“Race-to-the-Bottom”: Evolution of the ICS Threat Landscape

Industrial Control Systems (ICS) threat landscape has changed dramatically over the past few years. New threats have emerged to challenge the shock created by Stuxnet. This talk will present the evolution of the ICS exploits and tactics to picture ongoing „race-to-the-bottom“ situation between ICS threat actors and defenders. Special attention will be given to the relationship between security and safety, and how current cyber threats may undermine traditional safety design decisions. The discussion will “descend” all the way to the physical process, showing that cyber-physical systems cannot be secured only by the means of canonical IT security approaches. Physical world can be exploited by unconventional methods and therefore needs to be taken into consideration when securing ICS. 


Marina Krotofil is a Principal Analyst at FireEye (USA). Previously she worked as a Lead Cyber Security Researcher at Honeywell (USA), a Senior Security Consultant at the European Network for Cyber Security (The Netherlands) and as a Research Assistant at Hamburg University of Technology (Germany). She spent almost a decade on discovering unique attack vectors, engineering damage scenarios and understanding attacker techniques when exploiting industrial control systems. In 2017, Ms. Krotofil was involved in investigation of both publicly known ICS attacks associated with the Industroyer and Triton attack frameworks. She authored more than a dozen academic and white papers on industrial security and is a frequent speaker at leading security events around the world (4xBlack Hat, DefCon, CCC, 3xSAS, HITB, Zero Nights, etc.). Ms. Krotofil holds a MBA in Technology Management, M.Sc. in Telecommunication and M.Sc. in Information and Communication Systems.