Director James Nesbitt
Introduction to our Chairman and Moderator

• • How mature is cybersecurity in ICS? 
  • Are we articulating cyber risk appropriately?
  • Are we seeing a shift in C Level awareness? 
  • Is regulation pushing the sector forward?
  • Are investments in cyber infrastructure ramping up?
  • How are we collectively meeting the challenges of the ageing workforce and terminology barriers?
  • Is security still seen as a hindrance? How can we move past this perception?

In the past, you will have heard about attacks on critical infrastructure facilities with well-known malware, campaigns, and actor groups - and year after year the numbers of reported attacks on ICS systems are rising. In this presentation, we will briefly discuss historically significant attacks on ICS systems, current systems, and then dive into where we think the future of ICS attacks will go. From our own research, we will give key insights on ICS attacks and discuss methods attackers could be leveraged in the near future.

• Vision to enable the future and meet energy demands through digitisation, increasing flexibility and enhancing physical safety
• Digitisation and our approach to operations and asset management, why the sector needs to change
• Cybersecurity by design and prerequisite
• Design standards from the top down
• Ethernet communications IEC 61850
• Integrated engineering throughout asset lifecycle
• Digitisation will enable proactive condition-based maintenance procedures, monitoring and data collection
• Deployment challenges
• Trusted partnerships and future-proofing through collaboration

• How can we adopt a secure by design approach, given the challenges of new technology being introduced?
• What tools can show us the entire network including the lower layers of ICS?
• Is there a culture of "Leave well enough alone?" How can we overcome this?
• Is enough attention being given to configuration control?
• Are we patching regularly?
• Are we getting better at locking down remote access to ICS environments?

• Manufacturing is a highly competitive industry. Sensitivities to risk, in any form, are high. In many respects, some of the most valuable intellectual property a manufacturing firm carries is in its manufacturing processes.
  • Consequently, protection of this IP becomes an imperative
• Similarly, nuisance attacks can be some of the most damaging, especially if you are caught unprepared. Ransomware has risen to the top of this list. Witness the City of Baltimore recovery.
  • Awareness of cyber risks, anticipating an attack, being prepared
• Today, nations have weaponized cyber-space. Manufacturers are part of a nation’s economies, part of the critical infrastructure of the world. With targets now painted on manufacturing plants, how do we rise to these newest threats?
• Manufacturers need to increase their cyber-preparedness to get the full benefits of Industry 4.0. Business leaders must support their teams, both culturally and financially, to help them secure their systems.
• There is a simple formula to use in which risk assessment must be less than or equal to risk tolerance, which results in a remediation plan to balance the equation. In this talk, we will cover the evolving world and the need to take steps to secure your manufacturing plant.

Under NERC CIP 13 both responsible entities (users/owners and suppliers) are required to develop supply chain risk management plans, to include:
Processes for Procurement planning (incident notification, coordination of response, vendor access management and control, disclosure, verification of software integrity and authenticity.
Reassessments to address evolving threats
-Contract negotiations reassessed to address areas of risk
What will NERC look for? How well risk mitigation concepts were integrated and implemented, especially vendor risk assessments and security provisions in contracts.

What can we do to prepare?
-Technologies to automate processes
-Centralise documentation
-Streamline collaboration
-Integrated risk management platforms to map policies to controls

How do we manage costs?

We will be ensuring all participants meet each other with our new Ice Breaker session right before lunch. This ensures all attendees meet each other, exchange business cards and explain their main purpose for attending. 

• What resources are required for us to maintain a clear picture of our supply chain?
• Do we know what needs to be protected and why? How do we protect these assets?
• Do we know the value of the information and assets our suppliers hold?
• Do we have an understanding of who our suppliers are and how do we establish confidence in their cybersecurity maturity levels?
• Are we getting any better at communicating our security needs?

• As the convergence of systems and security management evolve, how can we converge IT and OT securely?
• Is cybersecurity a priority in an organisations IT/OT alignment? 
• Are we seeing high levels of (cyber) cooperation across IT and OT divisions?
• What challenges do we have to overcome to secure convergence?

• How the latest AI technologies automate OT, ICS, sensor and IoT threat detection
• Why Security automation and orchestration makes sense
• Reduce risks and operational errors, improve efficiency, and address the sophisticated cybersecurity threats appearing as cyber-attackers increasingly target industrial environments 

More information to follow.

• How do we currently perceive risks associated with sharing information with trading partners? Are we still operating in competitive silos? How can we overcome this more effectively?
• How can we reinforce the vital role played by interpersonal relationships and develop trust-based performance-control process models? How can we, in turn, develop these into key business enablers?
• Is the "culture of security" limited to our own organisations?
• Are perceptions changing?
• What examples do we have of successful information sharing partnerships?

The conference drinks reception is sponsored by Trendmicro.

Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, endpoints, and Operational Technology Networks (OT).

Visit us at www.trendmicro.com

Cyber Senate will be meeting in the registration area with all Nozomi guests to travel to the restaurant. Participants confirmed need to be in the foyer at 7:15pm latest.

