AgendaAll Summit Sessions will be held in the Kuskowim East/West (unless noted).

All approved presentations will be available online following the Summit at sans.org/summit-archives/ics

Tuesday, September 11 5:00-5:30 pm Networking Reception (LOCATION: YUKON ROOM)

5:30-5:50 pm What Makes Industrial Control Systems Such Attractive Targets? Based on current trends and recent activity within control system cybersecurity sectors, it

appears that ICS environments are getting a lot of attention. This talk will discuss recent ICS incidents from simple infections to highly targeted, multi-faceted cyber attacks. We will examine the role of malware, real-world incidents, and consider what organizations need to pursue to develop the capabilities required to mount an effective response.

Tim Conway, Certified Instructor, SANS Institute

5:50-6:30 pm Panel: Putting the “Protection” in CIP Standards like NERC CIP have been pursued by the electric sector for over 15 years throughout

North America, yet there seems to be a lack of understanding behind the level of protection achieved by an industry set of baseline standards. This panel discussion will focus on the pros and cons of the dynamic landscape that is impacting our nation’s critical infrastructure/key resource sectors. We will hear from industry experts and their perspectives on regulations, standards, innovative products, and organizational initiatives that are shaping their businesses and operations.

MODERATOR: Tim Conway, Certified Instructor, SANS Institute

PANELISTS: Ed Jenkin, Director of Power Delivery, Matanuska Electric Association

Matt Kosht, Director of Information Technology, ENSTAR Natural Gas Company and SEMCO Energy, Inc. Jeff Myers, Chief Information Officer, Matanuska Electric Association Bob Pickett, Commissioner, Regulatory Commission of Alaska

6:30-6:45 pm Networking Break (LOCATION: YUKON ROOM)

SANS Alaska Summit & TrainingAnchorage, AK | Sept 10-15, 2018

#SANSAlaska

Tuesday, September 11

6:45-7:20 pm Getting Past Checkbox Compliance PCI DSS, HIPAA, Sarbanes-Oxley, FISMA, and other alphabet-soup regulations are all well-

intentioned in their goal of ensuring adequate information security controls, and some are better than others at actually doing that. When auditors show up, they ask for evidence of compliance, and some even do actual testing. At the end of the day, you receive a report with some audit comments and make plans to get them fixed. Everyone breathes a sign of relief and heads home knowing that, once again they’ve passed the IT audit so things are secure.

And yet data breaches occur every day in spite of these regulations and expensive technology. Why? Did the auditors miss something? Do the fancy new DLP, anti-malware, and endpoint protection solutions we’ve installed simply not work? Why can’t we keep the bad guys out?

In this presentation, Mike will share empirically tested ideas on how to move past check-box compliance into a model of continuous monitoring and testing of security controls that will decrease the likelihood of compromise as well as the damage done by intruders to an organization.

Mike Messick, President, Deep Forest Security Consulting

7:20-8:00 pm Mirai Nikki – The Future of DDoS In September 2016, the Mirai botnet launched a series of DDoS attacks that were the largest

the world had ever seen. These attacks caused outages at some of the world’s most popular hosting providers. In December 2017, the U.S. Department of Justice and the Federal Bureau of Investigation’s Alaska Field Office announced the conclusion of their investigation into these attacks, and the guilty pleas of the actors responsible. This presentation is the untold story of how and why Mirai was developed, the competitive criminal DDoS ecosystem that contributed to its rapid evolution, and the international investigative team that raced to stop the attacks. The advent of Mirai forces us to rethink the Internet of Things and our ability to defend at scale. This presentation will discuss best practices for identification and mitigation of the post-Mirai DDoS threat, including what your own logs are telling you about these types of attacks.

Special Agent Douglas Klein, Federal Bureau of Investigation Special Agent Elliott Peterson, Federal Bureau of Investigation

Thank you for attending the SANS Summit. Please remember to complete your evaluations for today.

You may leave completed surveys at your seat or turn them in to the SANS registration desk.