Next Generation ICS Security: Putting the Honey(pots) in Industrial Control System Security

In the last decade, we have seen attacks on ICS and critical infrastructure move from insiders to external organisations focusing on nation-states. Due to the requirements of the OT environment in critical infrastructure, we cannot copy the techniques from the IT environment. Therefore, we have to find novel ways of securing ICS systems without impacting the availability and reliability of the environment.

This presentation offers an in-depth exploration of honeypots in the realm of Industrial Control Systems (ICS), a pivotal element in safeguarding critical infrastructure from cyber threats. It covers the types of honeypots - low, medium, and high interaction - and their specific utilities in monitoring and understanding cyber-attacks within ICS. Special emphasis is placed on the unique challenges and strategies for effective implementation and deployment of these honeypots.

Drawing from the HoneyPlant framework I developed, the session provides practical insights into integrating honeypots seamlessly into existing ICS frameworks such as UK CAF and NIST CSF, enhancing overall security. Attendees will leave with an understanding of the role of honeypots in ICS, equipped with practical knowledge on their deployment, and an appreciation of their impact on fortifying cybersecurity in critical infrastructures.