Industrial Control Cyber Security Europe

Industrial Control Security

www.cybersenate.com

www.industrialcontrolsecurityeurope.com

Register at www.industrialcontrolsecurityeurope.com

29th and 30th September 2014Royal Aeronautical Society, London, UK

Event OverviewIdentify, protect, detect, respond and recover. All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Energy Sector. The ICS Energy Europe conference has been developed under the guidance of the Cyber Senate. An exclusive community of authoritative global leaders with unparalleled experience and knowledge in both Cyber and Industrial Control sectors.

Key SpeakersHenrik Magnusson, Technical Strategy Manager, SSE Power Distribution

David Ogden, Head of Operational Technology, United Utilities

Lhoussain Lhassani, CISSP, Sr. Specialist Asset management, STEDIN

Paul Smith, Chief Security Officer, United Utilities

John Goldring Jnr, ICS and SCADA Manager, South Staffordshire and Cambridge Water

Sandro Etalle, Professor and head of the security of embedded systems group, University of Eindhoven

Jos Menting, Chief Technologist and Technology Manager Automation,Laborelec, GDF Suez

Kaspar Kaarlep, Head of Operational Technology, Elektrilevi

Johan Rambi, Privacy & Security advisor GRC,Alliander

William Barker, Cybersecurity Standards and Technology Advisor, NIST

Laurent Schmitt, Co Chairman of the Security Working Group of the Advisor, ETSI-CEN-CENELEC SmartGrid standardisation group, VicePresident Smart Grids Solutions, ALSTOM

Rauli Kaksonen, Founder and Chief Technology Officer, Codenomicon

Understand the challenges and solutions Oil, Gas, Electricity and Water companies face with integrated enterprise interfaces

Witness a demonstration from the founders of Heartbleed, hear about the impact and find out what you need to know to secure your infrastructure

IT/OT Converged technology - Integration from substation to data centre: Key insight from the second largest supplier of electricity and natural gas in the United Kingdom, and the UK’s largest generator of renewable energy.

Hear and debate a unique case study where a European plant experienced inexplicable load changes and was actually shut down. Was it a cyber attack or a failure of interconnected systems?

Defence in Depth – Hear from leading Utilities as they share their strategies from ICS and IT through to HR and physical resilience.

Learn new methodologies for offshore Industrial Control rig testing .

Gain insight into the development and standardization of cyber security controls and processes

Why you should attend:

Media Partners

Day One

17.00

16.30

09.10

11.55

12.35

10.30

09.50

15.10

14.30

11.15

End of Day One

Evolution of ICS security from a Distribution System Operator Perspective

• Security risks of a DSO • Awareness and management support • Organizational roots of security issues • Regulator perspective and legislative activities • Strategies for moving forward

Kaspar Kaarlep, Head of Operational Technology, Electrilivi

Integration from substation to data centre

• IT/OT converged technology: risks and opportunities • A complete loop: Substation to Data centre • The Role of Enterprise Architecture in developing Smart Grids • An architectural framework for development

Henrik Magnusson, Technical Strategy Manager, Scottish and Southern Energy

Resilience and digital interconnection dependency

• Resilience and digital interconnection dependency • Securing communications infrastructure, network reliability and security • The design and implementation of interoperable architectures- what is the security risk? • High security architecture best practices • Security by design

Lhoussain Lhassani, CISSP, Sr. Specialist Asset management, Stedin

Roundtable Discussions

NIST ROUNDTABLE – The NCCoE approachThe NCCoE approach starts with engaging representatives from specific industrial and economic sectors to identify, from a business perspective, cybersecurity problems associated with organizations’ processes, operations, and services.

Reducing vulnerabilities within the procurement processLed by South Staffordshire and Cambridge Water

Methodologies for Offshore Rig Testing

12.55 Networking Luncheon09.00 Chairman’s Opening Remarks

The development and standardization of cybersecurity controls and processes

• Changing nature and increasing importance and vulnerability of internetworks and internetworked processes and process control systems. • Importance in adoption, as well as development, of cybersecurity controls • Initiatives aimed at accelerating effective adoption of controls. • NCCoE as one approach to facilitation of implementation of security frameworks. • Larger cybersecurity context for ICS and critical infrastructure initiatives.

