Welcome to the Interactive Agenda for the 2016 ICS Cyber Security Conference! (View the full ICS Cyber Security Conference website here)  This agenda is currently a work in progress, please check back often as our team is making upates DAILY. (You can register for the conference here)
Back To Schedule
Monday, October 24 • 9:00am - 9:45am
Managing the Industrial Control Message: Firewalls vs NGFW vs Parsing

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

ICS cyber security is an increasingly complex pursuit that now extends well beyond basic perimeter protection and simple air-gap implementations. Today's ICS security and operations experts now seek to integrate sustained system uptime and human safety into their operational protocols.

ICS systems are automated by computers, sensors and software with little to no human intervention on a daily, 24/7 basis. When day-to-day automated routines seem to be spinning along, with no alarms, all is well as far as operators know. However, the most dangerous and destructive intrusions are those that ‘fly under the radar’ and use existing protocols so not to raise alarms and draw as little attention as possible, while the malware compromises as much as possible.

With ICS M2M communication, determining abnormal network operations in the absence of alarms need not be mysterious. This session will demonstrate typical and unusual scenarios, using common SCADA protocols, to depict a day in the life of control systems and their communications. Experts will present a battle of the defenses to highlight the absence of security at the endpoint level and then contrast traditional firewalls versus NGFW (next-generation firewalls) versus true protocol parsing and the risks/benefits of each. Attendees will come away equipped to better evaluate and weigh their options for protecting critical control systems.


  • Understand ICS commands and identify abnormal behavior
  • Learn what is normal vs. abnormal activity relative to standard industrial protocols
  • Define types of DPI and weigh their relevance to types of environment
  • Pros and cons of blacklisting vs whitelisting


avatar for Matt Cowell

Matt Cowell

Director, Industrial Markets, Ultra Electronics, 3eTI.
Matt Cowell is Director, Industrial Markets at Ultra Electronics, 3eTI. He has more than 15 years of experience in ICS and OT applications with a focus on networks and cyber security. He has specific expertise in automation and SCADA systems as the company's lead for market development... Read More →

Monday October 24, 2016 9:00am - 9:45am EDT
Workshop 1 (Salon 3)