ICS Cyber Security Energy & Utilities Forum & Exhibition

Officially Supported by:

Media Partners:

Supporting Groups:

Official Publications:Official Web Portals:

Middle East

GULFitSSMFThe IT Service Management Forum

Workshop 1: Industrial Control Systems: Cyber Security Training 10–11 May

Workshop 2: Critical Infrastructure Protection: 11 MayIncluding Cyber Security in the Whole Lifecycle

Workshop 3: A Behind the Headlines Demonstration of Cyber-Attacks 11 Mayon a Utility – A Hacker’s Perspective

ICS Cyber Security Energy & Utilities Forum Programme & Exhibition 12–14 May

REGISTRATION & PROGRAMMES

ICS Cyber Security Energy & Utilities Forum & ExhibitionMay 10–14, 2015 Abu Dhabi, UAE

Best International Cyber SecurityPractises for Critical EnergyInfrastructure Protection

ICS Cyber Security Energy & Utilities ForumMay 10-14, 2015 Abu Dhabi, UAE

ADVISORY COMMITTEE

JAY ABDALLAHSchneider Electric

AYMAN AL-ISSABooz Allen Hamilton

EYAD ALQADICisco Systems Int.

NOURI OTHMAN AGHAaeCERT

ERIC BYRESByres Security

NICK COLESDome Exhibitions

PAUL DOREYCSO Confidential Ltd

ERIC KNAPPHoneywell

JUSTIN LOWEPA Consulting

GUY MEGUERAirbus

ALEX TARTER Ultra Electronics 3eTI

PAUL WRIGHT Intel Security

SIMON GOLDSMITHBAE Systems Applied Intelligence

CONTENTSAdvisory Committee .......................................................................................................... 2

Event Outline .................................................................................................................... 2

Overview ............................................................................................................................ 3

Workshop 1: Industrial Control Systems: Cyber Security Training (May 10–11) .................. 4

Workshop 2: Critical Infrastructure Protection: Including Cyber Security in the

Whole Lifecycle (May 11) ................................................................................................ 5

Workshop 3: A Behind the Headlines Demonstration of Cyber-Attacks on a

Utility – A Hacker’s Perspective (May 11) ........................................................................ 6

ICS Cyber Security Energy & Utilities Forum Programme (May 12–14) ............................ 7–9

Networking Opportunities

Welcome Reception ...................................................................................................... 10

Evening Cruise .............................................................................................................. 10

Gala Dinner .................................................................................................................. 10

Who Will Attend .............................................................................................................. 10

ICS Cyber Security Energy & Utilities Exhibition (May 12–14) ............................................ 11

Exhibition Visitors ........................................................................................................ 11

Venue ................................................................................................................................ 11

Accommodation ................................................................................................................ 11

About Abu Dhabi .............................................................................................................. 11

Visas .................................................................................................................................. 11

Organisers.......................................................................................................................... 12

Registration .................................................................................................................... 12

LinkedIn Group .................................................................................................................. 12

Page 2

07.00 08.00 12.00 13.00 14.00 16.00 17.00 18.00 19.00

ICS CYBER SECURITY ENERGY & UTILITIES EVENT TIMETABLE

Workshop 1 Workshop 1

Workshop 2 Workshop 2

Luncheon

Workshop 1 Workshop 1Luncheon

Luncheon ForumRegistration

WelcomeReception

GalaDinner

EveningCruise

Registration –* Workshop 1

Workshop 3 Luncheon

Registration –* Workshop 2* Workshop 3

ForumRegistration

ICS Cyber Security Forum ICS Cyber Security Forum

ICS Cyber Security Energy & Utilities Exhibition

ICS Cyber Security Forum ICS Cyber Security Forum


Luncheon

Luncheon

SundayMay 10

TuesdayMay 12

WednesdayMay 13

ICS Cyber Security Energy & Utilities Forum


LuncheonThursdayMay 14

MondayMay 11

Workshop 1: Industrial Control Systems: Cyber Security TrainingWorkshop 2: Critical Infrastructure Protection: Including Cyber Security in the Whole LifecycleWorkshop 3: A Behind the Headlines Demonstration of Cyber-Attacks on a Utility – A Hacker’s Perspective

