Loading…
Industrial 4.0 IOT/OT Security, Threat Detection and Mitigating Cyber Impact on Safety Systems
View analytic

Log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, September 18
 

9:00am

Welcome from the Cyber Senate Founder
A welcome from James Nesbitt, Founder, Cyber Senate

Tuesday September 18, 2018 9:00am - 9:10am
Citizen Hotel 926 J Street Sacramento, California 95814

9:10am

Introduction from our Chair
Speakers
avatar for Chris Blask

Chris Blask

Director, Industrial Control Systems Security at Unisys, Chair US ICS ISAC, Unisys
Chris Blask has been involved in the industrial control system and information security industries for more than twenty five years.Mr. Blask’s career spans the breadth of the cybersecurity spectrum. He invented one of the first commercial firewall products, built a multi-billion... Read More →


Tuesday September 18, 2018 9:10am - 9:20am
Citizen Hotel 926 J Street Sacramento, California 95814

9:20am

Discussion Session: Advanced 3rd Party Risk Management – Developing Trust Across the Supply Chain
Recent APT attacks affecting multiple sectors through a common attack surface have driven home the lesson that no matter how well we think we have secured our perimeters, our information and systems may still be vulnerable to attack through 3rd party systems with weak security controls. Individually we may all be resilient, but collectively we are not. As critical infrastructure relies more heavily on interconnectivity to function efficiently our mindset needs to evolve to consider cyber-vulnerability not as an individual, but a collective problem. Managing 3rd party risk runs deeper than many imagine and opens fundamental questions around the way we go about the business of building security into our systems and products. We can’t have a 360 degree view of supply chain security, but how can we move towards developing the trust and mechanisms to better support a collaborative approach to security with our suppliers, partners and interrelated sectors?
  • Nothing can be achieved in isolation – What are the barriers to meaningful collaboration between regulators, asset owners, integrators and vendors on mitigating cyber risk?
  • What are we learning about VPN Filter attack and how does it illustrate supply chain vulnerability?
  • What do we need to change to achieve an adequate level of commitment from all stakeholders, and how are we reconciling different perspectives?
  • Where might we be doubling our efforts and how can we streamline?
  • How are we faring with efforts to collaborate across the supply chain to develop fit for purpose standards regimes, audit compliance check lists and conformity assessments?

Speakers
avatar for Nathan Faith

Nathan Faith

Nuclear Corporate Security: Cyber Security Manager, Exelon Generation Nuclear
Nathan Faith, MABOSM, CISSP, GISP, GCIH, GICSP is the Cyber Security Manager for Exelon Nuclear - Corporate Security. Nathan has worked in the nuclear industry for over 16 years, including more than 10 years managing nuclear cyber security programs. Previously, he filled electronic... Read More →
avatar for Andy Kling

Andy Kling

Director of Cyber Security and Architecture, Schneider Electric
Andy has over thirty-five years of software development experience. He has worked in the Industrial Control Systems (ICS) development organization at Schneider Electric since 2001. Andy has ushered the Schneider Electric Process Automation Development team to the first in the world... Read More →
avatar for Zach Tudor

Zach Tudor

Associate Laboratory Director, National and Homeland Security, Idaho National Laboratory
Mr Tudor is responsible for Idaho National Laboratory’s (INL) National and Homeland Security (N&HS) mission. N&HS is a major center for national security technology development and demonstration, employing 500 scientists and engineers across $300M in programs at the lab. He is responsiblefor... Read More →
avatar for Dave Weinstein

Dave Weinstein

VP of Threat Research, Claroty
Dave Weinstein is the VP of Threat Research at Claroty. Prior to joining Claroty, Dave was the Chief Technology Officer of New Jersey. He began his career as an operations planner at U.S. Cyber Command, where he served for three years. Dave holds a Bachelor's degree from Johns Hopkins... Read More →


Tuesday September 18, 2018 9:20am - 10:00am
Citizen Hotel 926 J Street Sacramento, California 95814

