Industrial Control Security

Similar documents
Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

Why you should adopt the NIST Cybersecurity Framework

Utility of the Future Virtual Event Series Monthly Virtual Studio Event Series for Utilities

Cybersecurity Framework: Current Status and Next Steps

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Obtaining Enterprise Cybersituational

Facilitated Self-Evaluation v1.0

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Defending Against Data Beaches: Internal Controls for Cybersecurity

IEEE-Northwest Energy Systems Symposium (NWESS)

Cyber Security. Protecting the UK water industry

Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT

Address C-level Cybersecurity issues to enable and secure Digital transformation

Risk & Audit Committee California Public Employees Retirement System

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

CIP Supply Chain Risk Management (RM ) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

Critical Infrastructure Security and Resilience

Does Aligning Cyber Security and Process Safety Reduce Risk?

Industrial Cyber Security 101. Mike Spear

Sponsorship & Exhibition Packages

RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information

Building Security In:

Rebecca Massello Energetics Incorporated

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

FREQUENTLY ASKED QUESTIONS

Which cybersecurity standard is most relevant for a water utility?

Department of Homeland Security Federal Government Offerings, Products, and Services

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D

Cyber Security and Privacy - Program 183

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

CyberSecurity Solutions. Delivering

Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development

Seven Steps To A Superior Physical Identity and Access Management Solution. Enterprise-Class Physical Identity and Access Management Software

Click to edit Master title style

The Protection Mission a constant endeavor

Cybersecurity Converged Resilience :

Cyber Security: from threat to opportunity

Zen Internet Case Study

Italy. EY s Global Information Security Survey 2013

Cybersecurity The role of Internal Audit

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Microsoft s cybersecurity commitment

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet

Big Data, Big Risk, Big Rewards. Hussein Syed

Intelligent Data Center Solutions

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Cyber security Building confidence in your digital future

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

What Risk Managers need to know about ICS Cyber Security

DOD Medical Device Cybersecurity Considerations

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

Cybersecurity on a Global Scale

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

CONCEPTS IN CYBER SECURITY

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

Roadmaps to Securing Industrial Control Systems

Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

PREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY

future data and infrastructure

Security Vulnerability Assessment

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

How To Write A Cybersecurity Framework

NIST Cybersecurity Framework Manufacturing Implementation

Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security

How To Improve Your Business

Building a Cyber Security Operations Center

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Cyber Security Metrics Dashboards & Analytics

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

GEARS Cyber-Security Services

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR

Cyber Security for NERC CIP Version 5 Compliance

Why you should adopt the NIST Cybersecurity Framework

Enterprise Service Management (ESM)

Transcription:

Industrial Control Security Holiday Inn, Sacramento, California www.industrialcontrolsecurityusa.com www.cybersenate.com The Effective Approach for Protecting Oil and Gas Critical Infrastructures from the Emerging Cyber Threats Pre Conference Workshop, 5th October 2014 with Ayman AL-Issa, Digital Oil Fields Cyber Security Advisor, ADMA Headline Sponsors Co Sponsors Event Overview All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Utilities and Oil and Gas sectors. The ICS Energy USA conference has been developed with the guidance of the Cyber Senate. An exclusive community of authoritative global leaders with unparalleled experience and knowledge in both Cyber and Industrial Control sectors. Key Speakers Samara Moore, IT and Cyber Security Policy Advisor, Department of Energy Mike Ahmadi, Global Business Development Director, Codenomicon William Barker, Cybersecurity Standards and Technology Advisor, NIST Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys Fred Hintermister, Manager, ESISAC, North American Electric Reliability Corporation Galen Rasch, Senior Program Manager Power Delivery and Utilization Sector, Electric Power Research Institute Scott Saunders, Information and Security Officer, Sacramento Municipal Utilities District Billy Glenn, Principal Enterprise Architect, Pacific Gas and Electric Ayman Al Issa, Digital Oil Fields Cyber Security Advisor, Abu Dhabi Marine Operating Company Pan Kamal Vice President, Marketing and Product Management AlertEnterprise Seth Bromberger, Specialist in Critical Infrastructure Protection, Principal, NCI Security Patricia Robison, Professor, New York University Phillip Beabout, Manager, Security Special Projects and Response Strategy, San Onofre Nuclear Generation Station Media Partners Pre Conference workshop 5th October 2014 Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats Workshop Leader: Ayman AL-Issa Digital Oil Fields Cyber Security Advisor Refreshment sponsors