OVERVIEWFollowing on from the success of the first two Forums of May 2012 and October 2013, the 3rd ICS Cyber Security Energy & Utilities Forum has beencalled to examine the issues of concern here in the region together with the growing number of international partnerships being formed around theworld to tackle and address the increasing number of cyber attacks. According to a recent ICS-CERT report, it highlighted that 53% of the cybersecurity incidents worldwide during the first half of one year were related to the energy sectors. When it comes to this region it has been reportedthat cyber attacks targeting key installations costs the Gulf countries $1B annually and is growing as exemplified by the recent Kaspersky report onthe current activities of a new group of hackers called ‘Desert Falcons’ targeting businesses throughout the Middle East. One more worrying factoris that in the future cyber operations could change or manipulate electronic information thus distorting its integrity and therefore seriously affectingmanagement decision-making and system performance.

The focus of this Forum is expanded to include utilities as well as the hydrocarbon sector and their cyber protection needs, both of which are of vitalimportance to the various countries in this region given their billion dollar expansion plans. As the GCC petroleum sector alone accounts for 49% ofits GDP, effective cyber security protection of this premium part of their critical national infrastructures is mandatory.

Qatar named cyber security as one of its top 3 research priorities last year together with Saudi Arabia and Bahrain. ictQATAR have recently spokenabout the upcoming regulations to safeguard people and businesses against cyber risks and establishing a streamlined ecosystem with a robustlegal and legislative framework including the Critical Information Infrastructure Protection Law. Kuwait has similarly entered into a $1B programmeinvolving cyber security with the UK and Oman is enhancing its cyber security programmes across the country and particularly in the energy and theutilities sectors. Here in the UAE, according to a recent 3 year investigation by Symantec, data revealed that the UAE has the highest number ofcommunication system breaches across the Middle East. Moreover the UAE budget for cyber security is expected to double to $10 B within the nextdecade.

Last year the UAE’s National Electronic Security Authority (NESA) announced a series of publications on a range of key strategies, policies andstandards to align and direct national cyber security efforts throughout the country. These documents included the National Cyber Security Strategy(NCSS), Critical Information Infrastructure Policy (CIIP) and the UAE Information Assurance (IA) standard which collectively will work towardsenhancing the UAE national cyber security and ICT infrastructure and will be mandatory in their compliance.

Within this region all countries are building national organisations to protect their assets as these countries are also among the most highlyconnected globally with high levels of internet usage for government, business and education and that is why cyber threats are growing in numberand sophistication.

Historically most Operational Technology (OT) networks were isolated from the Enterprise Networks and operated independently. However theadvent of internet based ICS systems due to the increased demand for greater business insight in real time has lead energy and utility companiesto integrate industrial control systems (ICS) and their enterprise IT systems in which potential problems can occur and have been demonstratedinternationally in doing so. Therefore those responsible for cyber security within an organisation must understand the difference between ICS andIT system security in order for them to work together effectively. Moreover understanding the different needs of ICS and IT system security can onlylead to cooperation and collaboration between these historically disconnected camps. What is therefore the key to this, is to properly facilitateOperational Security (OS), in much the same way that IT Security has come about, yet with different and complimentary parameters as is appropriate.

It comes as no surprise therefore that the market for ICS security is expected to top $10.33 billion by 2018. For example, designing a securearchitecture for a control system can be a difficult exercise as there are so many different types of systems in existence and so many possiblesolutions, some of which might not be appropriate to the process control environment. Moreover the security of an organisation’s process controlsystem can be put at significant risk by third parties and securing the supply chain is one major area of concern.

Recent examples of encountered sector problems include a cyber attack on anoffshore platform that caused the tilting and resultant shutdown of the platformand significant production losses. In the utility sector particular attention shouldbe paid to the cyber threats to the substation devices and most people advocatethat utilities and vendors work together to develop standardised processes toovercome these potential device issues. As recently as 2 years ago, cyber securitywas not in the top 10 areas of concern for utilities management and is now ratedas the fourth highest area of concern. A recent international review of utilityexecutives concluded that 48 % did not have integrated cyber, physical, corporateand ICS security within their facilities. With regional plans for implementing smartgrids, greater attention needs to be paid to their cyber security needs particularlyas the 2014 Smart Grid Cyber Security Survey indicated 64 % of executives believethe grid is not yet ready for security. www.csuae.org

Page 3

Take part in real-world practical group ICS cyber securityactivities, hands on labs and demonstration exercises in ourcontrol system lab environment including: SCADA servers,HMI, PLCs, engineering workstations, wireless andtelemetry devices and cyber security attack tools withoutcomes to apply back at your plant environment.

