Control Systems Cybersecurity USA (8th annual live) Control Systems Cybersecurity USA (8th annual live)

Panel: Innovation and Security- How can we embrace technology innovation securely (Physical and Virtual)

Stream and Physical Kenzies

Andy Bochman (Virtual pres)
National & Homeland Security Idaho National Laboratory, Senior Grid Strategist

Andy Bochman is the Senior Grid Strategist for Idaho National Laboratory’s National and Homeland Security directorate. In this role, Mr. Bochman provides strategic guidance on topics at the intersection of grid security and resilience to INL leadership as well as senior U.S. and international government and industry leaders.


A frequent speaker, writer, and trainer, Mr. Bochman has provided analysis on electric grid and energy sector infrastructure security actions, standards, and gaps to the Department of Energy, Department of Defense, Federal Energy Regulatory Commission (FERC), North American Electric Reliability Corporation (NERC), National Institute of Standards and Technology (NIST), National Academy of Sciences, National Association of Regulatory Utility Commissioners (NARUC), the Electricity Subsector Coordinating Council (ESCC), and state utility commissions. 


Teaming with DOE, NARUC, and other US and international partners, Andy has cyber-trained grid operators and regulators in over a dozen Central, Eastern European, and Indo-Pacific countries and more than half of the US states. He is an infrastructure cybersecurity subject matter expert listed with the U.S. State Department Speakers Bureau and is a Non-Resident Senior Fellow at the Atlantic Council’s Global Energy Center.


Andy has testified before the U.S. Senate Energy and Natural Resources Committee on energy infrastructure cybersecurity issues and before FERC on the security readiness of smart grid cybersecurity standards. He has also held recurring conversations on grid security matters with the Senate Select Committee on Intelligence (SSCI) and the National Security Council (NSC). 


Along with INL colleague and co-writer Sarah Freeman, he recently published a book introducing and documenting a book on INL’s new approach for defending against top-tier cyber adversaries: Countering Cyber Sabotage: Introducing Consequence-based Cyber-Informed Engineering. (Taylor & Francis, 2021)


He began his career as a communications officer in the US Air Force, and prior to joining INL he was the Global Energy & Utilities Security Lead at IBM and a Senior Advisor at the Chertoff Group in Washington, DC. Mr. Bochman received a bachelor of science degree from the U.S. Air Force Academy and a master of arts degree from the Harvard University Extension School. 

Steve Batson
Deloitte, Senior Manager Cyber Risk Emerging Technologies / IOT

Steve Batson is a Nashville-based Senior Manager in Deloitte’s Emerging Technologies Practice, focusing on cybersecurity and technology implementations across industries.  

Steve has 33 years of experience leading IT and OT cybersecurity projects for large multinational clients. Mr Batson is responsible for the strategy, design and implementation of cybersecurity programs and technology solutions.  Subject matter expertise covers both US and international regulations related to cybersecurity.  Steve participates with DHS, IEC, and other cybersecurity working groups. Steve was previously the CEO of a cybersecurity services company. He has extensive experience with ICS security design, operations, maintenance, response, recovery, and penetration testing.

·ISO 27000/NIST/ISA 62443 Cyber Security Program Design and Implementation

·Design and Implementation of Networks, Firewalls, Data Diodes, IDS/IPS, SEM, GRC, B/U systems, IAM, and physical and logical security controls

·Organizational restructuring and change management

·Cyber Security Compliance Assessments

·Penetration testing, Hardening, and testing of ICS systems 

·Cyber Wargaming

·BSEE, CISSP, MCSE with Security Plus, and various networking certifications

Tim Watkins
Schweitzer Engineering Laboratories, Lead Application Engineer for Networks / Systems with focus in OT-SDN

Tim started his US Marine Corps career in avionics in 1993.  From the very beginning, he began implementing security controls to increase the resiliency of mission critical systems from humans.  He later finished his BS in college and subsequently graduated with an MSA from Central Michigan in International Leadership in 2010.  Additionally, he graduated at the top of his class in a master’s level Telecommunications and Systems Engineer Course from Fort Gordon in 2004. Following 20 years of DoD experience as a network and cyber engineer, Tim joined Schweitzer Engineering Laboratories, Inc in 2013. He is now a Lead Application Engineer focusing on securing critical control systems and designing defendable architectures for system owners around the world.  Tim concentrates on holistically looking at reducing risk at the enterprise and organization level.  He is focused on system solutions that allow customers to have greater visibility to mitigate and respond to detected events within their control systems.  Ultimately, his efforts will reduce risk, increase resilience, and mature SEL's best practices.  Ultimately, his expertise will prioritize efforts, increase resiliency, and mature system owner’s plans, policies, and procedures.  

Richard K. Peters
Fortinet, Operational Technology North American CISO

Rick brings the Fortinet OT-CI team more than 37 years of cybersecurity and global partnering experience working across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA).  As Fortinet’s Operational Technology North American CISO, he delivers cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments.  Prior to Fortinet, Rick led development of cyber capability across Endpoint, Infrastructure, and Industrial Control System technologies at the agency.  Previously, Rick also served as an executive leader supporting the Information Assurance Directorate at the NSA.  Earlier in his career, he served in a broad range of leadership and Engineering roles including Chief of Staff for the NSA Cyber Task Force and a 5-year forward liaison charged with directing integration of cyber and cryptologic solutions for U.S. Air Force Europe, Ramstein AFB, Germany.

Technology Maturity - what impacts does this have on the implementation?
How much disruption when integrating into existing processes should be expected and how can we keep that to a minimum?
How can we view "innovation" as a journey rather than a destination-is the environment adaptable? How can it be made adaptable? Are the "innovations" scalable so we are not always starting from scratch? 
How do we keep risk to a minimum? What does the process of execution look like?
Is speed of the implementation prioritised and what impacts does it have