Industrial Control Security

Transcription

1 Industrial Control Security Holiday Inn, Sacramento, California The Effective Approach for Protecting Oil and Gas Critical Infrastructures from the Emerging Cyber Threats Pre Conference Workshop, 5th October 2014 with Ayman AL-Issa, Digital Oil Fields Cyber Security Advisor, ADMA Headline Sponsors Co Sponsors Event Overview All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Utilities and Oil and Gas sectors. The ICS Energy USA conference has been developed with the guidance of the Cyber Senate. An exclusive community of authoritative global leaders with unparalleled experience and knowledge in both Cyber and Industrial Control sectors. Key Speakers Samara Moore, IT and Cyber Security Policy Advisor, Department of Energy Mike Ahmadi, Global Business Development Director, Codenomicon William Barker, Cybersecurity Standards and Technology Advisor, NIST Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys Fred Hintermister, Manager, ESISAC, North American Electric Reliability Corporation Galen Rasch, Senior Program Manager Power Delivery and Utilization Sector, Electric Power Research Institute Scott Saunders, Information and Security Officer, Sacramento Municipal Utilities District Billy Glenn, Principal Enterprise Architect, Pacific Gas and Electric Ayman Al Issa, Digital Oil Fields Cyber Security Advisor, Abu Dhabi Marine Operating Company Pan Kamal Vice President, Marketing and Product Management AlertEnterprise Seth Bromberger, Specialist in Critical Infrastructure Protection, Principal, NCI Security Patricia Robison, Professor, New York University Phillip Beabout, Manager, Security Special Projects and Response Strategy, San Onofre Nuclear Generation Station Media Partners Pre Conference workshop 5th October 2014 Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats Workshop Leader: Ayman AL-Issa Digital Oil Fields Cyber Security Advisor Refreshment sponsors

2 Colin McKinty Vice President of Cyber Security Strategy, Americas BAE Systems Applied Intelligence Every country relies on critical infrastructure to provide essential services underpinning many of these important functions are Industrial control systems (ICS). As the threat of cyber attacks has increased, those responsible for designing and maintaining these systems have had to think more and more about security. The ICS Cyber Security Conference provides the perfect environment for ICS specialists and security practitioners to meet and discuss the unique challenge involved in securing our Critical National Infrastructure (CNI). As a company that delivers solutions to government and commercial customers to help secure the CNI, we at BAE Systems Applied Intelligence value the opportunity to participate in ICS Cyber Security Conference. It creates an environment in which we can continue learning about the latest challenges our clients are facing as well as providing the opportunity to discuss our views on security best practices. About the Cyber Senate James Nesbitt Organiser and Director The Cyber Senate Our vision To create a community of global leaders with unparalleled knowledge and experience, a common voice for the international Cyber Security industry. To be the first port of call to facilitate discussion and public and private information sharing. We address key Cyber topics across industry sectors such as Finance and Banking, Transport, Energy & Power and Healthcare. Through high value content and a robust network of thought leaders, we raise awareness of global security risks to assist in information sharing and the progression of a safer more resilient society. For further information contact The Cyber Senate represents the best in relationship development, information sharing and thought leadership on a global level. A robust and resilient Cyber Security strategy is the most important directive on the international agenda, not only addressing current developments, but also how we intend on protecting and securing future generations. I look forward to the ICS Cyber Security show with great anticipation, knowing that the potential of each valued speaker and participant, in the right environment and setting, together, have an unrivalled ability to shape the resiliency of our critical national infrastructure. It is a privilege to be your host. WEBSITE: TWITTER:@cybersenate

