table of contents

• The reason for the business trip and travel to the location
• Training experience and session attendance
• Summary and return home

1. The reason for the business trip and travel to the destination

One day in July 2025, I had the pleasure of attending a meeting between Dragos, who were visiting Japan, and our Dragos team. We hit it off, and since OT/ICS security was booming, I decided to attend the DISC 2025 conference held by Dragos in Baltimore, Maryland from November 4th to 6th, 2025. The reason we hit it off was because I have a habit of skimming through the reports dumped by Vx Underground, and the FrostyGoop report and specimen analyzed by Dragos that I found there were unusual, so I had downloaded and analyzed the specimen a while ago.

This was my first business trip to the US in about six years, since December 2019, just before the COVID-19 pandemic. The yen's depreciation, combined with higher prices in the US than in Japan, has made living there expensive! The strongest yen I can remember was around 2011, after the Lehman Shock. It was considered a safe haven currency, with the exchange rate at around 80 yen to the dollar. A 500ml bottle of water at the airport cost $1.50 to $120, a night's stay at a high-rise hotel (not a motel) cost 10,000 yen, and people from the US complained that Japan was expensive. Meanwhile, the world was in a recession. While I had the impression that prices had risen during my US business trip in 2019, this time, the world was a harsh place for a business trip: $1 to $150, a 500ml bottle of water at a US airport cost $5 to $750, and a night's stay at the Live! Casino hotel cost 30,000 yen with an event discount. In the end, I was able to get by without spending much money during my stay because Dragos provided me with lavish event meals for breakfast, lunch, and dinner.

Now, on November 4, 2025, the Skyliner from Nippori to Narita was almost entirely made up of foreigners. In the past, I'd had the impression that there were quite a few Japanese people around on the trains heading to the airport, but even here, I felt the weakness of the Japanese yen. I picked up a pocket Wi-Fi at the airport, exchanged my 5,000 yen for a meager 30 dollars, and departed from Narita Airport for Chicago on NH12! Incidentally, I tend to carry on luggage whenever possible, since picking up luggage during connecting flights is a pain. On this flight, the overhead compartment above my seat was too small for my luggage, so they moved it to the overhead compartment above the business class seats in front, which made me a little uneasy. Since it was an evening flight, I was able to sleep quite well.

We arrived at Chicago airport at Terminal 5 almost on time, and at the brusque "Next" signal from the intimidating immigration officer, we moved forward, answered his questions to prove we were not suspicious, had our fingerprints and photograph taken, and then entered the country. After that, we got lost as usual, trying to find the gate for our connecting flight. We showed our plane tickets at the information desk, were told our destination, and then moved to Terminal 1.

View from the train at Chicago Airport

Chicago Airport is huge, and we travel between terminals on the train that runs within the airport. This train is quite fast. After arriving at Terminal 1, we wandered around looking for security. As usual, there was a long line due to the strict security check. We got in line early at the back and moved forward. It seemed like a strict inspection, with some people removing their shoes, others not, and some people being allowed to pass through with water in a tray, but I wasn't sure what the exact criteria were. After passing through security, we had to walk for about 15 minutes before finally arriving at the boarding gate for our United flight to Baltimore.

Chicago Airport concourse (It's just a passageway, but I personally think it's a beautiful and photogenic spot)

The concourse I walked through looked like this, with its beautiful arched roofs and colorful walkways. I had a snack before landing on the plane, but walking around was making me hungry. My flight to Baltimore was scheduled to depart at 6:25 PM and arrive at 9:40 PM, so it looked like there wouldn't be any restaurants open when I arrived. I wondered whether to continue my light fast or grab a bite. Wandering around made me even hungrier, so I decided to eat. Finally, I narrowed it down to a Big Mac set (I think) from McDonald's near the gate, which ranged from $13 to ¥2,000, and a pepperoni pizza from Reggio's Pizza for $14. I decided on the $14 pizza, which I'd never get in Japan. It was a single-piece, pepperoni-only pizza, with no flavor variations. I found an empty seat in front of the boarding gate and ate it by myself. It was delicious.

Although the travel agency had warned me in advance that domestic flights within the US could be delayed, this time I departed on time and arrived in Baltimore. Since there was no inspection, I was able to exit the airport smoothly. It seemed a little colder than Japan. As I exited the airport, there were several taxis waiting with no line, so I chose to take a taxi. Incidentally, the taxi ride between the venue/hotel and the airport cost $40, and the Uber ride back cost $20. While there are taxi services where the driver will help you load your luggage into the car and chat with you, Uber might be a better option.