10:00am

Keynote Presentation: Consequence-driven Engineering for Critical Systems
It won’t come as a surprise to anyone in the room that if you are attempting to secure your systems by maintaining good cyber-hygiene alone you are fighting a losing battle. The rise and continued evolution of the industrial internet of things along with a growing overt threat to connected critical infrastructure from top tier, sophisticated attackers, calls for new approaches to security that take into account increased attack and response surfaces and throw out any notion of being able to simply isolate the network.
One approach is to accept that an attacker may get in, but to engineer resiliency into your systems, arming users with the strength in depth needed to detect and respond to any type of attack. Consequence-driven engineering (CDE) has gained traction as a way of providing organisations with the steps needed to identify high-consequence risk within ICS of critical infrastructure, to engineer out cyber risk from the things that must not fail and to stop potentially catastrophic attacks in their tracks.
  • Identify devices and components that facilitate risk, determine critical functions and high-consequence events then prioritise what cannot fail based on the consequences
  • Think like an attacker to illuminate specific, detailed attack paths, access, information and action to have an effect and highlight system vulnerabilities in networks and the supply chain
  • Engineer out the prioritised cyber-risk with controls, tripwires, mitigations and backstops to interrupt high-consequence risk
  • The importance of collective resilience, collaboration and information sharing to combat high-consequence risk across the supply chain

Speakers
avatar for Zach Tudor

Zach Tudor

Associate Laboratory Director, National and Homeland Security, Idaho National Laboratory
Mr Tudor is responsible for Idaho National Laboratory’s (INL) National and Homeland Security (N&HS) mission. N&HS is a major center for national security technology development and demonstration, employing 500 scientists and engineers across $300M in programs at the lab. He is responsiblefor... Read More →


Tuesday September 18, 2018 10:00am - 10:30am
Citizen Hotel 926 J Street Sacramento, California 95814

10:30am

Networking Break
Tuesday September 18, 2018 10:30am - 11:00am
Citizen Hotel 926 J Street Sacramento, California 95814

11:00am

Understanding and Responding to the Global Threat Landscape
  • What characterises threat actors and their motives?
  • What strategies can be employed to effectively detect and respond to their attacks?
  • How can we move beyond signature-based detection and blocking known threat?

Speakers
avatar for John Bryk

John Bryk

Cyber and Physical Threat Intelligence Analyst, Downstream Natural Gas-ISAC
John Bryk (pronounced BRICK) retired as a colonel from the United States Air Force after a 30-year career, with early assignments that included Intercontinental Ballistic Missile Combat Crew Commander, and launching the Space Shuttle and unmanned rockets.  As a senior officer, he... Read More →


Tuesday September 18, 2018 11:00am - 11:30am
Citizen Hotel 926 J Street Sacramento, California 95814

11:30am

Getting a grip on Tactics, Techniques and Procedures (TTPs)
To effectively plan an incident response strategy, it is essential to know how attacks happen, how to know that you are being attacked and how to act when you realise you are. This presentation will highlight specific paths used to attack ICS, vulnerabilities that can be exploited and methods of remediation referencing some of the TTPs Dragos has seen threat actors use in the wild.

Speakers
avatar for Daniel Michaud-Soucy

Daniel Michaud-Soucy

Principal Threat Analyst, Dragos, Inc
Daniel Michaud-Soucy is a Principal Threat Analyst, Threat Operations Center at the industrial cyber security company Dragos, Inc.. Daniel is focusing on threat hunting and assessment services within a variety of industrial environments. As well, Daniel conducts research on a variety... Read More →


Tuesday September 18, 2018 11:30am - 12:00pm
Citizen Hotel 926 J Street Sacramento, California 95814

12:00pm

Vulnerability Assessments for Operational Technology
  • Learn about core components for a vulnerability assessment for industrial control systems.
  • Learn why asset and configuration change management are crucial to a vulnerability assessment in an OT environment.
  • It is very likely that one tool will not solve your Cybersecurity concerns.

