A Bridge to Secure by Design for OT

The current state of critical infrastructure is a collection of legacy infrastructure integrated together over decades. This status quo makes the role of a defender disproportionally difficult. The alternative is Secure by Design, a Cybersecurity and Infrastructure Security Agency (CISA) intiative to push for manufacturers to eliminate classes of vulnerabilities from their products. Secure products, […]

Turning backups into gold: Backup Alchemy for OT

This talk is a collaboration between Fox-IT and Airbus. Airbus has recently released The BackupAlchemy Tool (T-BAT), their open-source tool for turning backups into a gold mine of information. With T-BAT, Airbus has been able to provide insight into their Operational Technology (OT) environments in ways that were previously not possible, solving not just cybersecurity […]

Attacking OT Without Specialized Knowledge: a New Threat

Due to the unique characteristics of Operational Technology (OT), i.e., technology centered around cyber-physical activities, performing OT-related cyber-attacks is traditionally thought to require both specialized- and generic IT-related knowledge. However, in recent years, the need for specialized knowledge decreased, and OT-related cyber-attacks became increasingly easier to perform. During this presentation, I profile a new threat […]

The truth lies in the packet – OT Network Monitoring

Systems for attack detection are mandatory in Germany with no distinction between IT and OT. We evaluated more than 20 industrial networks with the open source framework malcolm. This talk will show you good practices and what we learned during our site visits.