7th Annual Control Systems Cybersecurity USA 7th Annual Control Systems Cybersecurity USA

Date


EDT
 

Location

Online Event

Schedule

Monday, March 29, 2021

- EDT
Welcome to the Workshop Day
James Nesbitt
James Nesbitt
Cyber Senate, Founder and Director

A warm welcome to the kick off to the workshop day

- EDT
Architecture Design, Remote Access, Controlling Identities and Managing IOT & OT security
Ayman Al Issa
Ayman Al Issa
McKinsey and Company, Industrial Cybersecurity Lead and Senior Expert

During the time of sophisticated cyber-attacks like the SolarWinds, critical infrastructure asset owners realize that securing their infrastructures needs pragmatic approaches that enable them to continue on their digital transformation journeys. At the same time, provide them with the most efficient cybersecurity capabilities that help them with protecting their critical assets from the emerging cyber-attacks. 

The speaker will focus and dive deep into four topics during the workshop:

- The approach to designing secure reference architecture for the integration of the industrial floor with the business. Ayman will cover the step by step design principles and the best practices to develop a “defense-in-depth and zero-trust” based secure reference architecture.

 - How to design secure remote access services that apply out of the box methods and techniques to help enhanced plant maintenance and operations?

 - How to control identities and identity access? Does IT/OT convergence mean that we converge the IT and OT environments and domains? Is it safe to integrated the identity services between IT and OT and to use federated identities?

- Why is it important to understand the difference between IoT, IIoT, and OT environments when considering securing such systems from cyber threats? What are the most significant concerns that we need to realize when we think about utilizing public clouds for such environments?

- EDT
Welcome to the Workshop Day
James Nesbitt
James Nesbitt
Cyber Senate, Founder and Director

Introduction to the afternoon workshop

- EDT
Secure Operations Technology
Michael Firstenberg
Michael Firstenberg
Waterfall Security Solutions, Director of Industrial Security

This course surveys industrial network security problems and introduces Secure Operations Technology (SEC-OT) – a perspective, methodology and set of best practices for designing secure industrial control systems. The world's most secure industrial sites generally deploy comprehensive IT-SEC programs as part of their OT-SEC posture. These sites also deploy a number of additional OT-centric mechanisms unique to operations networks. SEC-OT describes these additional mechanisms.

Learning Objectives - By the end of this course, participants will be able to:

Understand issues that impair the effectiveness of classic IT security (IT-SEC) protections for industrial networks
Identify and classify control-critical networks,
Design physical measures to protect control-critical networks from information/attack flows,
Carry out simple, capabilities-based risk assessments for control-critical networks.
Target audience - Persons responsible for:

Industrial control system and operations cybersecurity
Cyber-physical risk management
Monitoring the security of industrial systems and operations networks
Course Content

Survey of issues applying IT-SEC to industrial operations
Industrial security priorities: safety, reliability, correct control – not CIA or AIC
Patching/security updates are costly, with limited effect
IT-style security monitoring introduces attack paths
Encryption of certain networks increases costs and risks, with limited benefits
SEC-OT concepts
Protecting physical industrial operations from information, rather than protecting the information itself
Classifying and grouping cyber assets into control-critical networks
Physical protection from information, control and attack flows
Defeating Offline Attacks
Offline survey
Test beds
Removable media and devices
Hardware and software supply chain
Insiders
Defeating Online Attacks
Online survey
Air gaps and their limitations
Unidirectional gateway technology
Twenty unidirectional network architectures
Worked example
Capabilities-based risk assessment
A standard set of cyber attacks
Using the attacks to evaluate IT-SEC, IIoT and SEC-OT security architectures
Communicating risk assessment results to senior management
Pre-requisites - participants should have some experience with all of:

IT security
IP networking
IT-class cyber-attack techniques
Industrial control systems
Industrial cybersecurity




Instructor: Michael H. Firstenberg GICSP, CISSP, GCIH

Mike Firstenberg is the Director of Industrial Security for Waterfall Security. Mike brings two decades of experience in Process Control Security, specializing in Control System Cyber Security. With a proven track record as a hands-on engineer - researching, designing, and implementing strategic security solutions, Mike has an established background working with government institutions, regulatory authorities, and industrial utilities. The former chair of the American Water SCADA Council, Mike studied Computer Science, Chemical Engineering, and Mathematics at the University of Pennsylvania, and has served as a speaker and panelist at numerous conferences and events around the world. Mike participates actively in ISA SP99, and serves on committees that have created Industrial Cybersecurity guidelines and roadmaps in many sectors

Tuesday, March 30, 2021

- EDT
Pre Conference Networking

Meet our exhibitors and also find your peers in the directory to connect with video calls, internal messaging and one to one meeting opportunities.