Speakers
avatar for Karl Perman

Karl Perman

Cyber and Physical Security/Critical Infrastructure Protection SME, Energy Sector Security Consortium
Karl Perman serves as a management consultant to the critical infrastructure sector. As a former law enforcement officer and well-respected security professional, Mr. Perman brings over 30-years of critical infrastructure, business protection, compliance, risk management and law enforcement... Read More →


Tuesday September 18, 2018 12:00pm - 12:30pm
Citizen Hotel 926 J Street Sacramento, California 95814

12:30pm

Detecting Industrial Network Anomalies without the Risk of Disruption
Many asset owners have seen firsthand that becoming proactive about cyber protection for industrial systems in their plants is becoming a requirement. Yet at the same time, production processes cannot be disrupted, even for reducing cybersecurity risk in some cases. Key security controls that can address high risk areas such as secure remote access for employees and third party vendors/supply chain partners, and continuous monitoring of plant assets for threats and vulnerabilities are essential to deter cyber threats which can disrupt process controls and production.

In this session, Dave Weinstein, Claroty VP of Threat Research shares use cases from the field that demonstrate “zero-impact” deep packet inspection to precisely profile and dissect communications between assets in complex and sensitive industrial networks which can often indicate hidden cyber risks.

These passive techniques can identify misconfigurations, vulnerabilities, and anomalies plus provide operational security gaps and context so that plants can now have visibility into what’s happening and what to do about it without downtime, manual labor or having to become industrial cybersecurity experts overnight.


Speakers
avatar for Dave Weinstein

Dave Weinstein

VP of Threat Research, Claroty
Dave Weinstein is the VP of Threat Research at Claroty. Prior to joining Claroty, Dave was the Chief Technology Officer of New Jersey. He began his career as an operations planner at U.S. Cyber Command, where he served for three years. Dave holds a Bachelor's degree from Johns Hopkins... Read More →


Tuesday September 18, 2018 12:30pm - 1:00pm
Citizen Hotel 926 J Street Sacramento, California 95814

1:00pm

Networking Lunch
Tuesday September 18, 2018 1:00pm - 2:00pm
Citizen Hotel 926 J Street Sacramento, California 95814

2:00pm

The path to Implementing Anomaly Detection
  • How did we come to a decision to implement specific anomaly detection solutions?
  • Developing a thorough understanding of your asset and commensurate monitoring requirements
  • Implementation challenges  and solutions
  • What impact has non-intrusive monitoring and detection had on efficiency?

Speakers
avatar for Tim Sanguinetti

Tim Sanguinetti

Industrial Control Systems Cyber Security, Northern California Power Agency

Panellist
avatar for Andrea Carcano

Andrea Carcano

CPO and Co-founder, Nozomi Networks
Andrea Carcano is an expert in industrial network security, artificial intelligence and machine learning, and has published a number of academic papers on the subject. His passion for cybersecurity and solving the unique challenges around ICS became the focus of his PhD in Comp... Read More →


Tuesday September 18, 2018 2:00pm - 2:30pm
Citizen Hotel 926 J Street Sacramento, California 95814

2:30pm

Discussion Session: Do we know what is on our Network? Are we Getting any Better at Threat Detection?
  • It goes without saying that we cannot design a holistic defence without full visibility of the assets on our ICS network and how they are connected, but do we have it?
  • Are we getting a clearly defined picture of the threat or are we spending too much time chasing false positives?
  • Are threat detection solutions taking a holistic approach to assessing risk, identifying complete characteristics of complex threats and escalating appropriately?

Speakers
avatar for Ian Fitzgerald

Ian Fitzgerald

CIO, Truckee Donner Public Utility District
Leader and decision-maker of the District’s information technology department. Key contributor to formulating organization goals as the importance of information technology grows as a keystone foundation within the District. Continue to keep the District at the forefront of sophisticated... Read More →
avatar for Jeff Cornelius, Ph.D

Jeff Cornelius, Ph.D

EVP Industrial Control and Critical Infrastructure Solutions, Darktrace
Jeff Cornelius joined Darktrace in February of 2014 as Executive Vice President.  His background with large Enterprise Software organizations over the past 18 years lends itself to the needs of an, innovative, market-defining organization.  Jeff oversees the strategic direction... Read More →
avatar for Eric Vettel, Ph.D.