Willam Barker, Chief Cyber Security Advisor, NIST

Cyber Resilience in the Energy Sector • Alliander Cyber Resilience vision • European Energy-ISAC initiative • Situational Awareness in Control Center • Convergence of Physical and Cyber Security • Future thoughts of Smart Grid Cyber Security

Johan Rhambi, Privacy & Security advisor GRC, Alliander

Coffee and Exhibitor networking

European roadmap on cyber security standardization for ICS Energy sectorLaurent Schmitt, Smart Grid standardisation group, Co Chairman, VicePresident Smartgrids Solutions, Alstom, ETSI-CEN-CENELEC

Heartbleed: What is the impact and what do you need to know?Demonstration and discussion by founders CodenomiconRauli Kaksonen, Founder and Chief Technology, Codenomicon

15.50 Coffee and Exhibitor Networking

29th - 30th September2014Ex

clu

sive

up

da

te


Day Two

11.15

11.55

14.30

13.15

09.00

09.10

12.35

09.50

10.30

16.45 Close of conference

16.00 Reserved Presentation

Panel DiscussionHow to create a efficient Cyber Security Strategy

• Ensuring interoperability • Information sharing • System convergence • Cross division functionalities

Networking Lunch

Chairman’s Opening Remarks

The Art of DetectionSynopsis: Targeted attacks, advanced persistent threats and alike are raising concerns for the CSO’s of critical infrastructure organizations worldwide. In this presentation we will discuss what research is providing us with to detect such sophisticated attacks in the context of Industrial Control Systems. In particular, we will dive a bit into the area of network monitoring and intrusion detection in OT networks.

• Network Monitoring • Intrusion Detection in OT • Blacklisting, Whitelisting, Anomaly Detection

Sandro Etalle, Professor and Head of the security of embedded systems group, University of Eindhoven

Defence-in-depth: from ICS and IT through to HR and physical resilience.

• Technology within the IT environment has matured against a backdrop of continued cyber threat • ICS/SCADA has traditionally perated within a closed-world environment and has in many instances been adapted to use IT technologies • In the rush to utilise IT technologies within the ICS/SCADA domain, security issues have in many instances been overlooked. • Are vendors starting to meet the challenges of offering better levels of protection from cyber attack?

John Golding Jnr, ICS and SCADA Manager, South Staffordshire and Cambridge Water

Case Study: Why tripped my power plant?Plants are becoming more interconnected. If the information exchange is not designed well and procedures lack, incidents can happen. In this particular case the plant faced inexplicable load changes, and did shut down. Was is a cyber issue?Jos Menting, Chief Technologist, Technology Manager Process Automation, Laborelec, GDF Suez

Methodology for Offshore Rig TestingThe pursuit of technologies to make IT operations more efficient

• Malware designed to go undetected, remotely activated • Stealing intellectual property and exploiting information Example: “Shamoon” virus • Consequences: Offshore facilities - Oil spills, Economic risk, bigger threats to Centralised government run companies

Duncan Page, Director, IT Risk Assurance, Cyber Security, Power and Utilities, Pricewaterhouse Coopers

Our footprint and infrastructure (Waste water, water treatment, Chemical Process plants, Biological Waste water). The merging of environments, moving towards efficiency. Automated but regulated• Regulation barriers, investment fragmentation• Integrated enterprise interfaces – challenges and solutions• Event recognition, remote control of site infrastructure• Designing a integrated control centre, corporate system developmentDavid Ogden, Chief EICA Engineer, United UtilitiesPaul Smith, Head of Security, United Utilities

Coffee and Exhibitor Networking

15.15 Coffee and Exhibitor Networking

29th - 30th September2014

Case study: IT/OT Security Transformation “Control and Secure Change”
