Date
Tuesday, September 10, 2024
Time
9:15 AM - 9:45 AM
Location Name
M105/106
Name
“What Every Water Utility Should Know About CyberSecurity” – Minutes Matter, Seconds Count
Track
Safety & Security
Description

This year, high-profile cybersecurity attacks against critical infrastructure, private companies, and municipalities have been grabbing headlines on a regular basis. Specifically, ransomware attacks have become an increasingly serious threat, with some demands reaching tens of millions of dollars. And the attacks have become more sophisticated, with threat actors seizing sensitive company data and holding it hostage for payment. Who’s behind the recent surge in attacks? And how should utilities respond to this increased threat. We will discuss the global threat landscape and how ransomware attacks have evolved, what can be learned from those attacks and what actions utilities can take now to protect themselves. Additionally, a detailed explanation of next-generation OT networks and describe why traditional network isolation cyber defenses are no longer adequate for these mission-critical environments. We will offer a detailed cyber strategy and architecture to protect these networks’ enhanced capabilities, along with common pitfalls and lessons learned. It is no surprise – Industrial Control Systems (ICS) are in the crosshairs of opposing nations and criminal organizations. Semiconductor Manufacturing Enterprises specifically need a heightened awareness due to their key role in the global supply chain. In addition to known bad actors, the modern fab is connecting to the outside world at an exponential pace and with greater connectivity comes greater security risk. Even well-intentioned actions can mistakenly impact network availability, interrupt operations, and halt productivity. Semiconductor Organizations need a– including (but not limited to): • Asset Inventory / Installed Base Identification • Vulnerability & Risk Analysis • Qualified Patch Management • Cybersecurity Policy Development • Endpoint Protection • Perimeter Hardening (IDMZ) & Microsegmentation Deployment • Zero-trust & Secure Remote Access • Real-time Threat Detection • Disaster Recovery Planning & Incident Response The best approach is risk-based in alignment with industry best practices (i.e. SEMI E187/8/x, NIST SP 800-82, ISA/IEC 62443, ISO 27001, etc.) with complete organizational adoption. Unfortunately, even the most sophisticated organizations can’t manage all aspects of IT/OT cybersecurity alone – you need an ecosystem of trusted experts and partners by your side to extend your protection against next-gen security threats. to secure modern fab equipment – Computer OS Security, Network Security, Endpoint Protection, and continuous Security Monitoring. We will also review the emerging Managed Security Services leading the industry in data-driven cyber protection and response so that you can have confidence running a world-class ICS cybersecurity program.