Eric Vettel, Ph.D.

President, American Energy Society
Eric J. Vettel, Ph.D., is the current President of the American Energy Society (20010 – present). He is trained as a historian of science and has published articles on 19th-century chemistry, early 20th-century physics, the biological sciences in the Post War period, and a number... Read More →


Tuesday September 18, 2018 2:30pm - 3:00pm
Citizen Hotel 926 J Street Sacramento, California 95814

3:00pm

Information Sharing Vs Intelligence Sharing
  • Differentiating between "information sharing" and "intelligence sharing." 
  • How to create effective intelligence requirements and why they're important.

Speakers
avatar for John Bryk

John Bryk

Cyber and Physical Threat Intelligence Analyst, Downstream Natural Gas-ISAC
John Bryk (pronounced BRICK) retired as a colonel from the United States Air Force after a 30-year career, with early assignments that included Intercontinental Ballistic Missile Combat Crew Commander, and launching the Space Shuttle and unmanned rockets.  As a senior officer, he... Read More →


Tuesday September 18, 2018 3:00pm - 3:30pm
Citizen Hotel 926 J Street Sacramento, California 95814

3:30pm

Networking Break
Tuesday September 18, 2018 3:30pm - 4:00pm
Citizen Hotel 926 J Street Sacramento, California 95814

4:00pm

Demonstrating Level 0 and 1 device Vulnerability
We don’t need to look very hard to find recent reminders of either the fact that ICS have become a prime target and the sophistication of those who seek to attack them. We now face threat actors developing means of attacking specific components that are all but ubiquitous across connected ICS in certain critical infrastructure. Many level 0 and 1 devices are designed to allow two-way data exchange with SCADA or cloud systems. Recent attacks have demonstrated how vulnerabilities could be exploited to send false information to operators or directly manipulate processes leading to loss of safety, economic loss and possibly cause catastrophic damage. This presentation will highlight current vulnerabilities in OT devices and demonstrate the ways in which they could be exploited by an attacker.
  • Examples of key OT vulnerability and demonstration of potential attack paths
  • Why context matters – Identifying IoT devices, the applications they support and how they could be vulnerable to understand the severity of the risk
  • How anomaly detection in raw process data could provide an additional layer of security

Speakers
avatar for Andy Kling

Andy Kling

Director of Cyber Security and Architecture, Schneider Electric
Andy has over thirty-five years of software development experience. He has worked in the Industrial Control Systems (ICS) development organization at Schneider Electric since 2001. Andy has ushered the Schneider Electric Process Automation Development team to the first in the world... Read More →


Tuesday September 18, 2018 4:00pm - 4:30pm
Citizen Hotel 926 J Street Sacramento, California 95814

4:30pm

Discussion Session: A strategic Approach to IT and OT Convergence – What are the key Elements to Success?
As businesses efficiency drivers have increased the need to gain better visibility of operational processes, the convergence of IT and OT has quickly become imperative and raised serious challenges. When it comes to security, we are no longer able to think of OT environments as distinct and separate from enterprise IT networks. We must however continue to appreciate that their uniqueness to make them secure without compromising operational efficiency and safety. With fundamental differences in both mindset and process in IT and OT, what are the pain points and what have been hallmarks of successful convergence projects that have overcome them?
  • Confidentiality, Integrity and Availability vs Safety, Reliability and Productivity
  • Building an orchestrated platform with best of breed IT security tools fully supported and tested by ICS Engineers
  • Integration across OEM platforms
  • IT/OT pairing on projects

Speakers
avatar for Andy Bochman

Andy Bochman

Sr. Cyber and Energy Security Strategist, Idaho National Laboratory
Provides strategic guidance to senior USG and industry leaders on topics at the intersection of grid and critical infrastructure modernization and security. Previously was Global Energy & Utilities Security Lead at IBM and Senior Adviser at the Chertoff Group in Washington, DC. A... Read More →
avatar for Rick Kaun

