Publications
Control systems field equipment forensics : what happened to my PLC and how do I fix it?
The outline for the presentation is: (1) Advance preparation - (a) Think about attacks before they happen, (b) Configuration Management, (c) Backups, (d) Off-site storage, (e) Design and build for resiliency, (f) Training operators to detect attack; (2) Detection - (a) How do I know I've been attacked, (b) The front-line detection system - operators; (3) Triage - (a) Working through the attack, (b) Law enforcement or business continuity, (c) Deciding what to fix first; (4) Field Equipment Forensics - (a) Engineering Workstation, (b) Projects/Configurations/Programs; and (5) Conclusion and Discussion. Red teaming works for supply chain - Finds the worst attacks across multiple dimensions, Shows where to best expend resources to reduce risk, and Provides positive control of potentially negative activities.