Colin McKinty Vice President of Cyber Security Strategy, Americas BAE Systems Applied Intelligence Every country relies on critical infrastructure to provide essential services underpinning many of these important functions are Industrial control systems (ICS). As the threat of cyber attacks has increased, those responsible for designing and maintaining these systems have had to think more and more about security. The ICS Cyber Security Conference provides the perfect environment for ICS specialists and security practitioners to meet and discuss the unique challenge involved in securing our Critical National Infrastructure (CNI). As a company that delivers solutions to government and commercial customers to help secure the CNI, we at BAE Systems Applied Intelligence value the opportunity to participate in ICS Cyber Security Conference. It creates an environment in which we can continue learning about the latest challenges our clients are facing as well as providing the opportunity to discuss our views on security best practices. About the Cyber Senate James Nesbitt Organiser and Director The Cyber Senate Our vision To create a community of global leaders with unparalleled knowledge and experience, a common voice for the international Cyber Security industry. To be the first port of call to facilitate discussion and public and private information sharing. We address key Cyber topics across industry sectors such as Finance and Banking, Transport, Energy & Power and Healthcare. Through high value content and a robust network of thought leaders, we raise awareness of global security risks to assist in information sharing and the progression of a safer more resilient society. For further information contact The Cyber Senate represents the best in relationship development, information sharing and thought leadership on a global level. A robust and resilient Cyber Security strategy is the most important directive on the international agenda, not only addressing current developments, but also how we intend on protecting and securing future generations. I look forward to the ICS Cyber Security show with great anticipation, knowing that the potential of each valued speaker and participant, in the right environment and setting, together, have an unrivalled ability to shape the resiliency of our critical national infrastructure. It is a privilege to be your host. WEBSITE:www.cybersenate.com TWITTER:@cybersenate

Headline Sponsors Co Sponsors Refreshment Sponsors BAE Systems Applied Intelligence delivers solutions to government and commercial customers; with a focus on critical national infrastructure. For example, IndustrialProtect is a network segmentation appliance developed to secure automation between IT and OT networks. The appliance provides hardware implemented security functions, ensuring the validity, integrity, and authorization of data exchange. www.baesystems.com/ai Pre Conference Workshop 5th October 2014 AlertEnterprise delivers IT-OT and Cybersecurity Convergence Software for Security Incident Management and Response to identify and prevent cyber and physical attacks, sabotage and terrorism by uncovering blended threats across IT security, Physical Access Controls and Industrial Control Systems. AlertEnterprise streamlines OT Compliance as well as contractor, employee and vendor security. www.alertenterprise.com Automation.com is the leading online content provider in the automation industry, dedicated to providing information that enables control and automation professionals to do their jobs better. The website and topic-specific e-newsletters feature articles, news, products, supplier and system integrator directories, job center, white papers, application stories and events. The website attracts 115,000+ unique visitors each month. www.automation.com/subscribe The Effective Approach for Protecting Oil and Gas Critical Infrastructures from the Emerging Cyber Threats Overview of workshop While there were heaps of talks during the last few years about the increase in emerging threats that are targeting Industrial Control Systems (ICS), the major challenge that needs more focus is how to practically improve cyber security within these heterogeneous industrial environments while maintain safe operation. The workshop will give a comprehensive overview of the practical approach for designing and implementing cyber security for the new Industrial Control Systems from Front End Engineering Design (FEED) Stage to the EPC (Engineering, Procurement and Construction). It will also discuss how to address the challenges faced for securing the existing new and legacy control systems in the brown oil fields. Program 09.30 10.30 11.45 12.00 14.00 Registration & Coffee Session 1 Morning Coffee Session2 End of workshop Why you should attend Learn how to embed industrial cyber security technical assurance in project lifecycle Discuss ways to resolve the human IT and OT conflicts. Who should do what? Develop ideas on implementing a defense in depth model for protecting the critical infrastructure Evaluate the important aspects that you need to consider before implementing cyber security in the existing ICS systems About the workshop host Ayman has over 20 years of experience in the fields of Automation, Information Technology, and Cyber Security. He has graduated with a Bachelor s degree in Electronics Engineering and verse in different backgrounds like industrial control systems, systems engineering, and building cyber security strategies and models.. He is information contributor to the ISA99/ IEC62443 Industrial Automation and Control Systems Cyber Security Standards. He is the Industrial Cyber Security Center Chief Technology Advisor in the Middle East and Asia, and he is a member in the Cyber Security Advisory boards of top rated worldwide universities for the advancement of researches on industrial cyber security. He is also an active member in different international Security Innovation Alliances that are focused in a worldwide program for improving the security of industrial control systems by the close collaboration of the leading IT Security and industrial control system vendors. Realizing that security measures are always behind the emerging cyber risks, he developed an ICS defense-in-depth industrial cyber security model that aims to early detection of threats based on security-through-visionand-integration. Workshop main bullets Understanding the Evolving nature of Industrial Cyber Threats Protecting critical infrastructures from the emerging cyber threats Understanding the ISA99/IEC62443, and understanding the SILs and SALs Implementing Industrial Cyber Security by Design Resolving the human conflict. Who is going to lead the Industrial Cyber Security task? IT or Control staff? What are the key first things to consider before implementing industrial cyber security? The importance of realizing the Industrial cyber security big picture. Understand the big picture first then zoom in. ICS cyber security risk assessment. Is it done right? Before implementing an Industrial Cyber Security solution, find the answer on how is cyber security going to be supported for the long-term life of the plant (20 to 30 years or more)? What are the obstacles faced by the customer at the plant floor to protect new/ existing (old) diverse types of IACS from the emerging cyber threats. Securing the green field, Securing the brown field. Why an effective cyber-security DID model failed to be implemented so far in a Critical Infrastructure having multi/diverse/old/new Automation Systems, and the way forward? The MAC and the MCSC. The value of the partnership between the Automation vendors and cyber security vendors. Why failing to consider Cyber Security needs at the procurement phase of the ICS systems shall not happen anymore?

