Control System Security Researchers Adam Crain and Chris Sistrunk to Unveil New Aegis Fuzzing Framework at the SANS ICS Security Summit and Training Event in Orlando
BETHESDA, Md., Dec. 19, 2013 /PRNewswire-USNewswire/ -- The SANS Institute announced today the addition of two presenters at the upcoming 9th Annual Industrial Control System (ICS) Security Summit and Training, ICS control system security researchers Adam Crain, founder of Automatak and Chris Sistrunk, independent researcher. Crain and Sistrunk will unveil the new Aegis fuzzing framework at the summit. Attendees will also hear firsthand the current status of Project Robus, an ongoing search for vulnerabilities in ICS protocols, including pre-recorded fuzzing demonstrations conducted by Crain and Sistrunk which now have patches.
"Cyber security threats continue to increase in both frequency and sophistication. To protect our country's critical infrastructure against these threats, the ICS industry needs to take responsibility for its own testing practices," said Crain. "Software security needs to be a continuous part of the development process, not just a check box during final quality assurance. Providing software engineers with open examples that they can modify and improve will enable the kind of white-box testing this industry sorely needs."
Summit speakers will discuss how system owners can address the vulnerabilities being uncovered as the industry takes greater steps to enhance the security of critical industrial technology. In addition to the unveiling of the Aegis framework and related discussions, Security Summit attendees can look forward to the following events:
Kyle Wilhoit, Threat Researcher at Trend Micro, will demonstrate attackers in progress as they infiltrate perceived sensitive data. Wilhoit will also discuss how he geo-located these individuals, and tracked their movements, operations, and attacks. He will also share, for the first time, new statistics and never seen before ICS attack details.
This year's summit will take a technical deep dive with hard-hitting program talks and hands-on ICS challenges and hacking stations. Included among the talks is the next installment of the highly popular "Exposure to Closure - Act I" presentation which debuted at last year's Summit, From Exposure to Closure/ACT III the Next Frontier, NERC.
The 9th Annual ICS Security Summit will be held in Orlando, Florida on March 17-18, 2014, with in-depth, hands-on technical courses on March 12-16. The Security Summit brings together program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security.
Attendees will learn about new tools and techniques, which they can put to work immediately when they return to their office. Security Summit attendees are also invited to attend technical courses led by the top ICS/SCADA experts that will provide a deep dive into how to combat advanced persistent threats. For a complete listing of summit presenters or to register for the event, please visit: http://www.sans.org/info/146590
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)
SOURCE SANS Institute