Doug Rapp, Breaching Water Treatment Plants: Lessons Learned from Complex Exercises

US cybersecurity experts determined that Russian hacking group Dragonfly targeted the United States and European utilities with a cyber espionage campaign from 2015 – 2017. This government sponsored group was able to successfully infiltrate core control systems. Cold War espionage methodologies such as "sleeper cells" are now being executed in the cyber domain. Industrial firms including power and water providers have proven to be susceptible to attacks and disruptions that could be used during a significant geopolitical conflict. Antiquated industrial control devices now connected to the internet make utilities in even the most advanced countries susceptible to everyone from hacktivists to cyber criminals to nation states. In these times, the question has shifted from "can they?" to "when will they?". Using Indiana's groundbreaking cybersecurity exercise Crit-Ex as an example, we explore exactly how vulnerable of utilities really are and how insights into incident response and resiliancy are discovered through complex training and exercises. About the speaker: Douglas Rapp is the President of Rofori Corporation, an innovative young technology company that uses meta data tagging and advanced algorithmics to turn unstructured data into signal. Rofori's flagship application is DEFCON cyber, a scalable cybersecurity risk and awareness tool that offers small business enterprise level expertise. He is also President of the Cyber Leadership Alliance, a non-profit organization that convenes leadership in cybersecurity & security in the internet of things to synchronize efforts, promote cybersecurity efforts in the region, foster innovation and promote the economic impact. CLA's CISO forum represents over 20 Billion of private industry in Indiana. Doug is a published author on cybersecurity training, workforce development, and economic development. He is also an entrepreneur in residence for Purdue University. He is an international speaker and has testified before Congress on cybersecurity matters. Doug is a lifelong Hoosier, a former military officer and combat veteran and cybersecurity optimist.

US cybersecurity experts determined that Russian hacking group Dragonfly targeted the United States and European utilities with a cyber espionage campaign from 2015 – 2017. This government sponsored group was able to successfully infiltrate core control systems. Cold War espionage methodologies such as "sleeper cells" are now being executed in the cyber domain. Industrial firms including power and water providers have proven to be susceptible to attacks and disruptions that could be used during a significant geopolitical conflict. Antiquated industrial control devices now connected to the internet make utilities in even the most advanced countries susceptible to everyone from hacktivists to cyber criminals to nation states. In these times, the question has shifted from "can they?" to "when will they?". Using Indiana's groundbreaking cybersecurity exercise Crit-Ex as an example, we explore exactly how vulnerable of utilities really are and how insights into incident response and resiliancy are discovered through complex training and exercises. About the speaker: Douglas Rapp is the President of Rofori Corporation, an innovative young technology company that uses meta data tagging and advanced algorithmics to turn unstructured data into signal. Rofori's flagship application is DEFCON cyber, a scalable cybersecurity risk and awareness tool that offers small business enterprise level expertise. He is also President of the Cyber Leadership Alliance, a non-profit organization that convenes leadership in cybersecurity & security in the internet of things to synchronize efforts, promote cybersecurity efforts in the region, foster innovation and promote the economic impact. CLA's CISO forum represents over 20 Billion of private industry in Indiana. Doug is a published author on cybersecurity training, workforce development, and economic development. He is also an entrepreneur in residence for Purdue University. He is an international speaker and has testified before Congress on cybersecurity matters. Doug is a lifelong Hoosier, a former military officer and combat veteran and cybersecurity optimist.