Monday, 16 October 2017

DDoS attacks on rail infrastructure

According to recent press, "DDoS attacks on two separate days have brought down several IT systems employed by Sweden's transport agencies, causing train delays in some cases. The incidents took place early in the mornings of Wednesday and Thursday, October 11 and 12, this week.
Trafikverket officials said the attack was cleverly aimed at TDC and DGC, the agency's two service providers, but they were both aimed in such a way to affect the agency's services.
Trafikverket was able to restore service in a few hours, but the delays affected the entire day's train operations.
While initially, some might have thought this was a random incident, the next day, a similar DDoS attack hit the website of another government agency, the Sweden Transport Agency (Transportstyrelsen), and public transport operator Västtrafik, who provides train, bus, ferry, and tram transport for parts of Western Sweden."
-- Source Bleeping Computer

Fortunately there was no loss of life, however, according to reports Trafikverket's email systems and website were down and passengers were unable to make reservations or get travel information updates.

"In July 2017 criticism was mounting over IT security at Swedish government agencies after it emerged that millions of Swedes' driving licence data may have been leaked to other countries. Sweden's security police Säpo has investigated the Swedish Transport Agency (Transportstyrelsen) after information about all vehicles in the country – including police and military – was made available to IT workers in Eastern Europe who had not gone through the usual security clearance checks when the agency outsourced its IT maintenance to IBM in 2015.
One Transport Agency staff member described the outsourcing without proper security checks as handing over "the keys to the Kingdom" in an interview with Säpo, reports DN.- Source " source-TheLocal.SE' July 2017 
 


The Cyber Senate 3rd Annual Rail Cyber Security Summit will continue to address the key most critical issues challenging rail and infrastructure owners in the transport sector March 13/14th in London 2018. We are already confirming speakers and our headline solution providers will be announced imminently.

The 2018 Summit will be a two-day single-track senior level business critical and technical summit including multiple panel sessions and roundtables addressing the following but limited to; 
  • SOC's and different models that can contribute to cybersecurity management for the sector
  • Incident Response and Anomoly Detection
  • Government and Industry- Creating a Culture of Awareness, defining leadership for the sector
  • Developing a baseline for cyber maturity
  • What we can learn from vertical sectors including nuclear, oil and gas, utilities, aviation and chemcial
  • Securing IOT and IOT - Playing Catch-Up in the 21st Century
  • Securing asset information, passenger information systems
  • Cyber Security and Safety- Ensuring operational integrity
  • Supply Chain Security and Managing 3rd Party Risk
Call for Papers


3rd Annual 
Rail Cyber Security Summit 

London England
13th & 14th March 2018
The Marriott Regents Park
www.railcybersecurity.com
Sponsorship available for a limited time

Tuesday, 10 October 2017

Aviation Cyber Security, Industrial Control Cyber Security and Critical Infrastructure Protection


How secure are aviation flight systems and passenger data? What actionable steps can airline executives take to position themselves to be prepared for the evolving threat landscape?
How can we better secure asset information, manage data, increase efficiencies, collaboration and competitiveness when software is inherently vulnerable?
Join us November 21/22 in London England as the Cyber Senate address key challenges facing the aviation sector in a two-day in-depth engagement with industry leaders, including interactive panel sessions on Supply Chain and IOT Risk, Safety and Cyber Security Integration, Building a Culture of Awareness, Gaining C Level Buy-In, Public and Private Information Sharing and more.

Today we welcome Peter Cooper, Independent cyber security advisor, Nonresident Senior Fellow, Atlantic Council Cyber Statecraft Initiative, who will join us discussing:
Cyber Security – Perception or Inception?
  • Why perceptions are critical in aviation cyber security?
  • Defender and adversary perceptions?
  • What are we defending, what are they attacking?
  • Using this knowledge for better strategy and more accurate risk management

AVCIP2017
Aviation Cyber Security Summit

London United Kingdom
November 21/22
Marriott Regents Park Hotel
www.aviationcybersec.com
Headline Sponsors Airbus and SITA
Co-Sponsors Unisys
 
Save £200 before October 26th using code EARLYBIRD
Airlines, Airports and Aviation Asset Owners are FREE

