CYBER SECURITY
www.criticalcybersecurity.com Ve Ke ns Hi nue: ing lto ton n , Lo nd on
London, UK
CYBER SECURITY
FOR CRITICAL ASSETS | EUROPE 17 - 18 November 2015
Recent attacks on critical automation systems prove that cyber-attacks can have significant impact on critical infrastructures and essential national services. Penetration of these ICT capabilities may have disastrous consequences for the safety and functioning of EU Member States. The need to ensure ICT robustness against cyber-attacks is thus a key challenge at a national and pan-European level.
FOCUS OF THE CONFERENCE As risks increase and spending on cyber security soars, the 7th Cyber Security for Critical Assets Summit, brings together security thought leaders with the aim of encouraging discussion and sharing amongst the key asset owning companies in Europe. Process control and corporate IT professionals from the Chemicals, Utilities and Oil & Energy sectors will come together to bridge the gap between their departments through meaningful security-focused conversation and debate. This in turn will allow them to build the robust security policies that will protect Europe’s critical assets tomorrow.
EVENT SPONSORS
CREATING BESPOKE STRATEGIC BUSINESS EVENTS, CONFERENCES, SUMMITS AND WEBINARS www.qatalystglobal.com
www.criticalcybersecurity.com
Cyber Security For Critical Assets | EUROPE | 17-18 November 2015
PRESENTING SPONSORS
Lockheed Martin www.civil.lockheedmartin.co.uk
At Lockheed Martin UK Information Systems & Global Solutions we put business first, providing business technology solutions to make our customers’ operations smarter, more efficient, and more profitable. We offer a full spectrum of support to all aspects of managing Process Security, Process Safety, Information Management and IT. Our industry experts have decades of experience in the Energy sector, meaning we know your business today, and have ingenious technology solutions for the challenges of tomorrow. Our energy customers are all about optimising production.
PhishMe www.phishme.com
PhishMe® is the leading provider of threat management for organisations concerned about human susceptibility to advanced targeted attacks. PhishMe’s intelligence-driven solutions empower employees to be an active line of defence by enabling them to identify, report, and mitigate phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, delivering measurable results to help inform and adapt an organisation’s security programs.
Restrata www.restrata.com
Restrata is multi-disciplinary security Front End Engineering Design consultancy with the capability to implement integrated security solutions in the built environment and with specific expertise in critical infrastructure domain in the UK, Middle East and Africa. We take a risk based approach to security design and are now specifically focused on helping our clients improve their capability to manage their Governance Risk and Compliance in the cyber domain and in helping them deliver active cyber defence measures in depth. Nozomi Networks SA provides an innovative, dedicated security solution for SCADA/ICS systems. Our in-field experience in SCADA systems and industry-proven quality software engineering skills provide a best-in-class solution for Critical Infrastructure security needs.
Nozomi www.nozominetworks.com
PLATFORM SPONSORS
02
Darktrace www.darktrace.com
Resilient www.resilientsystems.com
Named ‘Best Security Company of the Year’ in the Info Security Products Guide 2015, Darktrace is one of the world’s leading cyber threat defense companies. Its Enterprise Immune System technology detects previously unidentified threats in real time, powered by machine learning & mathematics developed at the University of Cambridge, which analyze the behavior of every device, user and network within an organization.
Resilient Systems (formerly Co3 Systems) empowers organizations to thrive in the face of cyberattacks and business crises. Resilient’s leading Incident Response Platform (IRP) arms response teams with workflows, intelligence, and deep-data analytics to react faster, coordinate better, and respond smarter. Resilient’s security, privacy, and action modules provide organizations with agile, collaborative, and comprehensive action plans.
ASSOCIATE SPONSORS Cyberbit www.cyberbitc.com
CYBERBIT as a global leader in the Cyber arena, offers high end, end-to-end solutions and products for both the emerging markets of Cyber Security and the Cyber Intelligence. CYBERBIT provides comprehensive solutions and exclusive capabilities with worldwide large scale deployment experience as well as global support services on both technological and operational aspects.
NETWORKING SPONSORS
BAE Systems www.baesystems.com
SCADAfence www.scadafence.com
At BAE, we help nations, governments and businesses around the world defend themselves against cybercrime, reduce their risk in the connected world, comply with regulation, and transform their operations. We do this using our unique set of solutions, systems, experience and processes - often collecting and analysing huge volumes of data.
