S4x24 - ICS Security Conference

March 4-7, 2024 · Miami Beach, Florida · 56 talks

The world's top ICS/OT/SCADA security event, bringing together experienced operational technology security professionals for new ideas and research on protecting critical infrastructure.

→ See editor’s top picks at S4x24 - ICS Security Conference

• Keynote & Theme: Believe! — Dale Peterson

  In his compelling keynote address at S4, Dale Peterson, an industry veteran and former NSA cryptanalyst, challenged the prevailing mindset within Operational Technology (OT) security. Titled…

• AI In Production in OT, Today, Right Now, Not In The Future — Clint Bodungen

  Clint Bodungen's presentation at S4 challenges the industrial community's traditional reluctance to adopt new technologies, particularly in the realm of software. The talk, titled "AI In Production…

• Autonomous AI in OT — Kence Anderson

  Kence Anderson's S4 talk, "Autonomous AI in OT," provides a compelling vision of how **Autonomous AI** is not a distant science fiction concept, but an emerging reality already being deployed in…

• Cybersecurity Is Part Of Food Protection — Kristin Demoranville

  Kristin Demoranville, a vocal advocate for integrating cybersecurity into the broader food industry, delivered a compelling talk at S4, arguing that **cybersecurity is an indispensable component of…

• Dale Peterson Interviews Brian Scott on ONCD — Brian Scott

  This talk features an insightful interview with Brian Scott, a seasoned veteran of U.S. government cybersecurity, who discusses the critical role and evolving mission of the **Office of the National…

• Secure Authorization Of ECU Privileges In Automobiles — Paul Chopineau

  In his S4x24 talk, "Secure Authorization Of ECU Privileges In Automobiles," Paul Chopineau delves into the critical, yet often overlooked, challenge of managing **privilege escalation** within the…

• Normalization of Deviance — Marco Ayala

  Marco Ayala's S4x24 talk, "Normalization of Deviance," delves into a critical, often overlooked phenomenon impacting industrial control systems (ICS) and operational technology (OT) environments…

• The Attack Against Danish Critical Infrastructure — Michael Weng

  Michael Weng, representing the Danish sector CERT, delivered a compelling presentation at S4x24, detailing a sophisticated and coordinated cyberattack that targeted Danish critical infrastructure in…

• Priority Is In The Eye Of The Asset Owner — Danielle Jablanski

  In the critical and often chaotic realm of operational technology (OT) cybersecurity, a fundamental challenge persists: how to effectively prioritize security efforts when nearly everything is…

• Pulling Data From Drawings Using AI — Ian Fox

  In the realm of Operational Technology (OT) and Industrial Control Systems (ICS), understanding the intricate interdependencies between digital assets and physical processes is paramount for…

• Advanced Vulnerability Information Sharing ... A Success Story — Maggie Morganti

  Maggie Morganti's talk at S4x24 details an unprecedented success story in advanced vulnerability information sharing within the Industrial Control Systems (ICS) domain. The presentation chronicles…

• OT Sponsorship By Advancing Operational Priorities — Fritz Byam

  In a landscape increasingly defined by the convergence of Information Technology (IT) and Operational Technology (OT), the success of security initiatives often hinges less on cutting-edge…

• Plumbing and Cybersecurity: Basically The Same — Colin Dunn

  In a compelling and highly relatable presentation at S4, Colin Dunn, CEO of Fend, drew an insightful parallel between the often-underappreciated world of plumbing and the critical realm of…

• Stop Panicking Over Patching: CHERI Morello Memory Safety — Mo Javadi

  In this insightful talk at S4, Mo Javadi presented a compelling case for a paradigm shift in operational technology (OT) cybersecurity, moving away from the perpetual cycle of reactive patching…

• OT Security Standards Wars — Kenneth Crowther

  In this thought-provoking S4 talk, Kenneth Crowther, Product Security Leader at Xylem, challenges the efficacy of current **Operational Technology (OT) cybersecurity standards**, arguing that they…

• The Case for Vertical-Specific OT Cybersecurity Solutions — Miki Shifman

  In the rapidly evolving landscape of operational technology (OT) cybersecurity, a paradigm shift is underway, moving beyond generalized solutions towards highly specialized, **vertical-specific OT…

• A SBOM'd Substation — Matt Wyckhouse
• Applying FAIR to OT — Justin Turner

  In this insightful talk from S4, Justin Turner delves into the critical subject of **cyber risk quantification** within **Operational Technology (OT)** environments, specifically advocating for the…

• The European Way To Resilience: CRA(ck), SBOM(b) & AdviSor®y — Dina Truxius

  This talk, delivered by Dina Truxius at the S4 conference, provides a compelling and high-level introduction to the **European Union's Cyber Resilience Act (CRA)**. While the talk title suggests a…

