OIL & GAS CYBERSECURITY

Transcription

1 CONFERENCE OIL & GAS CYBERSECURITY Houston Marriott West Loop by The Galleria Post-Conference Workshop CYBERSECURITY AND INDUSTRIAL CONTROL SYSTEMS August 11, 2015 Speakers Include: Paul Brager, Lead Associate & Cyber Security Project Manager, Booz Allen Hamilton Clint Bodungen, Senior Cyber Security Researcher & Penetration Tester Richard Byrd, Industry Executive Oil & Gas, Lockheed Martin Jacob Esparza, Partner, Legge, Farrow, Kimmitt, McGrath & Brown L.L.P. Mary Guzman, Senior Vice President, McGriff, Seibels & Williams Eric Jeffery, Engineer, Vidyo, Inc. / Founder and CEO/Gungon Consulting Glenn Legge, Partner, Legge, Farrow, Kimmitt, McGrath & Brown L.L.P. Annie McIntyre, President and CEO, Ardua Strategies Rene Moreda, Director of Business Development for Energy and Utilities, BAE Systems Applied Intelligence Christopher A. Murphy, Director, Critical Infrastructure Cybersecurity, Delta Risk LLC Marc Othersen, Chief Information Security Officer, Hess Corporation Dr. J.R. Reagan, Principal, Global Chief Information Security Officer (CISO), Deloitte Touche Tohmatsu Limited (DTTL) Michael Smith, Senior Cyber Policy Advisor to the Assistant Secretary, Office of Electricity Delivery and Energy Reliability (OE), U.S. Department of Energy Amy Dunn Taylor, Director, Kane Russell Coleman & Logan PC Bob Timpany, Chief, Idaho Operations, NCCIC-ICS-CERT, US Department of Homeland Security EUCI is authorized by IACET to offer 1.0 CEUs for the conference and 0.4 CEUs for the post-conference workshop. Sponsor 1

2 OVERVIEW EUCI s Oil and Gas Cybersecurity conference is bringing together energy cyber security experts to share real life experiences in preparing for and dealing with the increasingly complex and evolving cyber threats. Cyber-attacks against the oil and gas industry have been steadily increasing. As a result, it is imperative for oil and gas professionals to keep up with evolving technologies and how best to protect the industry from these threats. Atendees will have the opportunity to: Review the security threat landscape Address regulatory developments Discuss penetration testing testing methods Benefits of building an integrated total security solution Leverage threat intelligence and security analytics in protecting critical infrastructure Review cloud technologies that can provide numerous security benefits Discuss best practices Address response management strategies to prepare for any cyber breaches Review formal and informal sharing techniques WHO SHOULD ATTEND Directors and CEOs Data privacy specialists Application support personnel Oil and & gas attorneys Contractors and vendors Oil & Gas industry professionals from the following departments: o Information technology o Information security o Control systems o Compliance and regulatory managers o Operations LEARNING OUTCOMES Review the current security threat landscape that is facing the oil and gas industry Describe the current social engineering threats in today s business world (including social networking) Discuss penetration testing and properly prepare audience members for a test Review the benefits and necessary actions needed to build highly integrated total security solutions Discuss how to leverage threat intelligence and security analytics as an effective defense in protecting critical infrastructure Highlight the need to address the security of previously separate, and now increasingly-interdependent, infrastructures Review the industry s recent regulatory developments Review insurance coverage issues related to physical damage arising from cyber risks and how to avoid them Review cloud technologies that could provide numerous security benefits to organizations in the oil and gas industry Discuss cybersecurity best practices with a panel of experts in the industry Address response management strategies to prepare for any cybersecurity breaches Review information sharing techniques, both informal and formal, with an expert from the industry Assess what the future of oil and gas cybersecurity could and will look like 2