Rick Kaun

VP of Solutions, Verve Industrial Protection
Rick Kaun is the VP of Solutions for Verve Industrial Protection: a Control System Integrator primarily focused on Cyber Security. For over 14 years he has worked with all manner of industries on all sizes of projects around the word from front end scoping to large scale design and... Read More →
avatar for Lenin Maran

Lenin Maran

Supervisor, EMS - Systems, Security & Compliance; Grid Operations, SMUD
Lenin has more than 20 years of experience in the electrical utility industry. His experience includes leading, managing, design, development, installation, delivery, testing and documentation of products and solutions for Energy Management Systems to various utilities in North... Read More →


Tuesday September 18, 2018 4:30pm - 5:00pm
Citizen Hotel 926 J Street Sacramento, California 95814

5:00pm

Drinks and Networking Conference Dinner Sponsored by Claroty
We will begin our evening with networking drinks in the exhibitor area for an hour and a half before our seated dinner this year.

Thank you to Headline Sponsors Claroty

Claroty’s mission is to protect industrial control networks from cyber-attacks; ensuring safe and continuous operation of the world’s most critical infrastructures. Our technology is specifically designed for industrial control-networks and will “do no harm” to the underlying industrial processes. Our integrated platform is an award-winning suite of superior products giving asset owner/operators extreme visibility into their industrial networks, assets, protocols and ICS security status.  Designed for operations by operations technology and ICS experts, Claroty will be the long-term leader in securing industrial environments. Our global partnerships and investors include Cisco, Microsoft, Qualcomm, AT&T, Accenture, Nokia, Temasek, Rockwell, Schneider, Siemens, Bessemer Venture Partners and Innovation Endeavors.Claroty won the competitive 2018 S4 ICS Detection Challenge, has been named Frost & Sullivan’s Entrepreneurial Company of the Year for 2018, and Wall Street Journal has listed Claroty in their June 2018 Top 25 Companies to Watch. Visit www.claroty.com



Tuesday September 18, 2018 5:00pm - 9:30pm
Citizen Hotel 926 J Street Sacramento, California 95814
 
Wednesday, September 19
 

9:00am

Welcome Back
Welcome Back from the Cyber Senate

Wednesday September 19, 2018 9:00am - 9:10am
Citizen Hotel 926 J Street Sacramento, California 95814

9:10am

Industrial Control System Security- Enabling Business with Digital Infrastructure
The World is Changing for Industrial Enterprises
There Will Be Winners and Losers
Cryptographic Zoning
ISA99 Architecture
Plan to Embrace ---Digital Innovation

Speakers
avatar for Chris Blask

Chris Blask

Director, Industrial Control Systems Security at Unisys, Chair US ICS ISAC, Unisys
Chris Blask has been involved in the industrial control system and information security industries for more than twenty five years.Mr. Blask’s career spans the breadth of the cybersecurity spectrum. He invented one of the first commercial firewall products, built a multi-billion... Read More →


Wednesday September 19, 2018 9:10am - 9:40am
Citizen Hotel 926 J Street Sacramento, California 95814

9:40am

Leveraging the Virtual Power Grid Testbed to Develop Cyber Resilience Strategy
·        How can we help develop new resilience models and drive innovation?
·        Better understanding systems vulnerability without affecting safety or availability
·        Bridging gaps in workforce ICS cyber capability
·        What role does the testbed play in assurance activities?

Speakers
avatar for Tim Yardley

Tim Yardley

Senior Associate Director of Technology and Workforce Development, Information Trust Institute, Information Trust Institute at Illinois
Tim Yardley is the Senior Associate Director of Technology and Workforce Development and a Senior Researcher at the Information Trust Institute at the University of Illinois Urbana-Champaign. His primary duties focus on defining the vision and direction for applied research through... Read More →


Wednesday September 19, 2018 9:40am - 10:10am
Citizen Hotel 926 J Street Sacramento, California 95814

10:10am

Case Study: Using the few to Attack the Many – Lessons Learned from Recent Attacks
  • How are attackers increasingly able to leverage weaknesses in 3rd party products and services to launch attacks on the many using the few
  • What characterises Advanced Persistent Threat actors, their capabilities and techniques?
  • How did the sector co-ordinate a thorough response and what lessons have been learned?

