{"id":3189,"date":"2025-06-11T13:41:00","date_gmt":"2025-06-11T11:41:00","guid":{"rendered":"https:\/\/insightevents.dk\/isc-cph\/?post_type=tec_session&#038;p=3189"},"modified":"2025-06-12T16:07:27","modified_gmt":"2025-06-12T14:07:27","slug":"lessons-learned-from-ot-incident-response","status":"publish","type":"tec_session","link":"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/","title":{"rendered":"Lessons learned from OT incident response"},"content":{"rendered":"<p><em>Technical Level: Beginner\/Intermediate<\/em><\/p><p>Operational technology (OT) systems are facing an increasing number of cyber security incidents. Some of the well-known OT incidents were targeted attacks, but more often than this are IT specific incidents that indirectly impact OT systems. Mandiant has been helping clients with incident response in some of the most high-profiled (and less profiled) OT cyber security incidents. Based on this unique insight into what is actually being observed &#8220;in the wild&#8221; Principal Consultant Marie Moe will give a presentation of lessons learned from OT incident response.<\/p>\n<p>In this talk, we will cover the similarities between IT and OT incident response, the unique considerations for IR in OT environments, and proactive steps that you or your teams can do to prepare for an OT incident.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><em>Technical Level: Beginner\/Intermediate<\/em><\/p>\n<p>In this talk, we will cover the similarities between IT and OT incident response, the unique considerations for IR in OT environments, and proactive steps that you or your teams can do to prepare for an OT incident.<\/p>\n","protected":false},"author":29,"featured_media":0,"template":"","meta":{"inline_featured_image":false,"footnotes":""},"session_track":[7],"session_location":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Lessons learned from OT incident response - Industrial Security Conference Copenhagen<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Lessons learned from OT incident response - Industrial Security Conference Copenhagen\" \/>\n<meta property=\"og:description\" content=\"Technical Level: Beginner\/IntermediateIn this talk, we will cover the similarities between IT and OT incident response, the unique considerations for IR in OT environments, and proactive steps that you or your teams can do to prepare for an OT incident.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/\" \/>\n<meta property=\"og:site_name\" content=\"Industrial Security Conference Copenhagen\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-12T14:07:27+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/\",\"url\":\"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/\",\"name\":\"Lessons learned from OT incident response - Industrial Security Conference Copenhagen\",\"isPartOf\":{\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/#website\"},\"datePublished\":\"2025-06-11T11:41:00+00:00\",\"dateModified\":\"2025-06-12T14:07:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/insightevents.dk\/isc-cph\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Lessons learned from OT incident response\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/#website\",\"url\":\"https:\/\/insightevents.dk\/isc-cph\/\",\"name\":\"Industrial Security Conference Copenhagen\",\"description\":\"Industrial Security Conference Copenhagen\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/insightevents.dk\/isc-cph\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Lessons learned from OT incident response - Industrial Security Conference Copenhagen","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/","og_locale":"en_GB","og_type":"article","og_title":"Lessons learned from OT incident response - Industrial Security Conference Copenhagen","og_description":"Technical Level: Beginner\/IntermediateIn this talk, we will cover the similarities between IT and OT incident response, the unique considerations for IR in OT environments, and proactive steps that you or your teams can do to prepare for an OT incident.","og_url":"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/","og_site_name":"Industrial Security Conference Copenhagen","article_modified_time":"2025-06-12T14:07:27+00:00","twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/","url":"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/","name":"Lessons learned from OT incident response - Industrial Security Conference Copenhagen","isPartOf":{"@id":"https:\/\/insightevents.dk\/isc-cph\/#website"},"datePublished":"2025-06-11T11:41:00+00:00","dateModified":"2025-06-12T14:07:27+00:00","breadcrumb":{"@id":"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/insightevents.dk\/isc-cph\/sessions\/lessons-learned-from-ot-incident-response\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/insightevents.dk\/isc-cph\/"},{"@type":"ListItem","position":2,"name":"Lessons learned from OT incident response"}]},{"@type":"WebSite","@id":"https:\/\/insightevents.dk\/isc-cph\/#website","url":"https:\/\/insightevents.dk\/isc-cph\/","name":"Industrial Security Conference Copenhagen","description":"Industrial Security Conference Copenhagen","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/insightevents.dk\/isc-cph\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/sessions\/3189"}],"collection":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/sessions"}],"about":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/types\/tec_session"}],"author":[{"embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/users\/29"}],"version-history":[{"count":0,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/sessions\/3189\/revisions"}],"wp:attachment":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/media?parent=3189"}],"wp:term":[{"taxonomy":"tec_track","embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/session_track?post=3189"},{"taxonomy":"tec_location","embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/session_location?post=3189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}