3 Headline Sponsors Co Sponsors Refreshment Sponsors BAE Systems Applied Intelligence delivers solutions to government and commercial customers; with a focus on critical national infrastructure. For example, IndustrialProtect is a network segmentation appliance developed to secure automation between IT and OT networks. The appliance provides hardware implemented security functions, ensuring the validity, integrity, and authorization of data exchange. Pre Conference Workshop 5th October 2014 AlertEnterprise delivers IT-OT and Cybersecurity Convergence Software for Security Incident Management and Response to identify and prevent cyber and physical attacks, sabotage and terrorism by uncovering blended threats across IT security, Physical Access Controls and Industrial Control Systems. AlertEnterprise streamlines OT Compliance as well as contractor, employee and vendor security. Automation.com is the leading online content provider in the automation industry, dedicated to providing information that enables control and automation professionals to do their jobs better. The website and topic-specific e-newsletters feature articles, news, products, supplier and system integrator directories, job center, white papers, application stories and events. The website attracts 115,000+ unique visitors each month. The Effective Approach for Protecting Oil and Gas Critical Infrastructures from the Emerging Cyber Threats Overview of workshop While there were heaps of talks during the last few years about the increase in emerging threats that are targeting Industrial Control Systems (ICS), the major challenge that needs more focus is how to practically improve cyber security within these heterogeneous industrial environments while maintain safe operation. The workshop will give a comprehensive overview of the practical approach for designing and implementing cyber security for the new Industrial Control Systems from Front End Engineering Design (FEED) Stage to the EPC (Engineering, Procurement and Construction). It will also discuss how to address the challenges faced for securing the existing new and legacy control systems in the brown oil fields. Program Registration & Coffee Session 1 Morning Coffee Session2 End of workshop Why you should attend Learn how to embed industrial cyber security technical assurance in project lifecycle Discuss ways to resolve the human IT and OT conflicts. Who should do what? Develop ideas on implementing a defense in depth model for protecting the critical infrastructure Evaluate the important aspects that you need to consider before implementing cyber security in the existing ICS systems About the workshop host Ayman has over 20 years of experience in the fields of Automation, Information Technology, and Cyber Security. He has graduated with a Bachelor s degree in Electronics Engineering and verse in different backgrounds like industrial control systems, systems engineering, and building cyber security strategies and models.. He is information contributor to the ISA99/ IEC62443 Industrial Automation and Control Systems Cyber Security Standards. He is the Industrial Cyber Security Center Chief Technology Advisor in the Middle East and Asia, and he is a member in the Cyber Security Advisory boards of top rated worldwide universities for the advancement of researches on industrial cyber security. He is also an active member in different international Security Innovation Alliances that are focused in a worldwide program for improving the security of industrial control systems by the close collaboration of the leading IT Security and industrial control system vendors. Realizing that security measures are always behind the emerging cyber risks, he developed an ICS defense-in-depth industrial cyber security model that aims to early detection of threats based on security-through-visionand-integration. Workshop main bullets Understanding the Evolving nature of Industrial Cyber Threats Protecting critical infrastructures from the emerging cyber threats Understanding the ISA99/IEC62443, and understanding the SILs and SALs Implementing Industrial Cyber Security by Design Resolving the human conflict. Who is going to lead the Industrial Cyber Security task? IT or Control staff? What are the key first things to consider before implementing industrial cyber security? The importance of realizing the Industrial cyber security big picture. Understand the big picture first then zoom in. ICS cyber security risk assessment. Is it done right? Before implementing an Industrial Cyber Security solution, find the answer on how is cyber security going to be supported for the long-term life of the plant (20 to 30 years or more)? What are the obstacles faced by the customer at the plant floor to protect new/ existing (old) diverse types of IACS from the emerging cyber threats. Securing the green field, Securing the brown field. Why an effective cyber-security DID model failed to be implemented so far in a Critical Infrastructure having multi/diverse/old/new Automation Systems, and the way forward? The MAC and the MCSC. The value of the partnership between the Automation vendors and cyber security vendors. Why failing to consider Cyber Security needs at the procurement phase of the ICS systems shall not happen anymore?

