David Atch, CyberX’s VP of Research, gave a presentation at the S4x18 conference about how we’ve developed a specialized, network-based ICS sandbox service to identify ICS malware.

The sandbox executes the malware in an environment with virtualized ICS services and files, and then looks for behaviors unique to ICS malware such as attempts to communicate via specialized ports and protocols (OPC, etc.).

You can also read an interview with David in this article by Dark Reading entitled “Researchers Offer a ‘VirusTotal for ICS’”.

Download the PDF of the presentation here