BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Attack and Defence in OT - Simulating attacks agains
 t\n   hydroelectric power plants leveraging ICS Firing Ranges\n   When: Fr
 iday\, Aug 9\, 10:30 - 10:59 PDT\n   Where: LVCC West/Floor 1/Hall 3/Creat
 or Stage 2 - [1]Map\n\n   Description:\n\n   In this talk we will present 
 the ICS firing range we built and hacked\n   to simulate an actual attack 
 against a hydroelectric power plant and\n   create a DFIR training from th
 e evidence left behind. The talk aims to\n   emphasize the importance of a
 ttack simulation in the context of\n   critical infrastructure and the pot
 ential benefit that firing ranges\n   can provide to such assessments.\n\n
    First we will examine the motivation behind the construction and usage\
 n   of a firing range\, covering various aspects including: - the threats\
 n   operators of critical infrastructure face\, - how security assessments
 \n   are conducted in an OT context and - how an ICS firing range can be\n
    utilized to support them.\n\n   Next we will discuss the intended use c
 ases of the firing range and\n   the scenario it was made to display\, the
  flooding of a hydroelectric\n   power plant. As a result\, the relevant c
 omponents and production\n   processes of the plant will be outlined. Then
  we will present and go\n   into detail about the design & architecture of
  the firing range: -\n   individual physical and virtual networks and comp
 onents\, - separate\n   Active Directory environments\, - implemented secu
 rity measures -\n   specific vulnerabilities intentionally left behind.\n\
 n   Picking up this last bullet-point\, we continue with how we hacked the
 \n   firing range and performed a Red Team assessment against it\,\n   sim
 ulating an actual attack. Starting with the C2 infrastructure we\n   set u
 p for the attack\, we will guide the audience through the kill\n   chain i
 n chronological order and highlight the most important and\n   relevant st
 eps of the attack.\n\n   Once the offensive part of the talk concludes\, a
  shift of perspective\n   takes place and the attack is evaluated from the
  defence's\n   point-of-view: we'll show how we identified\, secured and a
 nalyzed\n   indicators of compromise left behind by the attack. This inclu
 des the\n   analysis of network captures\, Windows event logs\, memory dum
 ps and\n   more.\n\n   This talk will be presented by not only people from
  NVISO as the IT\n   security service provider who built the firing range 
 and performed to\n   attack against it\, but also by people from VERBUND's
  IT security team\n   who actively use the firing range for training. This
  way we can\n   involve both the attacker's and the defence's point-of-vie
 w.\n\n   Speakers:Julia Dewitz-Würzelberger\,Bernhard Sedlmayer\,Sarah Ma
 der\n\n   SpeakerBio:  Julia Dewitz-Würzelberger\, Project Manager\, OT C
 yber\n   Security at VERBUND\n\n   Julia Dewitz-Würzelberger is a project
  manager in the area of OT\n   cyber security at VERBUND\, Austria's large
 st energy supplier. Since\n   2023\, she has been Head of the OT Cyber Sec
 urity Lab\, where she\n   designs and implements concepts for innovative O
 T projects.\n\n   Her projects cover a broad spectrum\, ranging from creat
 ing deception\n   technology systems and the emulation of OT components to
  the operation\n   of a quantum cryptography test setup.\n\n   As she can 
 be interested in almost anything\, she also completed a\n   degree in anth
 ropology and educational science before moving into\n   IT/OT security.\n\
 n   SpeakerBio:  Bernhard Sedlmayer\n\n   Bernhard Sedlmayer is a Security
  Engineer and Lego enthusiast. He is\n   responsible for the OT security o
 f the ICS/SCADA Systems at Austria's\n   largest electricity provider with
  around 130 hydropower plants. He has\n   20 years of experience in the en
 ergy supply industry and supports many\n   innovative and fundamental proj
 ects in operational technology as an OT\n   security specialist. Red Teami
 ng and pentesting on Windows and Linux\n   Systems is also one part of his
  daily to-do's.\n\n   SpeakerBio:  Sarah Mader\, Senior Consultant at NVIS
 O\n\n   Sarah is a Senior Consultant at NVISO\, with a focus on Red Team\n
    Assessments. Complementing her cybersecurity experience\, she has\n   d
 eveloped proficiency in Operational Technology (OT) assessments and\n   co
 ntinues to specialize further in this area.\n\n   She possesses a Master's
  degree in Applied IT Security\, which has been\n   enriched by her divers
 e experiences in cybersecurity roles across\n   various companies.\n\n   I
 n addition to her professional work\, Sarah is dedicated to\n   contributi
 ng to the community by leading workshops and delivering\n   presentations 
 at industry conferences.\n\n   '\n\n   1. #LVCCW_Level1_Hall3\n\n\n
DTEND:20240809T175900Z
DTSTART:20240809T173000Z
LOCATION:ICSV - LVCC West/Floor 1/Hall 3/Creator Stage 2
SUMMARY:Attack and Defence in OT - Simulating attacks against hydroelectric
  power plants leveraging ICS Firing Ranges
END:VEVENT
END:VCALENDAR