Interests in our shows? Contact marketing@cybersenate.com or Daryl.Fig@cybersenate.com

Thought Leaders confirmed:
  • Chris Blask, U.S ICS ISAC, UNISYS, Director Industrial Control Security
  • Kevin Borley, Bristol Airport, Head of IT and Innovation    
  • Anson Fong, Los Angeles World Airports,Chief Information Security Officer 
  • Mike Heath, Calgary Airport Authority, Information Security Lead
  • Deb Helton, Dallas Fort Worth International Airport, Emergency Management Administrator    
  • Dr Paul Hunton, Hunton Woods Limited, Digital Forensics Expert
  • Chris Johnson, University of Glasgow, Head of Computing    
  • Phil Jones, Airbus, Chief Operating Officer    
  • Jonas Jorgensen, Copenhagen Airports, IT Director    
  • Ladislav Kašpar, Czech Airlines, j.s.c., Head of Security and Emergency Response Planning    
  • Filippos Komninos, Athens International Airport S.A, Information Security Specialist    
  • Francesco Di Maio, ENAV, Head, Security Department
  • Rossella Mattioli, ENISA, Officer in Network and Information Security
  • John Hird, Eurocontrol, ATM Security Specialist Directorate ATM, CMC/SEC 
  • Gerry Ngu, CERT-EU/ EASA, Cybersecurity in Aviation Officer
  • Cecil Pineda, Dallas Fort Worth International Airport, Assistant Vice President, Technology Security Information Technology Services    
  • Fazle R Quasha, Fort McMurray Airport Authority, Manager Information Technologies    
  • Matt Shreeve, Helios, Principal Consultant
  • Peter Williams, Manchester Airports Group (MAG), Chief Information Security Officer    
  • Peter Cooper, Nonresident Senior Fellow, Cyber Statecraft Initiative, Brent Scowcroft Centre on International Security, Atlantic Council

    Who attends?
    Delegates will be made up of key security decision makers from airports and airlines around the world. The purpose of the summit is to collaborate, share information and devise a common strategy to tackle cyber threats. We will be addressing key issues such as supply chain and third party risk, incident response, integrating of cyber security and safety, IT and OT convergence, security operations centers, and much more.

    The Cyber Senate is a network and information provider and we host events that offer guidance on pressing cybersecurity issues across key smart infrastructure sectors such as Energy, Healthcare, Utilities, and Transport, to further progress public and private cybersecurity information sharing.

Monday, 4 September 2017

Aviation Cyber Security industry look at cyber security as a business enabler this November in London

Cyber security is a business enabler in the 21st century and getting it right provides a foundation that is necessary to move the business forward. Companies need to understand and manage risks before decisions can be made that are transformational, which are key to the rapidly changing aviation industry. 
Join us on November 21nd and 22nd in London. as the Cyber Senate looks at steps to align business strategy and goals with cyber security, key areas of focus for your cyber security program- getting the basics right and transforming from business silos to an enterprise program.

Delegates will be made up of key security decision makers from airports and airlines around the world, government influencers, cyber security subject matter experts and some of the world's leading solution providers in the sector.

The purpose of the summit is to collaborate, share information and devise a common strategy to tackle cyber threats.
Secure your position while seating remains. 


Aviation Cyber Security Summit
London United Kingdom
November 21/22
Marriott Regents Park Hotel
www.aviationcybersec.com
Sponsored by Unisys

4 Exhibition Stands remain. We also have sponsored lunches and networking breaks for those who are seeking visibility in this market.
 Contact marketing@cybersenate.com or Daryl.Fig@cybersenate.com
+44(0)207 096 1754

Wednesday, 16 August 2017

Vulnerability Management and Assessment of industrial control systems by Idaho National Labs

"The security threats to U.S. critical infrastructure span the digital divide. Resent attacks, like those in the Ukraine, blend the cyber and physical environment to cause confusion within and damage to the production environment. Modern cyber defense requires sophisticated operational tactics and strategies. Although, cyber hygiene is essential for fending off the daily barrage of lower level threats that can impair an organization’s performance, few companies are prepared for a targeted attack on their core operational processes from an advanced adversary.