Day One 09.00 09.10 10.00 Chairman s Opening Remarks Key Note Presentation: Realizing the Roadmap Vision: Ensuring Security and Resilience in Today s Changing World. Evolving cybersecurity challenges faced by the sector Policy, operational, and cultural considerations for managing cyber risks and ensuring resilience in our changing world DOE s efforts with industry to support realizing the roadmap vision, such as: R&D projects, Cybersecurity Capability Maturity Model (C2M2), and Cybersecurity Procurement Language for Energy Delivery Systems Executive Order 13636 Improving Critical Infrastructure Cybersecurity, including the importance of information sharing and using the NIST Cybersecurity Framework Abstract - The roadmap for secure energy delivery systems 2020 vision is that Systems will be designed, installed, operated, and maintained to survive a cyber incident while sustaining critical energy delivery functions. Today organizations are modernizing infrastructure, automating processes, becoming more connected, and increasingly leveraging telecommunications. Understanding and managing cyber risk is KEY to ensuring secure and resilient infrastructure, including information and operation technology (IT/OT), the role of vendors and external partners, and engaging corporate governance in addressing cyber risks. Samara Moore, Sr IT and Cyber Security Policy Advisor at U.S. Department of Energy The development and standardization of cyber security controls and processes Changing nature and increasing importance and vulnerability of internetworks and internetworked processes and process control systems. Importance in adoption, as well as development, of cybersecurity controls Initiatives aimed at accelerating effective adoption of controls. NCCoE as one approach to facilitation of implementation of security frameworks. Larger cybersecurity context for ICS and critical infrastructure initiatives. Willam Barker, Cybersecurity Standards and Technology Advisor, NIST 13.40 14.30 15.40 16.20 Creating a Converged OT / IT Architecture While Operational Technology and Information Technology Architecture shares many commonalities, there are at least as many differences, ranging from primary objectives, guiding principles and even culture. This interactive presentation will walk through a process and approach at establishing a converged, holistic reference architecture which guides the design, implementation, integration and evolution of the ever-increasing intersection of OT and IT technologies. We will review similarities and differences, opportunities for alignment and risks of divergence. Particular focus will highlight observed cultural and procedural differences, organizational priorities and methodologies. Billy Glenn, Principal Enterprise Architect, Pacific Gas and Electric Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats Ayman Al Issa, Digital Oilfield Advisor, Abu Dhabi Marine Operating Company 15.10 Coffee Break and Exhibitor Networking BAE Systems Reserved Combining Physical Security and IT-OT Convergence to Transform Cybersecurity for Critical Infrastructure Following high profile physical attacks on critical structures, compliance requirements for Critical Industries like Utilities, Chemicals, etc. have made it essential to monitor and report on physical access to control rooms, substations and critical assets. Asset owners and operators of all size need to know who and how much access relevant roles have to specific facilities, critical assets and cyber assets. Learn how new techniques can correlate threats across the domains of IT, OT/ICS, and Physical Security to deliver total 360-degree situational intelligence for effective security incident management and responsemany commonalities, there are at least as many differences, ranging from primary objectives, guidin Pan Kamal, Vice President, Marketing and Product Management, AlertEnterprise 10.40 11.10 11.50 Coffee and Exhibitor networking Cross Sector Roadmap for Cyber security of Industrial Control Systems Initiatives to enhance the security and resilience of ICS Information sharing - how far have we come in the past five years? Public and Private Partnerships; What has worked and where do we need to focus more effort? Third party risk and disclosure - creating awareness and encouraging disclosure Changes in ICS vulnerability What would the Cross Sector Roadmap look like? Fred Hintermister, Manager, ES-ISAC, North American Electric Reliability Corporation Critical National Infrastructure Cyber Security and Risk Management Scott Saunders, Security Officer, Sacramento Municipal Utilities District 17.00 Roundtable Discussions Cyber Security for Supply Chain Roundtable discussion Scott Saunders, CISO, SMUD Incident Response: Management and Recovery, what to do when things go wrong Seth Bromberger of NCi Security Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats Ayman Al Issa, Digital Oilfield Cyber Security Advisor, ADMA BAE Systems Roundtable to be announced NIST Roundtable The NCCOE Approach William Barker, Chief Cyber Security Advisor, NIST 12.40 Networking Luncheon 18.00 Close of conference

