6th Annual Industrial Control Cybersecurity USA 6th Annual Industrial Control Cybersecurity USA

Mystic Dunes Resort

Tuesday, September 24, 2019

- WEST
Breakfast and welcome from the Cyber Senate
Chris Blask
Chris Blask
Unisys, Global Director Industrial and IoT Security
James Nesbitt
James Nesbitt
Cyber Senate, Director and Founder

Director James Nesbitt
Introduction to our Chairman and Moderator

- WEST
Keynote Panel: The Current State of ICS Maturity and Awareness
Steve Brown
Steve Brown
Xcel Energy, Vice President, Enterprise Security Services & Chief Security Officer
Richard Ku
Richard Ku
Trend Micro, Sr. Vice President Commercial IoT Security Business and Market Development
Daryl Haegley
Daryl Haegley
DoD - Office of the Principal Cyber Advisor to the Secretary of Defense, Director, Cyber Mission Assurance and Deterrence
    • How mature is cybersecurity in ICS? 
    • Are we articulating cyber risk appropriately?
    • Are we seeing a shift in C Level awareness? 
    • Is regulation pushing the sector forward?
    • Are investments in cyber infrastructure ramping up?
    • How are we collectively meeting the challenges of the ageing workforce and terminology barriers?
    • Is security still seen as a hindrance? How can we move past this perception?
- WEST
Past, Present, and Future of ICS Attacks
Stephen Hilt
Stephen Hilt
Trend Micro, Sr. Threat Researcher

In the past, you will have heard about attacks on critical infrastructure facilities with well-known malware, campaigns, and actor groups - and year after year the numbers of reported attacks on ICS systems are rising. In this presentation, we will briefly discuss historically significant attacks on ICS systems, current systems, and then dive into where we think the future of ICS attacks will go. From our own research, we will give key insights on ICS attacks and discuss methods attackers could be leveraged in the near future.

- WEST
Case Study: Moving Towards a Digitised Substation
Philip Tonkin
Philip Tonkin
National Grid, Global Head of Cyber Operational Technology
  • Vision to enable the future and meet energy demands through digitisation, increasing flexibility and enhancing physical safety
  • Digitisation and our approach to operations and asset management, why the sector needs to change
  • Cybersecurity by design and prerequisite
  • Design standards from the top down
  • Ethernet communications IEC 61850
  • Integrated engineering throughout asset lifecycle
  • Digitisation will enable proactive condition-based maintenance procedures, monitoring and data collection
  • Deployment challenges
  • Trusted partnerships and future-proofing through collaboration
- WEST
- WEST
Panel: Cybersecurity Preparedness; Design and Architecture
Steve Brown
Steve Brown
Xcel Energy, Vice President, Enterprise Security Services & Chief Security Officer
Noel Zamot
Noel Zamot
ATABEY GROUP LLC, President
F. Mitch McCrory
F. Mitch McCrory
Sandia National Laboratories, Manager, Energy Security Department
  • How can we adopt a secure by design approach, given the challenges of new technology being introduced?
  • What tools can show us the entire network including the lower layers of ICS?
  • Is there a culture of "Leave well enough alone?" How can we overcome this?
  • Is enough attention being given to configuration control?
  • Are we patching regularly?
  • Are we getting better at locking down remote access to ICS environments?
- WEST
Industry 4.0: Cyber Securing Legacy Systems across the Business
Andrew Kling
Andrew Kling
Schneider Electric, Industry Automation Product Security Officer
  • Manufacturing is a highly competitive industry. Sensitivities to risk, in any form, are high. In many respects, some of the most valuable intellectual property a manufacturing firm carries is in its manufacturing processes.
    • Consequently, protection of this IP becomes an imperative
  • Similarly, nuisance attacks can be some of the most damaging, especially if you are caught unprepared. Ransomware has risen to the top of this list. Witness the City of Baltimore recovery.
    • Awareness of cyber risks, anticipating an attack, being prepared
  • Today, nations have weaponized cyber-space. Manufacturers are part of a nation’s economies, part of the critical infrastructure of the world. With targets now painted on manufacturing plants, how do we rise to these newest threats?
  • Manufacturers need to increase their cyber-preparedness to get the full benefits of Industry 4.0. Business leaders must support their teams, both culturally and financially, to help them secure their systems.
  • There is a simple formula to use in which risk assessment must be less than or equal to risk tolerance, which results in a remediation plan to balance the equation. In this talk, we will cover the evolving world and the need to take steps to secure your manufacturing plant.

