Control Systems Cybersecurity USA (8th annual live) Control Systems Cybersecurity USA (8th annual live)

Virtual

Thursday, September 23, 2021

- EDT
Securing the ICS Software Supply Chain (Virtual)
Eric Byres (Virtual pres)
Eric Byres (Virtual pres)
aDolus Technology Inc, CEO

Thanks first to the Solarwinds attack and then Executive Order 14028 -  Improving the Nation’s Cybersecurity, the security of the software supply chain has become the hot topic of the year. The Colonial Pipeline ransomware attack made critical infrastructure security front page news. This talk will look at the intersection of these two challenges - why securing the supply chain for critical OT environments is now an urgent priority for asset owners, suppliers and government agencies. In this session you will learn:

  • Why supply chain and ransomware attacks are dramatically increasing 
  • The new obligations set out in EO14028 that industry will need to follow
  • How EO14028 requirements will ripple far beyond government contracts
  • How Software Bill of Materials (SBOMs) will help secure software supply chains
  • What asset owners should be demanding from their OEM Vendors to secure OT systems
  • Why AI will be crucial for locating and prioritizing product vulnerabilities



- EDT
Panel: How do SBOM's work and How do Asset Owners Deploy One? (Physical and Virtual)
Eric Byres (Virtual pres)
Eric Byres (Virtual pres)
aDolus Technology Inc, CEO
Tony Turner
Tony Turner
Fortress Information Security, VP Security Solutions
Chris Blask
Chris Blask
Advisor and SME, Chair ICS ISAC
Steve Springett (Virtual pres)
Steve Springett (Virtual pres)
OWASP CycloneDX Core Working Group, Chair of the OWASP CycloneDX Core Working Group

How do SBOMS currently work (examples)- What are they? Who is currently utilizing them?
How can asset owners use SBOM?

Additional dialogue if time allows:
Are they secure? Is the code being updated upstream?
Who is going to maintain SBOMs?
Who at the facility (asset owner/end user) is responsible for maintaining and monitoring the SBOM?

- EDT
Concept to Commissioned - A UK NG Case Study Implementing an Innovative Networking Solution called SEL OT SDN (Physical and Virtual)
Philip Tonkin (Virtual pres)
Philip Tonkin (Virtual pres)
National Grid, Global Head of Cyber Operational Technology
Tim Watkins
Tim Watkins
Schweitzer Engineering Laboratories, Lead Application Engineer for Networks / Systems with focus in OT-SDN

There are plethora of incredible cyber risk reducing innovative solutions being brought to market.  This discussion will highlight the milestones required for an OT system owner and vendor to overcome in order to bring significant risk reducing solutions from innovation, to market, to implementation.  Operational Technology Software Defined Networking (OT SDN) will be the backdrop to this story line between UK NG and SEL.   

 

Topics to be discussed in order for innovation to be implemented:

  • Innovation requires acceptance into standards and frameworks 
  • Standard and frameworks require acceptance into regulation
  • Regulation is important for acquisition and to become added to specification and designs
  • Timing and funding become involved to put innovation into new or legacy projects
  • Innovation acceptance additionally involves training, education, experience, and cultural change  
  • Any innovation also requires careful consideration to not increase operational risk

 

All of the above compete with adversaries who use the time it take to move from innovation to implementation to find gaps and seams and weaknesses in these system before they are even deployed. This presentation will address ways to reduce the time between milestones to implement innovation faster and safer to ultimately reduce risk?