Speakers
avatar for Andy Bochman

Andy Bochman

Sr. Cyber and Energy Security Strategist, Idaho National Laboratory
Provides strategic guidance to senior USG and industry leaders on topics at the intersection of grid and critical infrastructure modernization and security. Previously was Global Energy & Utilities Security Lead at IBM and Senior Adviser at the Chertoff Group in Washington, DC. A... Read More →


Wednesday September 19, 2018 10:10am - 10:40am
Citizen Hotel 926 J Street Sacramento, California 95814

10:40am

Networking Break
Wednesday September 19, 2018 10:40am - 11:10am
Citizen Hotel 926 J Street Sacramento, California 95814

11:10am

Cyber Incident Response and Communication Planning
While much can be learned during a response to a significant Cyber incident, proper preparation in advance of an incident can lead to a more effective response effort.  The execution of a meaningful table top exercise can identify the players and their associated actions most effective in resolution as well as to develop effective communication strategies necessary to appropriately engage the broader organization in the response effort.  Furthermore, the possible impacts can be better understood across the organization and suitable protections can often be identified to improve the possibility of avoiding the necessity for a response.
  • What has been learned through our experiences in Cyber Incident Response?
  •  Exercises involving diverse cross-functional teams referencing Cyber Storm VI, conducted through the DHS
  • Achieving preparedness, with communications (conventional as well as progressive)  
  • The implications of the NIST CyberSecurity Framework. 

Speakers
avatar for Randy Woods

Randy Woods

Senior Manufacturing CyberSecurity Specialist, The Dow Chemical Company
Randy has over 30 years of experience in networks, industrial control systems, and Cyber Security.  With corporate computer networking on a local and global basis as the launch point of Randy’s career at The Dow Chemical Company in 1985, Cyber Security has been a career long study... Read More →


Wednesday September 19, 2018 11:10am - 11:40am
Citizen Hotel 926 J Street Sacramento, California 95814

11:40am

Results from Analyzing Real-World ICS Malware in an ICS Network Sandbox
TRITON and CrashOverride showed us the potential of autonomous, purpose-built malware that enumerates and subsequently hijacks ICS devices using their native protocols. What if we could detonate ICS-specific malware in an "ICS Network Sandbox" that detects and analyzes purpose-built ICS malware before it even gets deployed? Current malware sandboxing technologies are designed for IT protocols and devices rather than OT protocols and devices; as a result, ICS-specific malware such as TRITON is undetected because IT malware sandboxes are unable to flag ICS-specific activities such as OPC scanning, overwriting of PLC configuration files, calls to ICS-specific libraries and ports, etc. CyberX's research team has built ICS-aware malware analysis sandbox that simulates a complete ICS execution environment in a virtual or offline state, and also instruments the execution environment to detect ICS-specific behavior. During this session, we'll describe the results of analyzing known ICS malware (Stuxnet, Industroyer, TRITON)  in the sandbox as well as data we've collected about the prevalence of ICS-specific malware "in the wild." Attendees will learn about ICS malware characteristics and ICS attack vectors so they can be better prepared to detect and respond to ICS security incidents in the future.

Speakers
avatar for Daniel Shugrue

Daniel Shugrue

Senior Director, Industrial Cybersecurity, CyberX


Wednesday September 19, 2018 11:40am - 12:10pm
Citizen Hotel 926 J Street Sacramento, California 95814

12:10pm

Developing a Common Language for IACS Cybersecurity Harmonization with ISA/IEC 62443
An overview of the ISA/IEC 62443 family of standards
Understanding the IACS life-cycle context to clearly define the responsibilities of product suppliers, systems integrators and asset owners
Establishing commonality of vocabulary, concepts and models to facilitate meaningful conversation