If it can be programmed, it can be hacked. This daunting reality facing our interconnected and digital environments has been described as a battle to be won every day by cybersecurity professionals.
Control systems present unprecedented challenges as they are transitioned to a modern architecture based on digital control systems and increasingly wireless communications systems.  This transition creates a paradox – more efficient, effective operation, but dramatically increased vulnerabilities and attack surfaces.

INL’s unparalleled capabilities in nuclear nonproliferation and cybersecurity are fundamentally changing how the nation and world approach complex threats to nuclear assets, energy systems and cyber-physical systems.

•       Internationally recognized nonproliferation experts with real-world experience in nuclear facility inspection, physical protection, modeling and simulation, material science, physics and engineering.

•       Comprehensive instrumentation and control, cyber and nuclear nonproliferation capabilities with similar nuclear infrastructure and examination equipment found worldwide.

•       INL’s full-scale infrastructure includes; isolated, industry scale power grid, water and telecommunication distribution systems to provide an expansive and unique test site that can replicate critical services across a region or municipality.

•       Inclusive nuclear security approach that allows for field and laboratory technology evaluation.

•       Replication of typical control system network for architecture reviews and system hygiene to support asset owners in securing their systems.

•       Protocol analysis, reverse engineering and cybersecurity forensics to advance persistent threat mitigations for the nuclear industry.

•       Cyber-informed risk methods and unique engineering methodologies and tools designed to anticipate cyber and physical security risk, and inform investment strategies.

•       Frameworks for prioritization of investments and threat indicators to inform and advanced security profile for high-consequence operations.

Safeguarding critical infrastructure including the power grid, nuclear materials and facilities is inextricably linked to the cybersecurity of the command and control environment.

These environments are complicated by instrumentation and controls that are continuously connected with information technology and wireless communications.

An integrated cyber physical security approach is essential to address the resiliency of the power and nuclear installations and continuity of operations.

INL’s world-leading cyber and industrial control systems security experts are changing the way the nation and the world meet the unique security demands of operational environments."

INL will be presenting at the 4th annual Industrial Control Cyber Security Summit in Sacramento California October 3/4th. www.industrialcontrolcybersecusa.com

Tuesday, 15 August 2017

Why USB devices are still the #1 source of malware in Industrial Control Systems, presented by Honeywell

This September in London and October in Sacramento, we learn from Honeywell why USB devices are still the #1 source of malware in ICS. This discussion will help you understand how USB devices can pose a threat even without malware, including:
o    Surprisingly effective HID attacks
o    More advanced threats posed by rogue network devices, serial adapters and more
Participants in London and Sacramento will see real examples of the impact these attacks can pose to ICS, plus Eric Knapp, Global Director of Cyber Security Solutions and Chief Cyber Security Engineer for Honeywell Process Solutions asks "Are these really advanced? Do you even have to worry about this?"

This year all critical national infrastructure are invited to join both shows free as an initiative to further cyber resilience in both public and private domains!
Contact Daryl Fig for your free guest pass for your team at daryl.fig@cybersenate.com 
 


4th Annual Industrial Control Cyber Security Europe
Millennium Gloucester Hotel
London United Kingdom
September 19/20th
www.industrialcontrolcyberseceurope.com
Headline Sponsors Leidos
Co Sponsors Honeywell
Associate Sponsor Verve Industrial Protection
Associate Sponsor Airbus
 
Network and share best practice with leaders from Nuclear, Water, Oil and Gas, Chemical, Automotive and Smart Grid sectors
 
 


4th Annual Industrial Control Cyber Security USA Summit
The Sutter Club
Sacramento California
October 3/4
www.industrialcontrolcybersecusa.com
Co-Sponsors 
Cyber Ark
Honeywell
Unisys


Associate Sponsors
Attivo Networks

 

Further events you won't want to miss from the Cyber Senate:
  • European Rail Cyber Security Working GroupSeptember 11/12th London
  • Aviation Cyber Security Summit, November 21/22 London United Kingdom

Interests in our shows? Contact marketing@cybersenate.com or Daryl.Fig@cybersenate.com
 

Thursday, 3 August 2017

ICS Cyber Wargaming - Cybersecurity Immersive Wargame Participation

They Cyber Senate are pleased to announce a new addition to our September 19/20th 4th Annual Industrial Control Cyber Security Europe conference for all attendees!

