Mark Fabro is the President and Chief Security Scientist for Lofty Perch, Inc. a market leading security technology company focused on SCADA and control system cyber security. As well as being the founder and chairperson of the Canadian Industrial Cyber Security Council, Mr. Fabro sits on the UTC Smart Networks Security Committee, helped found the Repository for Industrials Security Incidents (RISI), and is a member of both the NERC Smart Grid and Cyber Attack Task Forces. His projects have included working with some of largest infrastructure asset owners in the world, and he has been instrumental in leading cyber security compliance efforts for countless infrastructure asset owners around the world. His expertise in securing energy infrastructures has been substantial, and in addition to being involved in the development of the security standards for transportation, energy, and water sectors he has testified to U.S. Congress on cyber threats to the North American Bulk Power System. Recently, in addition to being recognized as one of the ’25 Most Influential Consultants in the World’, he was named the 2011 ‘Information Security Professional of the Year’ by SC Magazine. This award was attributed to his work in critical infrastructure cyber security, specifically in the area of industrial control systems and SCADA.
Mr. Fabro was a contributing specialist to the U.S. National Strategy to Secure Cyberspace, the Cyber Annex to the National Response Framework, the post-Katrina control systems recovery plan for Oil and Gas, and several of the Recommended Practices for the DHS Control Systems Security Program. On the research side he is a contributing developer to numerous AMI/SG assessment frameworks, and he publishes on Smart Grid cyber security, integrated radio mesh communications and forensic techniques for SCADA/ICS. He is the co-founder of the SCADASEC mailing list, and is involved in several international working groups addressing ‘denial of control’ within the process control and SCADA domain. He has also contributed to several standards and practices specific to SCADA/EMS security, namely NIST 800-82, 800-53, and NISTR 7628, and is on the American Public Transit Association Control Systems Cyber Security Working Group.Mr. Fabro has a degree in applied physics and mathematics from the University of Guelph, has studied national security and counterterrorism at both the American Military University and the United Nations, and has taught cyber security theory at several universities around the globe.
Forensics and SCADA/DCS: A Case Study in Success
Performing forensics on live control systems has been deemed a difficult task. Until recently, this has been true due to lack of experience or lack of access to impacted systems. Modern forensic investigation practices, along with proven recommended practices, has facilitated some tremendous progress. Recent success in joint private sector/law enforcement activities has produced some new groundbreaking work. This session will present elements of a case study based on an actual real-time investigations of energy management systems and DCS infected with a multifaceted malware elements and discuss the approach, observations, and analysis activities. It will- cover perspectives from law enforcement, SCADA security SMEs, and stakeholders and bring you up to date on what works, what doesn't, and provide insight to help you enhance your ICS incident response plan.
Copyright © 2012 The University of Queensland, authorised by AusCERT Program Committee, maintained by: firstname.lastname@example.org