Topics to be addressed include:

• Identify ICS/SCADA security trends and industry casestudy findings

• Learn about cyber-physical security assessments andvulnerabilities to this first line of defence

• Investigate ICS/SCADA network architecturemethodologies and how to best integrate security withICS and IT

• Discover practical methods for assessing cyber securityrisks to ICS/SCADA networks

• Participate in a risk assessment, find threats andvulnerabilities within a SCADA network

• Learn how to build cyber security requirements intoICS/SCADA projects

• Identify key technical vulnerabilities in your ICS/SCADAenvironment, develop a test plan and learn exploitationtechniques such as passive scanning and reconnaissance

• Learn how to defend against Zero-day exploits andattacks

• Design secure access control solutions for legacyICS/SCADA

• Explore essential monitoring technologies for ICS/SCADAassets and discuss implications

• See how to respond to cyber incidents with the latestforensics techniques

Page 4

WORKSHOP 1 TIMES

Registration will be at 07.00 The workshop will begin at 08.00Refreshments will be taken at 10.00 and 14.30Luncheon will be taken at 12.30The workshop will conclude at 16.00 each day

WORKSHOP LEADERS

Christopher Beggs is the Managing Director and ICSsecurity program leader for Security InfrastructureSolutions (SIS). SIS specialises in Industrial ControlSystem Security (ICS) safeguarding owners andoperators of critical infrastructure within the Middle Eastand Asia Pacific regions.

Christopher holds a PhD in Cyber-terrorism and SCADAsecurity awarded by Monash University. He is a CertifiedCSSA, SABSA and SANS-GIAC Security Professional.Christopher has led the delivery of ICS security projectsfor various clients from oil and gas, mining, power, water,manufacturing and transportation sectors across theworld advising in the design, development andimplementation of ICS security management programs.Christopher has presented at various national andinternational ICS/SCADA security related conferences.He has also published numerous papers on ICS/SCADAsecurity and is the author of the book “SafeguardingInfrastructure Assets from Cyber-terrorism: Measuringand Protecting SCADA systems from Cyber-terrorist inAustralia.”

Tahir Saleem is the lead technical principal advisor atSecurity Infrastructure Solutions (SIS). Tahir holds aMBA with technology management specialisation fromLa Trobe University and maintains several certificationssuch as the CCSA, CISSP-ISSAP, Cisco CertifiedNetworking Professional – Security, Tripwire CertifiedProfessional, Microsoft Certified Systems Engineer(Security), CISM, and is a certified ISO 27001 LeadImplementer. Tahir has extensive hands-on experiencein the design, development and execution of large-scaleICS cyber security engagements across several industryverticals: critical infrastructure (mining, oil and gas,energy sector, water and transportation) andInternational government agencies.

WORKSHOP 1 Sunday, May 10 – Monday, May 11

Industrial Control Systems: Cyber Security Training

Critical Infrastructures are systems and assets, whetherphysical or virtual, so vital to the nations that the incapacityor destruction of such systems and assets would have adebilitating impact on security, national economic security,national public health or safety, or any combination of thosematters. Their adequate protection is not only needed andrecommended, but mandatory since the publication ofdifferent regulatory frameworks and national andinternational directives all over the world.

Analyzing and understanding the associated risk to theseinfrastructures and their basic relationship with IndustrialControl Systems (ICS) is a must for any professionalinvolved in different areas, such as ICT, energy, chemical andnuclear industry, financial systems, public administrationor transport, among others.

This workshop will take the participants towards the studyof the state of the art of the Critical InfrastructuresProtection and Industrial Cyber Security all over the world.A global approach to the protection of IndustrialInfrastructures including cybersecurity by design in all ofthe stages of the life-cycle will be presented and explained.The importance, definition and description of the IndustrialCybersecurity Trusted Advisor (ICTA) role will be fullyexplained and justified. At the end of the day theparticipant will have the information and tools needed toestablish the next steps in the way of adequately protectingthe Industrial Infrastructure aligned with existing business,market, regulation and risks requirements.

Topics Covered

• Current Critical Infrastructure Protection and IndustrialCybersecurity landscape.