WARGAMING - Cybersecurity Immersive Wargame Participation 
Participants at all levels of skill are welcome to play in Project Ares, a cyber training and assessment environment that transforms a virtualized network of users and systems into a game that leverages Artificial Intelligence and Machine Learning to support the players and instructors. Project Ares provides many activities for individuals or teams to practice and assess their cyber security skills.

We are also pleased to announce the addition of Kathryn Rauhut, Nonresident Fellow at The Stimson Center in Washington D. C., as a new Panellist on Vulnerability Assessments. Mrs Rauhut is an international security attorney based in Vienna, Austria. She works primarily on nuclear security governance, accountability and liability issues and specializes in nuclear cyber security.
 
Critical Infrastructure Operators are FREE while places remain
*Utilities, Oil and Gas, Nuclear, Chemical, Transport - contact us if in doubt about a free ticket.

4th Annual Industrial Control Cyber Security Europe Summit
September 19/20th Millennium Gloucester Hotel London
www.industrialcontrolcyberseceurope.com
Headline Sponsors Leidos Cyber
Co-Sponsors Honeywell
Associate Sponsors Verve Industrial Protection

Media Partners include Infosec Magazine, CCI, Water Briefing, CDM Magazine, IISP, OSGP

Thought Leadership 2017
  • Nick Charnley, Deputy Director - Cyber Security, CLP Hong Kong
  • Maksim Gluhhovtsenko, Information Security Officer, Elektrilevi OÜ
  • Thomas Walter, Process IT Security Manager, PreussenElektra GmbH
  • Karen Frith, Head of Cyber Security Operations and Risk, Sellafield Ltd
  • Christian Schlehuber, Expert IT-Security digital command and control systems, DB Netz AG
  • Stephen Burke, Head of Civil Nuclear Cyber Security, BEIS
  • Steven Rumbold, Security Case and Strategy Development Manager, EDF Energy
  • Matt Hardy, Chief Security Officer, Synthomer
  • Lauri Luht, Head of Crisis Management, Estonian Information System Authority
  • Tony McCabe, Lead Solution Architect (NMS), Electricity North West
  • Matt Sims, Head of Cyber Security and Information Assurance, Office for Nuclear Regulation
  • Chris Blask, Chair, Director Industrial Control Security, ICS ISAC and Cyber Space Research Institute-Webster University
  • Scott Keenon, Head of Process Control Security, Leidos Cyber
  • David Higgins, an Independent consultant, acted as the Programme and Security Director for the DCC UK Smart Meters Programme for two years
  • Eric Knapp, Global Director of Cyber Security Solutions and Chief Cyber Security Engineer, Honeywell
  • Rick Kaun, VP of Solutions, Verve Industrial Protection 
  • Kathryn Rauhut, International Security Attorney, The Stimson Center
WARGAMING - Cybersecurity Immersive Wargame Participation September 20th
Players can enter a Battle Room where they are given cybersecurity tools (e.g., firewalls, routers, event management systems, Intrusion Detection Systems (IDS), endpoint protection systems) and tasks relevant to their work role to master hands-on keyboard techniques. Lastly, players can participate in mock missions or scenarios that present realistic problems that they need to solve. Users can invite other players online to their team or tackle it alone, but they must possess the problem solving and core cyber skills necessary to complete the mission. Missions to defend or attack the Industrial Control System in a Water Treatment Plant will be available during this session.
*Bring your own laptop! 


Interested parties contact James.Nesbitt@cybersenate.com 
Sponsorship and exhibition opportunities remain for a limited time, contact Daryl.Fig@cybersenate.com or call +44 (0)207 096 1754

Interested in the US Market? Join us with Key Leaders like Tim Roxey of NERC and Commander Keith Tresh of CALOES Cyber Security Integration Centre California on October 3/4in Sacramento. www.industrialcontrolcybersecusa.com