4 Day One Chairman s Opening Remarks Key Note Presentation: Realizing the Roadmap Vision: Ensuring Security and Resilience in Today s Changing World. Evolving cybersecurity challenges faced by the sector Policy, operational, and cultural considerations for managing cyber risks and ensuring resilience in our changing world DOE s efforts with industry to support realizing the roadmap vision, such as: R&D projects, Cybersecurity Capability Maturity Model (C2M2), and Cybersecurity Procurement Language for Energy Delivery Systems Executive Order Improving Critical Infrastructure Cybersecurity, including the importance of information sharing and using the NIST Cybersecurity Framework Abstract - The roadmap for secure energy delivery systems 2020 vision is that Systems will be designed, installed, operated, and maintained to survive a cyber incident while sustaining critical energy delivery functions. Today organizations are modernizing infrastructure, automating processes, becoming more connected, and increasingly leveraging telecommunications. Understanding and managing cyber risk is KEY to ensuring secure and resilient infrastructure, including information and operation technology (IT/OT), the role of vendors and external partners, and engaging corporate governance in addressing cyber risks. Samara Moore, Sr IT and Cyber Security Policy Advisor at U.S. Department of Energy The development and standardization of cyber security controls and processes Changing nature and increasing importance and vulnerability of internetworks and internetworked processes and process control systems. Importance in adoption, as well as development, of cybersecurity controls Initiatives aimed at accelerating effective adoption of controls. NCCoE as one approach to facilitation of implementation of security frameworks. Larger cybersecurity context for ICS and critical infrastructure initiatives. Willam Barker, Cybersecurity Standards and Technology Advisor, NIST Creating a Converged OT / IT Architecture While Operational Technology and Information Technology Architecture shares many commonalities, there are at least as many differences, ranging from primary objectives, guiding principles and even culture. This interactive presentation will walk through a process and approach at establishing a converged, holistic reference architecture which guides the design, implementation, integration and evolution of the ever-increasing intersection of OT and IT technologies. We will review similarities and differences, opportunities for alignment and risks of divergence. Particular focus will highlight observed cultural and procedural differences, organizational priorities and methodologies. Billy Glenn, Principal Enterprise Architect, Pacific Gas and Electric Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats Ayman Al Issa, Digital Oilfield Advisor, Abu Dhabi Marine Operating Company Coffee Break and Exhibitor Networking BAE Systems Reserved Combining Physical Security and IT-OT Convergence to Transform Cybersecurity for Critical Infrastructure Following high profile physical attacks on critical structures, compliance requirements for Critical Industries like Utilities, Chemicals, etc. have made it essential to monitor and report on physical access to control rooms, substations and critical assets. Asset owners and operators of all size need to know who and how much access relevant roles have to specific facilities, critical assets and cyber assets. Learn how new techniques can correlate threats across the domains of IT, OT/ICS, and Physical Security to deliver total 360-degree situational intelligence for effective security incident management and responsemany commonalities, there are at least as many differences, ranging from primary objectives, guidin Pan Kamal, Vice President, Marketing and Product Management, AlertEnterprise Coffee and Exhibitor networking Cross Sector Roadmap for Cyber security of Industrial Control Systems Initiatives to enhance the security and resilience of ICS Information sharing - how far have we come in the past five years? Public and Private Partnerships; What has worked and where do we need to focus more effort? Third party risk and disclosure - creating awareness and encouraging disclosure Changes in ICS vulnerability What would the Cross Sector Roadmap look like? Fred Hintermister, Manager, ES-ISAC, North American Electric Reliability Corporation Critical National Infrastructure Cyber Security and Risk Management Scott Saunders, Security Officer, Sacramento Municipal Utilities District Roundtable Discussions Cyber Security for Supply Chain Roundtable discussion Scott Saunders, CISO, SMUD Incident Response: Management and Recovery, what to do when things go wrong Seth Bromberger of NCi Security Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats Ayman Al Issa, Digital Oilfield Cyber Security Advisor, ADMA BAE Systems Roundtable to be announced NIST Roundtable The NCCOE Approach William Barker, Chief Cyber Security Advisor, NIST Networking Luncheon Close of conference

5 Day Two Registration Networking Lunch Chairman s Opening Remarks Heartbleed: What is the impact and what do you need to know? Defensics and safeguard This is Not Our First Big Discovery How the Heartbleed Bug Works How We Discovered Heartbleed What is the Potential Impact How You Can Test for Heartbleed How Can You Protect Yourself What the Future Holds: Heartbleed Conclusions Deep Packet inspections Mike Ahmadi, Global Business Development Director, Codenomicon Understanding ICS Active Defenses Preparing for the storm Actively searching for Indicators of Compromise on ICS Understanding White-listing on ICS systems Assurance models and ICS Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys Coffee and Exhibitor Networking Leveraging Cyber Security Controls and Process across the Critical Infrastructure Industries Examples where the same ICS components and cyber security industrial system controls - can and should be used for Telecom, Electricity Grid, Oil/Gas, Transportation, and Medical. Patricia Robison, Professor, New York University Case Study: Cyber security IT/OT Challenges San Onfre Nuclear Generation Station Establishing, implementing, and maintaining the Cyber Security program Critical Data Asset, system and communications protection Physical and operational environment protection Attack mitigation and incident response General site population training Phillip Beabout, Manager, Security Special Projects and Response Strategy San Onofre Nuclear Generation Station Integrating Failure Scenarios into Your Risk Assessment Process Overview of cyber security failure scenarios Failure scenarios for the power delivery sector How to calculate the impact and threat likelihood Risk ranking process Galen Rasch, Senior Program Manager Power Delivery and Utilization Sector, Electric Power Research Institute Lies, Damned Lies, and Statistics: Malware Indicator Correlation As Part of a Security Intelligence Function Synopsis: Advanced threat detection products provide detailed data regarding indicators of compromise. Seth Bromberger from NCI Security analyzed over a year s worth of data from a large multinational corporation and will share the results of his research, along with lessons learned and steps that you can take today to improve your detection of, and response to, malware infections within your organization. Seth Bromberger, Specialist in Critical Infrastructure Protection, NCI Security Coffee and Exhibitor Networking Roundtable Discussions Tabletop exercises for control systems Galen Rasche, Sr. Program Manager Cyber Security, Electric Power Research Institute NIST Roundtable The NCCOE Approach William Barker, Chief Cyber Security Advisor, NIST Integrating cyber security methods into operational hardware Current approaches to supply chain attack analysis and why it doesn t scale Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys Close of Conference