• Anatomy of Smart Building Ransomware Attacks — Anthony Forde

  Anthony Forde's talk, "Anatomy of Smart Building Ransomware Attacks," delivers a sobering deep dive into a real-world ransomware incident that crippled a healthcare facility. The presentation…

• Legal Realities of US Government OT Cybersecurity Regulation — Shari Gribbin

  Shari Gribbin’s talk at S4 explored the rapidly escalating and increasingly complex legal risks confronting organizations in the realm of Operational Technology (OT) cybersecurity within the United…

• Risk Prioritization With SAST/DAST Symbolic Execution — Susan Farrell

  In an era of unprecedented cyber threats, organizations grapple with an overwhelming volume of newly discovered vulnerabilities, making effective patch prioritization a critical challenge. Susan…

• S4x24 Main Stage Interview With Rob Lee — Robert M. Lee

  This S4x24 Main Stage interview features a retrospective conversation with Robert M. Lee, a prominent figure in the industrial control system (ICS) security community. The discussion, moderated by…

• Electric Vehicle Charging - Where's The Cyber — Susan Howard

  In this insightful S4 conference talk, Susan Howard, a prominent voice in critical infrastructure cybersecurity, dissects the significant and often overlooked cybersecurity vulnerabilities within…

• PLCs: To Scan Or Not To Scan — Raphael Arakelian

  The critical question of whether to actively scan Programmable Logic Controllers (PLCs) in Operational Technology (OT) environments has long been a contentious issue. Raphael Arakelian's talk…

• S4x24 Interview With Stewart Baker: Legal Issues on Software Liability & SEC Case Against Solarwinds — Stewart Baker

  This talk features Stewart Baker, a distinguished legal expert with extensive experience in Washington law, discussing the intricate and evolving landscape of **software liability**. The…

• An Approach To Disaster Recovery In OT — Saltanat Mashirova

  In the realm of **Operational Technology (OT)**, where the convergence of physical and digital systems can have profound safety and operational consequences, the ability to recover from a cyber…

• Badgerboard: Weaseling Out The Unknown — Carl Hurd

  In the realm of Industrial Control System (ICS) security, a persistent blind spot has long hindered effective threat detection: the internal communications within Programmable Logic Controllers…

• Keeping Time In A Warzone — Joe Marshall

  Joe Marshall's talk at S4 delves into a harrowing, eight-month journey sparked by a chance dinner conversation with engineers from Ukrenergo, Ukraine's national transmission grid operator. What…

• Govern The Ungovernable - NIST CSF Govern Function — Alan Raveling

  Alan Raveling's S4 conference talk, "Govern The Ungovernable - NIST CSF Govern Function," delivers a pragmatic and timely exploration of the newly introduced Govern function within the **NIST…

• A Supply Chain Incident Taxonomy — Eric Byres

  In this insightful S4 talk, veteran cybersecurity expert Eric Byres addresses a fundamental challenge plaguing the understanding and defense against supply chain attacks: the lack of a comprehensive…

• Software Update Frameworks and the CI Supply Chain — Brian Romansky

  In his S4 conference talk, "Software Update Frameworks and the CI Supply Chain," Brian Romansky of Convolution Solutions and George Washington University delves into the complex and often…

• Asset Owners As The Last Mile Of Cybersecurity — Matt Tompkins

  In this insightful talk from S4, Matt Tompkins introduces a compelling analogy, arguing that industrial cybersecurity has reached its own "last mile problem," mirroring challenges once faced by the…

• Attack Surface Analysis On Satellites — Sheng-Hao Ma

  Sheng-Hao Ma's presentation, "Attack Surface Analysis On Satellites," at the S4 conference delves into the often-overlooked and increasingly critical security landscape of satellite communication…

• A Hacker's Eye View On CISA's Secure By Design — Dave Aitel

  In a candid address at the S4 conference, renowned security expert Dave Aitel offered a "hacker's analysis" of the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) "Secure by…

• Exploiting Omron's NEX PLC Runtime And Protocol — Logan Carpenter

  This talk, delivered by Logan Carpenter, a malware analyst at Dragos, delves into the critical vulnerabilities discovered within Omron's NEX industrial control system (ICS) protocol and runtime…

• Spreading And Sharing The Risk — Michael Gaudet

  In his S4 conference talk, "Spreading And Sharing The Risk," Michael Gaudet, a seasoned cyber broker specializing in energy and power organizations, delves into the intricate world of cyber…

