CCT Venues Plus South Quay, London E14. A One-Day Conference Thursday 5 th February Organised by. City & Financial Global.

Transcription

1 A One-Day Conference Thursday 5 th February 2015 The UK Energy Cyber Security Executive Forum Addressing the cyber security risks at the board level The new realities of cybercrime in the energy sector CCT Venues Plus South Quay, London E14 Organised by City & Financial Global Sponsored by Ciaran Martin, Director General for Government and Industry Cyber Security, GCHQ Graham Wright, Group CISO and Digital Risk Officer, National Grid Steve Purser, Head of Core Operations Department, ENISA Dr Gal Luft, Senior Advisor, The United States Energy Security Council & Chairman, Nation-E Avtar Sehmbi, Head of Information Security & IT Risk Management, Centrica Stephanie Daman, CEO, Cyber Security Challenge UK Supported by Troels Oerting, Head of European Cyber Security Centre, Europol Raj Roy, Legal Director, British Gas Chris Gibson, Director, CERT-UK Attend this forum to understand: What the UK Government is doing to improve security skills and awareness within the energy sector How to educate your employees to deal with the new realities of cybercrime in the oil & gas industry Why energy companies fail to effectively manage data security breach incidents and how you can enhance your incident management detection and response capabilities What coverage cyber risk insurers provide for business interruption and how to deal with the cyber risk gap in the energy sector You will also learn about: EU response to the increased cyber threat in the energy sector. How does the United States currently manage cyber security? Recent cyber security incidents that have the most profound impact on the oil & gas industry. Step by step analysis and the lessons learned Effectively responding to real-time operational security concerns of SCADA devices and networks for power and utilities. Retesting vulnerabilities to eliminate threats The trends in the type, volume and calibre of cyber security attacks in the energy sector. The most effective risk mitigation strategies and commercially viable cyber security policies QR Code

2 The UK Energy Cyber Security Executive Forum Addressing the cyber security risks at the board level The new realities of cybercrime in the energy sector CCT Venues Plus South Quay, London E14 The energy sector is increasingly becoming a prime target for organised cyber security crime. Globally, it is estimated that cyber security breaches in oil & gas and power will cost owners $1.87billion by Cyber-attacks on industrial control systems reported to ICS-CERT jumped from 34 in 2010 to 257 in The European Union s adoption of new data protection rules and a new cyber security network by 2015 increases the challenge faced by energy companies in Europe. With energy companies in the UK already losing approximately 400 million every year, the sanctions for security breaches will increase the maximum fines from 2% to 5% of a company s global annual turnover. Despite all the evidence and with such high costs at stakes, many companies do not fully appreciate the risk posed by cybercrime. Their existing security measures often prove to be inadequate and energy firms are routinely refused insurance cover for business interruption. Additionally, the current mainstream cyber insurance market neither fully addresses the needs of the energy sector, nor provides coverage for physical loss or damage. Furthermore, the waiting periods for cyber security coverage can be significant in terms of energy networks. With significant numbers of employees having insufficient knowledge of corporate cyber threats, such as SpyEye, Zeus, Stuxnet and Flame, the nation s critical energy infrastructure remains extremely vulnerable. Energy companies, while struggling with the complexity and size of the networks they manage, need to meet the challenge of surviving and growing in the current cyber security climate now. City & Financial Global s Energy Cyber Security Executive Forum is a strategic and practice-driven summit, which will give you an excellent opportunity to network with the best of the energy cyber security sector and learn how to actively engage with the cyber security issues. This timely conference will offer you guidance to minimise the risks, avoid cyber security breaches through internal controls and proper adherence to standards, develop resilience, and protect and strengthen your business in the UK and globally. This already highly-regarded executive Forum is an in-depth follow-up to the cyber security panel at our City Week 2014 event, at which the Rt Hon Francis Maude, Minister for the Cabinet Office spoke. There was enormous interest in the cross industries cyber security session, much of which was from board directors of national and international firms who were keen to get a better understanding of the threat posed to their institutions by cybercrime, how they should identify their vulnerabilities, what they should be protecting, how they should protect it and the role of the board in establishing a cyber security strategy. A transcript of Francis Maude s speech at City Week 2014 is below: THIS EVENT WILL BE OF PARTICULAR INTEREST TO CISOs, Heads of Digital Risk, CIOs, Data Protection Officers, Cyber Security Managers, Cyber Security Architects, Heads of Legal/Privacy/Cyber Threat/ Resilience/IT, Chief Risk Officers/Risk Managers, SCADA Control Operators COMPANIES ALREADY ATTENDING INCLUDE: GCHQ BP NATIONAL GRID CENTRICA ENISA EUROPOL TOKIO MARINE KILN CERT-UK GAZPROM CYBER SECURITY CHALLENGE UK THE UNITED STATES ENERGY SECURITY COUNCIL BRITISH GAS CODENOMICON THE DUTCH MINISTRY OF SECURITY AND JUSTICE PERENCO GAS INFORMATION SECURITY FORUM JERSEY ELECTRICITY WOOD GROUP and many, many others