• Industrial Infrastructure evolution (convergence, IT vs OT)• Threat landscape (Stuxnet, Dragonfly, BlackEnergy, etc...)• Compliance: upcoming standards, regulations,

cybersecurity strategies, etc.• Recent research projects (Basecamp, Robus, Shodan,

Shine, etc.)• The Ecosystem: stakeholders, relations and

interdependencies• Attacking Industrial Infrastructures: a Real Demonstration• A real lab-based demo on how to take advantage of the

current weaknesses and vulnerabilities• Industrial infrastructure from a cybersecurity perspective • The industrial infrastructure projects lifecycle• Industrial project cybersecurity risks (for each stage)• Cybersecurity activities (for each stage)• Cybersecurity solutions / technologies• The industrial cybersecurity framework• Implementing cybersecurity on industrial infrastructures • Internal/External interdependencies (industrial and

cybersecurity vendors, system integrators, consultancies,IT vs OT, etc.)

• Associated risks (audit/implement incompatibilities,organizational risks, etc.)

• The Industrial Cybersecurity Trusted Advisor (ICTA) role(description, advantages, approaches, etc.)

Please visit www.csuae.org for Workshop 2 Timetable

Page 5

WORKSHOP LEADERS

Samuel Linares is Senior Lead Technologist at Booz AllenHamilton, Middle East and Asia Coordinator at IndustrialCybersecurity Center, European Commission IndependentEvaluator, ENISA (European Network and InformationSecurity Agency) CIIP Expert and member of ISACACybersecurity Task Force. With 2 decades of security,system integration and multinational and multiculturalprojects management experience, he has been the mainpromoter of the “Industrial Cybersecurity” concept inSpanish, being recognized as one of the key Spanish andLatin-American experts.

Since 1999 Ignacio Paredes has been involved in multipleprojects related to information security and during the last6 years he has specialized in cybersecurity for industrialsectors. He is an expert in the design and deployment oftechnical and administrative security solutions, includingtopics such as applications security, secure network design,critical infrastructure protection, ethical hacking or business

continuity planning. He is also Middle East and Asia coordinatorfor the Industrial Cybersecurity Center as well as an expertassisting the implementation of the European Network andInformation Security Agency (ENISA) work programme in theareas of Information Security Considerations, InformationSecurity Risk Management, International Standards and BestPractices and Critical Information Infrastructure Protection.

Ayman Al Issa has over 20 years of experience in the fields ofAutomation, Information Technology, and Cyber Security. He is amember in the Cyber Security Advisory boards of top ratedworldwide universities for the advancement of researches onindustrial cyber security. He is an active member in differentinternational Security Innovation Alliances that are focused in aworldwide program for improving the security of industrial controlsystems by the close collaboration of the leading IT Security andindustrial control system vendors. Ayman worked for ADMA-OPCOfor 17 years and he was the Digital Oil Fields Cyber Security Advisor.He joined Booz Allen Hamilton in 2014 as the Chief Technologist& Senior Advisor/Architect in Industrial Cyber Security – MENA.

WORKSHOP 2 Monday, May 11

Critical Infrastructure Protection: Including Cyber Security in the Whole Lifecycle

You have all read about the intimidating Stuxnet,BlackEnergy, Havex, or Sandworm threats that have beendiscovered throughout the world, would you now like to seewhat’s behind the headlines and how it affects you? Join usfor a hands-on workshop that will provide a real-lifedemonstration on how to turn off the water to a country, orplunge a city into darkness. There is a perception that onlynation states are capable of launching a cyber-attackagainst utilities and industrial control systems, during thisworkshop we will show you that the reality is anyone fromyour employees to hacktivists are capable of doing it.

Who Should Attend

If you have ever wanted to see real attacks against an ICS,or demystify the technical aspects of cyber security thenthis workshop is for you. The workshop content isappropriate for both senior management-level supervisorsas well as operationally astute technical decision makers.Most participants are motivated by opportunities to learnabout or apply best security practices to industrial networkprotection. This workshop is designed to help attendantslearn how an attacker can comprise your system and howyou can learn to protect yourselves.

Key Take-Aways

• Learn how to work through the vulnerabilities of anindustrial control system

• Experience first-hand how you can be exploited

• Take steps on what can be done to protect yourselves

• Walk-through real-attacks launched against realindustrial equipment and the damage that can be caused

WORKSHOP LEADER

Alex Tarter is an expert and thought leader on newtechnologies and solutions for industrial andcommercial applications for the protection of criticalinfrastructure. In addition to the work he doesdeveloping security solutions, Alex performsvulnerability and cyber security work for military andindustrial applications, having prepared more than 50reports on various aspects of security, cryptography,and situational awareness for industry, UK MoD, andUS DoD.

