How to protect Industrial Control Systems from tailored attacks

Andrea Carcano


The security of Supervisory Control and Data Acquisition (SCADA) systems is one of the most pressing subjects in the field of industrial systems. Over the past decade, there have been numerous incidents in critical sectors (energy, oil&gas, transportation) that have been identified as the result of a cyber attack. Apply standard IT security approach to the industrial world can partially solve the security problems.

During this lectures we’ll explore the main diffenreces between a standard IT network and an industrial networks by analysing the interaction between each components . We will analyse in detail the logic behind industrial protocols and how to build a dedicated malware targeting an energy infrastructure.

I’ll describe at the end how a dedicated approach can prevent and identify tailored attacks.


Andrea Carcano received the Ph.D. degree in computer science from the University of Insubria, Italy, in February 2013. During his PhD had the chance to collaborate with international research groups and with important industries in the field of energy. From 2011 to 2013 was entitled as a Sr. Security Engineer in Eni Spa with a particular responsibilities about the security of interconnection between Critical Installation and office networks. He is now CEO and Co-founder of Nozomi Networks, a startup specialized on Industrial Control System security.

Here you can find his LinkedIn profile:

Time and Place

Tuesday, May 31, 4:15pm
Gates 463