SPEAKERS Oren Aspir CTO Cyberbit
MEDIA PARTNERS
Burim Bivolaku Global Chief Information Security Officer Noble Group Andrea Carcano CEO Nozomi Networks
Shash Patel Director, Information Risk Management & Privacy Air Products
Barry Coatesworth Cyber Security Transformation Consultant
Alasdair Rodgers Director Consulting and CTO Restrata
Joe Dauncey Head of Information Risk and Security SSE Plc
Randi Røisli Joint Venture IT Technical Security Lead Shell
John Dickinson Cybersecurity Control Systems Manager Sellafield Ltd
Prof. M. Angela Sasse Professor of Human-Centred Technology University College London
Eduardo Di Monte Director of Business Continuity AGBAR
Andy Sceats Managing Director Phishme
George Eapen CISO GE Middle East
Mark Swift CISO Trafigura
Dirk Fleischer CSO LANXESS
Steven Trippier Head of Cybersecurity Anglian Water Services
Chris Hankin Director of the Institute for Security Science and Technology Imperial College London Gerhard Heusinkveld Global Expert Process Control DSM Engineering DSM
Johan Vandendriessche Partner - Visiting Professor in ICT Law” at the University of Ghent Crosslaw Scott Keenon Process Security Commercial Lead Lockheed Martin
Erwin Kooi Lead Security Architect Alliander
Graham Wright CISO & Global Head of Digital Risk and Security National Grid
Ad Krikke CISO & DBS Security Manager DSM
Peter Armstrong Executive Director – Cyber Willis Steven Bailey Head of Cyber Security Research Cassidian Cyber Security Greg Day VP & CSO, EMEA Palo Alto Networks Howard Eakin Information Protection Leader EMEA ConocoPhillips
T: +44 203 740 9106 | E: [email protected] | A Conference by Qatalyst Global | www.qatalystglobal.com
Jean-Dominique Nollet Head of Forensic Laboratory, European Cybercrime Centre EC3 Europol Rob Orr Head of Information & Cyber Security Regulation, Civil Nuclear Security Office for Nuclear Regulation
David Atkinson Cyber Security Specialist Darktrace
STEERING COMMITTEE SCADAfence offers cutting edge cyber security solutions, designed to protect the manufacturing industries and critical infrastructure. Traditional IT Security technologies are inadequate due to the different requirements, technologies and components which are found in industrial networks. SCADAfence’s first solution is a non-intrusive network monitoring solution designed to ensure the operational availability of ICS/SCADA networks.
Chris Neely Director of Sales Engineering Resilient Systems
For further information and for speaker profiles please visit:
www.criticalcybersecurity.com Florian Haacke CSO RWE AG
Mark Swift CISO Trafigura
Chris Hankin Professor Imperial College
Andrew Wadsworth Head of Process Control Security Lockheed Martin
Dr. Jean-Marc Rickli Senior Lecturer, Department of Defence Studies King’s College London Christos Sgaras Senior Information Security Specialist Europol
For further information and for Steering Committee profiles please visit: www.criticalcybersecurity.com
03
www.criticalcybersecurity.com
Cyber Security For Critical Assets | EUROPE | 17-18 November 2015
CONFERENCE DAY ONE Tuesday 17th November 2015 08:00 Registration 08:30
Opening Address from the Chair, Shash Patel, Air Products
08:40 Opening Panel: New Threats in a New World: What Are You Doing in Response to the Changing Threat Landscape?
11:10 Platform Presentation: The Industrial Immune System: Using Machine Learning For Real-Time Threat Detection Across OT and IT
The opening panel will examine what new threats are arriving on the cyber scene and how the threat landscape is changing for companies working within the critical infrastructure sector. We will also take a brief look at novel detection tools, as well as how we can mitigate threat without sacrificing flexibility for employees and most importantly the business.