He holds a PhD from Lancaster University, and aMaster's of Engineering from Imperial College London,and is a certified specialist in ISA 99/IEC 62443 cybersecurity fundamentals.

He serves as a civilian advisory expert to NATO on Cyber Defense for the Industrial Resources andCommunications Services Group.

WORKSHOP 3 Monday, May 11

A Behind the Headlines Demonstration of Cyber-Attacks on aUtility – A Hacker’s Perspective

WORKSHOP 3 TIMES

Registration will be at 07.00 The workshop will begin at 08.00Refreshments will be taken at 10.00 The workshop will conclude at 12.30 followed by lunch

Page 6

Page 7

12.00 Luncheon

13.30 SESSION B Chair: Justin LoweTopics raised in this session focus on the importance ofdesigning and building ICS security architectures toprovide greater assurance to its stakeholders that therisks are being managed to acceptable levels. Also therewill be a showcase of a real experiment operating anetwork of ICS honeynets deployed over severalcontinents and what were the lessons learned and howthis knowledge was fed back into the national standards.Moreover the concept of ICS security will bedemonstrated through case studies in different criticalinfrastructure sectors, to show the real value of industrialnetwork monitoring going beyond the detection of cyber-attacks, and how the need to maintain awareness aboutnetwork and process operations, which together withactionable intelligence allows the preservation of overallsystem health.

13.30 BUILDING RESILIENT CYBER SECURITYARCHITECTURES FOR INDUSTRIAL CONTROLSYSTEMS Christopher Beggs, Managing Director, Security Infrastructure Solutions (SIS), Australia

14.05 45 DAYS OF ICS HONEYNET (WHAT’S REALLY OUTTHERE)Omar Sherin, Head of CIIP, QCERT, Qatar

14.40 Refreshments and Exhibition

15.10 WHERE CYBERSECURITY MEETS OPERATIONALVALUEDamiano Bolzoni, Managing Director,SecurityMatters, Netherlands

15.45 PANEL SESSIONSession B speakers will be joined by other leadingpractitioners

16.30 CLOSE of DAY 1

18.30 EVENING CRUISE

07.00 Registration and Refreshments

08.00 WELCOME and INTRODUCTION

08.10 KEYNOTE SESSION

KEYNOTE ADDRESSMike McConnell,Strategic Advisor and former Vice Chairman, Booz Allen Hamilton, Former Director of National Intelligence, USA

KEYNOTE ADDRESS Conrad Prince, UK CYBER AMBASSADOR,Formerly Deputy Director, GCHQ, UK

09.00 SESSION A Chair: Aarnout Wennekers, Advisor (Audit and Corporate Governance), Ministry of Energy, QatarThis session will focus on specific national cyber securityframeworks giving guidance on how critical systems needto be adequately protected and how they compare with aclassical approach. Topics covered and debated willinclude guidance on understanding the business risks,selecting and implementing security improvements,establishing effective response capabilities and giveinsights as to how they will develop and be implemented.

09.00 CYBER SECURITY: OMAN NATIONAL CERTPERSPECTIVEAmr Mahdi, Cyber Security Expert,Oman National CERT

09.35 RECENT DEVELOPMENTS ON THE FRENCHFRAMEWORK FOR CRITICAL NATIONALINFRASTRUCTURE: NEW CYBER LAWSPierre-Mayeul Badaire, Product Unit Director, ERCOM, UAE


10.40 ICS SECURITY – A GOOD PRACTICE FRAMEWORKJustin Lowe, Energy Sector Cyber Security Expert, PA Consulting, UK

11.15 PANEL SESSION The speakers in Session A will be joined by othersenior industry figures

ICS Cyber Security Energy & Utilities Forum Programme

Monday, May 1117.30 Registration

18.00 WELCOME RECEPTION – EXHIBITION

Tuesday, May 12

Page 8

12.45 Luncheon

14.00 SESSION DThis session will provide practical answers to challengingrisk management issues including:

• Determining your Risk Appetite: how much risk isacceptable?

