Wednesday, 28 May 2014

Industrial Control Cyber Security featuring #heartbleed impact and more announced


Industrial Control Cyber Security Europe

London 29/30 September 2014 


Industrial Control Cyber Security USA
Sacramento California October 6th and 7th


Developed and managed by the Cyber Senate
www.cybersenate.com


An International information sharing platform to further develop cyber resilience for the Energy sector.
We will address current topics from an European and North American perspective, two different locations, two different countries. The program content is subject change.
Call for Papers and for more information contact 
James Nesbitt 
+44 (0)207 096 1754 
james@sagacity-media.com 
www.sagacity-media.com 
www.cybersenate.com 




Overview 
All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Utilities and Oil and Gas sectors. 
The ICS Energy Europe conference is brought to you by the Cyber Senate. An exclusive community of authoritative global leaders with unparalleled experience and knowledge in both Cyber and Industrial Control sectors. 


Suggested presentations include:


It’s not “If” but “When”
Top Table: Changes in ICS lnerabilities and current state of play.
Heartbleed - What is it, where did it come from, how do we protect ourselves and what is next?
Utilities - Electrical Grid, End to End vulnerabilities
Water - Treatment, Testing and Movement of water
Oil and Gas - What have we learned since Shamoon and how can prepare for the next incident
Healthcare - Now considered as critical Industrial control systems, what to prepare for and why
The rise of Hactivism and future predictions

Cross Sector Roadmap for Cyber security of Industrial Control Systems?
Initiatives to enhance the security and resilience of ICS
Information sharing - how far have we come in the past five years?
Public and Private Partnerships; What has worked and where do we need to focus more effort?
Third party risk and disclosure - creating awareness and encouraging disclosure
Changes in ICS vulnerability
What would the Cross Sector Roadmap look like?

Threat assessment: Water Utility control systems
Water infrastructure worldwide have little control over the systems. These systems are rarely secure, and an easy target
Pumps, generators and SCADA system threats
Is an electronic security perimeter to mitigate external cyber vulnerabilities enough?


Resilience and digital interconnection dependency
Securing communications infrastructure, network reliability and security
The design and implementation of interoperable architectures- what is the security risk?
High security architecture best practices 
Security by design
Interoperability and Cyber Security
Enterprise application integration
Field devices
Compliance and Security testing

Planning, evaluation and risk management
Mitigation measures, raising awareness and developing skills
Third party risk and disclosure
Poor planning, lack of information, security configurations

The role of System Integrators
Most systems were built and deployed without thought to future connectivity
Harnessing all of the information available and creating a complete picture
How to present information
Networking additional systems

The role of System Integrators
Most systems were built and deployed without thought to future connectivity
Harnessing all of the information available and creating a complete picture
How to present information
Networking additional systems

The IT and OT dilemma - are we seeing the organisational integration we require?
Operational security - how can it better support Cyber Security preparedness?
IT - Are we trained and budgeted to defend the enterprise?
What initiatives are in place to ensure these departments are working together?

Incident response, management and recovery - what to do when things go wrong
Understanding responsibilities to the public
Defining and implementing a process
Monitoring and detection
Incident management: Incident, incident response, incident 




IPV6 Security!
Security depends on well coded applications
Key management, strong node identity
Migration to IPV6 is not a panacea for all security problems
A number of threats existMan in the middle attacks
Automated attacks
Protocol tunneling capabilities, routing headers, DNS broadcasting and rogue routing announcements

Enabling IPv6 end-to-end across networks creates visibility
Deep Packet inspections

Securing supply chains
International standards and trust
Safety and security of products manufactured offshore
Vendor responsibility and disclosure
Penetration Testing

From data attacks to targeting operations
Protecting external - facing ICS devices
Overcoming a lack of security implementation
Information security - no longer an afterthought?

How to develop a cyber strategy that doesn’t create inefficiencies in data access
Ensuring interoperability
Information sharing
Convergence of systems
Increased threat profiles
Reduced functionality across business units
Security process 

Real time infrastructure and asset monitoring
Behavioural analysis and intrusion detection and mitigation
Data management as a strategy
Remote management methods and risks
Data centre security

Cloud based SCADA deployments- what you need to know
Security and compliance challenges
Threats of allowing un-patched systems into the network
Monitoring and real time identification and assessment
Access to organizational data and resources
Impersonating subscribers and botnets against the cloud provider

Data Management as Cyber Strategy
The need for accessible data outweighs the need for confidential data
Enhancing the protection of data transported on EtherNet/IP and CIP in industrial control systems
Protecting data flows between ICS assets
Remote access essential but a threat

Understanding and overcoming “The Insider Threat”
Lack of implementing access control mechanisms creates opportunity
Monitoring unusual or abnormal commands
Device monitoring
Access patterns
Malicious acts and human error




No comments:

Post a Comment