I checked into the hotel around 10:30pm, and received a chat from our Cyber Samurai KAZUMI (Kazumi), who had arrived earlier, and Mr. M, the Dragos representative, who said we should meet in the hotel lobby at 8am tomorrow for breakfast, which Dragos had prepared for us. I was a little disappointed when the front desk told me that breakfast wasn't included when I checked in, so I was relieved.

Our company chat during an overseas business trip (If this is the case, I feel that it is a kind consideration)

Due to jet lag, I woke up around 3:30 the next morning, turned on my PC, and checked my email and chat. While I was replying to a hunting question from Imai-san in Japan, it was soon nearly 8:00, so I hurriedly got ready and headed down to the lobby. This time, I had brought a bunch of 25-cent coins from Japan with me, hoping to get rid of them, though I don't know when I got them, so I left 12 $3 coins by my pillow as a tip. My first business trip to the US was in 2003, and our company's old accounting system required me to submit exchange receipts to verify the exchange rate, so I had some unused coins left over from the change, like a savings account for 500 yen coins.

Hotel room (using the middle pillow creates walls on both sides)

In the lobby, we met up with the Twinks team, who were also visiting from Japan, and Ben, our representative at Dragos, and headed to the breakfast area. Breakfast consisted of bacon, potatoes, eggs, waffles, fresh fruit, orange juice, and coffee, so we were full right from the start. I was worried about rising prices and the weak yen, but Kazumi told me that they were there for us morning, noon, and night, which gave me a bit of relief.

2. Training experience and session attendance

Well, the first day of the conference finally started for me. The venue was located next to the hotel casino, and in the morning I participated in the hunting training I had signed up for. Now that I think about it, I think I received an email about advance preparations, but I hadn't prepared anything, so I headed from the breakfast venue to the training room, thinking that I'd just listen in case.

The venue entrance is sparsely populated on a training day early in the morning.

My worries were unfounded, and all I needed was a regular computer. I was relieved to find that everything could be completed by accessing the virtual lab provided by Dragos via a browser.

In full-scale OT/ICS systems, even if the control terminals are Windows-based, they are often vendor-specified machines, making it difficult to freely install security products. Therefore, packet-based attack detection seems to be an important approach. I learned that Dragos sensors also collect packets and detect anomalies using their signatures (although that's not their only function). In the training, participants accessed the host Linux of the Dragos management console and reproduced attack packets using tcpreplay. The packets were then displayed in the web management console, revealing several suspicious elements. They then analyzed these to identify the source and scope of the attack and proceed accordingly. The training assignment included attack packets from the BAUXISITE attack group. Packets detected by Dragos sensors are displayed in the management console, linked with the attack group name and a link to Dragos' intelligence report, broadening the context for further incident response from detection. This is something that can also be seen in intelligence-driven EDR, but I was impressed by the similar advancements in IDSs that detect attacks from OT/ICS packets. As I mentioned earlier, Dragos' sensors don't just detect anomalies using signatures. The information collected by Dragos' packet sensors is (probably optionally) sent to the cloud, where Dragos monitors it directly using OT Watch. I also learned that OT Watch can identify low-alert signals or packets that appear to be normal traffic as attacks and notify users. In the IT EDR space, I've seen CrowdStrike OverWatch detect numerous sophisticated attacks based on weak signals from their host sensors or seemingly simple administrator commands. I was impressed to learn that Dragos does the same thing with packets. I personally like the idea of Watch-based monitoring being conducted by the product vendor itself, as it implicitly asserts that if an attack occurs where the product's sensors are installed, the product vendor will take responsibility and pride in detecting it, no matter what.

Detected packets in hunting training

The afternoon training, which I later learned was connected to the morning training, involved detecting BAUXISITE attacks on the OT system and integrating firewall communication logs on the IT system with Splunk to identify the scope of the attack and the source of the intrusion on both the IT and OT sides. In the group work, Kazumi played the OT role, and I played the IT role. Dragos' management console had new incident workflow and playbook features, allowing both IT and OT members to record their findings and respond to incidents. Perhaps because the afternoon training was hands-on, I didn't feel sleepy at all, even though I was up since 3:30 AM. Kazumi also supported me, so I was relieved that it went smoothly. The venue had good acoustics, and the background music during the training, including 2000s rock like Lifehouse's "Hanging By A Moment," gave me a real American vibe.