• Understanding the equations: measurements andmethodologies

• Assessing vulnerabilities in industrial controlenvironments

• Identifying threats within the context of riskmanagement

• Using risk measurements to enable stronger cybersecurity

This session will include an introduction to new tools andtechniques for performing a cyber security riskassessment. The briefing will include: methods of threatdetection; methods of vulnerability assessment;determining impact and consequence; technologycontrols for mitigating risk; and more. The session willfocus on technical controls only and will not cover risksassociated with personnel or policy.

Eric Knapp, Director, Cyber Security Solutions and Technology, Honeywell Process Solutions, USA


15.30 SESSION D CONTINUED

16.45 CLOSE of DAY 2

19.30 FORUM GALA DINNER

08.00 Delegates Check In and Refreshments

08.30 SESSION C Chair: Guy Meguer, General Manager Middle East,Cyber Security, AIRBUS, UAEThis session commences with a presentation revealingwhy the emergence of the next industrial revolutionprovides a unique opportunity for industrial enterprisesand their automation providers to secure theiroperational technology. It will be followed by a briefoverview of the potential threats to the process industryfrom cyber-attacks and how they can be mitigated.

Of particular interest will be a practical and newdemonstration of how IT and OT vendors arecollaborating to bring next generation of Cyber Securityand compliance solutions to market for criticalinfrastructure industry. At the same time the session willdiscuss both the challenges and opportunities to addressthe ever evolving landscape of security in the age whereagility and Internet of Things (IoT) is prevalent andsecuring the supply chain is of increasing concern.

08.30 WILL GREATER AUTOMATION AND THECONVERGENCE OF IT AND OPERATIONALTECHNOLOGY LEAD TO A NEW ERA OF DIGITAL SABOTAGESimon Goldsmith, Director, Cyber Security, BAE Systems Applied Intelligence, UAE

09.05 CYBER SECURITY FOR PROCESS CONTROLNETWORKDebraj Chakraborty, Solution Sales Specialist (Security), YOKOGAWA, Bahrain


10.10 SECURE OPERATIONSEyad Alqadi, Vertical Sales Manager – Oil & Gas Industry, CISCO, UAE

10.45 CYBER RESPONSE STRATEGIES IN ICSGreg Day, CTO, FireEye, UK

11.20 CYBER SECURITY COMPLIANCE; HOW TO ENSURETHE RUBBER HITS THE ROADMohamed Zumla, Cyber Security Consultant, Qatar

11.55 OIL & GAS PANEL SESSIONThe speakers in Session C will be joined by Imran Almarzooqi, Senior IT Security Engineer, ADCO and Abdul Aziz Al Suwaidi, Head IT Security,ADNOC, UAE

Wednesday, May 13


Page 9

11.00 SESSION F Chair: Pierre Haddad, Publisher,The Security Review, UAEOf growing concern is how “social engineers” try toencourage people to download malicious files or click onmalicious links resulting in system invasion, businessdisruption and malfunction and the first presentation willnot only demonstrate its impact but also how to combatit in an ever increasing connected environment. Suchbusiness disruptions have shown to be highly damagingin economic and business reputation terms and so thesession will include the key approaches in businesscontinuity and incident management capability withparticular reference to ICS strategies in responding tocyber attacks.

11.00 SOCIAL ENGINEERING : CLICK HERE FOR DETAILSStephen Bailey, Cyber Security Expert, PA Consulting, UK

11.35 EFFECTIVE BUSINESS CONTINUITY AND INCIDENTRESPONSE CAPABILITIES IN ENERGY ANDUTILITIESDhiraj Lal, Executive Director, Continuity & Resilience, UAE

12.10 CYBER RESILIENCE – PROTECTING PLANTSYSTEMS WITH DEFENSE IN DEPTHJay Abdallah, EMEA Cyber Security Manager,Schneider Electric, UAE

12.45 PANEL SESSIONSpeakers from Session F.

13.15 KEYNOTE CLOSING ADDRESSWHAT THE CRITICAL INFRASTRUCTURE OWNERNEEDS ARE NOT NECESSARILY YOUR WANTS:INTRODUCING THE TRUSTED ADVISOR ROLEAyman Al Issa, Chief Technologist & Senior Advisor/Architect in Industrial Cyber Security – MENA, Booz Allen Hamilton, UAE

