CTA Webinar – Examining Public ICS/OT Exploits for Vulnerability Prioritization
Join CTA and Dragos as we discuss public ICS/OT exploits for vulnerability prioritization with Jacob Baines, Principal Industrial Control Vulnerability Analyst @Dragos, and Neil Jenkins, Chief Analytic Officer @Cyber Threat Alliance. Dragos tracks thousands of CVE that affect industrial control systems and operational technology networks. Of these CVE, more than 400 have publicly available exploits. The exploits affect all levels of the Purdue model and significantly lower the barrier of entry to exploit and move around industrial networks. However, not all exploits are created equal. Some are entirely worthless, while others pose significant risks. Understanding where these exploits come from, their impact on industrial network, and which actually matter can significantly aid in vulnerability prioritization.
Jacob Baines (Principal Industrial Control Vulnerability Analyst @Dragos)
Jacob Baines joined the Dragos Intel team as a Principal Industrial Control Vulnerability Analyst in 2020. He’s a 10+ year veteran of the information security field and spends much of his time at Dragos hunting out new vulnerabilities and understanding how published vulnerabilities impact ICS networks. Jacob has spoken at a number of conferences about the results of his vulnerability research, including DEFCON, Derbycon, InfoSecurity Europe, and a number of BSides. He also enjoys writing about vulnerability research and contributing to open source offensive tooling.
Neil Jenkins (Chief Analytic Officer @Cyber Threat Alliance)
Neil leads the CTA’s analytic efforts, focusing on the development of threat profiles, adversary playbooks, and other analysis using the threat intelligence in the CTA Platform. Previously, he served in various roles within the Department of Homeland Security, Department of Defense, and Center for Naval Analyses, where he spearheaded numerous initiatives tied to cybersecurity strategy, policy, and operational planning for both the public and private sectors.