Analyzing and Defending Against TRISIS - Safety Instrumentation Systems Cybersecurity

Explore an in-depth analysis of the TRISIS malware and learn effective strategies to protect Safety Instrumentation Systems (SIS) in this 54-minute conference talk by Dragos: ICS Cybersecurity. Dive into the background, timeline, and technical details of the TRISIS attack, including its impact on safety systems and potential consequences. Gain insights into the malware's logic organization, payload structure, and program compilation process. Discover mitigation techniques, defense strategies, and the ICS Cyber Kill Chain specific to TRISIS. Understand the four types of detection and learn smart questions to ask when assessing your organization's cybersecurity posture. Enhance your knowledge of industrial control system security and develop a comprehensive approach to safeguarding critical infrastructure against sophisticated cyber threats.

Intro
Background: By the numbers
Dragos Timeline
What are Safety Instrumentation Systems?
Safety Systems
Explanation: How it happened
Logic Organization - TriStation 1131
Appending to a Program
First payload is a check payload
Egg Hunt and Overwrite Memory
Appending TRISIS
Program Epilogue
Second Logic Upload - Speculation
Program Compilation
TRISIS Effects
TRISIS - Potential Effects
Explanation: What comes next
Mitigation: How to protect
Mitigation: How to defend
ICS Cyber Kill Chain
Known TRISIS ICS Kill chain
The Four Types of Detection
Types of Detection - TRISIS
Smart Questions to ask