 

- WEST
Preparing for NERC CIP-013-1
Stephen Batson
Stephen Batson
Deloitte, Senior Manager, Risk and Financial Advisory

Under NERC CIP 13 both responsible entities (users/owners and suppliers) are required to develop supply chain risk management plans, to include:
Processes for Procurement planning (incident notification, coordination of response, vendor access management and control, disclosure, verification of software integrity and authenticity.
Reassessments to address evolving threats
-Contract negotiations reassessed to address areas of risk
What will NERC look for? How well risk mitigation concepts were integrated and implemented, especially vendor risk assessments and security provisions in contracts.

What can we do to prepare?
-Technologies to automate processes
-Centralise documentation
-Streamline collaboration
-Integrated risk management platforms to map policies to controls

How do we manage costs?

- WEST
Ice Breaker Introductions

We will be ensuring all participants meet each other with our new Ice Breaker session right before lunch. This ensures all attendees meet each other, exchange business cards and explain their main purpose for attending. 

- WEST
Panel: Supply Chain Cyber Security: Do we Understand the Risk?
Philip Tonkin
Philip Tonkin
National Grid, Global Head of Cyber Operational Technology
Matthew Bohne
Matthew Bohne
Honeywell, Vice President, Chief Product Security Officer
Ayman Al Issa
Ayman Al Issa
McKinsey & Company, Industrial Cybersecurity Lead and Senior Expert.
  • What resources are required for us to maintain a clear picture of our supply chain?
  • Do we know what needs to be protected and why? How do we protect these assets?
  • Do we know the value of the information and assets our suppliers hold?
  • Do we have an understanding of who our suppliers are and how do we establish confidence in their cybersecurity maturity levels?
  • Are we getting any better at communicating our security needs?
- WEST
Panel: The Evolution of IT/OT Convergence
Rick Kaun
Rick Kaun
Verve Industrial Protection, VP of Solutions
Philip Tonkin
Philip Tonkin
National Grid, Global Head of Cyber Operational Technology
Richard Ku
Richard Ku
Trend Micro, Sr. Vice President Commercial IoT Security Business and Market Development
  • As the convergence of systems and security management evolve, how can we converge IT and OT securely?
  • Is cybersecurity a priority in an organisations IT/OT alignment? 
  • Are we seeing high levels of (cyber) cooperation across IT and OT divisions?
  • What challenges do we have to overcome to secure convergence?
- WEST
Fireside Chat Case Study: Artificial Intelligence and Automated Threat Response for OT Environments
Jeff Cornelius, Ph.D
Jeff Cornelius, Ph.D
Darktrace, Executive Vice President
Ian Fitzgerald
Ian Fitzgerald
Truckee Donner Public Utility District, CIO/Information Technology Director
  • How the latest AI technologies automate OT, ICS, sensor and IoT threat detection
  • Why Security automation and orchestration makes sense
  • Reduce risks and operational errors, improve efficiency, and address the sophisticated cybersecurity threats appearing as cyber-attackers increasingly target industrial environments 
- WEST
How to Integrate Threat Intelligence into Critical Infrastructure
Franky Thrasher
Franky Thrasher
ENGIE Electrabel, Manager Nuclear Cybersecurity

More information to follow.

- WEST
Panel: Bridging the Gaps - Risk Mitigation Information Sharing. Are we improving at Developing Trust?
David Batz
David Batz
Edison Electric Institute, Senior Director, Cyber & Infrastructure Security
Franky Thrasher
Franky Thrasher
ENGIE Electrabel, Manager Nuclear Cybersecurity
Carter Manucy
Carter Manucy
Florida Municipal Power Agency, Cyber Security Manager
Frank Honkus
Frank Honkus
E-ISAC, Associate Director, Threat Intelligence, CRISP Program Manager
  • How do we currently perceive risks associated with sharing information with trading partners? Are we still operating in competitive silos? How can we overcome this more effectively?
  • How can we reinforce the vital role played by interpersonal relationships and develop trust-based performance-control process models? How can we, in turn, develop these into key business enablers?
  • Is the "culture of security" limited to our own organisations?
  • Are perceptions changing?
  • What examples do we have of successful information sharing partnerships?