Speakers
avatar for Andre Ristaino

Andre Ristaino

Managing Director, ISA Security Compliance Institute
Andre Ristaino is managing director of the ISA Automation Standards Compliance Institute (ASCI) based in Research Triangle Park, N.C. He provides staff leadership for ISA’s conformance certification programs, including the ISASecure IACS certification program managed under the ISCI... Read More →


Wednesday September 19, 2018 12:10pm - 12:40pm
Citizen Hotel 926 J Street Sacramento, California 95814

12:40pm

Networking Lunch
Wednesday September 19, 2018 12:40pm - 1:40pm
Citizen Hotel 926 J Street Sacramento, California 95814

1:40pm

Cybersecurity & a Risk Based, Value Adding Approach
·      Cyber threat is a worldwide phenomenon that crosses national, regional and international borders. 
Cybersecurity therefore requires an integrated approach at all of these levels.
·      The cyber threat to technical systems is wide ranging.
The cybersecurity response needs to be system-wide.
·      Each technical system is different but all technical systems are greatly similar.
·      Understanding the system, identifying the high value and high vulnerable points, and implementing the appropriate level of response, is key to an efficient and cost effective cybersecurity solution.


Speakers
avatar for David Hanlon

David Hanlon

Secretary of the IEC Conformity Assessment Board, IEC
In his current role as Secretary of the IEC Conformity Assessment Board, based in Geneva Switzerland, David liaises with many international organizations and presents at international events on various topics including cybersecurity. David holds a Bachelor in Electrical Engineering from... Read More →


Wednesday September 19, 2018 1:40pm - 2:00pm
Citizen Hotel 926 J Street Sacramento, California 95814

2:00pm

Standards-based Cyber Security Seat Belts
  • Seat belt analogy description: seat belts= security capabilities/mechanisms, seat belt adoption=security adoption
  • Summary of security capability standards: secure product development processes, product security capabilities, secure installation and maintenance, secure operation
  • Overview of each of these standards
  • Certification to these standards
  • Conclusion: Standards provide roadmap to secure systems, certification provides assurance of proper implementation, and seat belt analogy tells us that as vendors add security to their products, end-users need to begin a long term program for adopting them. Failure to do so will result in regulation and increase the potential for successful attacks



Speakers
avatar for Lee Neitzel

Lee Neitzel

Cyber Security Consultant, IEC
Lee Neitzel is a cyber security consultant who has been involved in security and network standards for more than 30 years. He is currently the convenor of the working groups that are developing the IEC 62443 security standards and their associated conformance assessment programs within... Read More →


Wednesday September 19, 2018 2:00pm - 2:20pm
Citizen Hotel 926 J Street Sacramento, California 95814

2:20pm

The Start Button: Navigating ISA99/ ISA 62443 for your IACS Security Management Program
ISA99/ISA-62443 Security for Industrial Automation and Control Systems:
 
Many Global guidelines, frameworks, regulatory agencies and related documents reference the ISA99 Committee work products in ANSI/ISA62443 as a normative, required or incorporated standard, but few actually understand how to navigate the IACS Cyber Security standards 14 modules. 
 
This discussion will show the attendee a "Start Pushbutton" for a take-a-way understanding toward applying the 14 modules comprising the standard.
 
The presentation will provide an introductory understanding of how to select and apply the various modules toward development and maintenance of an effective IACS Security Management Program. 
 
Within the presentation the attendee will be introduced to the various Critical Concepts, Foundational Requirements, functions and components that comprise an effective IACS Security Management Program which complies with the various guidelines, frameworks, regulatory agencies and documents referencing this standard.
 

