Kevin Hemsley is the Vulnerability Handling Lead for the US Department of Homeland Security’s Industrial Control System Cyber Emergency Response Team (ICS-CERT). ICS-CERT provides a control system security focus to improve the cyber security posture and assist owners and operators of US critical infrastructure assets. Kevin leads the ICS-CERT Vulnerability Handling team that works with independent security researchers and control system vendors from around the world to identify and mitigate vulnerabilities in control system products. Kevin has more than 20 years experience in cyber security ranging from network security to control system and SCADA security.
Vulnerabilities in Industrial Control Systems
In 2011 ICS-CERT experienced a dramatic increase in reported disclosures of vulnerabilities in industrial control system (ICS) products. Security researchers (white, gray, and black hats) across the globe are increasing their research in the ICS product arena and the potential impact to critical infrastructure. Coordinated vulnerability disclosures of control system products are increasing rapidly, but so are the instances of unanticipated or full disclosures.
The once obscure world of ICS security is now a hot topic in the media and around the water cooler. This presentation will discuss the daunting trends in the disclosure of ICS product vulnerabilities, who is disclosing new vulnerabilities, and the coordination process used by ICS-CERT. We will also discuss what concerning trends ICS-CERT is seeing, including recent hacktivist and anarchist group activity.