Industrial Control Cybersecurity Europe

Identify, protect, detect, respond and recover. All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Energy, Oil, Gas, Electric and Water Sector.

The Industrial Control Cybersecurity conference consists of presentations and debate from some of the energy industry's leading end users from Operational and IT backgrounds, Government influencers, leading cybersecurity authorities and some of the world's most influential solution providers.

Key topics of discussion will pivot on convergence of operational and information technology transformation, design, implementation, integration and risks associated with enterprise facing architecture. Further review includes the development of policy, operational and cultural considerations, maturity models, public and private information sharing and the adoption of cybersecurity controls.

2015 will provide further insight into how industry can further develop organizational priorities, effective methodologies, benchmark return on investment for cybersecurity procurement, supplier relationships and how to effectively deploy defense in-depth strategies.

We will introduce demonstrations on the latest attacks and hear from those who are responsible for identifying them. The conference will further address penetration testing, the art of detection and threat monitoring, incident response and recovery.

Goals of the conference

The goal of the conference – to enhance dialogue and information sharing between public and private sectors, providing participants an opportunity to contribute and engage on some of our country’s most pressing security threats surrounding critical national infrastructure. Our vision as a collective to enhance resilience and the adoption of cybersecurity controls within the Energy, Water, Oil, Gas, Electric and Nuclear sector.

Why you cannot miss 2015

Gain further understanding of the risks and opportunities created by the convergence of operational and information technology
Develop a better understanding of current areas of vulnerability, threat detection, mitigation, maturity capability models and risk management.
Take away tools to assist in developing organisational priorities, methodologies and how to effectively deploy defense in-depth strategies.
Hear how your industry counterparts are defining and benchmarking return on investment for cybersecurity procurement, supplier responsibilities and adapting new models for incident response.
Take part and contribute to the technological transformation IT/OT shift involving design, implementation and integration requiring the collaborative efforts of two unique but historically different skillsets.

PRECONFERENCE WORKSHOP - September 28, 2015 9:00am - 1:30pm

In this workshop, you will be given a taste of what ICS and IT incident response look like on both sides of the firewall.

Traditionally, IT and OT teams have been separated by the firewall. However, nowadays with everyone and everything connected to the internet such as the Internet of Things (IoT) in fourth generation SCADA computing and the greater use of COTS in ICS. These two teams, from different technology perspectives need to understand the other’s viewpoint and start talking the same language. IT and OT are completely intermingled in our technology driven global business. Even in terms of simple discussions around ‘Risk Impact’ the IT team may view the worst-case scenario as large loss of data whereas the OT team may consider the worst case as loss of life. Security posture, risks, incident response and recovery are vastly different between the two similar technologies and teams.

It is only when teams come together and begin talking the same language will we be better prepared to face the external and internal threats as well as understanding the full extent of our vulnerabilities. Through discussions and interactive breakout sessions, the workshop will examine common mistakes and misconceptions made by teams when considering the ‘other side’ and help attendees to leave with a better understanding of how to take this back to their parent companies and put together a strategy for common understanding useable by all. To effectively monitor, report, strategize and respond to every day and emerging threats a good understanding of general risks from both sides of the perimeter and IT vs. ICS must be explored.

Risks, policies, regulations, legal requirements, hardware, protocols, etc…. are different between IT and ICS technologies, although similar and in many cases sharing the same network resources. Each must be approached differently. The current threat landscape has changed, traditional ICS security by obscurity or head in sand IT Security defense is no longer viable. Nor are old fashioned approaches and attack techniques and tools are evolving at a much faster rate than SCADA equipment can be manufactured much less replaced with new hardware capable of facing today’s industrial, nation state or cybercriminal or hacktivist threats.