RSA Conference 2023 – ICS/OT Cybersecurity Roundup

Hundreds of companies showcased their products and services this week at the 2023 edition of the RSA Conference in San Francisco, including companies providing ICS and other OT cybersecurity solutions.

Over the past days, SecurityWeek published daily digests summarizing some of the announcements made by vendors.

RSA Conference 2023 – Announcements Summary (Day 1)

RSA Conference 2023 – Announcements Summary (Day 2)

RSA Conference 2023 – Announcements Summary (Day 3)

The final roundup for the 2023 RSA Conference focuses on the industrial cybersecurity-related announcements, as well as some of the sessions.

On the first day of the RSA Conference, several cybersecurity companies specializing in ICS/OT announced teaming up to create ETHOS (Emerging THreat Open Sharing), a vendor-agnostic, open source information sharing platform that is designed to serve as an early warning system for critical infrastructure.

ETHOS is a technology platform for sharing threat information anonymously and in real time across various industries. The shared information includes indicators of compromise (IoCs) such as IP addresses, hashes, and domains, which can be useful to defenders for detecting new threats. 

Also on the first day, industrial cybersecurity firm TXOne Networks announced a new portable device designed for OT risk assessments and asset management, helping organizations streamline their auditing process. 

The new product, called Portable Inspector, is a USB drive storing TXOne scanning software. It does not require the installation of any software on analyzed systems. The device is connected to a system and scans it for malware, while also collecting asset data such as Windows update status, computer information, and application lists.

An LED indicator on the USB drive shows whether malware was detected on the system — the LED is blue if no malware was detected, green if malware was detected and cleaned, and red if malware was detected but further action is required. 

Portable Inspector uses TXOne Networks’ new ElementOne management console to provide organizations with detailed asset security overviews.

MITRE announced an OT plugin for the Caldera automated adversary emulation platform, which allows security teams to run exercises that are tailored to operational technology. Organizations can use it to evaluate their cyber defenses against known OT adversaries.

MITRE Caldera for OT provides plugins for blue or red team training, as well as product testing and evaluation. 

Related: Innovation Sandbox: Cybersecurity Investors Pivot to Safeguarding AI Training Models

A new product was also announced by Xage Security, which provides a zero trust security platform for Industrial Internet of Things (IIoT) systems. 

Xage unveiled a new identity and access management (IAM) solution for OT and ICS environments. Xage Multi-layer Identity and Access Management, which complements the company’s other authentication solutions, allows organizations to orchestrate multiple identity providers and AD domains, restrict asset visibility, and enable new authentication methods for users. 

ICS/OT sessions at RSA Conference 2023

The talks related to ICS/OT are available on demand to those who have registered for the RSA Conference.

On the first day, Robert Lee, CEO and co-founder of Dragos, presented a summary of the industrial cybersecurity firm’s latest annual threat landscape report, with some updates since the report was initially published in February. 

Also from Dragos, Chuck Weissenborn had a talk describing a national critical infrastructure cyber incident response plan.

Ulrich Lang and Jason Kramer of ObjectSecurity, which specializes in securing OT/ICS assets and mitigating supply chain risk, described a CWE associated with malicious AI training, and explained the use of automated AI/ML model source code analysis and stopping adversarial AI attacks.

Bill Malik of Trend Micro had a talk on detecting and reacting to supply chain vulnerabilities from a maritime perspective, describing the issues that pose a significant risk to the port and shipping industry. 

Dan Gunter of Insane Forensics and Gabe Weaver from the Idaho National Laboratory had a session on improving OT network and host baselines to secure critical infrastructure. The experts suggested using micro-baselines, which are signatures within operational networks based on observables associated with specific events.

Related: Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms

https://www.securityweek.com/rsa-conference-2023-ics-ot-cybersecurity-roundup/