3 AGENDA Monday, August 10, :00-8:30 a.m. Registration and Continental Breakfast 8:30-9:15 a.m. Keynote - Emerging Threats to the Cybersecurity Landscape - Mike Smith, Senior Cyber Policy Advisor to the Assistant Secretary, Office of Electricity Delivery and Energy Reliability (OE), U.S. Department of Energy 9:15-10:00 a.m. Cybersecurity Regulatory Developments This session will cover the most recent regulatory developments in the cybersecurity sector of the oil and gas industry including: Federal regulatory concerns regarding vulnerability of industrial control systems USCG/DHS regulations - Cybersecurity in the offshore energy sector USCG/DHS - Dynamic positioning systems BSEE regulations Well control and subsea safety systems - Glenn Legge, Partner, Legge, Farrow, Kimmitt, McGrath & Brown L.L.P. - Jacob Esparza, Partner, Legge, Farrow, Kimmitt, McGrath & Brown L.L.P. 10:00-10:30 a.m. Networking Break 10:30-11:15 a.m. Penetration Testing Methods for ICS/SCADA Environments The terms security vulnerability assessment (SVA) and penetration testing are often used synonymously throughout the industrial community, even in common security standards. However, a penetration test specifically refers to an active, often invasive test, which employs actual attack methods used by hackers. Without considering the unique sensitive nature of ICS/SCADA systems, penetration testing can have serious adverse effects. This presentation will provide the audience with the steps necessary to properly plan and manage a penetration test that is specific to, and safe for, operational ICS/SCADA systems. It will also introduce the audience to a high-level overview of the technical steps and methods necessary to perform an ICS/SCADA penetration test. - Clint Bodungen, Senior Cyber Security Researcher & Penetration Tester, Capgemini America 11:15 a.m. 12:00 p.m.cyberattacks on Critical Control Systems The oil and natural gas industry is undergoing massive changes; dynamic market forces and geo-political risk, the introduction of new digital infrastructure, and an increased focus on health, safety, and environmental concerns. More than ever the challenge is to provide the right level of security needed to protect infrastructure and operations in the event of a cyber or terrorist attack, natural disaster, or operational mishap. In this session we will cover how cybersecurity for both IT and OT can be combined and counter attacks on critical control systems. This will include a discussion of an intelligence driven defense methodology that will enable critical infrastructure industries to become more predictive in their IT cybersecurity posture and through extension uniquely protect their IT & OT architectures. Through lessons learned we will demonstrate, that the future of oil and gas security will involve building highly integrated total security solutions where the supporting pillars of physical security, process security, and cybersecurity are seamlessly blended. - Richard Byrd, Industry Executive Oil & Gas, Lockheed Martin 12:00-1:00 p.m. Group Luncheon 3

4 AGENDA Monday, August 10, 2015 (Continued) 1:00-1:45 p.m. Intelligence-Led Threat Mitigation In today s environment discovery using threat intelligence alone will not fully mitigate all the threats an organization faces as attackers can develop new capabilities and change their attack vectors with ease. Threat intelligence helps to discover known bad but needs to be coupled with security analytics that help to discover the unknown bad. The big difference here is that where signatures (based on threat intelligence) only detect single instances of threats, the analytics detect the generalized behaviors. This presentation will address how to leverage threat intelligence and security analytics as an effective defense in protecting critical infrastructure. It will discuss the emerging dynamic global threat landscape, define threat intelligence and illustrate why it matters. Attendees will gain insight into current trends of threat intelligence in IT and OT environments and learn how to address the challenges of applying threat intelligence and security analytics in critical systems. - Rene Moreda, Director of Business Development for Energy and Utilities, BAE Systems Applied Intelligence 1:45-2:30 p.m. Cyber Monitoring and Response Operations for Critical Infrastructure and Supporting Control Systems The biggest challenge for any cybersecurity operation is trying to determine suspicious events and false positives from the piles of data from multitudes of devices. Add in the complexities associated with being a designated critical infrastructure, tuning your sensors and knowing your systems becomes essential. This presentation will highlight some techniques to focus an organization s SOC operations and maximize efficiencies. In addition, this presentation will highlight the need to address the security of previously separate, and now increasinglyinterdependent, infrastructures. For example: the interdependency between power generation and transmission, and the natural gas distributors/pipelines. A risk accepted by one, is shared by all. - Christopher Murphy, Director, Critical Infrastructure Cybersecurity, Delta Risk LLC 2:30-3:15 p.m. Afternoon Break 3:15-4:15 p.m. Social Engineering Threats to ICS/SCADA Systems Most people have heard the saying, The human element is the weakest link when it comes to security. To a very large extent, this is true. But why is this? How exactly do hackers target us using social engineering and what strategies and techniques do they use? What tools do they use? And how can you prevent it. This presentation goes beyond just educating the audience about the existence of scams, spear phishing attacks, and infected media. We will examine case studies of actual, and successful, social engineering attacks. The audience will then learn about the specific tools and techniques that hackers use to deploy sophisticated social engineering attacks, in order to gain a better understand of how to safeguard against them. - Clint Bodungen, Senior Cyber Security Researcher & Penetration Tester Capgemini America 4

