Tuesday, 21 July 2015

Intelligence Led Threat Mitigation Industrial Control Cyber Security

Pre Conference Workshop12 October 2015
Day 113 October 2015

08:15
 Registration 
Delegate check in
08:55
 Welcome from the Cyber Senate Director James Nesbitt
CYBERSENATE
Welcome from the Cyber Senate

09:00
Opening Remarks 
Chris Blask, Executive Director at Webster University’s Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)
ics isac
Director of Business Development, Energy & Utilities,
BAE Systems Applied Intelligence, Rene Moreda
bae-578px
Chairman Opening Remarks
09:10
 Keynote Presentation Department of Homeland Security
(*suggested presentation topics, final confirmation of bullets posted shortly)
Industry transformation and public and private information sharing initiatives
What are we doing collectively to mitigate the potential risk, what barriers are we experiencing and how are we transforming as an industry to put strategies in place?
Compliance and the foundation of risk control
Foundation surge information sharing
Nation State activities
Marty Edwards, Director Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), Department of Homeland Security
Information Sharing and Transformation
10:50
Coffee and Exhibitor Networking
Exhibitor networking

11:20
Industrial Control Cyber Security Opportunities on a State-Wide Level
What the CIO and CISO Need to Know and Respect About ICS and CI
NIST Special Publication 800-82 relationship with NIST 800-53 Rev. 4 Controls
Who Has ICS and CI Responsibility In Organizations?
Public and Private Information Sharing Opportunities on a State-Wide Level – Build Relationships
Professional Perspective – How Can IT Policy and Procedure Converge with ICS Service Level Perfection?
Mary DiPietro, Deputy Chief Information Security Officer, California Department of Technology, California Information Security Office
ICS Opportunities
11:50
Panel: Coordinated approaches between Government and State
Audience Q&A
Marty Edwards Department of Homeland Security, ICS CERT Director
Chris Blask,
Executive Director at Webster University’s Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)
Mary DiPietro
, Deputy Chief Information Security Officer, California Department of Technology, California Information Security Office
Panel: Coordinated Approaches

12:20
Intelligence-Led Threat Mitigation
Today, discovery using threat intelligence alone will not fully mitigate all the cyber threats an organization faces because attackers can develop new capabilities and change their attack vectors with ease. Threat intelligence helps to discover known bad, but it needs to be coupled with security analytics that help to uncover unknown bad. The big difference is that where signatures (based on threat intelligence) only detect single instances of threats, analytics detect suspicious behaviors.
This presentation will address how to leverage threat intelligence and security analytics as an effective defense in protecting critical infrastructure. It will demonstrate the emerging dynamic global threat landscape, define threat intelligence and illustrate why it matters. Attendees will gain insight into current trends of threat intelligence in IT and OT environments and learn how to address the challenges of applying threat intelligence and security analytics in critical systems across large, medium and small organizations.
Rene Moreda, Cyber Security – Energy and Utilities, BAE Systems Applied Intelligence
bae-578px
Threat Mitigation
1:00
Lunch and Networking
Sponsored by GE
Monogram_PMS7455_HR

2:00
What Iberdrola learned as we developed our framework for cyber security risk management, which we are implementing around the world
Approach, methodologies, lessons learned from this global effort
Steps to assess current levels of cyber security
Identifying risk for each business, cataloguing best practice
Developing risk maps and customised implementation plans
The systemized approach helped us provide clear direction and guidance, establish reliable and repeatable process, and communicate cyber security risks more effectively.
Keri Glitch, Vice President Corporate Security, Iberdrola USA
Iberdrola Case Study
2:30
Maturing SCADA Security Programs

Establishing and maturing an ICS/SCADA security program
Business, security, and compliance drivers
Special considerations and challenges to achieve
Example of utility approaches
Samara Moore, Senior Manager, CIP Security & Compliance, Corporate and Information Security Services, Exelon
Holistic ICS/SCADA development
3:00
Exhibitor Networking
Coffee and Networking
3:30
Managing Software Security Throughout The Supply Chain
All businesses rely on both a domestic and an international supply chain on a daily basis, as such we rely on software security throughout the entire supply chain and this is where things become challenging.
The software industry relies on third party open source code as part of their internal systems, as well as a rapidly increasing number of third party commercial offerings. A major cybersecurity vulnerability discovered in a commonly used third party software component can lead to massive challenges resolving the issues. (Heartbleed/Shellshock)
Reliance on vulnerable third party components require organisations to revisit their cybersecurity management strategies and security audits.
Organisations are frequently hesitant to impose requirements for managing cybersecurity on those outside of their organisation.
We are not dealing with technological problems as much as we are dealing with policy problems

