REGISTER NOW: Sponsors Exhibitors Attendees

Technical Track Day 2

June 7, 2017

 

1:30 pm - 2:00 pm

“Threat to IoT”

Ken Modeste
Global Principal Engineer, Underwriters Laboratories

Abstract:

Cybersecurity is a great enabler for IoT and can help industry advance innovation. However, with most great enablers in technology, there are gaps on the way industry can utilize these enablers safely and securely. This presentation will cover what are the cybersecurity risks that the use of IoT may involve and some of the common mechanisms that should be addressed to manage and mitigate those risks.

 

2:00 pm - 2:30 pm

Technical Track

Ballroom 2 & 3

 “Software Supply Chain Management:  Reducing Attack Vectors and Enabling Cybersecurity Assurance”

Joe Jarzombek
Global Manager, SYNOPSYS

Abstract:

As the cyber threat landscape evolves and as software dependencies grow more complex, understanding and managing risk in the software supply chain is more critical than ever, and it must focus on the entire lifecycle that includes development, acquisition, and DevOps. This is particularly significant for network-connectable medical devices.  The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors.  With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine ‘fitness for use’ and trustworthiness in terms of quality, security, and safety. Application weakness and vulnerability correlation and management should leverage automated means for detecting threat indicators, weaknesses, vulnerabilities, and exploits. Using standards-based automation also enables the exchange of information internally and externally with vendors in the global supply chain for IoT/ICT products. Addressing supply chain dependencies throughout the lifecycle enables enterprises to harden their attack surface by: comprehensively identifying exploit targets; understanding how assets are attacked, and providing more responsive course of action mitigations. Independent testing and certification can also be used as a means that organizations can use to reduce risk exposures attributable to exploitable software. One such program that will be discussed for network-connectable technologies is the Underwriters Labs Cybersecurity Assurance Program.

 

2:30 pm - 3:00 pm

Technical Track

Ballroom 2 & 3

“IoT Vulnerability Demo”

Jeremy Conway
Chief Technology Officer, MAD Security

Scott Busby
Security Engineer, MAD Security

Abstract:

MAD Security has seen a substantial uptick in the number of IoT devices residing within enterprise technology infrastructures.  These devices present an often unhardened and ripe attack surface to malicious actors that is not well understood or documented by the enterprise.  During this presentation, we will attempt to keep the slide show pain to a minimum by demonstrating some of our recent vulnerability and exploitation research for these IoT devices.

 

3:30 pm - 4:00 pm

Technical Track

Ballroom 5

“Smart Phones ‘weaponized’”

Wayne Burke
CSO, Sequrit CSI

Wayne will demonstrate the latest mobile hacking techniques, tools and tips for custom building mobile hardware devices.

Technical Track

Ballroom 2 & 3

“An Insider’s Guide to Car Hacking”

Michael Schroeder
Security Analyst, Booz Allen Hamilton

Abstract:

Car hacking has gotten a lot of attention over the last couple of years with media reports showing everything from windows being rolled down and doors being unlocked to reports that show cars being driven off the road.  But how do they do it?  How does someone go about hacking a car?  And how real is the threat?  In this talk, we’ll explore these questions and enter the world of car hacking.  We’ll discuss in-vehicle networks and the types of bus protocols that are used within your car.  We’ll explore the attack surface of the modern vehicle and look at the history of car hacking.  Finally, we’ll walk through the process and the work required to take control of a connected vehicle.

 

4:00 pm - 4:30 pm

Technical Track

Ballroom 2 & 3

“Medical Device Security”

Rob Ferrill
CISO, UAB Health System

Abstract:

Challenges

  • Asset management
  • Updates from vendors on vulnerabilities
  • Vendors historically not very focused on security risks
  • Getting vendors to assess the risks around their devices
  • Getting vendors to manufacture devices that can be updated without chip replacement
  • Vulnerability testing of production devices not favorable
  • Wireless devices present challenges with roaming (can’t create VLAN), mixes risk
  • InfoSec needs more involvement in procurement process
  • Lack of one-stop-shop for updates on vendors releasing patches

Solutions

  • Defense in depth – castle strategy
  • Wireless tracking – WiFi tags on devices with triangulation (webapp using Blink protocol)
  • Segmentation – keep devices off main network segments
  • Passive vulnerability scanning
  • Develop standards
 

4:30 pm - 5:00 pm

Technical Track

Ballroom 2 & 3

“Red Teaming: The Physical Intrusion of IoT (ICS/SCADA)”

Brandon Rozario
Founder/President, Red Strategies

Abstract:

What does Red Teaming look like when it’s conducted in your work spaces, desk drawers, assembly lines and data centers?  We will explore the historic use of Red Teams in the physical domain and the correlation to successful organizations that are a result. The IoT is creating an unprecedented attack surface shining a security spot light on procedures and personnel that had previously been dark.  We’ll give real world examples, demonstrating the vulnerabilities that are created and provide practical low cost means to mitigate these risks. There are two distinct problems to be addressed:  Create an environment where cyber and physical defenders are working toward the same goal and prevent leadership from undermining a well-established security environment.

Event Tracks for Day 2

Be Sure to Visit Our Amazing Sponsors!

Booz Allen Hamilton
All Points
Dynetics

Brought to You By...