- WEST
End of Day One: Drinks Reception Sponsored by Trend Micro
Richard Ku
Richard Ku
Trend Micro, Sr. Vice President Commercial IoT Security Business and Market Development
Stephen Hilt
Stephen Hilt
Trend Micro, Sr. Threat Researcher

The conference drinks reception is sponsored by Trendmicro.

Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, endpoints, and Operational Technology Networks (OT).

Visit us at www.trendmicro.com

Wednesday, September 25, 2019

- WEST
Breakfast and welcome from the Cyber Senate
Chris Blask
Chris Blask
Unisys, Global Director Industrial and IoT Security
James Nesbitt
James Nesbitt
Cyber Senate, Director and Founder

Director James Nesbitt
Introduction to our Chairman and Moderator

- WEST
Industry 4.0 - The Driver for Adoption
Chris Blask
Chris Blask
Unisys, Global Director Industrial and IoT Security
  • Digital transformation of the Industrial sector is a top priority for C level executives
  • Automation and efficiency, leveraging data and intelligence across the asset base is key to remaining profitable and competitive.
  • Ensuring cybersecurity is seen as a business enabler and not a barrier to transformation
  • Integrating cybersecurity into industry 4.0, where do we begin and managing the bolt on culture
  • How can we help raise awareness of the threats, as position ourselves as key to business continuity – availability and reliability and speak the same language
- WEST
Next Generation Defense
Nathaniel Evans
Nathaniel Evans
Argonne National Laboratory, Cyber Operations Analysis and Research Lead

Computing environments, including command and control infrastructure, suffer from a lack of software diversity, leaving static targets available to attackers to perform reconnaissance and exploitation. These environments would benefit greatly from proactive defense mechanisms (PDMs) that can shift the software users’ interaction, thereby limiting the time that attackers can interact with a potentially vulnerable system and increase resilience. Proactive defense mechanisms could also allow vulnerable software to be removed from the environment seamlessly upon disclosure of a vulnerability, giving organizations time to patch.  These mechanisms would not only increase the cost of attack dramatically but also increase the resilience of the system to an outage from a cyber attack.  Some popular types of PDMs are Moving Target Defense, Cyber Deception and Active Defense.  
 

- WEST
Secure Architectures: Research into what makes a Secure Architecture
F. Mitch McCrory
F. Mitch McCrory
Sandia National Laboratories, Manager, Energy Security Department

Secure from what or whom? Fundamentally, control systems were not originally designed with security as a primary driving factor. What types of designs would be resilient to various classes of a cyber attack? How do you implement a robust security architecture without compromising the safety and reliability of the system?

  • The next generation of US commercial nuclear power plants, now under construction, uses digital control systems to monitor plant conditions and control plant functions. Current fleet plants require cost-effective and secure digital systems to improve operational efficiency and save costs. There are significant benefits to digital control systems, but they come with potential vulnerabilities to cyber-attacks and/or digital failure. It is crucial that the next generation ICS are proven secure and credited for passively safe designs.
  • The DOE-NE have stood up a cybersecurity research and development program to enable science-based methods and technologies necessary for cost-effective, cyber-secure digital instrumentation, control and communication in collaboration with nuclear energy stakeholders. This program is managed jointly by Sandia National Laboratories (SNL) and Idaho National Laboratories (INL).
  • Part of this program is a research thrust called Secure Architectures to establish a science-based foundation to inform the fundamental architectural features, design requirements, and operational standards for nuclear facility digital systems. Activities currently in progress at SNL under this thrust include establishing a capability to perform empirical analysis to rank the security effectiveness of proposed enhancements and new control system designs.
  • The use of high fidelity simulation enables the advancement and docketing of advanced reactor designs. The ability to run realistic tests to ensure the strength of the digital systems will advise the development of new procedures, training and design for upgrades to the existing fleet and advanced reactors and has the potential to inform the new regulatory requirements that will be created for future designs.
  • Due to the complexity of digital control system, it is difficult if not impossible to fully inspect systems at installation, so our program also includes a Supply Chain Risk Management R&D thrust to deliver science-based tools, methodologies, and guidelines for cyber-resistant supply chains, procurement standards, and supplier validation.
- WEST
Panel: Evolving Cyber Risk to Safety Critical Systems: Understanding and Mitigating Dependencies Between Cybersecurity Vulnerabilities and System Safety
Stephen Batson
Stephen Batson
Deloitte, Senior Manager, Risk and Financial Advisory
Nathan Faith
Nathan Faith
Exelon Nuclear Corporate Security, Cyber Security Manager
Nathaniel Evans
Nathaniel Evans
Argonne National Laboratory, Cyber Operations Analysis and Research Lead
  • Traditional methods to assess the safety of critical infrastructure are insufficient in relation to understanding system failures in complex interconnected systems
  • Implications of increased connectivity
  • How do we integrate cyber security and safety into a risk management methodology?
- WEST
Enhancing the Protection and Situational Awareness of CS Networks Associated with Critical Infrastructure on DoD Installations and Supporting DoD Missions
Daryl Haegley
Daryl Haegley
DoD - Office of the Principal Cyber Advisor to the Secretary of Defense, Director, Cyber Mission Assurance and Deterrence

