6th Annual Industrial Control Cybersecurity USA 6th Annual Industrial Control Cybersecurity USA

Date


WEST
 

Location

Online Event

Attend

Get your ticket to attend and join below to build your agenda.

Schedule

Get your ticket to attend. Join event to build your agenda.
Clear

Tuesday, September 24, 2019

Chris Blask
Unisys, Global Director Industrial and IoT Security
James Nesbitt
Cyber Senate, Director and Founder

Director James Nesbitt
Introduction to our Chairman and Moderator

Steve Brown
Xcel Energy, Vice President, Enterprise Security Services & Chief Security Officer
Richard Ku
Trend Micro, Sr. Vice President Commercial IoT Security Business and Market Development
Daryl Haegley
DoD - Office of the Principal Cyber Advisor to the Secretary of Defense, Director, Cyber Mission Assurance and Deterrence
    • How mature is cybersecurity in ICS? 
    • Are we articulating cyber risk appropriately?
    • Are we seeing a shift in C Level awareness? 
    • Is regulation pushing the sector forward?
    • Are investments in cyber infrastructure ramping up?
    • How are we collectively meeting the challenges of the ageing workforce and terminology barriers?
    • Is security still seen as a hindrance? How can we move past this perception?
Stephen Hilt
Trend Micro, Sr. Threat Researcher

In the past, you will have heard about attacks on critical infrastructure facilities with well-known malware, campaigns, and actor groups - and year after year the numbers of reported attacks on ICS systems are rising. In this presentation, we will briefly discuss historically significant attacks on ICS systems, current systems, and then dive into where we think the future of ICS attacks will go. From our own research, we will give key insights on ICS attacks and discuss methods attackers could be leveraged in the near future.

Philip Tonkin
National Grid, Global Head of Cyber Operational Technology
  • Vision to enable the future and meet energy demands through digitisation, increasing flexibility and enhancing physical safety
  • Digitisation and our approach to operations and asset management, why the sector needs to change
  • Cybersecurity by design and prerequisite
  • Design standards from the top down
  • Ethernet communications IEC 61850
  • Integrated engineering throughout asset lifecycle
  • Digitisation will enable proactive condition-based maintenance procedures, monitoring and data collection
  • Deployment challenges
  • Trusted partnerships and future-proofing through collaboration

Networking Coffee

- WEST
Steve Brown
Xcel Energy, Vice President, Enterprise Security Services & Chief Security Officer
Noel Zamot
ATABEY GROUP LLC, President
F. Mitch McCrory
Sandia National Laboratories, Manager, Energy Security Department
  • How can we adopt a secure by design approach, given the challenges of new technology being introduced?
  • What tools can show us the entire network including the lower layers of ICS?
  • Is there a culture of "Leave well enough alone?" How can we overcome this?
  • Is enough attention being given to configuration control?
  • Are we patching regularly?
  • Are we getting better at locking down remote access to ICS environments?
Andrew Kling
Schneider Electric, Industry Automation Product Security Officer
  • Manufacturing is a highly competitive industry. Sensitivities to risk, in any form, are high. In many respects, some of the most valuable intellectual property a manufacturing firm carries is in its manufacturing processes.
    • Consequently, protection of this IP becomes an imperative
  • Similarly, nuisance attacks can be some of the most damaging, especially if you are caught unprepared. Ransomware has risen to the top of this list. Witness the City of Baltimore recovery.
    • Awareness of cyber risks, anticipating an attack, being prepared
  • Today, nations have weaponized cyber-space. Manufacturers are part of a nation’s economies, part of the critical infrastructure of the world. With targets now painted on manufacturing plants, how do we rise to these newest threats?
  • Manufacturers need to increase their cyber-preparedness to get the full benefits of Industry 4.0. Business leaders must support their teams, both culturally and financially, to help them secure their systems.
  • There is a simple formula to use in which risk assessment must be less than or equal to risk tolerance, which results in a remediation plan to balance the equation. In this talk, we will cover the evolving world and the need to take steps to secure your manufacturing plant.

 

Stephen Batson
Deloitte, Senior Manager, Risk and Financial Advisory

Under NERC CIP 13 both responsible entities (users/owners and suppliers) are required to develop supply chain risk management plans, to include:
Processes for Procurement planning (incident notification, coordination of response, vendor access management and control, disclosure, verification of software integrity and authenticity.
Reassessments to address evolving threats
-Contract negotiations reassessed to address areas of risk
What will NERC look for? How well risk mitigation concepts were integrated and implemented, especially vendor risk assessments and security provisions in contracts.

What can we do to prepare?
-Technologies to automate processes
-Centralise documentation
-Streamline collaboration
-Integrated risk management platforms to map policies to controls

How do we manage costs?

We will be ensuring all participants meet each other with our new Ice Breaker session right before lunch. This ensures all attendees meet each other, exchange business cards and explain their main purpose for attending. 