- EDT
Welcome from Cyber Senate

A warm welcome to our virtual Control Systems Cybersec USA show! Thank you to our speakers, sponsors and you the attendee for making this possible. Please make the most out of our event platform with the one to one meetings, contact information exchange and face to face video and chat tools. Please feel free to ask questions for our presenters and panellists and remember the content of the show will be made available on demand post event.

- EDT
Looking at Security from many Perspectives
Andrew Kling
Andrew Kling
Schneider Electric, CPSO - Industrial Automation
Megan Samford
Megan Samford
Schneider Electric, CPSO – Energy Management

One of the hardest decisions an asset owner must make when faced with known vulnerabilities or exploits is whether to take down their plant in order to apply patches and upgrade end of life process control components. There are risks if you do (productions loss, opportunity costs, failed upgrades) and (cyber)risks if you do not. In this panel we will discuss several options that could be considered when presented with known cyber-risks. Note: On the surface this may feel like a standard defense in depth strategy, and in some respects it is. But these strategies are meant to address specific attack techniques, known vulnerabilities and exploits, so it is better to think of these techniques as reactive rather than the defense in depth, proactive approach.

 -Runtime Application Self Protection (RASP) is an emerging collection of approaches to address the fundamental issue with cyber-exploits, that is the ability for malicious processes to access memory where they should not be able. If you control memory access, you control an entire class of exploits (memory-based attacks) 

-Patching – Our most traditional approach to defend against exploits in the wild 

-Signatures – Antivirus is the most common signature-based solution. YARA rules are a way of identifying malware (or other files) by creating rules that look for certain characteristics. 

-Mitigations – frequently OEMs advise their customers to take specific actions in order to close off known attack vectors. Closing ports on a firewall, disabling unused services, implementing access controls, network segmentation, implementing secure protocols, etc. are all common recommendations to react to specific vulnerabilities 

-Security Tools – OEMS such as Schneider Electric take time to partner with security tool vendors who often bring their own unique approach to addressing active exploits *Network Anomaly detection – similar to signature checking, the ability to identify an exploit on the wire before it reaches the device. A good example are “magic” packets that can cause crashes, buffer overflows, RCE, etc. *AI/ML – an emerging technology, maligned somewhat today, but do not underestimate how this can and will be used in the future 

-Upgrades – whether this is a component by component upgrade or a rip and replace, one way to eliminate legacy cybersecurity issues is to upgrade to the current generation

- EDT
Ten Minute Q&A with Speakers
Andrew Kling
Andrew Kling
Schneider Electric, CPSO - Industrial Automation
Megan Samford
Megan Samford
Schneider Electric, CPSO – Energy Management

Join our speakers for further discussion and questions

- EDT
How to Bring Together the Ecosystem of Security Tools in the OT Space
Philip Tonkin
Philip Tonkin
National Grid, Global Head of Cyber Operational Technology

As ICS owners grow in maturity, the adoption of IT and dedicated OT security tools is increasing visibility into operational networks, this talk will explore the possibilities to bring together these capabilities using existing and novel technologies to manage risks in critical environments. 

Topics

  • Tools and Technologies
  • Integration and Correlation Closing gaps with legacy technology Cyber and Physical Security together to create a holistic defense 
  • A look into the future
- EDT
Ten Minute Q&A with Speakers
Philip Tonkin
Philip Tonkin
National Grid, Global Head of Cyber Operational Technology

Join our presenter for further discussion

- EDT
Case Study on Cybersecure Substation Automation System Networks
Andreas Klien
Andreas Klien
OMICRON electronics, Head of Business Area Power Utility Communication

Due to their large number and their often missing protection mechanisms, substations represent a large attack surface of the power grid. 

