Full Report
Kaspersky’s seventh international conference dedicated to industrial cybersecurity took place on September 18-20 in Sochi, Russia.
Analysis Summary
# Industry News: Kaspersky Convenes Global ICS Security Experts in Sochi
## Summary
Kaspersky hosted its seventh annual international conference dedicated to Industrial Cybersecurity (ICS) in Sochi, Russia, gathering over 300 participants from 20 countries, including key industry players and researchers. A significant announcement from the event was the introduction of the **Kaspersky Vulnerabilities Database**, a new service aimed at addressing the inadequacy of existing public vulnerability databases for the unique needs of industrial control systems (ICS).
## Key Details
- Date: September 18–20 (Conference dates); Announced during the event (Database launch)
- Companies Involved: Kaspersky, Siemens, Schneider Electric, Moxa, ICL, ARinteg, Clemson University, etc.
- Category: Product Launch/Service Announcement & Industry Forum
## The Story
The 7th Kaspersky Industrial Cybersecurity Conference served as a major convening point for industrial security experts, enterprise specialists, and equipment manufacturers globally. The event featured 38 speakers covering topics from securing the Industrial IoT (IIoT) maturity model to analyzing threat landscapes in smart buildings. The most notable development presented by Kaspersky ICS CERT was the launch of its **Kaspersky Vulnerabilities Database**. This new service is designed to provide users with a constantly updated repository of vulnerabilities specific to ICS and IIoT devices, along with the necessary detection rules, aiming to solve the problem that current public vulnerability databases do not fully meet the needs of industrial environments.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Solidifies its leadership role in the ICS security space by hosting a high-profile international event and addressing a critical market gap (vulnerability intelligence) with a new, dedicated service. This increases visibility for their broader suite of ICS security solutions.
- **Partners (ICL, ARinteg):** Gained exposure by sponsoring a key industry event, signaling alignment with major vendors in the OT security ecosystem.
### For Competitors
- Competitors offering vulnerability intelligence or security services for ICS now face a dedicated, specialized offering from Kaspersky. They will need to benchmark their own vulnerability feed quality and depth against this new database.
### For Customers
- End-users in industrial sectors gain access to a potentially more relevant and timely source of ICS/IIoT vulnerability data, which is crucial for patching and risk assessment in operational technology (OT) environments.
### For the Market
- The development highlights a growing market maturity where vendor-specific, curated vulnerability intelligence is becoming necessary to manage the risks inherent in complex OT/ICS supply chains (as evidenced by research on CoDeSys). It validates the need for specialized threat intelligence tailored for industrial infrastructure.
## Technical Implications
The conference showcased significant research, including findings on CoDeSys Runtime security, demonstrating ongoing technical efforts to secure fundamental PLC control frameworks. The launch of the new database implies the application of advanced threat research and curation processes for ICS-specific CVEs and zero-days, moving beyond generic IT vulnerability tracking.
## Strategic Analysis
- **Market Positioning:** Kaspersky is strategically positioning itself as a holistic provider in the ICS domain—from high-level conferences and consulting to deep technical research and specialized intelligence platforms (the new database).
- **Competitive Advantage:** The dedicated ICS Vulnerability Database provides a differentiated offering. Since the presentation noted that existing public databases are insufficient, this tailored solution drives stickiness and perceived value for customers operating critical infrastructure.
- **Challenges:** The success of the new database will depend entirely on the accuracy, coverage, and speed of disclosure, requiring significant ongoing investment in ICS threat research.
## Industry Reactions
- Experts recognized the conference as a vital forum for sharing real-world incident data, which is often scarce in the usually secretive OT sector.
- The focus on the limitations of general vulnerability databases has likely resonated strongly with OT security managers who struggle daily with patching legacy systems based on generalized advisories.
## Future Outlook
- **Predictions and Expectations:** Expect competitors to either accelerate the enhancement of their own ICS intelligence feeds or form tighter partnerships to offer comprehensive vulnerability management solutions to counter Kaspersky’s new tool.
- **What to watch for:** The immediate accessibility and content depth of the Kaspersky Vulnerabilities Database in the coming months will be key indicators of its market impact.
## For Security Professionals
Security practitioners responsible for ICS/OT environments should monitor the content shared at this conference, particularly the vulnerability research on CoDeSys and the emerging threat landscape in smart buildings. The new Kaspersky Vulnerabilities Database should be evaluated as a potential supplement or replacement for initial triage of ICS-specific security advisories.