RECOGNITION OF FORUM EVENT SUPPORT

DELEGATE PRIZE DRAW

14.00 Forum Concludes and Luncheon

08.00 Delegate Check In and Refreshments

08.30 SESSION EChair: Eric KnappThis session will begin with a vital presentation on someof the emerging trends and vulnerabilities, and what itmeans for the current approach to utility cyber security. Itwill cover fundamental questions every utility orindustrial control owner should ask of their securitysolution, including what is actually being protected. Ofhighly relevant importance is the fact that securitysolutions must fit within the operational constraints ofthe system and within the risk appetite of theorganisation. Within the electricity sector smart gridsoffer many benefits but they also have considerable risksand threats associated with them. One of these is theprotection of data in transit to and from the devices inthe home. Combining these with the need toauthenticate a large number of system users, the systemcommands and the data in transit for a very large numberof devices brings challenges of security and scale.

08.30 FROM THE NEWSPAPER TO THE NETWORK:HOW WELL CHRONICLED CYBER-ATTACKS CANDAMAGE NATION’S UTILITIESBenga Erinle, President, Ultra Electronics 3eTI, USA

09.05 PROTECTION OF DATA IN SMART GRIDSDavid Alexander, Managing Consultant, Global Utilities and Energy Practice,PA Consulting, UK


10.10 UTILITIES PANEL SESSION The speakers from Session E will be joined by Alaa Rahma, Head of Protection, Control andCommunications, GCC Interconnection Authority,KSA and Senior Representatives from ADWEA andDEWA, UAE

Thursday, May 14


� The Forum Programme may be subject to change andplease visit www.csuae.org for updates

Page 10

Welcome Reception

Monday, May 11

This is the perfect opportunity to meet your hosts and fellow delegates plusspecial guests in an informal setting. All forum participants and partnersare invited to attend. This is an ideal chance to renew old acquaintancesand a useful opportunity to interact with speakers and fellow delegatesprior to the beginning of the forum.

Gala Dinner

Wednesday, May 13

This special event offers superb networking opportunities and a uniquechance to foster new business relationships. Enjoy the fine food andimpressive backdrop at the exclusive Gala Dinner.

Delegate and exhibitor partners are welcome to attend and dress is smartcasual.

NET

WO

RK

ING

OP

PO

RTU

NIT

IES


Evening Cruise

Tuesday, May 12

This is a unique opportunity to network in peaceful and exclusivesurroundings on this traditional Dhow as you gently cruise along thebeautiful creek adjacent to the Abu Dhabi Corniche. This new Dhow is fullyair conditioned and a 3 course dinner with enhanced cuisine will be takenin a traditional atmosphere.

Delegates are required to reserve places for this Evening Cruise. Pleaseregister your interest on the Registration Form at www.csuae.org.

Who Will Attend

Given the focus on ICS/IT Security and Networking, delegates withthe following affiliations are expected to attend:

� Automation & Process Control Engineering

� System Designers & Engineers� Network Engineers� Head of Corporate Security� Industrial Security Director� HSSE Director

� Senior Security Consultants� Security Advisors� CIO� IT Applications Manager� IT Security Specialist� Head of SCADA� Head of IT

ABOUT ABU DHABI

One of the seven emirates, Abu Dhabi is also the capital andthe second largest city in the United Arab Emirates. With apopulation of roughly one million, Abu Dhabi is rapidlygrowing and developing as an economic, business, tourist andcultural destination. One of the world’s leading producers ofoil and gas, Abu Dhabi offers a unique mixture of luxurioushotels, dazzling convention centres, high street fashionoutlets, amazing dunes and beaches, and a wide range ofcuisines. To find out more about Abu Dhabi please log on towww.visitabudhabi.ae.

Page 11

VISAS

� No entry visa is required for GCC citizens. � Citizens of the following 33 countries will be issued with

a free-of-charge VISIT VISA on entry to the UAE: Andorra,Australia, Austria, Belgium, Brunei, Canada, Denmark,Finland, France, Germany, Greece, Hong Kong, Iceland,Ireland, Italy, Japan, Liechtenstein, Luxembourg,Malaysia, Malta, Monaco, New Zealand, Norway,Portugal, San Marino, Singapore, Spain, Sweden,Switzerland, The Netherlands, UK, United States and theVatican.

� Citizens of other countries should apply to their nearestUAE embassy.

� Should you experience problems with visa arrangements,please contact the Organisers.

