Tobias Gebhardt

Session Title: Beyond Breach Insurance: What's next with cyber extortion, cyber business interruption, data destruction, supply chain issues and other systemic risks?

Panel Members: Marcello Antonucci, Beazley, Dave Wong, Mandiant, Troy Harris, RSM US LLP, Tobias Gebhardt, Munich Re

The Update Center of LOGO! Soft Comfort lacks integrity verification on software packages
downloaded via an unprotected communication channel. This could allow a remote attacker in
a privileged network position to manipulate a software package during download.
Siemens provides SHA-256 checksums for all LOGO! Soft Comfort software packages to
allow verification of legitimacy.

Siemens thanks the following for their support and efforts:
· Tobias Gebhardt for coordinated… Show more

The Update Center of LOGO! Soft Comfort lacks integrity verification on software packages
downloaded via an unprotected communication channel. This could allow a remote attacker in
a privileged network position to manipulate a software package during download.
Siemens provides SHA-256 checksums for all LOGO! Soft Comfort software packages to
allow verification of legitimacy.

Siemens thanks the following for their support and efforts:
· Tobias Gebhardt for coordinated disclosure. Show less

- Exploring the cyber threat landscape for national critical infrastructure and production environments
- Including an holistic approach for ICS cyber risk assessments
- Highlighting strategic focus areas and what the future steps are when approaching risk assessments

Today’s Industrial Control Systems (ICSs) operating in critical infrastructures (CIs) are becoming more and more complex, moreover they are extensively interconnected with corporate information systems for monitoring, management and maintenance. This increasingly exposes ICSs to modern advanced cyber threats. Existing security solutions try to prevent, detect, and react to cyber threats by employing security measures that typically do not cross the organization’s boundaries. However, novel… Show more

Today’s Industrial Control Systems (ICSs) operating in critical infrastructures (CIs) are becoming more and more complex, moreover they are extensively interconnected with corporate information systems for monitoring, management and maintenance. This increasingly exposes ICSs to modern advanced cyber threats. Existing security solutions try to prevent, detect, and react to cyber threats by employing security measures that typically do not cross the organization’s boundaries. However, novel targeted multistage attacks take advantage of interdependencies between organizations and sequentially affect different infrastructures. A coordinated effort to timely reveal such attacks, and promptly outline mitigation strategies is therefore required. In this positioning paper we introduce a collaborative approach to cyber incident information analysis for gaining situational awareness in a European control system security network. Show less