Speakers
avatar for Glenn Merrell

Glenn Merrell

Industrial Control Systems Security, Freelance Consulting
Mr. Glenn Merrell, CAP is a senior industry consultant applying extensive experience in Industrial Control Systems (ICS), automation, safety, Critical Infrastructure Protection (CIP) and industrial security. Mr. Merrell is an ISA Certified Automation Professional with over 30 years... Read More →



Wednesday September 19, 2018 2:20pm - 2:50pm
Citizen Hotel 926 J Street Sacramento, California 95814

2:50pm

Networking Break
Wednesday September 19, 2018 2:50pm - 3:20pm
Citizen Hotel 926 J Street Sacramento, California 95814

3:30pm

Working Group Break-out Sessions
How can Asset Owners Transform their Mindset to Become Security Focused?
- To what extent is security an afterthought to operational availability? Lee: does security interfere or compete with operations
- The importance of a holistic understanding of security at different organisational levels
-  What are the steps that can be taken to make meaningful progress towards adopting a security minded approach?
- How will security impact work practices, user behavior, and user attitudes?
Led by David Hanlon
Why Configuration Management Strategy is Essential to Security
- Secure out of the box is a myth
- Understanding that user capability is essential to security and acting accordingly
- What essential steps need to be taken to effectively manage accounts, administrators and patching to ensure our systems are secure
- How much configuration is necessary to customize security features for a site?
- How does the asset owner know what needs to be configured and what values are necessary?
Led by Lee Neitzel
What measures need to be taken to address the inadequacy of the resource stream at entry and mid-career level?
- What is currently in place to incentivize relevant skills development?
- Where are we lacking the necessary infrastructure to develop short, medium and long-term skills development in both the public and private sectors?
- What does a fit for purpose training and development standard look like?
- What objectives should be set and how can we sell the benefits of new initiatives?
Led by Tim Yardley
What needs to be prioritised to move towards more effective collection, processing and escalation of information on threats?
- How well defined is the threshold at which private sector threat information should be escalated to government authorities, and can we agree first on what should and must be shared?
- What do the mechanics of an effective information sharing infrastructure look like?
- To what extent do we have the national and transnational infrastructure in place to facilitate effective conversations?
Led by John Bryk
What barriers need to be overcome to move towards internationally accepted standards?
- Understanding the global landscape and competing regimes
- What mechanisms need to be developed to effectively incorporate the best elements of existing standards?
- How much room do existing standards leave for local interpretation and implementation?
Led by Andre Ristaino


Wednesday September 19, 2018 3:30pm - 4:30pm
Citizen Hotel 926 J Street Sacramento, California 95814

4:30pm

Working Group Presentations and Wash Up
Speakers
avatar for John Bryk

John Bryk

Cyber and Physical Threat Intelligence Analyst, Downstream Natural Gas-ISAC
John Bryk (pronounced BRICK) retired as a colonel from the United States Air Force after a 30-year career, with early assignments that included Intercontinental Ballistic Missile Combat Crew Commander, and launching the Space Shuttle and unmanned rockets.  As a senior officer, he... Read More →
avatar for David Hanlon

David Hanlon

Secretary of the IEC Conformity Assessment Board, IEC
In his current role as Secretary of the IEC Conformity Assessment Board, based in Geneva Switzerland, David liaises with many international organizations and presents at international events on various topics including cybersecurity. David holds a Bachelor in Electrical Engineering from... Read More →
avatar for Lee Neitzel

Lee Neitzel

Cyber Security Consultant, IEC
Lee Neitzel is a cyber security consultant who has been involved in security and network standards for more than 30 years. He is currently the convenor of the working groups that are developing the IEC 62443 security standards and their associated conformance assessment programs within... Read More →
avatar for Andre Ristaino

Andre Ristaino

Managing Director, ISA Security Compliance Institute
Andre Ristaino is managing director of the ISA Automation Standards Compliance Institute (ASCI) based in Research Triangle Park, N.C. He provides staff leadership for ISA’s conformance certification programs, including the ISASecure IACS certification program managed under the ISCI... Read More →
avatar for Tim Yardley

Tim Yardley

Senior Associate Director of Technology and Workforce Development, Information Trust Institute, Information Trust Institute at Illinois
Tim Yardley is the Senior Associate Director of Technology and Workforce Development and a Senior Researcher at the Information Trust Institute at the University of Illinois Urbana-Champaign. His primary duties focus on defining the vision and direction for applied research through... Read More →


Wednesday September 19, 2018 4:30pm - 5:00pm
Citizen Hotel 926 J Street Sacramento, California 95814
 

Twitter Feed