Director James Nesbitt
Introduction to our Chairman and Moderator

• Digital transformation of the Industrial sector is a top priority for C level executives
• Automation and efficiency, leveraging data and intelligence across the asset base is key to remaining profitable and competitive.
• Ensuring cybersecurity is seen as a business enabler and not a barrier to transformation
• Integrating cybersecurity into industry 4.0, where do we begin and managing the bolt on culture
• How can we help raise awareness of the threats, as position ourselves as key to business continuity – availability and reliability and speak the same language

Computing environments, including command and control infrastructure, suffer from a lack of software diversity, leaving static targets available to attackers to perform reconnaissance and exploitation. These environments would benefit greatly from proactive defense mechanisms (PDMs) that can shift the software users’ interaction, thereby limiting the time that attackers can interact with a potentially vulnerable system and increase resilience. Proactive defense mechanisms could also allow vulnerable software to be removed from the environment seamlessly upon disclosure of a vulnerability, giving organizations time to patch.  These mechanisms would not only increase the cost of attack dramatically but also increase the resilience of the system to an outage from a cyber attack.  Some popular types of PDMs are Moving Target Defense, Cyber Deception and Active Defense.  
 

Secure from what or whom? Fundamentally, control systems were not originally designed with security as a primary driving factor. What types of designs would be resilient to various classes of a cyber attack? How do you implement a robust security architecture without compromising the safety and reliability of the system?

• The next generation of US commercial nuclear power plants, now under construction, uses digital control systems to monitor plant conditions and control plant functions. Current fleet plants require cost-effective and secure digital systems to improve operational efficiency and save costs. There are significant benefits to digital control systems, but they come with potential vulnerabilities to cyber-attacks and/or digital failure. It is crucial that the next generation ICS are proven secure and credited for passively safe designs.
• The DOE-NE have stood up a cybersecurity research and development program to enable science-based methods and technologies necessary for cost-effective, cyber-secure digital instrumentation, control and communication in collaboration with nuclear energy stakeholders. This program is managed jointly by Sandia National Laboratories (SNL) and Idaho National Laboratories (INL).
• Part of this program is a research thrust called Secure Architectures to establish a science-based foundation to inform the fundamental architectural features, design requirements, and operational standards for nuclear facility digital systems. Activities currently in progress at SNL under this thrust include establishing a capability to perform empirical analysis to rank the security effectiveness of proposed enhancements and new control system designs.
• The use of high fidelity simulation enables the advancement and docketing of advanced reactor designs. The ability to run realistic tests to ensure the strength of the digital systems will advise the development of new procedures, training and design for upgrades to the existing fleet and advanced reactors and has the potential to inform the new regulatory requirements that will be created for future designs.
• Due to the complexity of digital control system, it is difficult if not impossible to fully inspect systems at installation, so our program also includes a Supply Chain Risk Management R&D thrust to deliver science-based tools, methodologies, and guidelines for cyber-resistant supply chains, procurement standards, and supplier validation.

• Traditional methods to assess the safety of critical infrastructure are insufficient in relation to understanding system failures in complex interconnected systems
• Implications of increased connectivity
• How do we integrate cyber security and safety into a risk management methodology?

The Department of Defense (DoD) relies on a global network of critical infrastructure to project, support, and sustain its forces and operations worldwide. The incapacitation, exploitation, or destruction of one or more of its assets would seriously damage DOD's ability to carry out its core missions. Unfortunately, critical infrastructure is often vulnerable to attacks on underlying control systems which are typically networked and poorly protected, making them easily accessible and at risk from local and remote threats regardless of whether the systems are connected or connectable. Moreover, due to their crucial importance, industrial control systems have increasingly been the target of nation-state, criminal and terrorist activities intended to disrupt and deny services. Adversaries have developed and demonstrated non-kinetic means to disrupt critical warfighting infrastructure, denying our ability to project force and maintain multi-domain dominance.

• Overview of IEC 62443 Standards and ISASecure Certifications
• BMS Introduction
• Brief history and terminology
• IEC 62443-4-2 component alignment to technical security requirements
• Future state of BMS

Why ANSI/ISA/IEC62443?
FAQ's addressed and talking points to follow
 

• How effectively are we tracking our assets?
• With an asset inventory, what can we do with it?
• Are we getting any better at identifying cyber assets associated with a critical asset?
•  Where we are in relation to inventory and control of hardware assets
• Where we are in relation to inventory and control of software assets
• Why ITAM is crucial for effective cybersecurity 
• Developing situational awareness around what threats and vulnerabilities matter
• Building asset discovery intelligence tools to monitor networks and asset communications
• Setting baselines or monitoring
• Ensuring our monitoring is scaleable

·         Establishing a common IT/OT language
·         Conduct Risk/Gap assessments of OT environments
·         Instituting a Business Security Liaison program to act as a security focal point for the business units
·         Introducing monitoring tools, processes and procedures and consolidation of tools and services between organizations
·         Development of a strategic roadmap w/each business unit to document goals and remediation schedules prioritized based on documented risk 

Thank you to all our speakers, sponsors and guests for supporting us each year!