Don’t Cry Wolf: Evidence based assessments of ICS Threats
Jimmy Wylie, Sam Hanson
DEF CON 33 · Day 1 · Main Stage
In the realm of Industrial Control Systems (ICS) security, the stakes are exceptionally high. Misinformation, sensationalized reporting, or a lack of analytical rigor can lead to unnecessary panic, wasted resources, and a loss of trust within the defender community. This talk, "Don't Cry Wolf," presented by Jimmy Wylie and Sam Hanson from DRAOS, directly addresses this critical issue by advocating for an evidence-based approach to assessing threats to ICS capabilities. The speakers highlight the dangers of overhyping perceived threats, drawing from a real-world incident where a common ransomware strain was misidentified as a sophisticated, novel Advanced Persistent Threat (APT) targeting biomanufacturing facilities.
AI review
Wylie and Hanson deliver exactly what ICS threat intel needs and almost never gets: a methodologically honest framework for saying 'we don't know' or 'this isn't what you think it is.' The Tardigrade/Conti case is a perfect anchor, and the four case studies do real analytical work rather than serving as props for a predetermined conclusion.