The Department of Defense (DoD) relies on a global network of critical infrastructure to project, support, and sustain its forces and operations worldwide. The incapacitation, exploitation, or destruction of one or more of its assets would seriously damage DOD's ability to carry out its core missions. Unfortunately, critical infrastructure is often vulnerable to attacks on underlying control systems which are typically networked and poorly protected, making them easily accessible and at risk from local and remote threats regardless of whether the systems are connected or connectable. Moreover, due to their crucial importance, industrial control systems have increasingly been the target of nation-state, criminal and terrorist activities intended to disrupt and deny services. Adversaries have developed and demonstrated non-kinetic means to disrupt critical warfighting infrastructure, denying our ability to project force and maintain multi-domain dominance.

- WEST
Using IEC 62443 Standards for Securing Building Management Systems
Andre Ristaino
Andre Ristaino
ISCI, Managing Director
Jason Christman
Jason Christman
Johnson Controls, Vice President, Chief Product Security Officer
  • Overview of IEC 62443 Standards and ISASecure Certifications
  • BMS Introduction
  • Brief history and terminology
  • IEC 62443-4-2 component alignment to technical security requirements
  • Future state of BMS



- WEST
Applying and Implementing ISA/IEC 62443
Glenn Merrell
Glenn Merrell
ISA99-08 / 10 Co-chair ISA, ISA Certified Automation Professional Industrial Control Systems Security / Freelance Consulting

Why ANSI/ISA/IEC62443?
FAQ's addressed and talking points to follow
 

- WEST
Panel: Asset Inventory - Determining our critical Assets and the Essential functions of those Critical Assets
Andrew Kling
Andrew Kling
Schneider Electric, Industry Automation Product Security Officer
Ray Secrest
Ray Secrest
Tampa International Airport, Sr. Security Manager
Ayman Al Issa
Ayman Al Issa
McKinsey & Company, Industrial Cybersecurity Lead and Senior Expert.
  • How effectively are we tracking our assets?
  • With an asset inventory, what can we do with it?
  • Are we getting any better at identifying cyber assets associated with a critical asset?
  •  Where we are in relation to inventory and control of hardware assets
  • Where we are in relation to inventory and control of software assets
  • Why ITAM is crucial for effective cybersecurity 
  • Developing situational awareness around what threats and vulnerabilities matter
  • Building asset discovery intelligence tools to monitor networks and asset communications
  • Setting baselines or monitoring
  • Ensuring our monitoring is scaleable
- WEST
Case Study: Integrating a Holistic Cyber Security program into the OT Environment
Ayman Al Issa
Ayman Al Issa
McKinsey & Company, Industrial Cybersecurity Lead and Senior Expert.

·         Establishing a common IT/OT language
·         Conduct Risk/Gap assessments of OT environments
·         Instituting a Business Security Liaison program to act as a security focal point for the business units
·         Introducing monitoring tools, processes and procedures and consolidation of tools and services between organizations
·         Development of a strategic roadmap w/each business unit to document goals and remediation schedules prioritized based on documented risk 

- WEST
Wash up and End of Conference!

Thank you to all our speakers, sponsors and guests for supporting us each year!