Embed Size (px)
Citation preview
Industrial Control Security
www.cybersenate.com
www.industrialcontrolsecurityusa.com
Register now at www.industrialcontrolsecurityusa.com
6th - 7th October 2014Holiday Inn, Sacramento, California
Event OverviewAll stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Utilities and Oil and Gas sectors. The ICS Energy USA conference has been developed with the guidance of the Cyber Senate. An exclusive community of authoritative global leaders with unparalleled experience and knowledge in both Cyber and Industrial Control sectors
Pre Conference workshop 5th October 2014Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats
Workshop Leader: Ayman AL-IssaDigital Oil Fields CyberSecurity Advisor
Key Speakers
Sponsor
Samara Moore, IT and Cyber Security Policy Advisor, Department of Energy
Willam Barker, Chief Cyber Security Advisor, NIST
Fred Hintermister, Manager, ES-ISAC, North American Electric Reliability Corporation
Scott Saunders, Chief Information and Security Officer, Sacramento Municipal Utilities District
Billy Glenn, Principal Enterprise Architect, Pacific Gas and Electric
Ayman Al Issa, Digital Oilfield Advisor, Abu Dhabi Marine Operating Company
Mike Ahmadi, Global Business Development Director, Codenomicon
Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys
Galen Rasch, Senior Program Manager Power Delivery and Utilization Sector, Electric Power Research
Institute
Seth Bromberger, Specialist in Critical Infrastructure Protection, Principal, NCI Security
Patricia Robison, Professor, New York University
Phillip Beabout,Manager, Security Special Projects and Response Strategy, San Onofre
Nuclear Generation Station
Media Partners
Day One
17.00
13.55
14.35
16.00
12.55
09.10
09.50
10.30
11.15
11.55
Close of conference
Creating a Converged OT / IT Architecture • While Operational Technology and Information Technology Architecture shares many commonalities, there are at least as many differences, ranging from primary objectives, guiding principles and even culture. • This interactive presentation will walk through a process and approach at establishing a converged, holistic reference architecture which guides the design, implementation, integration and evolution of the ever-increasing intersection of OT and IT technologies. • We will review similarities and differences, opportunities for alignment and risks of divergence. • Particular focus will highlight observed cultural and procedural differences, organizational priorities and methodologies.
Billy Glenn, Principal Enterprise Architect, Pacific Gas and Electric
Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threatsAyman Al Issa, Digital Oilfield Advisor, Abu Dhabi Marine Operating Company
Roundtable Discussions
Cyber Security for Supply Chain Roundtable discussionScott Saunders, CISO, SMUD
Incident Response: Management and Recovery, what to do when things go wrongSeth Bromberger of NCi Security
Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threatsAyman Al Issa, Digital Oilfield Cyber Security Advisor, ADMA
Networking Luncheon
Chairman’s Opening RemarksSamara Moore TBC, Sr IT and Cyber Security Policy Advisor at U.S. Department of Energy
The development and standardization of cyber security controls and processes
• Changing nature and increasing importance and vulnerability of internetworks and internetworked processes and process control systems. • Importance in adoption, as well as development, of cybersecurity controls • Initiatives aimed at accelerating effective adoption of controls. • NCCoE as one approach to facilitation of implementation of security frameworks. • Larger cybersecurity context for ICS and critical infrastructure initiatives.
Willam Barker, Chief Cyber Security Advisor, NIST
Coffee and Exhibitor networking
Cross Sector Roadmap for Cyber security of Industrial Control Systems
• Initiatives to enhance the security and resilience of ICS • Information sharing - how far have we come in the past five years? • Public and Private Partnerships; What has worked and where do we need to focus more effort? • Third party risk and disclosure - creating awareness and encouraging disclosure • Changes in ICS vulnerability • What would the Cross Sector Roadmap look like?
Fred Hintermister, Manager, ES-ISAC, North American Electric Reliability Corporation
Critical National Infrastructure Cyber Security and Risk ManagementScott Saunders, Chief Information and Security Officer, North American Electric Reliability Corporation
15.15 Coffee Break and Exhibitor Networking
6th - 7th October 2014
Register now at www.industrialcontrolsecurityusa.com
Day Two
12.15
13.55
14.30
13.00
09.00
08.00
09.30
10.10
10.50
11.35
17.00 Close of Conference
Lies, Damned Lies, and Statistics: Malware Indicator Correlation As Part of a Security Intelligence Function Synopsis:Advanced threat detection products provide detailed data regarding indicators of compromise. Seth Bromberger from NCI Security analyzed over a year’s worth of data from a large multinational corporation and will share the results of his research, along with lessons learned and steps that you can take today to improve your detection of, and response to, malware infections within your organization.Seth Bromberger, Specialist in Critical Infrastructure Protection, NCI Security
Leveraging Cyber Security Controls and Process across the Critical Infrastructure IndustriesExamples where the same ICS components and cyber security industrial system controls - can and should be used for Telecom, Electricity Grid, Oil/Gas, Transportation, and Medical.Patricia Robison, Professor, New York University
Case Study: Cyber security IT/OT Challenges San Onfre Nuclear Generation Station• Establishing, implementing, and
maintaining the Cyber Security program • Critical Data Asset, system and
communications protection • Physical and operational environment
protection • Attack mitigation and incident response • General site population trainingPhillip Beabout, Manager, Security Special Projects and Response Strategy San Onofre Nuclear Generation Station
15.55 Roundtable Discussions
Networking Lunch
Chairman’s Opening Remarks
Registration
Heartbleed: What is the impact and what do you need to know?
• Defensics and safeguard • This is Not Our First Big Discovery • How the Heartbleed Bug Works • How We Discovered Heartbleed • What is the Potential Impact • How You Can Test for Heartbleed • How Can You Protect Yourself • What the Future Holds: Heartbleed • Conclusions • Deep Packet inspections
Mike Ahmadi, Global Business Development Director, Codenomicon
Understanding ICS Active Defenses • Preparing for the storm • Actively searching for Indicators of Compromise on ICS • Understanding White-listing on ICS systems • Assurance models and ICS
Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys
Coffee and Exhibitor Networking
Integrating Failure Scenarios into Your Risk Assessment Process
• Overview of cyber security failure scenarios • Failure scenarios for the power delivery sector • How to calculate the impact and threat likelihood • Risk ranking process
Galen Rasch, Senior Program Manager Power Delivery and Utilization Sector, Electric Power Research Institute
15.10 Coffee and Exhibitor Networking
Tabletop exercises for control systemsGalen Rasche, Sr. Program Manager –Cyber Security, Electric Power Research Institute
NIST Roundtable “The NCCOE Approach”William Barker, Chief Cyber Security Advisor, NIST
Integrating cyber security methods into operational hardwareCurrent approaches to supply chain attack analysis and why it doesn’t scaleBilly Rios, Director of Vulnerability Research and Threat Intelligence, Qualys
6th - 7th October 2014
Register now at www.industrialcontrolsecurityusa.com