Based on a case study of a substation commissioned and pentested in 2020, this presentation will outline the most important protection and detection measures for substations. 

Applying the NIST Cybersecurity Framework in substations 

Analyzing the most important attack vectors of substations throughout their lifecycle 

Presentation of a new cybersecure substation network architecture design for protecting against these attack vectors 

Outlining security measures such as secure remote and local maintenance access, multiple firewall zones on the process level, and intrusion detection 

Challenges and requirements when applying IDS at the substation level and how to solve them

- EDT
Ten Minute Q&A with Speakers
Andreas Klien
Andreas Klien
OMICRON electronics, Head of Business Area Power Utility Communication
- EDT
Exhibitor Networking

Meet key solution providers, exchange business cards and benefit from our one to one communication tools.

- EDT
Beyond Visibility: Why Old Networks Need to Learn New Tricks
Richard K. Peters
Richard K. Peters
Operational Technology North America, Fortinet, CISO

Cybercriminals are maximizing their opportunity by exploiting the expanding digital attack surface. In the last six month and more, operational technology has been targeted given the age and vulnerability of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.

Gaining greater visibility to network activity, while a great starting point, is only the first step for organizations converging legacy and modern environments. During this session, we will explore common security challenges in this digital age and why it requires more than visibility to secure a united OT-IT environment.

- EDT
Ten Minute Q&A with Speakers
Richard K. Peters
Richard K. Peters
Operational Technology North America, Fortinet, CISO

Join our presenter for further discussion

- EDT
How is Cyber Crime rising in the Internet of Things?
Stephen Hilt
Stephen Hilt
Trend Micro, Sr Threat Researcher

-Brief History of IoT malware 

-Cyber Criminals and how they are discussing IoT in the criminal underground. 

-Worm Wars, how criminals are fighting over devices on the internet. 

-VPNFilter: a potently nation state malware targeting IoT Devices looking for industrial control systems protocols and where it is 2 years after. 

-Running of the ICS Honeypots to look for next malware and attackers looking for Control systems for attack.

- EDT
Ten Minute Q&A with Speakers
Stephen Hilt
Stephen Hilt
Trend Micro, Sr Threat Researcher

Join our presenters for further discussion

- EDT
- EDT
Roundtable Networking! Socialise and Learn in our Concurrent Sessions

Roundtable 1: Trend Micro
IIOT/ICS cyber security business and technical challenges and some best practices recommendations

Roundtable 2: "Cybersecurity Truths and Common Misconceptions" with Schneider Electric - A discussion on key areas of cyber risk management beyond the traditional patching focus

- EDT
Industrial Security – Today is somebody’s first day
Michael Firstenberg
Michael Firstenberg
Waterfall Security Solutions, Director of Industrial Security
  • History - How did we get here?
  • Concepts – terminology and application
  • The basics – what makes a difference in practice
  • The call to action – protect our infrastructure.

I’ve been working in this field for over 20 years. You might have more time, you might have less. Or maybe today is the first day you are looking into industrial cybersecurity. Perhaps you will soon be expanding your team and have new talent that does not necessarily have the experience - what do they need to know before they head to the plant floor, or even pick up the phone? Let’s make sure that we do not lose what we have learned or the momentum as we continue to press on with our charge.

- EDT
Ten Minute Q&A with Speakers
Michael Firstenberg
Michael Firstenberg
Waterfall Security Solutions, Director of Industrial Security

Join our presenter for further discussion

- EDT
Rapidly Reduce OT Cyber Risk Through OT End Point Management
Rick Kaun
Rick Kaun
Verve Industrial Protection, VP Solutions

Perimeter controls, behavioral monitoring and threat intelligence are all well established and valuable components of any security program. But let’s be perfectly clear: significant residual risk still resides on many OT assets. From the obvious challenges of non-patched systems to less obvious but equally risky factors such as dormant admin accounts, un-necessary/problematic software, system configuration and even employee driven ‘workarounds’ the hundreds and thousands of assets within operating environments around the world host a ton of risk. The reason is because actually reducing risk on these endpoints has traditionally been challenging, manually executed and poorly maintained. The good news is that there is an OT safe, scalable, accurate and automated way to rapidly reduce risk. 

