Welcome to the Interactive Agenda for SecurityWeek’s 2020 ICS Cyber Security Conference! (View the full conference website and register for the conference here)

Back To Schedule
Monday, October 19 • 12:00pm - 12:45pm
Using Attack Path Mapping to Reduce Risk and Cost in ICS Environments (F-Secure)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Attack Path Mapping (APM) is an innovative approach that some companies have found to be a pragmatic way to reduce cyber risk quickly and cost-effectively. APM focuses on the attack paths that real-life attackers are most likely to use, and then identifying how those attack paths can be better controlled or closed altogether.
Conventional approaches such as penetration testing and red teaming, while valuable, can be of limited usefulness to companies seeking to reduce cyber risk. This is particularly true in Operational Technology (OT) and Industrial Control System (ICS) environments where conventional approaches sometimes yield ever-growing lists of technical vulnerabilities which are difficult or impossible to fix.

For example: Attackers are likely to try and compromise the corporate network as a precursor to 'jumping the air-gap' to reach ICS systems. Understanding how they would do that, and strengthening the controls needed to frustrate those attack paths, can often be achieved much more quickly and cost-effectively than seeking to upgrade the ICS environment itself.

This talk will present recent APM case studies in energy CNI organizations, illustrating how cyber risk was reduced in this way and demonstrating how this approach can be of benefit to Incident Readiness and Response within CNI organizations. Attendees will gain a practical understanding of how this approach can be applied in their own organizations, and an appreciation of where APM is - and is not - likely to be helpful.

Sponsored by: F-Secure

avatar for Sean Raffetto

Sean Raffetto

Strategic Business Manager, F-Secure
Sean Raffetto is responsible for strategic business growth in North America for F-Secure Consulting. With almost a decade of experience working with enterprise level solutions, Sean specializes in implementing cyber defense programs across finance, industry and critical national infrastructure. Sean... Read More →

Monday October 19, 2020 12:00pm - 12:45pm EDT
Main Stage