Day Two 08.00 Registration 13.00 Networking Lunch 09.00 09.10 10.10 10.50 Chairman s Opening Remarks Heartbleed: What is the impact and what do you need to know? Defensics and safeguard This is Not Our First Big Discovery How the Heartbleed Bug Works How We Discovered Heartbleed What is the Potential Impact How You Can Test for Heartbleed How Can You Protect Yourself What the Future Holds: Heartbleed Conclusions Deep Packet inspections Mike Ahmadi, Global Business Development Director, Codenomicon Understanding ICS Active Defenses Preparing for the storm Actively searching for Indicators of Compromise on ICS Understanding White-listing on ICS systems Assurance models and ICS Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys Coffee and Exhibitor Networking 13.55 14.30 Leveraging Cyber Security Controls and Process across the Critical Infrastructure Industries Examples where the same ICS components and cyber security industrial system controls - can and should be used for Telecom, Electricity Grid, Oil/Gas, Transportation, and Medical. Patricia Robison, Professor, New York University Case Study: Cyber security IT/OT Challenges San Onfre Nuclear Generation Station Establishing, implementing, and maintaining the Cyber Security program Critical Data Asset, system and communications protection Physical and operational environment protection Attack mitigation and incident response General site population training Phillip Beabout, Manager, Security Special Projects and Response Strategy San Onofre Nuclear Generation Station 11.35 12.15 Integrating Failure Scenarios into Your Risk Assessment Process Overview of cyber security failure scenarios Failure scenarios for the power delivery sector How to calculate the impact and threat likelihood Risk ranking process Galen Rasch, Senior Program Manager Power Delivery and Utilization Sector, Electric Power Research Institute Lies, Damned Lies, and Statistics: Malware Indicator Correlation As Part of a Security Intelligence Function Synopsis: Advanced threat detection products provide detailed data regarding indicators of compromise. Seth Bromberger from NCI Security analyzed over a year s worth of data from a large multinational corporation and will share the results of his research, along with lessons learned and steps that you can take today to improve your detection of, and response to, malware infections within your organization. Seth Bromberger, Specialist in Critical Infrastructure Protection, NCI Security 15.10 Coffee and Exhibitor Networking 15.55 Roundtable Discussions Tabletop exercises for control systems Galen Rasche, Sr. Program Manager Cyber Security, Electric Power Research Institute NIST Roundtable The NCCOE Approach William Barker, Chief Cyber Security Advisor, NIST Integrating cyber security methods into operational hardware Current approaches to supply chain attack analysis and why it doesn t scale Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys 17.00 Close of Conference

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information