Join Rick Kaun, VP of Solutions as he shares what organizations around the world of all sizes are doing to: 

Automate the collection and contextualization of rich asset profiles 

Use this 360 degree view of operational assets to accurately identify, prioritize and plan remedial actions 

Automate, with OT oversight, actions from patch deployment to implementing compensating controls (least privilege)

 Track and Report in near real time on the above from a single pane of glass for all assets across the fleet

- EDT
Ten Minute Q&A with Speakers
Rick Kaun
Rick Kaun
Verve Industrial Protection, VP Solutions

Join our presenter for further discussion

- EDT
Exhibitor Networking

Meet our Exhibitors, exchange business cards with your peers and take advantage of our one to one networking video and chat tools.

- EDT
Embedded Device Resistance to Cyberattacks
David Doggett
David Doggett
Red Balloon Security, Senior Strategist

-Embedded devices are the key interface to the physical world and as such provide the protections against physical device damage. 

-Protecting these devices is key to preventing physical damage. 

-Gaps in embedded device cybersecurity making attacks easier. 

-Closing the gaps using modern cybersecurity.

- EDT
Ten Minute Q&A with Speakers
David Doggett
David Doggett
Red Balloon Security, Senior Strategist

Join our presenters for further discussion

- EDT
Panel: Supply Chain Risk and Maturity
Jake Margolis
Jake Margolis
Metropolitan Water District of Southern California, CISO
Jeremy Morgan
Jeremy Morgan
Industrial Defender, Principal Risk and Solutions Consultant
Frank Honkus
Frank Honkus
Electricity Information Sharing and Analysis Center(E-ISAC), Associate Director, Intelligence Programs and CRISP Manager

Supply Chain Cyber Security is taking center stage and is our biggest risk. 

-Are we identifying risk in the supply chain? 

-How are we doing this and if not how can we improve? 

-Information Sharing on supply chain threats, common practices, challenges and ways we can improve -How can we more effectively build trust with our suppliers and industry peers? 

-How can we better communicate supply chain risk? 

-Sourcing and Procurement - how can we better communicate cyber risk contractually and move away from the 'break and fix' model with our suppliers 

-Lets look closer at how vendors, infosec leaders and engineering are working -together in ensuring security of OT products 


Panellists to be announced, interested parties contact [email protected]

- EDT
End of Day One

End of Day One, we will see you back here at 8:45 AM March 31st.

Wednesday, March 31, 2021

- EDT
Welcome Back
James Nesbitt
James Nesbitt
Cyber Senate, Founder and Director

Welcome back from the Cyber Senate! Thank you to all of those who took part in day one, thank you to our speakers and sponsors and we look forward to an amazing day two!

- EDT
Leveraging Threat Intelligence to Drive Action
David Webb
David Webb
MISO (Midcontinent Independent System Operator), Security Analyst and Threat Hunter

Background of MISO

 - The need for threat intelligence 

- What is valuable threat intelligence 

o E-ISAC and CISA bulletins 

o Mainstream media articles 

- Contextualizing threat intelligence to your organization

- Operationalizing threat intelligence 

- Drive actions and provide value

- EDT
Ten Minute Q&A with Speakers
David Webb
David Webb
MISO (Midcontinent Independent System Operator), Security Analyst and Threat Hunter

Further discussion with our presenter

- EDT
Remote Access to OT
Tahir Saleem
Tahir Saleem
DEWA, Senior Specialist OT Security

-Business drivers for remote industrial operations 

-Cyber security risks associated with remotely operating and maintaining OT/ICS-enabled assets 

-Risk mitigation strategies and best practices to enable remote industrial operations

- EDT
Panel: OT Systems Management
Patrick Miller
Patrick Miller
Independent Security and Regulatory Advisor
Carter Manucy
Carter Manucy
Florida Municipal Power Agency, IT/OT & Cybesecurity Director
David Foose
David Foose
Emerson Automation Solutions, Security Solutions Program Manager
Sarah Freeman
Sarah Freeman
Cybercore Integration Center at Idaho National Laboratory (INL), Industrial Control Systems (ICS) Cyber Security Analyst

