산업시스템(ICS) 위협 환경 및 적극적 방어 전략

  • Wednesday, 12 Oct 2022 9:00AM SST (12 Oct 2022 01:00 UTC)
  • Speaker: Dean Parsons

이번 웹 캐스트에서는 최근 공격 유형들(campaigns)중에서 고급 산업제어시스템 (ICS)을 대상으로 한 적대적 위협 가능성들(adversary threat capabilities)을 심층 분석하여 산업제어시스템(ICS) 환경에서 일어날 수 있는 실질적 위협을 감지하고 발생한 사고에 대응하는 것에 초점을 맞추고 있으며, 산업제어시스템(ICS)의 공격자TTP(Tactics, Techniques and Procedures/전술, 기법 및 절차) 및 효율적이고 경제적인 사전 방어기법들을 소개합니다. 특히, 강사 Dean은 최근 많은 공격에서 활용되고 있는 사이버무기와 기술들이 전술적 산업제어시스템(ICS) 침해사고대응(IR)에서 드러나는 적대적 공격속성(adversary attribution)보다 왜 더 중요한지에 대해 자세히 다룰 예정입니다.

SANS 공인강사인 Dean은 IT 및 보안분야 특히, 통신, 발전, 송전, 배전, 석유 및 가스, 물류저장, 유통과 같은 국가 기간 망과 관련된 산업제어시스템(ICS) 분야에서 20년이상의 경험을 가지고 있는 최고의 사이버 디펜스 전문가이며, 산업시스템 보안의 엠버서더로 활동하며 중요 인프라의 안전, 신뢰성 및 사이버 보호의 중요성을 전파하고 있으며, 학생들에게는 항상 “모든 것은 방어가 가능하다!”를 모토로 교육을 실천하고 있습니다.

Dean은 캐나다 Newfoundland에서 컴퓨터 공학 학사를 취득 후 주요 기간산업에 탑재되는 산업제어시스템(ICS)의 보안 프로그램 설계/구축 및 생산제어 네트워크관련 멀웨어 분석, ICS 디지털포렌식, 융합 IT/OT분야 침해사고대응 및 위협탐지, 발전소, 석유/가스 생산시설, 제조 및 통신 네트워크 분야 보안평가 등 다양한 분야에서 풍부한 실무경험을 바탕으로 현재, SANS의 산업제어시스템 보안과정인 ICS515(ICS Visibility, Detection, and Response)와 새로 신설된 ICS418(ICS Security Essentials for Manager)과정의 공동 저자이기도 하며, SANS GIAC 자문위원회 공식회원이자, GICSP, GRID, GSLC, GCIA 및CISSP등의 많은 글로벌 보안 자격증을 보유한 산업시스템 보안 최고 전문가입니다. (https://www.sans.org/profiles/dean-parsons/)

English

The presentation draws attention to practical threat detection and incident response in industrial control system environments, by dissecting advanced ICS adversary threat capabilities in recent attack campaigns. The focus of the session is on ICS adversary Tactics Techniques and Procedures (TTPs) and how industrial control system security can be proactive, affordable and effective without a massive budget. Dean will illustrate why the cyber weapons and the techniques used in modern attacks may be more important than adversary attribution for tactical ICS incident response and provide practical take-aways for actions in any ICS/OT Critical Infrastructure Sector.

Dean brings over 20 years of technical and management experience to the stage. He has worked in both Information Technology and Industrial Control System (ICS) Cyber Defense in critical infrastructure sectors such as telecommunications, and electricity generation, transmission, distribution, and oil & gas refineries, storage, and distribution. Dean is an ambassador for defending industrial systems and an advocate for the safety, reliability, and cyber protection of critical infrastructure. His mission as an instructor is to empower each of his students, and he earnestly preaches that “Defense is Do-able!” Over the course of his career, Dean’s accomplishments include establishing entire ICS security programs for critical infrastructure sectors, successfully containing and eradicating malware and ransomware infections in electricity generation and manufacturing control networks, performing malware analysis triage and ICS digital forensics, building converged IT/OT incident response and threat hunt teams, and conducting ICS assessments in electric substations, oil and gas refineries, manufacturing, and telecommunications networks. A SANS Certified Instructor, Dean teaches ICS515: ICS Visibility, Detection, and Response and is a co-author of the new SANS Course ICS418: ICS Security Essentials for Managers. Dean is a member of the SANS GIAC Advisory Board and holds many cybersecurity professional certifications including the GICSP, GRID, GSLC, and GCIA, as well as the CISSP®. (https://www.sans.org/profiles/dean-parsons/)

*You can also register to view this webcast recording in English
View English Recording >