3 The Programme 08:00 Registration, networking and morning coffee 09:00 Chairman s opening remarks Graham Wright, Group CISO and Digital Risk Officer, National Grid 09:10 Keynote address I - Enhancing the UK s cyber resilience The role of the Cyber-security Information Sharing partnership (CiSP) Why you need to exercise What we are seeing Chris Gibson, Director, CERT-UK 09:30 Panel I - An in-depth look at the latest European and international cyber security policies for oil & gas and power The role of the regulatory bodies in relation to cyber security. The differences between the regulatory bodies in the UK, Europe and the US How are international security policies and standards changing to meet cyber challenges? The EU Cyber Security Strategy. The NIS Directive. The role of ENISA Smart Grid mandates across the EU. Smart Grid security measures How does the United States currently manage cyber security? Analysing the US s NIST and Department of Homeland Security s initiatives How do we share best practice to address the issues and challenges Steve Purser, Head of Core Operations Department, European Union Agency for Network and Information Security (ENISA) Dr Gal Luft, Senior Adviser, The United States Energy Security Council & Chairman, Nation-E Patrick Curry OBE, Director, British Business Federation Authority Chris Gibson, Director, CERT-UK 10:30 Panel II - Rethinking cyber security: Making your business more secure and resilient What are the new realities of cyber threats in the energy sector? Which cyber risks and exposures your organisation is facing by simply running your business on a daily basis? Best practices of dealing with cyber threats and vulnerabilities. Improving response time and enhancing overall system robustness Ensuring a skilled workforce. How to educate your employees to deal with the new realities of cybercrime in the energy sector? Graham Wright, Group CISO and Digital Risk Officer, National Grid Avtar Sehmbi, Head of Information Security & IT Risk Management, Centrica Manu Sharma, Director, Grant Thornton Iowa Carels, Senior Cyber Security Advisor, The National Cyber Security Centre, The Dutch Ministry of Security and Justice

4 11:10 Keynote address II - Cyber security and the energy sector. A GCHQ perspective Government s focus on cyber security and the nature of the threat Cross-government initiatives and cyber security guidance and standards Routes to seek IA support, advice, training and professionalisation How cyber security risk affects the energy sector Future options for defence through collaboration Ciaran Martin, Director General for Government and Industry Cyber Security, GCHQ 11:30 Networking and morning coffee 11:50 Case-study I Senior Representative, QinetiQ 12:10 Case-study II - Cyber threats to critical energy systems and risk mitigation strategies Reviewing recent cyber security incidents that have the most profound impact on the energy sector Understanding trends in the type, volume and calibre of those attacks Recommendations for risk mitigation and commercially viable cyber security policies Dr Gal Luft, Senior Adviser, The United States Energy Security Council & Chairman, Nation-E 12:30 Case-study III - Building a comprehensive IT risk management system Technology changes in the energy companies. Reviewing different systems of IT protection What are key external penetration areas of critical infrastructure? Unifying IT protection methods and policies and maximising standards of IT protection by adhering to short- and long-term security plans Suggestions for an effective end-to-end IT management programmes Looking at the existing outsourcing models Scott Baron, Director Digital Risk & Security Governance, National Grid Ameet Patel, Group IT&S Director Information Security, Wood Group 13:00 Keynote address III - The race for skills in the energy sector The implications of not properly addressing the cyber security skills gap Barriers that need to be addressed and overcome if we are going to be successful Matching the solutions to the topic - why traditional approaches have limited success Stephanie Daman, CEO, Cyber Security Challenge UK 13:20 Networking and lunch 14:20 Keynote address IV International perspective Troels Oerting, Head of European Cyber Security Centre, Europol 14:40 Case-study IV Daniel Barriuso, CISO, BP Richard Mackintosh, Cyber Intelligence Advisor, BP