Mike Ahmadi
, Global Business Development Director, Codenomicon
Codenomicon-RGB-Large
Supply chain software security

4:10
Integrated Control and Safety Systems
Looking at industrial cyber security from a safety perspective will enable us to design safe secure cyber solutions.  The session will focus on understanding the relation between system safety and cyber security and will touch on the ICSS “Integrated Control and Safety Systems”.  The session will also discuss the importance of segregating safety and control systems from cyber secure perspectives?
         Understanding the relation between safety and security
         Visualizing TUV certified systems and Cyber Security
         Addressing cyber security needs for the ICSS.
Ayman Al Issa, Chief Technologist & Senior Advisor, Industrial Cyber Security, Booz Allen Hamilton
Integrated Control and Safety Systems
4:50
Industrial Cyber Security; is it a test-tube baby? After more than 5 years of Stuxnet, we need to admit that the mature industrial cyber security baby has not been born yet. This session is covering a transparent discussion on the status of industrial cyber security today and how it is much behind the emerging threats.
Who are the stakeholders and are they doing what they should do?
Is it a complicated situation that needs a complex approach?
How can we get things moving ahead?
Panel led by
Moderator: Ayman Al Issa, Chief Technologist & Senior Advisor, Industrial Cyber Security, Booz Allen Hamilton
Includes Panellists:
Omer Schneider, Co Founder, Cyber X
Samara Moore
, Senior Manager, CIP Security & Compliance, Corporate and Information Security Services, Exelon
Keri Glitch
, Vice President Corporate Security, Iberdrola USA
Mike Ahmadi
, Global Business Development Director, Codenomicon
Invited: Marty Edwards, Director Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), Department of Homeland Security

Panel: Mature industrial cyber security?
5:30
 Cyber incident response management: The key to safeguarding assets
This roundtable session will examine the key components of an incident response plan and discuss approaches to effectively manage an incident. It will start with the question, “what does incident response mean?” To many people, using existing Business Continuity Planning/Disaster Recovery documents seems adequate to managing a cyber attack. However, this is not the case. A robust incident response strategy is comprised of three main parts: incident planning, identifying incident readiness through testing the incident plan and responding to an actual incident. Join us to learn how you can begin planning for a security event upon your return to the office.
18:00
bae-578px
Drinks reception sponsored by BAE Systems Applied Intelligence
19:00
End of Day One
Day 214 October 2015
9:10
 Key Note: ICS Security Lifecycle

