This event has ended. Visit the official site or create your own event on Sched.
This is the AGENDA FOR 2022 -- Please visit the main website for the latest conference information. 
Back To Schedule
Tuesday, October 25 • 11:30am - 12:00pm
Framework for Potential OT Cyberattack Scenarios

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

One of the biggest challenges for operational technology (OT) system cyber defenders is the lack of open-source information on cyber incidents impacting sector industrial control systems (ICS), systems putting defenders at a knowledge disadvantage. Understanding potential threats to the overall organization and critical infrastructure is crucial to preventing and responding to incidents.  

Credible failure scenarios can be used to augment the available incident information with a focus on attacks that can cause a physical impact on control systems resulting in the loss of availability, equipment damage, human causalities, loss of revenue etc. EPRI and MITRE will present a Framework for the Use of Potential Cyber Attack Scenarios to Guide Incident Response. The framework makes use of potential cyberattack scenarios to guide incident response that includes analyzing potential failure scenarios, defining associated cyber-attack TTPs using the ATT&CK framework, identifying required data sources, defining representative analytics for detection, identifying potential incident response actions and identifying potential mitigations. The results of failure scenario analysis from a cyber adversary perspective have broad application to ICS environments providing valuable data to enable detection and response to significant cyber attack TTP. Performing trend analysis across scenarios provides additional and significant benefits to include the identification of common adversary TTPs that will aid in prioritizing mitigations. EPRI and MITRE will present on this Framework in the context of energy sector scenarios.

avatar for Adam Hahn

Adam Hahn

Lead Critical Infrastructure Security Engineer, MITRE
Adam Hahn is a Principal Critical Infrastructure Security Engineer at The MITRE Corporation where he supports ATT&CK for ICS development, along with numerous research projects funded by DOE, EPRI, and DHS. Previously he was an assistant professor in the Department of Electrical Engineering... Read More →
avatar for Ben Sooter

Ben Sooter

Program Manager – Cyber Security, Electric Power Research Institute
Ben has 16 years of experience at EPRI and has been with the cyber security team since 2016. He has led the development of our cyber security research lab in Knoxville along with many technical projects related to Threat Management, Threat Hunting, Access Management, Threat Intelligence... Read More →

Tuesday October 25, 2022 11:30am - 12:00pm EDT
Windsor Ballroom