5 AGENDA Monday, August 10, 2015 (Continued) 4:15-5:15 p.m. Regulations, Risk Allocation and Insurance Coverage Issues Related to Physical Damage Arising from Cyber Risks This panel will cover new contractual clauses that allocate risk for cyber attacks in an industry where Bring Your Own Device (BYOD) is the standard operating procedure. These new contract terms include: Warranties Representations concerning standards of care Indemnities that can expose a contractor/service company to significant liabilities arising from the inadvertent introduction of a malicious virus Some of these new obligations may not be covered by insurance. Many insurance policies exclude damages for physical damages such as property damage, business interruption, environmental, control of well, bodily injury/death if they arise, in whole or in part, from a cyber attack/malicious virus. Moderators: - Glenn Legge, Partner, Legge, Farrow, Kimmitt, McGrath & Brown L.L.P. - Jacob Esparza, Partner, Legge, Farrow, Kimmitt, McGrath & Brown L.L.P Panelists: - Mary Guzman, Senior Vice President, McGriff, Seibels & Williams - Annie McIntyre, President and CEO, Ardua Strategies Tuesday, August 11, :30 8:00 a.m. Continental Breakfast 8:00-8:45 a.m. Security Benefits of Cloud Computing Cloud technology delivers numerous security benefits to organizations. Whether taking advantage of physical security, economies of scale, expertise, staffing levels or data distribution, oil and gas companies benefit from risk reduction. Additionally, firms have legal and financial considerations for remediation if/when issues arise. Cloud computing delivers numerous benefits to organizations that leverage their capability, security rises to the top of the list. - Eric Jeffery, Engineer, Vidyo, Inc. 8:45-9:30 a.m. Best Practices Panel This Q&A panel will focus on oil and gas cybersecurity best practices and will give attendees perspectives from different areas of the industry. Moderator: Amy Dunn Taylor, Director, Kane Russell Coleman & Logan PC Panelists: - Bob Timpany, Chief, Idaho Operations, NCCIC-ICS-CERT, US Department of Homeland Security - Richard Byrd, Industry Executive Oil & Gas, Lockheed Martin - Michael Smith, Senior Cyber Policy Advisor to the Assistant Secretary, Office of Electricity Delivery and Energy Reliability (OE), U.S. Department of Energy - Dr. J.R. Reagan, Principal, Deloitte Touche Tohmatsu Limited (DTTL) - Paul Barger, Lead Associate & Cyber Security Project Manager, Booz Allen Hamilton - Marc Othersen, Chief Information Security Officer, Hess Corporation - Eric Jeffery - Engineer, Vidyo, Inc. 5

6 AGENDA Tuesday, August 11, 2015 (Continued) 9:30-10:15 a.m. Cyber Incident Response Management: The Key to Safeguarding Assets What does incident response mean? To many people, using their existing Business Continuity Planning/Disaster Recovery Planning BCP/DR documents seems adequate to the task of managing a cyber-incident. However, we know that this is not the case. A robust incident response strategy comprises of three main parts. They are, Incident planning, incident readiness through testing the incident plan and finally responding to an actual incident. All three are required in order to survive an incident. The session will examine each component and provide the audience with a recommended approach to effectively manage an incident. It will walk the audience through a sample scenario of an incident response process. 10:15-10:45 Networking Break Being prepared for a cyber incident involves many people in the organization and all of these must be named and available when an incident occurs. It is rare for any organization to have the skills and capabilities required to successfully manage the company through an incident. This session will outline requirements and recommendations for choosing an incident response partner. - Rene Moreda, Director of Business Development for Energy and Utilities, BAE Systems Applied Intelligence 10:45 11:30 a.m. Cyber Threat Information To Share or Not To Share Topics that will be discussed in this session include: Why is cyber threat information/intelligence important and why should I share? How do I consume and produce threat intelligence and make it work in my security program? How does an information sharing community really work? What are the benefits and challenges? Update on the Oil & Gas Information Sharing & Analysis Center (ONG-ISAC) - Stuart Wagner, Director, IT Security & Compliance, A Fortune 100 Oil & Gas Company 11:30 a.m. -12:15 p.m.the Future of Oil and Gas Cybersecurity This session will help round out the Oil and Gas Cybersecurity Conference and focus on the forecast for the year. - Paul Barger, Lead Associate & Cyber Security Project Manager, Booz Allen Hamilton 12:15-12:45 p.m. Closing Remarks - Bob Timpany, Chief, Idaho Operations, NCCIC-ICS-CERT, US Department of Homeland Security 6