Having a structured process to advance cybersecurity at industrial facilities is the key to effective and efficient use of resources. This keynote will provide an understanding of where the industry is, in its own lifecycle of providing owners and operators those structures to apply to their security processes, and what steps can be taken to programmatize your efforts.
Chris Blask, Executive Director at Webster University’s Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)
ics isac
ICS Security lifecycle
9:40
 Case Study: The 2012 cyber-attacks against Saudi Aramco and the Aramco family of affiliates was a major game changer in IT & ICS Security. The energy sector, relevant markets and governments worldwide shuddered. Although oil production wasn’t directly affected, business operations were greatly interrupted and remain so. This presentation is the story how I implemented the first IT Security unit for Aramco Overseas Company, a Saudi Aramco affiliate which provides all IT services for Saudi Aramco in South America and the EMEA region outside of Saudi Arabia.
  1. Cybergeddon 2012
Description of Shamoon and attack effects on the Aramco family
  1. Starting from Zero to Hero
An offer I couldn’t refuse after “The Incident”
Implementation of basic IT security
Recruitment of skilled in-house IT security staff
  1. Maturization -IT Security to the next level
Development of staff: hackers, lock pickers, geniuses and Harlem Shakers
Exercises and independent operational audits
Building the framework for a functional incident response team and CERT
  1. Lessons Learned
Twitter setbacks
Dealing with panic
What I would do different if I had a Time Machine
Christina Kubecka, Private Researcher SecurityEvangelistEU, Former Group Leader, Aramco Overseas The Netherlands
Saudi Aramco Case Study
10:10
Governance, incident response and recovery
Governance structure
Risk advisory and strategic direction
Governance on security operations
Standardisation and compliance
Defining and implementing a process
Monitoring and detection
Incident management: Incident, incident response, incident investigation
Scott King, Manager Information Security,  Sempra Utilities
Governance, Incident Response & Recovery
10:40
Exhibitor Networking
Coffee and Networking
11:10
Compliance Doesn’t Equal Security – but They’re Not Mutually Exclusive:
How to obtain synergy by architecting security solutions which can deliver compliance.
Key Points / Themes:
* This statement is pervasive – all security practitioners echo it. How can we change this?
* Holistic security architecture must span physical, OT, IT, and varying LoB priorities
* Knowing key control points and artifacts, technology and process for generating compliance evidence can be “baked in” rather than “bolted on”.
* Compliance represents the ‘minimum criteria’, and closely align to security best practice (e.g. SANS Top 20 Security Controls).
* Opportunities to go above and beyond: OT Networks are less dynamic than corporate networks – offering a better opportunity for baseline modeling, and anomaly detection
Billy Glenn, Principal Architect, PG&E
11:40
Panel: Defining a risk, compliance and governance framework that integrates IT and OT security – Best Practice
Evaluating business IT and OT performance through operational dashboards
Key policies, definition of corporate control for each sector
Managing operational and IT high risk areas- Long term thinking
Developing a streamlined process of managing compliance and managing cost
Chris Blask, Chair at Industrial Control System Information Sharing and Analysis Center (ICS ISAC)
Christina Kubecka, Private Researcher SecurityEvangelistEU, Former Group Leader, Aramco Overseas The Netherlands
Scott King, Manager Information Security, Sempra Utilities
Billy Glenn,
Principal Architect, PG&E
IT & OT Security Framework
12:10
Defending Against Cloud-Originated Threats
Why does fighting cloud-based threats in the cloud make sense for industrial IoT and why is it proving more effective than traditional security architectures?
How does cloud-based security work and how does it secure specific vulnerabilities found in Internet-facing ICS/Scada?
The adoption of cloud computing is inevitable for critical environments, how can we enable that adoption and assure the industry that it’s a safe way forward for critical infrastructure?
What are current trends in the threat landscape (drawn from over 15 billion transactions processed daily)?
What are expected future developments in cloud-based security?
Patrick Foxhoven, VP & CTO of Emerging Technologies, Zscaler
SMALL-Zscaler-high-res-logo-(1)
Cloud for ICS
12:40
Lunch and Networking
Exhibitor Networking
1:40
ICS threat categorization and indicators of compromise
Automatic machine-response to ICS threats
Threat sharing best practices
Doug Rhoades, Chief Engineer for Cybersecurity, Southern California Edison
Indicators of compromise
2:10
Integration of Operations Data and Command and Control messages to ensure cyber security and power system resilience.
CWP is building operational tools that integrate PMU measured power flow data, DNP3 SCADA messaging, and system power models to ensure that the grid is operating as expected and in a known state at all times.  Abnormal power flows with related SCADA commands may be operator error or cyber actors.  This system will detect events and potentially be able to reverse the attack and maintain power stability in future versions.
– Power system operations models
– SCADA command, control and data acquisition data
– Phase measurement units
– to provide a normal system awareness model for the entire power system
Steven Brunasso, Manager of Cyber Security, California Water and Power
Detection tools
2:40
Culture Change; It’s All About Security
- Will examine both technical and human considerations
- Does your culture embrace security?
- Does your technical competence match today’s  environment of vulnerability?
Glenn Steiger, General Manager, Alameda Municipal Power
Culture Change
3:10
Coffee and Exhibitor Networking
Exhibitor Networking
3:40
Managing change in ICS environments, can modern security policies work in the ICS environment?
Developing a culture of systemic thinking from an operations perspective and a IT perspective
Balancing the transformation of Mobility, Cloud, OT / ICS
System Awareness initiatives, implementation and development who are the key stakeholders and how do we engage
Steven Brunasso, Manager of Cyber Security, California Water and Power
Doug Rhoades, Chief Engineer for Cybersecurity, Southern California Edison
Billy Glenn, Principal Architect, PG&E
Modern security policy in ICS?
4:10
What have we learned and what can we take away? Audience Discussion and Key Take Aways
5:30
End of Conference. Presentation downloads will be made available to participants by the Cyber Senate with the permission of our speakers

No comments:

Post a Comment