 

Friday, September 24, 2021

- EDT
Large Program Rollouts, New Technologies Cross Sector (Physical and Virtual)
Steve Batson
Steve Batson
Deloitte, Senior Manager Cyber Risk Emerging Technologies / IOT
Ramsey Hajj
Ramsey Hajj
Deloitte & Touche LLP, Principal Cyber Risk
Jason Hunt
Jason Hunt
Deloitte & Touche LLP, Senior Manager  Cyber Risk
Douglas Powers
Douglas Powers
Deloitte & Touche LLP, Managing Director
Kevin Gautreaux
Kevin Gautreaux
FED EX, Manager Cyber Security Information Security
  • OT monitoring
  • Segmentation
  • SOC integration
  • Standards
  • Digital Immunity
  • 3rd Party Risk
  • Remote Access
- EDT
Panel: Innovation and Security- How can we embrace technology innovation securely (Physical and Virtual)
Andy Bochman (Virtual pres)
Andy Bochman (Virtual pres)
National & Homeland Security Idaho National Laboratory, Senior Grid Strategist
Steve Batson
Steve Batson
Deloitte, Senior Manager Cyber Risk Emerging Technologies / IOT
Tim Watkins
Tim Watkins
Schweitzer Engineering Laboratories, Lead Application Engineer for Networks / Systems with focus in OT-SDN
Richard K. Peters
Richard K. Peters
Fortinet, Operational Technology North American CISO

Technology Maturity - what impacts does this have on the implementation?
How much disruption when integrating into existing processes should be expected and how can we keep that to a minimum?
How can we view "innovation" as a journey rather than a destination-is the environment adaptable? How can it be made adaptable? Are the "innovations" scalable so we are not always starting from scratch? 
How do we keep risk to a minimum? What does the process of execution look like?
Is speed of the implementation prioritised and what impacts does it have


- EDT
Adapting to the Threat Environment (Virtual)
Rob Scott (Virtual pres)
Rob Scott (Virtual pres)
Bechtel, Senior Project Manager and Cybersecurity Business Manager
Katie Pehrson (Virtual pres)
Katie Pehrson (Virtual pres)
Bechtel, Industrial Control Systems Lab Manager
  • Vanishing divide between IT and OT
  • What is the voice of the customer?
  • Dealing with the hype and understanding the threats
  • Integration of technologies and partnerships
  • Beyond OT Cybersecurity to Asset Performance Management
- EDT
Session details to be announced (TSA Drop out)

Apologies to all, despite all our efforts we were unable to replace this session drop out. We will be announcing an exciting addition, stay tuned!

- EDT
DoD’s Priorities, Major Efforts and Way Forward (Virtual)
Daryl Haegley (Virtual pres)
Daryl Haegley (Virtual pres)
DOD, Director, Mission Assurance & Deterrence Principal Cyber Advisor to SECDEF OASD HD&GS

A presentation on the US DoD’s priorities, major efforts and way forward.  

- EDT
Panel: OT Data Science (Physical and Virtual)
Carter Manucy
Carter Manucy
Florida Municipal Power Agency, IT/OT & Cybesecurity Director
Sarah Freeman (Virtual pres)
Sarah Freeman (Virtual pres)
Cybercore Integration Center at Idaho National Laboratory (INL), Industrial Control Systems (ICS) Cyber Security Analyst
Michael Lester (Virtual pres)
Michael Lester (Virtual pres)
Emerson Automation Solutions, Director of Cybersecurity Strategy, Governance and Architecture
Peter Lund
Peter Lund
Industrial Defender, VP, Product Development

How are we:
Cybersecurity needs to lead the business case
Getting data out of OT?
Using data coming out of OT?
How can we protect it once we have it?
Is it accessible?
How are we using the data?
How can we separate actionable intelligence from white noise?
What is the business case, why are we gathering it?

- EDT
Panel: How Can We Manage Risk Faster? (Physical and Virtual)
Andrew Kling
Andrew Kling
Schneider Electric, Product Security Officer
Michael Lester (Virtual pres)
Michael Lester (Virtual pres)
Emerson Automation Solutions, Director of Cybersecurity Strategy, Governance and Architecture
Tony Turner
Tony Turner
Fortress Information Security, VP Security Solutions

Further panellists to be announced.

OEMs are taking a more active approach to product security and development, Patching is one of the oldest and most traditional ways to manage risk. It also is a slow and expensive way to manage risk so it is frequently avoided in the OT world. What else should be considered to manage risk?