7 SPEAKERS Paul Brager / Lead Associate & Cyber Security Project Manager / Booz Allen Hamilton Mr. Brager has been in the information security field for almost 20 years, covering the spectrum of the discipline from network and infrastructure security, compliance and governance, and security program management and development. He has extensive cyber experience in oil and gas, retail, banking and finance, healthcare, and telecommunications, having held leadership positions throughout much of his profession career, up to and including CSO of an emergency management and incident response organization. Mr. Brager holds a BS degree from Texas A&M University in Political Science, with a minor in Business, and a MS in Administration of Justice and Security (Criminal Justice/Cyber fusion) from the University of Phoenix. Additionally, Mr. Brager is CISSP and CISM certified, and is currently pursuing his PMP, CISSP- MP, and CRISC certifications. Clint Bodungen / Senior Cyber Security Researcher & Penetration Tester Clint is a Cyber Security Researcher and Penetration Tester with more than 20 years of experience. His professional career began with the United States Air Force, serving as his unit s Computer Systems Security Officer (CSSO). Shortly thereafter, he was contracted by Symantec to test their intrusion detection systems (IDS). It was in 2003 when was hired by an industrial consulting firm and introduced to SCADA, and he been focusing on industrial systems security ever since. Over the past 12 years, he has led and executed a multitude of ICS/SCADA security assessment and penetration testing projects. He has contributed vulnerability and exploit research to several ICS-CERT advisories, authored and instructed multiple ICS/SCADA security training courses, and was just recently contracted by McGraw Hill to author an ICS/SCADA penetration testing book (title yet to be announced), due to be released by mid Richard Byrd / Industry Executive Oil & Gas / Lockheed Martin Richard Byrd leads Lockheed Martin s business development efforts for the Oil & Gas Industry. An accomplished, 21 year industry veteran, Mr. Byrd advises Lockheed Martin and its clients on security strategy, solution development and delivery, industry and government relationships, and cyber security regulation. Mr. Byrd s background is in cybersecurity, data structures, advanced computing, and analytics. He has worked with technology titans such as HP, Oracle, Symantec, and British Telecom in business development and leadership roles. With time spent across Upstream, Midstream, Downstream, and Trading, Richard has advised many of the largest and most prominent global oil & gas companies. He excels at providing high-return technology solutions to meet some of the most complex business challenges facing the industry. Mr. Byrd is currently working on several projects that include Cyber Security, Data Analytics, IT/OT convergence, Strategic Integrations and Advanced Technologies. Richard holds degrees in Psychology and Business Administration from Louisiana State University. Jacob Esparza / Partner / Legge, Farrow, Kimmitt, McGrath & Brown L.L.P. Mr. Esparza is a partner at the firm of Legge, Farrow, Kimmitt, McGrath & Brown, L.L.P. in Houston, Texas. He focuses his practice on complex commercial litigation involving the energy, marine and transportation industries. He regularly assists major and independent E&P companies and contractors with drafting and negotiating agreements involving the allocation of risks associated with energy development. His experience allows him to represent entities engaged in regulatory investigations involving offshore energy exploration and production activities, including panel and whistleblower investigations. He often assists clients with commenting efforts relating to proposed BSEE and USCG rules and frequently advises clients of key regulatory changes that may impact their operations in the Gulf of Mexico. Mr. Esparza received his J.D. from the University of Houston Law Center in 2005 and a business degree from Texas A&M University in He is admitted to practice law in Texas, the U.S. Court of Appeals for the Fifth Circuit, the United States District Courts for the Southern, Eastern, Western and Northern Districts of Texas, and the District of Colorado. 7

