ICSJWG Meetings and Webinars

The Industrial Control Systems Joint Working Group (ICSJWG) provides a vehicle for communicating and partnering across all Critical Infrastructure (CI) Sectors between federal agencies and departments, as well as private asset owners/operators of industrial control systems.

Below, we invite you to find information on future and past ICSJWG meetings and webinars. 

ICSJWG Spring 2021 Virtual Meeting Update

Registration for the ICSJWG 2021 Spring Virtual Meeting is open!

We are very pleased to open the meeting registration for the ICSJWG 2021 Spring Virtual Meeting! There is no cost to attend this event. 

To register, select any tile or webcast on the page. If this is your first visit, you will be directed to register for the session. If you register for any session, you will have registered for all of the meeting sessions.

Please register here for the meeting no later than April 19, 2021. 

Using the link to access the engagement site, you can select any webcast. Selecting a webcast and completing the registration form will register you for all sessions available during the exchange. In that site, you can also explore each of the webcasts. Clicking on each webcast tile will provide you with more information about the session and allow you to add it to your calendar. 

During the meeting, simply click on the tile of a presentation of interest and enter your email address (the same used for the initial registration) and enjoy the presentation and information. 

We are excited about the offerings for the upcoming virtual meeting! 

The meeting will kick off on April 20th with an overview of CISA’s Industrial Control Systems Strategy Highlights by Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA. Day 1 will continue with presentations from the ICS community along with CYBER-CHAMP© Foundational and Advanced training sessions.

The Capture the Flag activity is available from the opening of the meeting on April 20th until about 4:00 p.m. Eastern Time on April 21st. The CTF exposes analysts to hunting across ICS networks for malicious behavior, with puzzles appropriate for both the beginner and the experienced analyst. This meeting's action is as follows: 

Azalea Power Co. is experiencing the effects of a large-scale cyber-attack and is in need of a cyber incident response team to help them investigate. You and your team of cyber incident responders have been brought in to help the internal IT team as they identify the extent of the impacts to their IT network, corporate building management system (BMS), and power distribution system.

In this CTF, participants will explore network and host artifacts from Azalea Power Co.'s IT, BMS and electric distribution networks and solve challenges involving real-world tactics, techniques, and procedures. They will leverage multiple open-source tools to examine forensic artifacts and identify indicators of compromise. As they progress through the challenges, participants will discover which systems the attacker targeted, how they moved through the network, and how they caused disruptions in the operational environment.

Updated ICS Training CYBER-CHAMP© sessions will be provided on April 20th. You can choose to attend these instead of a member’s presentation occurring at the same time. All members’ sessions will be recorded for on-demand viewing and review, provided the presenter has released the material for on-demand viewing.

The training sessions during this exchange include both Foundational and Advanced materials. Specific foundational topics will be Critical Infrastructure Sector Dependencies and Exploits in an ICS Infrastructure. Specific Advanced topics will be Manipulating IDS Logs Using Elastic Stack and Evaluating Security Weaknesses and Vulnerabilities of ICS at the Device Level. All sessions will be recorded for on-demand viewing and review as well.

The Technical Workshop will return on April 21st with various technical topics being presented and providing a question and answer opportunity for participants. You can choose to attend these sessions instead of a member’s presentation occurring at the same time. All members’ sessions will be recorded for on-demand viewing and review, provided the presenter has released the material for on-demand viewing.

Topics include OT Protocol Parsers, Retrofitting Security into OT Environments, and Control System Security Test Harness. All sessions will be recorded for on-demand viewing and review as well.

Additional information will be provided upon request from ICSJWG.Communications@cisa.dhs.gov

Staying Virtual: 2021 Spring Meeting & 2021 Fall Meeting and COVID-19

The agency has been monitoring the evolving COVID-19, also known as Coronavirus, situation closely, taking part in interagency and industry coordination calls, and working with critical infrastructure partners to prepare for possible disruptions to critical infrastructure that may stem from widespread illness, should the virus take hold in the U.S. Click here for the up-to-date information regarding these efforts. Additionally, the agency issued a CISA Insights document titled, “Risk Management for Novel Coronavirus (COVID-19)” detailing steps to help executives think through physical, supply chain, and cybersecurity issues that may arise as a result of this ongoing public health concern.

Past Meeting Information

Fall 2020 Virtual Meeting on-demand viewing

On-demand viewing of released presentations from the Fall 2020 Virtual Meeting may be accessed here.

Agendas for Previous Meetings

Please contact us if you have questions.

Please contact the respective author(s) directly for copies of presentations.  

ICSJWG Webinar Series

Our Webinar Series is designed to inform the membership and general public about solutions to threats, vulnerabilities, and risks to critical infrastructure and control systems. The search for outstanding and value-added topics is ongoing. Please feel free to send an abstract or short description of any webinar idea to ICSJWG.Communications@cisa.dhs.gov and the Program Office will add it to the topic queue for review and possible inclusion into the series.  Our intent is to have a webinar each quarter of the year.  Please note that marketing or sales presentations aimed at gaining the audience's interest in services, capabilities, or products cannot be approved.


Past Webinars

Past webinar presentations which have been released are found below and may be requested from the Program Office through ICSJWG.Communications@cisa.dhs.gov. If they are still available, they will be forwarded to you upon request.

  • January 2012: Bow Tie Model of Destructive Malware
  • October 2020: Robust Cyber Risk Management - Simplified
  • March 2020: OT Needs 'Special Consideration' Which Means a Modified Approach to Security and True IT/OT Convergence to Achieve a Robust VM Program
  • November 2019: Secure Operations Technology
  • July 2019: Persistent Threat-Based Security for ICS Systems
  • March 2019: Five Ways to Ensure the Integrity of Your Operations
  • September 2018: The Top 20 Cyberattacks on Industrial Control Systems
  • January 2018: Life After Ukraine: Industrial Control System Cybersecurity Industry Trends and Strategies
  • October 2017: Creating Predictable Fail Safe Conditions for Healthcare Facility: Related Control Systems and Medical Devices by Use of System Segmentation
  • July 2015: Protecting M2M Systems at the Edge
  • October 2014: The New Paradigm for Information Security: Assumption of Breach
  • June 2014: Online Real Time Monitoring for Change Identification
  • March 2014: I Think, Therefore I Fuzz!

Additional Information

Have questions? Please contact us at at ICSJWG.Communications@cisa.dhs.gov.

For additional information on this working group, see the ICSJG Fact Sheet.

Membership in the ICSJWG
By adding you to our membership rolls, you will receive all outgoing messages to the ICSJWG community, including newsletters, meeting notifications, training information, calls for comments, and other announcements. Volunteer participation, by contributing ideas, sharing information, or working toward solutions for CI security, is encouraged. To get involved supporting a working activity which addresses critical infrastructure security, please let us know your ideas and the ICJSWG Steering Team (IST) and Program Management Office (PMO) will consider them. To get involved with the ICSJWG in general, please contact us at ICSJWG.Communications@cisa.dhs.gov.