Common Vulnerabilities and Exposures (CVE), CVE Program Container, CVE Numbering Authority (CNA), Authorized Data Publisher (ADP), Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Known Exploited Vulnerabilities (KEV), Stakeholder-Specific Vulnerability Categorization (SSVC).
How many ICS engineers responsible for maintaining and securing industrial control systems understand any of these terminologies? As ICS engineers, our job is to maintain the control systems, to ensure that these systems function reliably and perform the critical monitoring and control functions required for industrial operations. Keeping track of all the CWEs & CVEs & CVSS for the many systems installed at our facilities is overwhelming by itself. But the more important question is: What do we do with these scores and numbers? At the end of the day, all we want as ICS engineers is to figure out what actions to take to reduce the cybersecurity risk from any vulnerabilities that exist in our OT environment. What you’ll learn: In this session, we’ll introduce a practical, simplified approach to managing vulnerabilities in OT/ICS systems — one that aligns with the realities of engineering teams and focuses on prioritizing what truly matters to reduce cyber risk. Who should attend? Industrial CISOs, IT/OT security professionals, ICS Administrators, Automation Engineers, Plant Managers, Plant Engineers, GRC personnel.
