at RSA Conference 2018 | San Francisco


ICS Village is a non-profit organization with the purpose of providing education and awareness of Industrial Control Systems security.

  • Connecting public, industry, media, policymakers, and others directly with ICS systems and experts.

  • Providing educational tools and materials to increase understanding among media, policymakers, and others.

  • Providing access to ICS technology for security researchers to learn and test these systems.

  • Hands on instruction for industry to defend ICS systems.


High profile Industrial Controls Systems Security issues have grabbed headlines and sparked changes throughout the global supply chain. The ICS Village allows defenders of any experience level to understand these systems and how to better prepare and respond to the changing threat landscape.


As the backbone of modern society, vulnerabilities in industrial control systems (ICS) have come to the forefront of businesses, governments and organizations. This year at RSA, the ICS Village will conduct a deeper dive into the Industrial Internet of Things, simulate an ICS cyberattack, and think through implications of smart cities on the grid. The ICS Range and GRIMM’s Howdy Neighbor will be onsite to provide a hands on experience in the Sandbox. Visitors can connect their laptops with the different industrial components and networks and try to assess these ICS devices with common security scanners, network sniffers to sniff the industrial traffic, and more!

There will also be an Airbus and Claroty Forensic Challenge. The challenge provides participants with a multi-level problems that can be played offline at the event.


The ICS Village is featuring eight talks in the RSA Sandbox. Here’s the schedule of speakers.

• A Quick Start Guide for Critical Infrastructure Protection
• Defeating Insider Threats to Critical Infrastructure
• My Life as a CISO
• Insecure Cities and Rogue Robots: The Impact of Industrial IoT Exploits
• No IOUs with IOT
• SCADA 101
• A SOC in the Sandbox
• Think Like a Hacker But Act Like an Engineer

We Know, We Had The Same Question.
What The Heck is an ICS Sled?

In this ITSPmagazine exclusive video from RSA Conference 2018, Beau Woods and Bryson Bort walk us through the ICS Village Sled, giving us an overview of:

  • How it was built to best match a real-world ICS environment

  • What protection and monitoring technologies have been deployed within this system

  • How red and blue teams are actively attacking and protecting it in real-time

  • How, at the upcoming DEFCON26, they will also have a CTF competition available to go after this environment

An ITSP Radio Podcast Series
Chats On The Road to RSA Conference 2018 | San Francisco

In today's episode, ICS Village founding members, Bryson Bort and Tom VanNorman join ITSPmagazine co-founders, Marco Ciappelli and Sean Martin to take a look at some of the key components being presented and shared at the ICS Village as part of the RSA Conference Sandbox. Bryson and Tom share with us what people can expect to see, hear, and experience in their village, including an overview of what's involved with their traveling ICS sled.

** Stay tuned to all of our RSA Conference coverage here:

Bryson Bort Profile.jpg

Bryson Bort:

Bryson is the Founder and CEO of SCYTHE, Founder and Chairman of GRIMM, and Founding Member of the ICS Village, a non-profit advancing education and awareness of security for industrial control systems.

Thomas VanNorman Profile.jpg

Thomas VanNorman

Thomas has been working in Operational Technology field for more than two decades. He is currently the Director of Application Engineering at Veracity Industrial Networks, and a Founding Member of ICS Village.


Industry Leaders Launch Non-Profit ICS Village to Raise Awareness of Industrial Control System Security Issues and Provide Hands-On Training

ICS Village to kick off non-profit at RSA USA 2018; Seeking sponsors and industry leaders to support industry-first initiative

February 27, 2018 09:00 AM Eastern Standard Time

ARLINGTON, Va.--(BUSINESS WIRE)--Cybersecurity industry leaders Bryson Bort, CEO of SCYTHE and Chairman of GRIMM, Beau Woods, Cyber Safety Innovation Fellow at The Atlantic Council and leader in the volunteer I Am The Cavalry initiative, Larry Vandenaweele, Cyber Security Manager at PwC Australia, and Thomas VanNorman, Director of Application Engineering at Veracity Industrial Networks, announced the launch of the non-profit Industrial Control System (ICS) Village.

Read the full press release...

To make things even more interesting, after - or before - playing in the SandBox you can listen to these brilliant talks:

A Quick Start Guide for Critical Infrastructure Protection
Devin Elmore | VP National Cyber Programs, Parsons
April 19, 2018 | 1:45 PM - 2:15 PM

There is a tremendous amount of complexity inherent in critical infrastructure, operational technology, and the Internet of Things before you even add security into the mix. Devin Elmore and his team have spent most of the 21st century focused on moving fast in this space with defense and intelligence customers and have learned a few things along the way that may be of use to you.

Learning Objectives:
1: Learn about Critical Infrastructure Protection.
2: Discover how to improve your security posture.
3: Understand how to define the primary objectives of Critical Infrastructure Protection.