5 15:10 Panel III - Protection of privacy data for energy The impact of the new European Data Protection regulation on the energy sector What are the main energy data protection challenges? Enforcing data protection polices and enabling open and confident communication throughout your business and with external parties John Bowman, Senior Principal, Data Protection and Privacy, Promontory Financial Group Raj Roy, Legal Director, British Gas Ashley Roughton, Barrister, Hogarth Chambers 15:50 Afternoon tea 16:10 Case-study V - Heartbleed: lessons learned or did we learn? What can the energy sector learn about cyber security from other industries Security build in or add on? Ari Knuuti, Co-founder and Vice President of EMEA, Codenomicon 16:30 Panel IV - Cyber insurance: How to deal with the cyber risk gap in the energy sector? Cyber insurance as a service data breach response What coverage does cyber risk insurance provide? Policy details: what is covered, and what isn t? What separates competitive insurers? UK market vs the rest of the world How legislation and regulatory change drive the need and demand for insurance Systemic risk and risk management The future of the cyber insurance market Laila Khudairi, Global Underwriter for International Cyber Risk, Tokio Marine Kiln Damian Beeley, Partner, Haggie Partners Andrew Barratt, Managing Director Europe, Coalfire 17:10 Panel V - Why energy companies fail to effectively manage data security breach incidents and how you can enhance your incident management detection and response capabilities Understanding the threats, vulnerabilities and consequences of a cyber security breach within an organisation and its supply chain Identifying, protecting, detecting and responding Learning how to improve your resiliency and recovery to minimise your downtime if the system fails Ari Knuuti, Co-founder and Vice President of EMEA, Codenomicon Richard Mackintosh, Cyber Intelligence Advisor, BP Chris North, Head of Information Security, Gazprom Marketing and Trading Steve Armstrong, Technical Security Director and Owner, Logically Secure; Certified Instructor, SANS institute 17:50 Close of proceedings

6 About our sponsors Tokio Marine Kiln is a leading international provider of specialist and corporate insurance for clients within the Lloyd s and Company markets. Formed in 2014 through the integration of Kiln and Tokio Marine Europe, Tokio Marine Kiln has been founded on empowered expertise and the strength of its relationships. As part of one of the world s largest insurance groups, Tokio Marine, we empower more than 700 employees in 22 cities to protect customers against complex and ever changing risks. We have seven underwriting teams focused on Specialist Property, Liability & Motor; Corporate Property & Liability, Construction; Marine & Enterprise Risk; Aviation & Space, Accident, Health & Life; and Reinsurance products, which are complemented by a first class claims team and an expert risk engineering service. Tokio Marine Kiln benefits from exceptional financial strength with Standard & Poor s ratings of AA- attributed to its Company platform and A+ for its four managed syndicates at Lloyd s. Codenomicon provides a suite of next-generation solutions that reveal a better path to total defense. These solutions provide new layers of testing, robustness, intelligence, collaboration and security to deliver strength in visibility to the very Core of today s critical systems, networks and devices. From automated testing solutions to amplify security by bringing the unknown into view, to patent-pending verification and validation solutions that leaves no stone unturned and no library or application unchecked, Codenomicon answers the call for new levels of security, safety and transparency to the world s connected and critical systems. Founded in 2001 in Oulu, Finland, the global company works with leading telecommunications, networking, manufacturing, healthcare, financial services, defense, government, CERT and cyber authorities to strengthen systems and proactively secure customers and connections. QinetiQ provides best-in-class Cyber Security solutions, services and advice. Our holistic solutions cover people, processes and technology; they help customers to maintain security, manage risk, enhance corporate resilience and maintain competitive advantage. We specialise in advice, strategic Penetration Testing and Managed Security Services across different sectors. About City & Financial Global City & Financial Global run around forty high level conferences each year, covering a wide variety City & Financial Global of topics held throughout the world. C&F Conferences have four distinguishing features. First, they are often held under joint ventures with governments and government agencies. Second, our speakers are always of the highest calibre, and include heads of government, senior government ministers, policy makers, and regulators and chief executives and main board directors of some of the world s leading companies, as well as experts from top advisory firms. Third, our events focus on the impact of key change drivers such as government policy, regulation, product innovation, technology, supply and demand side factors and specific developments in different markets. Fourth, we aim to produce the most authoritative conference on any given topic. As a result, our events attract large audiences comprising senior decision-makers from both the public and private sectors, as well as sponsorship from some of the world s leading companies and financial institutions. For more information please visit