The ICS Cyber Security Energy & Utilities Exhibition, which will run onMay 12-14, is an important part of the event and this year sponsors andservice companies return to the event given the quality and number ofsenior level management who attend.

Now that this event is one of the most important specialised events inthe international energy calendar with a particular focus on the MiddleEast, the Organisers have decided to enhance the exhibition by launchinga focused visitor campaign that will benefit exhibitors even more.

The Exhibition will include equipment and services focusing on thethemes of the event. Exhibition sites are allocated on a first come, firstserved basis and include a shell scheme (3m x 2m), lighting and power.

Exhibition VisitorsThe Organisers are mounting an exhibition visitor campaign to allow all interested parties to view and discuss the latestdevelopments and expertise that the international exhibitors will be displaying during the ICS Cyber Security Energy & UtilitiesForum. Potential visitors must register online at www.csuae.org

EXHIBITION May 12–14

VEN

UE

& A

CCO

MM

OD

ATI

ON

VenueThe ICS Cyber Security Energy & Utilities Forum will be heldat the:

Hilton Abu DhabiPO Box 877, Abu Dhabi, UAETel: +971 2 681 1900 Fax: +971 2 681 1696

The Hilton Abu Dhabi enjoys both an enviable setting on thebeautiful Corniche overlooking the Arabian Gulf and aconvenient location, being just a seven minute drive fromdowntown Abu Dhabi, two minutes away from MarinaShopping Mall at the breakwater and only 35 minutes fromAbu Dhabi International Airport.

AccommodationThe registration fees for the event do not includeaccommodation and delegates are responsible for bookingtheir own accommodation.

Hotel bedrooms have been reserved for delegates at apreferential rate at the Hilton Abu Dhabi. A special onlineaccommodation booking facility will be available shortly atwww.csuae.org/accommodation.

HOW TO PAY

Payment can be made, either:

� by making your chequepayable to Dome Exhibitions, in AED only and forwarding the cheque toDome Exhibitions, PO Box 52641, Abu Dhabi, UAE

� by bank transfer in AED or US$ only to: Dome Exhibitions A/C no. 329666020002 ADCB – Abu Dhabi SWIFT Code ADCB AEAAIBAN No. AE370030000329666020002

Copies of bank transfer documents should be sent to theOrganisers and all bank transfer charges will be the responsibilityof the delegate’s organisation. All delegates will receive an officialattendance invoice together with their joining instructions but theirparticipation is not confirmed until payment has been received.

Cancellations: All cancellations must be received in writing.Cancellations received until April 30, 2015 are subject to a servicecharge of US$350 (AED1,285) per event where appropriate. TheOrganisers reserve the right to retain the whole fee if cancellationis received after April 30, 2015.

Delegates may be substituted at any time.

REGISTRATION FEES

Workshop 1 (May 10–11) Industrial Control Systems: Cyber Security Training US$1,475 (AED 5,415)

Workshop 2 (May 11) Critical Infrastructure Protection: Includng Cyber Security in the Whole Lifecycle US$895 (AED 3,285)

Workshop 3 (May 11) A Behind the Headlines Demonstration of Cyber-Attacks on a Utility – US$475 (AED 1,745)

A Hacker’s Perspective

ICS Cyber Security Energy & Utilities Forum

(May 12 - 14) US$2,215 (AED 8,130)

Exhibition Visitors FREE TO ATTEND

Each fee includes luncheon(s), refreshments and a comprehensive set of the appropriate Proceedings.

Attendance to the Forum also includes the Welcome Reception, Evening Cruise and Gala Dinner.

Page 12

Once registered, please join our LinkedIn Group and begin communications with your fellow attendees athttp://www.linkedin.com/groups/Oil-Gas-ICS-Cyber-Security-5019246 �


REGISTRATION

ORGANISERS

For further information please refer to our websiteat www.csuae.org or contact:

Nerie Mojica Conference Coordinator Dome Exhibitions PO Box 52641 Abu Dhabi UAE

E: [email protected] T: +971 2 674 4040 F: +971 2 672 1217

4 WAYS TO REGISTER

To reserve Workshop and/or Forumplaces, or to visit the Exhibition:

Tel: +971 2 674 4040 or

Fax: +971 2 672 1217 or

Email: [email protected] or

Register online: www.csuae.org

Documents

ICS Cyber Security Energy & Utilities Forum & Exhibition