My afternoon training ended around 4:00 PM, and I had a little time before the evening welcome party, so I walked with Kazumi to the shopping center next door. We share a common interest in guitars, and when Kazumi was a semiconductor engineer, he used to lecture at DSP seminars. We started by talking about how effects pedals and modeling amps are pretty DSP-based these days. We then discussed how improvements in simultaneous processing (multitasking and depth) have allowed for faster calculations. We also discussed how vacuum tube distortion can be expressed through convolution when calculated, how vacuum tubes ultimately have a faster response, and how natural distortion is always better than digital, and how it's noticeable to the ears of the person playing. We then headed to the party without buying anything. We also talked about Bunta Fujiwara, the character from the old manga Initial D. When I go on business trips, I often spend my free time talking about things other than work, and I feel like I become much closer to the people I go with.

The party was held in the main hall, which was also the venue for the next day's session, and was a very lively event. I spotted Jimmy Wylie, a face I'd seen in a FrostyGoop video seminar, and greeted him. We had a fun conversation about analysis tools, the latest in AI analysis, and much more. He was mumbling about Binary Ninja, and although I usually use IDA, I think Binary Ninja is pretty good. I'll give it a try next time.

The main venue also has second floor seating (a hall with good acoustics that is often used for live performances)

After the party, I went back to my room around 9 PM and fell asleep, waking up at 1 AM due to jet lag, doing some work in Japan, then sleeping a little more at 4:30 AM and waking up around 6 AM. This was a 5-day, 3-night trip, so I was already in the final day of attending an all-day session.

The final day began with a track 1 session in the main hall, featuring a keynote by Robert Lee, CEO of Dragos, a charismatic figure in OT/ICS security. Last year's attendance was approximately 420 people, and this year's was 600, showing the event's growing popularity year by year. The sessions covered a wide range of topics, including OT/ICS threat intelligence, security approaches (hunting), the OT community, battery hacking, and attacks using the DNP3 protocol, making for an engaging seminar for a wide range of audiences. Since there were TLP restrictions on the content of the presentations, I'll just mention a few of the most memorable ones. Incidentally, I was able to attend the entire event without feeling sleepy at all.

Industrial items installed near the entrance to the main venue

3. Summary and return home

Through the seminar, I got the impression that while previously, sophisticated attacks were thought of as being related to intelligence, such as the theft of technical intellectual property or gathering information on political trends, attacks aimed at seizing infrastructure are now becoming a concrete threat.In addition, there was a lot of excitement about security around OT/ICS, as I had heard, with the threat of ransomware infiltrating OT/ICS systems and shutting down physical activities in the real world.

Dragos will be coming to Japan soon to hold a seminar to discuss these attack methods and countermeasures that should be considered in the OT field, so please wait a little longer.

The party ended around 6:00 PM, and I continued with the party on the final day, returning to my room around 9:00 PM. Meanwhile, during the party, I heard that the airport was closed due to budgetary constraints on the US government, and that flights might be canceled. The locals at the party seemed worried, worried that their flights might be canceled and they might take the train home. Maybe I'd end up dancing with hard luck!? I was returning home alone the next day, and my flight from Baltimore was at 6:10 AM, so I wondered if I'd be able to catch an Uber around 4:00 AM, if I'd oversleep, if airport staff were less busy, the airport would be crowded, and the flight might be canceled. My anxiety was at its peak. Anyway, I packed my bags, slept for an hour around 10:00 PM, and woke up around 11:00 PM, feeling anxious. I checked out around midnight, grabbed an Uber, and headed to the airport, which I'd heard was open 24 hours. At midnight, there was no one at the United counter, and the automated check-in portal wasn't responding. With nothing else to do, I waited. There were quite a few people at the airport late at night, including people disembarking from flights that had just landed late at night and people already waiting. I waited for about four hours, and around 4:00 AM, an employee arrived at the check-in counter. The portal was up and running, allowing me to automatically check in. My flight departed on time, and I arrived in Chicago for my connecting flight. I confirmed that my flight to Narita was also on time. I chatted with Kazumi and her group, who were returning the next day, that the airport situation was (almost) fine, and we headed back home on NH11. Japanese flights tend to offer Japanese-style in-flight meals, and soy sauce dishes are delicious even when you're abroad for even a week. This time, I chose the cold udon noodles. The in-flight service also had a wide selection of Japanese movies and videos, so I ended up watching something I wouldn't normally watch. They offered three episodes of Ryuhei Matsuda's 0.5 Man, which was interesting.

Although it was essentially a two-day event, we were able to analyze attacks using Dragos' products, understand security trends surrounding OT/ICS, and hear specific talks on the analysis of OT malware, so I think it was a very good opportunity to get a concentrated introduction to OT security.

Inquiry/Document request