8 SPEAKERS Mary Guzman / Senior Vice President / McGriff, Seibels & Williams Current focus on Professional Liability and Cyber/Information Security risks. Recently led team to develop a $100mm line slip insurance facility for cyber coverage for the utility industry and continue to develop capacity and create proprietary solutions for cyber risks across all industries. 20 years in insurance brokerage business with both property/casualty and executive risks background. Have worked with large, complex clients in various industries to design and implement risk and insurance programs and identify and quantify emerging risks. Eric Jeffery / Engineer / Vidyo, Inc. / Founder and CEO / Gungon Consulting Eric Jeffery has over 20 years experience in Information Technology with nearly 18 falling in the information security realm. He has experience in numerous industries including aerospace, defense, telecommunications, healthcare, and entertainment. Eric has managed teams of up to 15 system engineers and project managers with focus on hardware, operating systems, remote hosting, remote access, and database management and maintenance. He has worked extensively with managed services including developing a managed services business from scratch for an international healthcare IT firm. Glenn Legge / Partner / Legge, Farrow, Kimmitt, McGrath & Brown L.L.P. Mr. Legge is a partner at the firm of Legge, Farrow, Kimmitt, McGrath & Brown, L.L.P. in Houston, Texas. He is licensed to practice law in Texas and California and is admitted to the United States Court of Appeals for the Fifth Circuit, as well as the United States District Courts for the Southern, Eastern and Northern Districts of Texas. Mr. Legge focuses his practice in the areas of commercial litigation, including energy, marine, construction and insurance coverage matters. In addition, he represents operators, contractors, service companies and insurers involved in offshore exploration, production, development, construction and decommissioning matters. Annie McIntyre / President and CEO / Ardua Strategies Annie McIntyre is the President and Chief Executive Officer of Ardua Strategies, Inc., a Texas Corporation, providing solutions for the cyber and operational security issues of energy and infrastructure. She is also a Senior Fellow at the University of Minnesota s Technology Leadership Institute. Prior to founding Ardua Strategies, Ms. McIntyre was a Principal Member of Technical Staff and Program Manager at Sandia National Laboratories in Albuquerque, New Mexico. Her research areas at Sandia included threats, vulnerabilities, and protection of critical infrastructure systems, and cyber security for fossil and renewable energy systems. She managed the Sandia-Forest City Strategic Partnership program for sustainability, and participated in programs such as the Institute for Infrastructure Information Protection (I3P), and National SCADA Test Bed. Ms. McIntyre conducted the first cyber analysis of a renewable system in 2007 for the Department of Energy. She holds a Bachelor of Science from New Mexico Tech, a Master of Science from Troy State University, and has been a lifelong member of the American Association of Petroleum Geologists. 8

9 SPEAKERS Rene Moreda / Director of Business Development for Energy and Utilities / BAE Systems Applied Intelligence Rene Moreda is Director of Business Development for Energy and Utilities for BAE Systems Applied Intelligence. Applied Intelligence has commercial industry sector focus on Energy and Utilities, Financial Services and Communication Service Providers. Applied Intelligence specializes in security and is a division of BAE Systems, a global defense, aerospace and security company that deliver solutions to government and commercial customers with a focus on protecting critical national infrastructure. Rene has over 20 years of experience developing, marketing and selling advanced technologies and solutions into the High Tech and Energy sector. Rene holds a BS in Computer Science from the University of Houston. Christopher A. Murphy / Director, Critical Infrastructure Cybersecurity / Delta Risk LLC Mr. Chris Murphy is a Director for Delta Risk LLC. Mr. Murphy has over 18 years of cyber and physical security operations planning and support to the Department of Defense and private sector companies. He is one of the firm s senior subject matter expert on cybersecurity. Mr. Murphy has led cybersecurity teams conducting event monitoring and incident response for the U.S. Air Force and Fortune 500 organizations. Prior to joining Delta Risk, he managed a team of global cyber security professionals for Dell SecureWorks that provided endpoint security services and incident response for major corporations in different critical infrastructure sectors. Prior to Dell, he managed Security Operations Center (SOC) and Endpoint Security teams for Raytheon Corporation a recognized best of breed cybersecurity organization among Defense Industrial Base companies. He has also consulted for Booz Allen Hamilton providing strategic guidance in cybersecurity to the U.S. Air Force. In addition to his commercial experience, Mr. Murphy is a former active duty Air Force officer with assignments developing tactics, techniques and procedures (TTPs) for Information Operations and Network Defense. Mr. Murphy holds a Bachelor of Science Degree in Information Systems from the University of Texas at Arlington and a Master of Science Degree in Information Technology with a concentration in Infrastructure Assurance from the University of Texas at San Antonio. His industry certifications include: Certified Information Systems Security Professional (CISSP), GIAC Security Essentials Certification (GSEC), Information Technology Infrastructure Library (ITIL) v3, Raytheon 6 Sigma Specialist and Network+. Marc Othersen / Chief Information Security Officer / Hess Corporation 9