Defeating Insider Threats to Critical Infrastructure
Christopher Blask | Global Director - Industrial Control System Security, Unisys
Eric Knapp | Chief Engineer, Cyber Security Strategic Innovation Group, Honeywell

April 19, 2018 | 9:15 AM - 9:45 AM

How do industrial operators prevent insider attacks against critical infrastructure? Many industrial systems were never intended to be connected to shared networks and are air-gapped or separated. However, this approach has been discontinued as more systems need connectivity. Learn how vendors can build proactive IACS solutions to reduce risk and enable operators to secure physical plants.

Learning Objectives:
1: Gain an understanding of existing processes used to manage porous IACS environments.
2: Understand the scale of the issue and why it exists.
3: Develop a working knowledge of how IoE / cloud can solve these problems

My Life as a CISO
Ken Keiser | Director of OT Cybersecurity, Parsons
April 18, 2018 | 4:15 PM - 4:45 PM

This talk will explain the real-life issues facing the CISO of a large organization with IT and OT cybersecurity issues. Specifically, the OT cybersecurity realities will be reviewed and how resources are prioritized between IT and OT.

Learning Objectives:
1: Learn how a CISO works within unified IT and OT structure.
2: Explore actions to take to effectively reduce OT cybersecurity risk.
3: Learn how these steps can be applied to different industries.

Insecure Cities and Rogue Robots: The Impact of Industrial IoT Exploits
Ed Cabrera | Chief Cybersecurity Officer, Trend Micro, Inc.
April 18, 2018 | 10:30 AM - 11:00 AM

This session will examine the attack surface of smart factories and industrial robots and explore whether the current ecosystem is secure enough to withstand a cyber attack. Consider five attack scenarios that are possible when the weaknesses in smart factories and robot architectures/implementations are exploited and discuss what can be done to improve security strategies for the ecosystem.

Learning Objectives:
1: Hear results of recent research on smart factory/industrial robot attacks.
2: See an attack demo done in a laboratory setting on a working industrial robot.
3: Hear solutions that can be implemented in both new and existing factories.

No IOUs with IOT
Bryson Bort | Founder and CEO, SCYTHE
April 18, 2018 | 11:00 AM - 11:45 AM

More than showing folks how a smart thermostat can take over your home, this session will present “Howdy Neighbor,” a miniature model home—“smart” from kitchen to garage. It’s a test-bed for reverse engineering and hacking distinct consumer-focused smart devices and to understand how the (in)security of individual devices can impact the safety of your home which we’ll demonstrate in real time.

Learning Objectives:
1: Understand how the (in)security of IoT can impact the consumer.
2: Learn challenges in development, configuration, deployment and use of IoT devices.
3: Explore current IoT threat intelligence.

Johnny Christmas | Security Researcher, Uptake
Adam Ringwood | Security Researcher, Uptake

April 19, 2018 | 1:15 PM - 1:45 PM

Uptake’s security researchers will walk the general public through the differences between IT and OT, and a selection of top SCADA protocols. The presentation will culminate an in a live attack simulation against a programmable logic controller, complete with play-by-play explanation.

Learning Objectives:
1: Get an introduction to SCADA.
2: Learn about SCADA protocols.
3: Watch a demonstration of a live PLC attack.

A SOC in the Sandbox
Thomas VanNorman | Director of Application Engineering, Veracity Industrial Networks
April 19, 2018 | 9:45 AM - 10:15 AM

Security operation centers (SOC) have a been around on the enterprise networks for a while now, but what about OT SOCS? This talk will cover some technologies that are available for the plant floor that works with your SOC. After the talk, a live demonstration will take place in the ICS Sandbox area.

Learning Objectives:
1: Get an introduction to the ICS SOC.
2: Learn from a sandbox demonstration.
3: Understand the effects of attacks on ICS systems.

Think Like a Hacker But Act Like an Engineer
Marty Edwards | Managing Director, Automation Federation
April 18, 2018 | 3:45 PM - 4:15 PM

Industrial control systems (ICS) as well as operational technology (OT) are under increased risks from cyber-events. Come learn how cyber-informed engineering is an evolving concept to use cyber-risk in designing control systems and associated protection systems.

Learning Objectives:
1: Learn about industrial control system cyber-informed engineering concepts.
2: Understand operational technology cyber-informed engineering concepts.
3: Explore the impact of cyber-risk on industrial control systems design.


Tuesday, April 17, 4:30 PM – 6:00 PM
(opens with CyBEER Ops - access included for Full Conference passholders, guest tickets available for purchase)
Wednesday, April 18, 8:00 AM – 5:00 PM (open to all badge types)
Thursday, April 19, 8:00 AM – 3:30 PM (open to all badge types)


The Sandbox will be located in the Marriott Marquis, Yerba Buena 8, adjacent to the RSAC Early Stage Expo.