t
Reset Filters
Close
Close
Agenda

A Game Theory Approach for Holistically Defending the ICS-SCADA Environment: Win the game using ICS MITRE

14:15 - 14:45 (GMT+03:00)
15 April 2021
Keynote
Add to calendar 04/15/2021 14:15 04/15/2021 14:45 Europe/Bucharest Virtualized: Powerful security made simple - A Game Theory Approach for Holistically Defending the ICS-SCADA Environment: Win the game using ICS MITRE This presentation will describe how to map the ICS threat landscape to MITRE ICS ATT&CK. This approach correlates game theory modeling and the ICS ATT&CK framework to identify the leading security solution to win the game against the adversary.
https://myconnector.ro/virtual/virtualized-powerful-security-made-simple/737
Virtual hello@myconnector.ro

This session has ended. Feel free to explore other areas of the event platform.

Have questions? Let's talk

Open Chat

This presentation will describe how to map the ICS threat landscape to MITRE ICS ATT&CK. This approach correlates game theory modeling and the ICS ATT&CK framework to identify the leading security solution to win the game against the adversary.


The game theory modeling can be summarized as follows:

1) Game – the game-players are in a Simultaneous Static Game;

2) Strategy – the defender's strategy is to determine an optimal security system solution to detect the attacker traffic, and the attacker's strategy is to find the optimal sophistication level to elude the defender's security measurements;

3) Payoff – the model projects the payoff for each player's strategy based on mapping the threats to ICS ATT&CK. 

The goal will then be to solve the game and find the equilibrium point, which is the best strategy for both players. This equilibrium will occur when the players do not have any profit deviation in using any other strategy.


In this game, mapping threats to ICS ATT&CK leads to identify the adversaries' sophistication level. The sophistication then guides the defender for the best strategy. When the adversary chooses a low sophistication threat, the defender can use the ICS security measurements and controls, in addition to isolating OT and IT by using Data Diode technology. If the adversary chooses a medium sophistication threat, the defender can use continuous monitoring suctions, i.e., Security Operating Center (SOC) and hunting service for non-target dual-use prolific exploits. When the adversary chooses advanced threats, the defender can apply defense-in-depth solutions such as hardware-based fingerprints detecting using NoiSense techniques. This approach provides stakeholders with holistic solutions to secure the ICS environment. Rashed Rabie, Threat hunter, and Ph.D. researcher. Deloitte & Touche LLP

© 2021 Deloitte Development LLC.

Rashed Rabie
Rashed Rabie
Cybersecurity Engineer
Deloitte & Touche LLP
rate this speaker


Cybersecurity engineer, threat hunter, and ICS researcher. Published author with IEEE and awarded a Cisco Global Cybersecurity Scholarship. With more than ten years of working experience in multiple industries, both IT and OT.



14:00 - 14:15 (GMT)
15 April 2021
Keynote
Watching
A Game Theory Approach for Holistically Defending the ICS-SCADA Environment: Win the game using ICS ...
14:15 - 14:45 (GMT)
15 April 2021
Keynote
14:45 - 15:00 (GMT)
15 April 2021
Networking Break
15:00 - 15:30 (GMT)
15 April 2021
Industry-Focus Session
15:30 - 16:00 (GMT)
15 April 2021
Keynote
16:00 - 16:30 (GMT)
15 April 2021
Keynote
16:30 - 16:45 (GMT)
15 April 2021
Networking Break
17:15 - 17:30 (GMT)
15 April 2021
Networking Break
17:30 - 18:00 (GMT)
15 April 2021
Keynote