10 SPEAKERS Dr. J.R. Reagan / Principal, Global Chief Information Security Officer (CISO) / Deloitte Touche Tohmatsu Limited (DTTL) Dr. Reagan is Global Chief Information Security Officer (CISO) of Deloitte Touche Tohmatsu Limited (DTTL) with revenue of $34B, over 210,000 employees and operating in more than 150 countries. As the senior-most information protection officer, he leads the next-generation design of the global security organization. He is a frequent presenter on Cybersecurity, Innovation & Analytics across the globe and has appeared in the Wall Street Journal, Financial Times, CNN and Washington Post. Michael Smith / Senior Cyber Policy Advisor to the Assistant Secretary / Office of Electricity Delivery and Energy Reliability (OE), U.S. Department of Energy Mike came to the Infrastructure Security and Energy Restoration (ISER) Division within OE in March 2008 to establish and lead the newly created Global Initiatives Directorate (Directorate). In September 2012, Assistant Secretary Patricia Hoffman assigned Mike to become her Senior Cyber Policy Advisor. His current duties include leading and/or facilitating a wide range of Energy Sector cybersecurity initiatives across the department, the interagency, and the National Security Staff. Mike led the Department s participation as the Energy Sector-Specific Agency in the Integrated Task Force charged with implementing Executive Order and Presidential Policy Directive 21. Mike is also the lead for the Cybersecurity Risk Information Sharing Program (CRISP). Mike was born in Burbank, California, and grew up in San Diego. He graduated from the University of Oklahoma with a BA (1983) and a JD (1987) and Georgetown University Law Center, where he earned a Masters of Law in International and Comparative Law (1999). Amy Dunn Taylor / Director / Kane Russell Coleman & Logan PC Ms. Taylor is a Director in the firm s Houston office. She is a seasoned trial lawyer with more than 33 years of experience. She is also a trained mediator and arbitrator. She practices in the Litigation Practice Area. Her practice has included cyber security and risk consultation, product and premises liability cases, construction claims, mass tort and toxic tort personal injury claims such as silicone medical implants, asbestos, silica and mold exposure cases, business torts and contract disputes. She has tried virtually every type of civil case and worked on both sides of the docket. 10

11 SPEAKERS Bob Timpany / Chief, Idaho Operations, NCCIC-ICS-CERT / US Department of Homeland Security Robert Timpany is the Idaho Chief of Operations for the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an operational division of the department s National Cybersecurity and Communications Integration Center (NCCIC) and the DHS Office of Cybersecurity and Communications (CS&C). ICS-CERT works to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local and tribal governments, as well as industrial control systems owners, operators and vendors. In collaboration with the other NCCIC components the ICS-CERT responds to and analyzes control systems related incidents, conducts vulnerability and malware analysis, and shares and coordinates vulnerability information and threat analysis through products and alerts. Mr. Timpany is a Certified Information Systems Security Management Professional, a Certified Information Systems Security Architecture Professional and a Certified Information Systems Security Professional. Stuart Wagner / Director, IT Security & Compliance / A Fortune 100 Oil & Gas Company Stuart has developed and led information security programs for multi-billion dollar companies for the past eight years and is currently the Director, IT Security & Compliance for one of the largest publiclytraded energy partnerships. The companies he has been responsible for cover a broad range of industries, including the oil & gas, chemical, financial and automotive industries. He also serves on the Board of Directors of the newly formed Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC). He has served as President of the award-winning South Texas Chapter of the Information Systems Security Association (ISSA), as well as a member of ISACA and InfraGard. Stuart received his MBA from Rice University. 11