• Visibility Metrics — Oscar Delgado

  In the complex and often opaque world of Industrial Control Systems (ICS) and Operational Technology (OT) security, the concept of "visibility" is frequently invoked yet rarely precisely defined…

• Reducing Reputation Risk In Cyber Incidents — Jennifer Dulles

  In an era where cyber incidents are not just technical failures but also public relations crises, Jennifer Dulles, a distinguished expert in reputation management, delivered a thought-provoking talk…

• Aspect Modeling for Process Variable Anomaly Detection — Ryan Heartfield

  In the complex and rapidly evolving landscape of Industrial Control Systems (ICS) and Operational Technology (OT), the distinction between traditional engineering challenges and cybersecurity…

• Hot New Gameshow: My Favorite Metric! — Ron Fabela

  At the S4 conference, Ron Fabela hosted a unique and engaging session titled "My Favorite Metric," structured as a gameshow. The premise was simple yet profound: contestants were given three minutes…

• Embracing Emerging Technologies to Protect from Past and Future Threats — Dan Gunter

  In this insightful talk at S4, Dan Gunter addresses the critical need for the industrial cybersecurity sector to adopt **emerging technologies** and embrace a higher degree of **automation** in its…

• Is Cybersecurity Fundamentally A Physics-Based Problem? — Nic Seeley

  In a thought-provoking presentation at S4, Nic Seeley challenged the conventional understanding of cybersecurity, asking whether it is fundamentally a physics-based problem. This talk delves into…

• Quantifying Risk Reduction Achieved By OT Security Controls — Jake Gentle

  Jake Gentle's presentation at S4 tackled a critical blind spot in current cybersecurity risk assessment methodologies, particularly within **Operational Technology (OT)** environments: how to…

• What Investors & Analysts are getting wrong about the OT Market — Ted Gutierrez

  In his S4x24 talk, "What Investors & Analysts are getting wrong about the OT Market," Ted Gutierrez delivers a compelling and critical analysis of the current state of the Operational Technology…

• Building ICS/OT Security Communities — Peter Jackson

  In this insightful S4x24 talk, Peter Jackson, OT Cyber Security Manager for SGSECL and a SANS instructor, passionately articulates the critical need for robust community building within the…

• The Cyber Informed Safety System — Kenneth Titlestad

  In an era where critical infrastructure faces escalating cyber threats, Kenneth Titlestad’s S4x24 talk, "The Cyber Informed Safety System," presents a compelling argument for re-evaluating how…

• Not a True Copy: An In Depth Look at a Common Backup Format — Ron Brash

  In his S4 conference talk, "Not a True Copy: An In Depth Look at a Common Backup Format," Ron Brash unveiled a surprising and critical discovery regarding the integrity of widely used backup…

• Cyber Ethics: Where Do You Stand? — Tommy Gardner

  In his S4 conference talk, "Cyber Ethics: Where Do You Stand?", Tommy Gardner delves into the fundamental, yet often overlooked, question of ethics within the digital realm. Gardner, drawing from a…

• S4 Closing Panel

  This S4 Closing Panel delved into the pressing issues and critical blind spots within the **Industrial Control Systems (ICS) security** community. Featuring insights from prominent figures like…

• Adapting Zones And Conduits – A Transformation Story — Dennis Hackney

  Dennis Hackney’s presentation at S4, "Adapting Zones And Conduits – A Transformation Story," delves into the complex, yet critical, endeavor of implementing and evolving foundational cybersecurity…

• Network Attack Simulations And You — Kylie McClanahan

  In the ever-escalating landscape of cybersecurity threats, organizations face an overwhelming deluge of newly discovered vulnerabilities. Traditional methods for prioritizing these vulnerabilities…

• A RASP Journey To Level 1 Device Security — Shane Fry

  Shane Fry's talk, "A RASP Journey To Level 1 Device Security," delivered at S4, starkly illuminated the escalating crisis of memory safety vulnerabilities, particularly within the **Operational…

• What Horticulture IoT (and spite) Can Teach Us About Data Science — Corey Thuen

  Corey Thuen's S4 conference talk, "What Horticulture IoT (and spite) Can Teach Us About Data Science," offers a refreshingly unconventional perspective on data science, security, and the human…

• Binary Code Analysis for IEC 62443-4-1 SVV-3 — Hugo Genesse

  In this insightful talk, Hugo Genesse from Hitachi Energy presented a pragmatic and open-source methodology for achieving compliance with **IEC 62443-4-1 SVV3** requirements, specifically focusing…

• Productize Your ICS Security Program — Tomomi Aoyama

  Tomomi Aoyama's S4 talk, "Productize Your ICS Security Program," delves into the profound challenges faced by Operational Technology (OT) security professionals in gaining organizational buy-in and…