Lifecycle management requirements 

System Requirements and Outcomes 

Specifications to ensure reliability and security 

Supply Chain Management 

Retrofitting and Replacing outdated legacy components

- EDT
Building Management Systems Case Study Panel
Michael Makstman
Michael Makstman
City and County of San Francisco, CISO
Ramsey Williams
Ramsey Williams
San Francisco Public Utilities Commission, CISO
Jonathan Kaplan
Jonathan Kaplan
San Francisco International Airport, Director of Information Security
Matt Reeves
Matt Reeves
City and County of San Francisco, CTO, Infrastructure and Network

The panel will take a holistic look at cybersecurity design for building that server the needs of a million San Franciscans and visitors to the City. We will discuss the following key building cybersecurity elements: 

protecting critical infrastructure components that serve City buildings, such as water and electric systems cyber design implemented for the new City Permit Center, a multi-tenant campus supporting a dozen City departments securing innovative building technology for a new, world-class airport terminal

- EDT
IoT Law
Patrick Miller
Patrick Miller
Independent Security and Regulatory Advisor

The new IoT cybersecurity law focuses primarily on the procurement of IoT technology and products by the federal government, but it also has the potential to create a more uniform IoT security standard across the private sector. A look at how this will effect your risk management strategies

- EDT
Ten Minute Q&A with Speakers
Patrick Miller
Patrick Miller
Independent Security and Regulatory Advisor

Further discussion with our presenter

- EDT
- EDT
Product Development Cybersecurity - Roundtable Networking! Socialise and Learn in our Concurrent Sessions
Chris Blask
Chris Blask
Unisys, Unisys Applied Innovation, Supply Chain Attestation, Author, Speaker
Eric Byres
Eric Byres
aDolus Technology, CEO
Ron Brash
Ron Brash
Verve Industrial Protection, Director of Cyber Security Insights
Bryan Owen
Bryan Owen
OSIsoft, Security Architect

How do we better manage cyber risk throughout the development and deployment process? (This is a hardware and software discussion!)


- EDT
Human Factors
Jake Margolis
Jake Margolis
Metropolitan Water District of Southern California, CISO

Why in 2021 are we still discussing this? 

What is the impact of Organizational Culture on Cybersecurity? 

Never Use FUD (Fear Uncertainty and Doubt) 

Setting Expectations and Demystifying Cybersecurity Threats 

Getting Users Invested in Cybersecurity Efforts

- EDT
Ten Minute Q&A with Speakers
Jake Margolis
Jake Margolis
Metropolitan Water District of Southern California, CISO

Further discussion with our presenter

- EDT
Incident Response from Geek to C-Suite
Stephen Kwok
Stephen Kwok
LA Department of Water and Power, CISO

• Mindset differences between various levels of people involve. 

• Considerations in addressing the differences. 

• Creating a structure that works for your organization. 

• Getting “right” people with the “right” attitude and aptitude.

- EDT
Ten Minute Q&A with Speakers
Stephen Kwok
Stephen Kwok
LA Department of Water and Power, CISO

Further discussion with our presenter

- EDT
- EDT
Developing and Defining a Cybersecurity Culture
Stephen Mills
Stephen Mills
Royal Carribean Group, Director of Maritime CyberSecurity

Changing Perceptions 

Training and upgrading skillsets

- EDT
Ten Minute Q&A with Speakers
Stephen Mills
Stephen Mills
Royal Carribean Group, Director of Maritime CyberSecurity

Further discussion with our presenter

- EDT
The Role of CRISP in an Evolving Cyber Threat Landscape
Frank Honkus
Frank Honkus
Electricity Information Sharing and Analysis Center(E-ISAC), Associate Director, Intelligence Programs and CRISP Manager

1. Brief overview of what CRISP is 

2. Provide a high level threat overview (the why) 

3. Program improvements to address the above 

4. Pilots 

a. OT pilots 

i. CRISP OT Dragos Pilot

ii. CRISP Essence Integration Pilot 

b. Syslog Pilot 

c. Cloud based ISD pilot 

5. Closing remarks: being the strongest link for high level cyber situational awareness

- EDT
Ten Minute Q&A with Speakers
Frank Honkus
Frank Honkus
Electricity Information Sharing and Analysis Center(E-ISAC), Associate Director, Intelligence Programs and CRISP Manager

Further discussion with our presenter

- EDT
End of Conference Closing Remarks

Thank you for joining us and we will see you in Florida September 22-24th for a live face to face show again!