12 POST-CONFERENCE WORKSHOP CYBERSECURITY AND INDUSTRIAL CONTROL SYSTEMS TUESDAY, AUGUST 11, 2015 OVERVIEW Over the years information security professionals have tended more toward specialization than standardization tailoring tools, techniques, and approaches to individual infrastructures or the business operations they support. Nowhere is this more pronounced than in the context of industrial control systems. These systems and the SCADA networks used to monitor and control them are critical components of oil and gas production. The historical tension between traditional IT security and ICS or OT - operators and engineers centers on the uniqueness of the ICS environment and the often mis-applied IT security practices. The resulting impact: SCADA/ICS systems are typically left unprotected, or subject to the same IT security practices as enterprise networks. This workshop will focus on indoctrinating IT and OT security practitioners to advanced tools and techniques for securing ICS networks, to include capabilities typically employed by enterprise Network Operations Centers or Security Operations Centers. It will examine in real time common attacks, analyze what security practices failed and why, and implement tools or techniques to mitigate future attacks. Attendees will be afforded the opportunity to attach to a simulated network environment and experience first-hand how to use certain tools or apply techniques for discovering and mitigating attacks. Attendees are encouraged to bring a laptop with the following: 2 GB RAM at a minimum Ethernet Interface CD-ROM and the ability to boot a LiveCD At least one free USB port LEARNING OUTCOMES Develop skills necessary for assessing and mitigating possible attacks on their own networks Examine in real time, common attacks, analyze what security practices failed and why, and implement tools or techniques to mitigate future attacks. Hands on experience with tools necessary to protect their networks Discuss the impacts if SCADA and ICS systems are left unprotected in the current or old security practices AGENDA Tuesday, August 11, :00 1:30 p.m. Registration 1:30 5:30 p.m. Workshop Timing Overview Brief background of informational security and industrial control systems Traditional IT security vs. ICS IT practices and their impacts Advanced Tools and Techniques for Securing ICS Networks Common attacks Techniques for securing ICS networks: opportunities and challenges Capabilities typically employed by enterprise network operations centers or security operations centers ACTIVITY: Simulated Network Environment Attack Attendees will have the opportunity to simulate a cyber-attack and will then debrief as a group. They will discuss challenges, opportunities and the following: Techniques to discover potential or current attacks Which security practices failed and why? Tools to mitigate future attacks Review and Q&A 12

13 POST-CONFERENCE WORKSHOP CYBERSECURITY AND INDUSTRIAL CONTROL SYSTEMS TUESDAY, AUGUST 11, 2015 INSTRUCTORS Andrew R. Cook / Senior Analyst / Delta Risk LLC Mr. Andrew Cook is a Senior Analyst for Delta Risk LLC. Mr. Cook has over 5 years of cybersecurity operations, research, and development. He is one of the firm s subject matter expert on defensive cyberspace Hunt operations. Prior to joining Delta Risk, Mr. Cook was an active duty Air Force officer leading cybersecurity teams to discover and counter Advanced Persistent Threats to critical national assets. While in the Air Force, he served as the Weapons & Tactics Officer for the DOD s first defensive cyber weapon system. He continues to serve in the Texas Air National Guard as a certified instructor and combat mission ready operator helping to stand up one of the National Guard s first Cyber Protection Teams. Prior to the Air Force, Mr. Cook worked at the Air Force Research Laboratory s Information Assurance Directorate where he researched techniques to secure sensitive operations and data in contested cloud computing environments. Mr. Cook holds a Bachelor of Science Degree in Computer & Systems Engineering from Renssealaer Polytechnic Institute and a Master of Science Degree in Information Security and Assurance from Western Governors University, Texas. His industry certifications include: GIAC Reverse Engineering Malware (GREM), GIAC Certified Incident Handler (GCIH), GIAC Security Essentials (GSEC), GIAC Certified ISO Specialist (G2700), and Cisco Certified Network Associate Security (CCNA- Security). John Dearman / Senior Analyst / Delta Risk LLC Mr. John Dearman joined Delta Risk in 2014 and has worked in the cyber security industry since 2007, where he has focused primarily on web application security, penetration testing, and hands on security training. Since joining Delta Risk, Mr. Dearman has supported Marine Corps Cyberspace Command and U.S. Cyber Command in developing training programs and exercises for Cyber Protection Teams. Before entering the cyber security industry, Mr. Dearman spent several years as a web application developer and manager. Mr. Dearman served six years in the U.S. Marine Corps Reserves as an Infantryman where he deployed to the Al Anbar province of Iraq in support of Operation Iraqi Freedom. After leaving the Marines, Mr. Dearman transitioned to the Texas Air National Guard as a Cyber Intelligence Analyst where he currently supports Air Force cyber defense initiatives and the Air Force s premier National Guard Cyber Protection Team. Mr. Dearman holds a Bachelor of Science in Computer Science from Sam Houston State University and currently has his CompTia Security+ and Network+ certification. 13