Philip Tonkin
National Grid, Global Head of Cyber Operational Technology
Matthew Bohne
Honeywell, Vice President, Chief Product Security Officer
Ayman Al Issa
McKinsey & Company, Industrial Cybersecurity Lead and Senior Expert.
  • What resources are required for us to maintain a clear picture of our supply chain?
  • Do we know what needs to be protected and why? How do we protect these assets?
  • Do we know the value of the information and assets our suppliers hold?
  • Do we have an understanding of who our suppliers are and how do we establish confidence in their cybersecurity maturity levels?
  • Are we getting any better at communicating our security needs?
Rick Kaun
Verve Industrial Protection, VP of Solutions
Philip Tonkin
National Grid, Global Head of Cyber Operational Technology
Richard Ku
Trend Micro, Sr. Vice President Commercial IoT Security Business and Market Development
  • As the convergence of systems and security management evolve, how can we converge IT and OT securely?
  • Is cybersecurity a priority in an organisations IT/OT alignment? 
  • Are we seeing high levels of (cyber) cooperation across IT and OT divisions?
  • What challenges do we have to overcome to secure convergence?
Jeff Cornelius, Ph.D
Darktrace, Executive Vice President
Ian Fitzgerald
Truckee Donner Public Utility District, CIO/Information Technology Director
  • How the latest AI technologies automate OT, ICS, sensor and IoT threat detection
  • Why Security automation and orchestration makes sense
  • Reduce risks and operational errors, improve efficiency, and address the sophisticated cybersecurity threats appearing as cyber-attackers increasingly target industrial environments 
Franky Thrasher
ENGIE Electrabel, Manager Nuclear Cybersecurity

More information to follow.

David Batz
Edison Electric Institute, Senior Director, Cyber & Infrastructure Security
Franky Thrasher
ENGIE Electrabel, Manager Nuclear Cybersecurity
Carter Manucy
Florida Municipal Power Agency, Cyber Security Manager
Frank Honkus
E-ISAC, Associate Director, Threat Intelligence, CRISP Program Manager
  • How do we currently perceive risks associated with sharing information with trading partners? Are we still operating in competitive silos? How can we overcome this more effectively?
  • How can we reinforce the vital role played by interpersonal relationships and develop trust-based performance-control process models? How can we, in turn, develop these into key business enablers?
  • Is the "culture of security" limited to our own organisations?
  • Are perceptions changing?
  • What examples do we have of successful information sharing partnerships?


Richard Ku
Trend Micro, Sr. Vice President Commercial IoT Security Business and Market Development
Stephen Hilt
Trend Micro, Sr. Threat Researcher

The conference drinks reception is sponsored by Trendmicro.

Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, endpoints, and Operational Technology Networks (OT).

Visit us at www.trendmicro.com

Cyber Senate will be meeting in the registration area with all Nozomi guests to travel to the restaurant. Participants confirmed need to be in the foyer at 7:15pm latest.

Wednesday, September 25, 2019

Chris Blask
Unisys, Global Director Industrial and IoT Security
James Nesbitt
Cyber Senate, Director and Founder

Director James Nesbitt
Introduction to our Chairman and Moderator

Chris Blask
Unisys, Global Director Industrial and IoT Security
  • Digital transformation of the Industrial sector is a top priority for C level executives
  • Automation and efficiency, leveraging data and intelligence across the asset base is key to remaining profitable and competitive.
  • Ensuring cybersecurity is seen as a business enabler and not a barrier to transformation
  • Integrating cybersecurity into industry 4.0, where do we begin and managing the bolt on culture
  • How can we help raise awareness of the threats, as position ourselves as key to business continuity – availability and reliability and speak the same language
Nathaniel Evans
Argonne National Laboratory, Cyber Operations Analysis and Research Lead

Computing environments, including command and control infrastructure, suffer from a lack of software diversity, leaving static targets available to attackers to perform reconnaissance and exploitation. These environments would benefit greatly from proactive defense mechanisms (PDMs) that can shift the software users’ interaction, thereby limiting the time that attackers can interact with a potentially vulnerable system and increase resilience. Proactive defense mechanisms could also allow vulnerable software to be removed from the environment seamlessly upon disclosure of a vulnerability, giving organizations time to patch.  These mechanisms would not only increase the cost of attack dramatically but also increase the resilience of the system to an outage from a cyber attack.  Some popular types of PDMs are Moving Target Defense, Cyber Deception and Active Defense.  
 

F. Mitch McCrory
Sandia National Laboratories, Manager, Energy Security Department

Secure from what or whom? Fundamentally, control systems were not originally designed with security as a primary driving factor. What types of designs would be resilient to various classes of a cyber attack? How do you implement a robust security architecture without compromising the safety and reliability of the system?

