Jacob Kitchel of Industrial Defender selected the interesting title of Am I Compromised? for his S4x13 session. However, the bulk of the session is different approaches to applying whitelisting to ICS components including:
- vulnerability-based approach
- whitelist them all
- sort and then whitelist (learning mode)
- establishing a clean and trusted system
Jacob looks at the challenges of knowing when you have a ‘clean’ system. It’s hard enough with a newly deployed system, but how to owner/operators know if their deployed system is clean.