14 INSTRUCTIONAL METHODS Case studies, PowerPoint presentations and group discussion will be used for in this event. REQUIREMENTS FOR SUCCESSFUL COMPLETION OF PROGRAM Participants must sign in/out each day and be in attendance for the entirety of the course to be eligible for continuing education credit. IACET CREDITS PROCEEDINGS EUCI has been accredited as an Authorized Provider by the International Association for Continuing Education and Training (IACET). In obtaining this accreditation, EUCI has demonstrated that it complies with the ANSI/IACET Standard which is recognized internationally as a standard of good practice. As a result of their Authorized Provider status, EUCI is authorized to offer IACET CEUs for its programs that qualify under the ANSI/IACET Standard. EUCI is authorized by IACET to offer 1.0 CEUs for the conference and 0.4 CEUs for the post-conference workshop.. EVENT LOCATION A room block has been reserved at the Houston Marriott West Loop by The Galleria, 1750 W Loop S Fwy, 77027, for the night of August 9-10,2015. Room rates are $144, plus applicable tax. Call for reservations and mention the EUCI course to get the group rate. The cutoff date to receive the group rate is July 9, 2015, but as there are a limited number of rooms available at this rate, the room block may close sooner. Please make your reservations early. A copy of the conference proceedings will be distributed to attendees at the event. If you are unable to attend or would like to purchase additional copies, a downloadable link will available two weeks after the conference is complete. The cost per download is US $395. The link includes visual presentations only. Upon receipt of order and payment, the link will be sent to you via . NOTE: All presentation sales are final and are nonrefundable. Do you want to drive new business through this event s powerful audience? Becoming a sponsor or exhibitor is an excellent opportunity to raise your profile before a manageably sized group of executives who make the key purchasing decisions for their businesses. There is a wide range of sponsorship opportunities available that can be customized to fit your budget and marketing objectives, including: Breakfast host Custom sponsorship opportunities are also available. Please contact Shannon Ryan at or sryan@euci.com for more information. 14

15 EVENT LOCATION P: F: PLEASE REGISTER THE FOLLOWING A room block has been reserved at the Houston Marriott West Loop by The Galleria, 1750 W Loop S Fwy, 77027, for the night of August 9-10,2015. Room rates are $144, plus applicable tax. Call for reservations and mention the EUCI course to get the group rate. The cutoff date to receive the group rate is July 9, 2015, but as there are a limited number of rooms available at this rate, the room block may close sooner. Please make your reservations early. OIL & GAS CYBERSECURITY CONFERENCE AND POST- CONFERENCE WORKSHOP: AUGUST 10-11, 2015: US $ EARLY BIRD ON OR BEFORE JULY 31, 2015: US $1595 OIL & GAS CYBERSECURITY CONFERENCE ONLY AUGUST 10-11, 2015: US $1395 EARLY BIRD ON OR BEFORE JULY 31, 2015: US $1195 CYBERSECURITY AND INDUSTRIAL CONTROL SYSTEMS POST- CONFERENCE WORKSHOP ONLY, AUGUST 11, 2015: US $595, EARLY BIRD ON OR BEFORE JULY 31, 2015: US $495 I'M SORRY I CANNOT ATTEND, BUT PLEASE SEND ME A LINK TO THE CONFERENCE PROCEEDINGS FOR US $395. EUCI s Energize Weekly newsletter compiles and reports on the latest news and trends in the energy industry. Newsletter recipients also receive a different, complimentary conference presentation every week on a relevant industry topic. The presentations are selected from a massive library of more than 1,000 current presentations that EUCI has gathered during its 28 years organizing conferences. Sign me up for Energize Weekly. How did you hear about this event? (direct , colleague, speaker(s), etc.) Print Name Job Title Company What name do you prefer on your name badge? Address City State/Province Zip/Postal Code Country Telephone List any dietary or accessibility needs here CREDIT CARD Name on Card Account Number Billing Address Billing City Billing State Billing Zip Code/Postal Code Exp. Date Security Code (last 3 digits on the back of Visa and MC or 4 digits on front of AmEx) OR Enclosed is a check for $ to cover registrations. All cancellations received on or before July 10, 2015, will be subject to a US $195 processing fee. Written cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event or publication. This credit will be good for six months. In case of event cancellation, EUCI s liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at (201) EUCI reserves the right to alter this program without prior notice. 15