7 Thursday 5 th February 2015 Please do not cover this address, even if incorrect it contains your customer code CYBER SECURITY CHALLENGE 20% SUPPORTER DISCOUNT USE CODE: CYSEN1CSC FOUR EASY WAYS TO REGISTER FAX: +44 (0) Provisional bookings can be made by completing the registration form and faxing it to us. Your place will be confirmed on receipt of payment. bookings@cityandfinancial.com WEBSITE: POST: Send the completed registration form, along with payment to the address below: City & Financial Global Ltd, 1st Floor, Swift House, Walnut Tree Place, Send, Woking GU23 7HL United Kingdom ENQUIRIES: +44 (0) Delegates One Two Three Save 20% when you book 3 or more places First Name Mr/Mrs/Ms: Family Name: Position: This will be used to send you conference documentation. My special dietary requirements are: Contact Payment Details Organisation: Total: Please tick to receive an invoice in advance of payment Address: Cheque: Payable to: City & Financial *Bank Transfer: IBAN: GB51 BARC Telephone: Mobile: Credit Card: VISA AMEX MASTERCARD Fax: Card No: 3 digit security code Expiry Date: Issue Date: City & Financial Premier Venue Accommodation SAVE 5% City & Financial invite you to join City & Financial Premier. Membership of City & Financial Premier will entitle you to a 5% discount off all City & Financial conferences & publications. To join you must provide City & Financial with your address and agree to allow us to send you details about relevant conferences and publications by . Your address will not be released to third parties, except to those organisations sponsoring or exhibiting at a conference that you attend. Please tick this box to join [ ] (Joining is free of charge) Please indicate which of the following subject areas interest you: Infrastructure/PPP [ ] Public Policy/General Business [ ] Energy [ ] Financial Regulation [ ] Corporate Finance [ ] The discount is available for as long as you are a member of City & Financial Premier. You may unsubscribe after three months membership. The 5% discount will be applied to your current order. Please tick this box if you already are a City & Financial Premier member [ ] CCT Venues Plus South Quay Isis Building Thames Quay 193 Marsh Wall London E14 9SG Tel: Details of nearby accommodation may be found on the venue s website Website: CONFIRMATION If you have not received confirmation of your booking prior to the conference, please call City & Financial on +44 (0) Your delegate place is not confirmed until payment is received. Payment must be received before the conference date. If payment has not been received before the conference date City & Financial reserves the right to ask for a credit or debit card guarantee of payment when you register at the conference. PRIVATE SECTOR FEE: plus VAT ( ) The fee for this conference as shown above includes refreshments, luncheon, and written documentation for one delegate. Additional conference documentation packs are available on request at VAT. These can be ordered by fax or . *BANK TRANSFER PAYMENTS CYSEN1 When paying by Bank Transfers quote this reference: (Please ensure ALL bank charges are met by your organisation) CANCELLATIONS/SUBSTITUTIONS Delegates cancelling 15 days or more before the event will receive a refund less a 10% administration fee (waived if you elect to buy the conference documentation). Cancellations received between 14 and 7 days before the event will be entitled to a 50% refund of the conference fee, and will receive a copy of all conference documentation. Cancellations received 6 days or less before the event will receive no refund but will receive a copy of all conference documentation. Delegates can be substituted at any time prior to the event; notification of cancellations or substitutions must be received in writing (an or fax is acceptable). Non-attendance, or non-payment does not constitute cancellation. If payment has not been made prior to the event, a full charge will still apply. ORDER CONFERENCE DOCUMENTATION I cannot attend the conference but wish to buy the event documentation pack, which includes the speakers presentations Full documentation costs VAT To order, complete the registration form and method of payment. Payment must be received before the documentation and password can be despatched All conference presentations will be available from the City & Financial website: PROGRAMME CHANGES City & Financial Conferences reserves the right to make any necessary alterations/changes to the programme. Personal Data is gathered in accordance with the Data Protection Act If you do not wish to receive promotional material from City & Financial, please tick here If you do not wish to receive promotional material from the Conference Sponsor, please tick here If you do not wish to receive promotional material from any other 3rd party, please tick here Please return this form with the address and customer code, clearly visible if you wish us to remove your records from our database.