To mimic today’s keynote presenter Robert Lee of Dragos Security, threat activity groups targeting industrial networks are real jerks!

 

Rob suggests implementing a solid data collection strategy for your industrial networks.  Also note Microsoft's Jessica Payne published articles about building the attackers playground.  You don’t get to choose if you will get attacked or not but you do have control over the target environment.

 

Given today’s threat landscape patch management is common element of your security program. My presentation at ICSJWG focused on patching from the perspective of our overall ecosystem, standards, regulations, and emerging trends.  There are many pro and con observations about patching ICS, however it seems almost certain the status quo is changing.

You can view the prezi here.  A shameless nudge from INL's Andy Bochman to spark interest.

ICSJWG.png

 

Thanks to those who attended ICSJWG in Cincinnati and the interesting conversations!

Windows Defender is a growing suite of protections from Microsoft.  Some of these protections have changed names to join the Windows Defender family and that can be confusing. 

 

Lenny Zeltser of security firm Minerva recently published this table to untangle Windows Defender protections and their dependencies.

Windows-Defender-Chart.jpg

As you can see the suite offers a depth of modern security protections.  Priority touchpoints with PI System security best practices include:

Windows Defender Firewall with Advanced Security and Windows Defender Application Control (WDAC) 

 

As of 31-Jul-2018, the Microsoft Enhanced Mitigation Toolkit (EMET) which we recommend for hardening PI Processbook environments has reached EoL.

Windows Defender Exploit Guard is the successor to EMET and is available on newer versions of Windows.

 

-Bryan