  • The next generation of US commercial nuclear power plants, now under construction, uses digital control systems to monitor plant conditions and control plant functions. Current fleet plants require cost-effective and secure digital systems to improve operational efficiency and save costs. There are significant benefits to digital control systems, but they come with potential vulnerabilities to cyber-attacks and/or digital failure. It is crucial that the next generation ICS are proven secure and credited for passively safe designs.
  • The DOE-NE have stood up a cybersecurity research and development program to enable science-based methods and technologies necessary for cost-effective, cyber-secure digital instrumentation, control and communication in collaboration with nuclear energy stakeholders. This program is managed jointly by Sandia National Laboratories (SNL) and Idaho National Laboratories (INL).
  • Part of this program is a research thrust called Secure Architectures to establish a science-based foundation to inform the fundamental architectural features, design requirements, and operational standards for nuclear facility digital systems. Activities currently in progress at SNL under this thrust include establishing a capability to perform empirical analysis to rank the security effectiveness of proposed enhancements and new control system designs.
  • The use of high fidelity simulation enables the advancement and docketing of advanced reactor designs. The ability to run realistic tests to ensure the strength of the digital systems will advise the development of new procedures, training and design for upgrades to the existing fleet and advanced reactors and has the potential to inform the new regulatory requirements that will be created for future designs.
  • Due to the complexity of digital control system, it is difficult if not impossible to fully inspect systems at installation, so our program also includes a Supply Chain Risk Management R&D thrust to deliver science-based tools, methodologies, and guidelines for cyber-resistant supply chains, procurement standards, and supplier validation.
Stephen Batson
Deloitte, Senior Manager, Risk and Financial Advisory
Nathan Faith
Exelon Nuclear Corporate Security, Cyber Security Manager
Nathaniel Evans
Argonne National Laboratory, Cyber Operations Analysis and Research Lead
  • Traditional methods to assess the safety of critical infrastructure are insufficient in relation to understanding system failures in complex interconnected systems
  • Implications of increased connectivity
  • How do we integrate cyber security and safety into a risk management methodology?
Daryl Haegley
DoD - Office of the Principal Cyber Advisor to the Secretary of Defense, Director, Cyber Mission Assurance and Deterrence

The Department of Defense (DoD) relies on a global network of critical infrastructure to project, support, and sustain its forces and operations worldwide. The incapacitation, exploitation, or destruction of one or more of its assets would seriously damage DOD's ability to carry out its core missions. Unfortunately, critical infrastructure is often vulnerable to attacks on underlying control systems which are typically networked and poorly protected, making them easily accessible and at risk from local and remote threats regardless of whether the systems are connected or connectable. Moreover, due to their crucial importance, industrial control systems have increasingly been the target of nation-state, criminal and terrorist activities intended to disrupt and deny services. Adversaries have developed and demonstrated non-kinetic means to disrupt critical warfighting infrastructure, denying our ability to project force and maintain multi-domain dominance.

Andre Ristaino
ISCI, Managing Director
Jason Christman
Johnson Controls, Vice President, Chief Product Security Officer
  • Overview of IEC 62443 Standards and ISASecure Certifications
  • BMS Introduction
  • Brief history and terminology
  • IEC 62443-4-2 component alignment to technical security requirements
  • Future state of BMS



Glenn Merrell
ISA99-08 / 10 Co-chair ISA, ISA Certified Automation Professional Industrial Control Systems Security / Freelance Consulting

Why ANSI/ISA/IEC62443?
FAQ's addressed and talking points to follow
 

Andrew Kling
Schneider Electric, Industry Automation Product Security Officer
Ray Secrest
Tampa International Airport, Sr. Security Manager
Ayman Al Issa
McKinsey & Company, Industrial Cybersecurity Lead and Senior Expert.
  • How effectively are we tracking our assets?
  • With an asset inventory, what can we do with it?
  • Are we getting any better at identifying cyber assets associated with a critical asset?
  •  Where we are in relation to inventory and control of hardware assets
  • Where we are in relation to inventory and control of software assets
  • Why ITAM is crucial for effective cybersecurity 
  • Developing situational awareness around what threats and vulnerabilities matter
  • Building asset discovery intelligence tools to monitor networks and asset communications
  • Setting baselines or monitoring
  • Ensuring our monitoring is scaleable
Ayman Al Issa
McKinsey & Company, Industrial Cybersecurity Lead and Senior Expert.

·         Establishing a common IT/OT language
·         Conduct Risk/Gap assessments of OT environments
·         Instituting a Business Security Liaison program to act as a security focal point for the business units
·         Introducing monitoring tools, processes and procedures and consolidation of tools and services between organizations
·         Development of a strategic roadmap w/each business unit to document goals and remediation schedules prioritized based on documented risk 

Thank you to all our speakers, sponsors and guests for supporting us each year!