• Learn why ‘immune system’ technologies represent a fundamental innovation for cyber defence • Discover how to apply machine learning and mathematics to detect advanced, internal threats • Understand how to gain 100% network visibility to investigate emerging anomalies in real time • Hear real-world Industrial Immune System case studies
Moderator: Mark Swift, CISO, Trafigura Rob Orr
Head of Information & Cyber Security Regulation, Civil Nuclear Security
David Atkinson Cyber Security Specialist, Darktrace
Office for Nuclear Regulation Barry Coatesworth Cyber Security Transformation Consultant John Dickinson Cybersecurity Control Systems Manager, Sellafield Ltd
04
Oren Aspir CTO, Cyberbit
09:20
Presentation: Why Standard IT technology Fails in Protecting SCADA System: a Real Case
• How to build a real SCADA malware: difference between IT and OT security • Prevent tailored attacks targeting Critical Infrastructure • Real case study on protecting a National Critical Infrastructure Andrea Carcano CEO, Nozomi Networks
10:00
Speed Networking Break
10:40
Presentation: Best Practice for Incident Reporting
How do we: • Convince employees to change behavior? • Ensure criminals get caught? • Not let incidents affect direct partners • Cyber-crime is not just an IT issue - Sharing cyber incidents inside DSM helped enormously to raise awareness and improve culture and behavior
11:20
13:40
Case Study: How Did Anglian Water Create a Culture of Cyber Security Awareness?
• What caused us to shift to a security focused organisation? • How did we translate the reality of cyber-threat to the executive board? • What steps were taken to get the entire company into a “security first” mind-set? • What challenges have we faced so far as an organisation and how are we working to overcome them? • Lessons learned & looking towards the future Steven Trippier Head of Cybersecurity, Anglian Water Services
Presentation: The Unique Cyber Security Challenges Facing Critical National Infrastructure 14:20
• What makes protecting CNI a significantly more complex challenge? • Network dependencies and security • Risk assessment and responses to the threat • Creating an appropriate risk management framework and applying it to mitigate threat Graham Wright CISO & Global Head of Digital Risk and Security, National Grid
Case Study: Combatting the Enemy in Your Network
• What is the scope and organisation of corporate security at LANXESS • Current threat Scenarios facing our organisation • Criminological explanations for deviant and delinquent behaviour focusing on internal offenders • Comprehensive countermeasures undertaken by LANXESS to combat the threat Dirk Fleischer CSO, LANXESS
12:00 Presentation: Exploring the security evolution and Intelligence driven defence including: • A look at the rapidly changing Threat Landscape • Top threats and the top impacts • Would you know if your system was compromised? Scott Keenon Process Security Commercial Lead, Lockheed Martin
12:40
Seated Lunch
Ad Krikke CISO & DBS Security Manager DSM Business Services
T: +44 203 740 9106 | E: [email protected] | A Conference by Qatalyst Global | www.qatalystglobal.com
16:10
Case-Study: Managing Information Sharing with Joint Ventures
• Risks when working with Joint Ventures, where does IT fit in and why use energy in this space? • What are the potential information risks when partnering with an external organisation? • How do we protect our IT infrastructure, which controls are relevant? • A look at our “joint-venture story” Randi Røisli Joint Venture IT Technical Security Lead, Shell
16:50
Presentation: Strategies for Effective Integration of Business IT and Process Control Systems
• How did DSM handle a global roll-out of a MES in our Business Group • How was departmental cooperation achieved from architecture to handover to Managed Operations • Examining a mutual learning process whereby: - Process Control and Automation engineers had to learn to lessen their attention to technical designs of architecture etc. and focus on UX - IT needed to learn to deal with specific plant automation requirements Gerhard Heusinkveld Global Expert Process Control DSM Engineering, DSM
15:00
Presentation: Staying Afloat: Response Plans That Allow Business Continuity in the Face of Attack
• Arguably too much attention is given to preventing an emergency which may be inevitable • How can we construct a solid incident and crisis management plan • How does crisis management fit into a broader cybersecurity strategy and defence of critical assets • How do you mix both worlds? • Case study example of response to an attack or major event Eduardo Di Monte Director of Business Continuity, AGBAR
15:40 Networking Break
17:30
Chairman’s Closing Address
17:40
Networking Drinks & Canapés
05
www.criticalcybersecurity.com
Cyber Security For Critical Assets | EUROPE | 17-18 November 2015
CONFERENCE DAY TWO Wednesday 18th November 2015 08:00 Registration 08:30
Welcome Address from the Chair, Shash Patel, Air Products
08:40
Opening Panel: Let’s Examine the Role of International Governing & Regulatory Bodies in the Cyber Scene
10:50
Presentation: Present and Future Legal Considerations for Constructing a Cyber Security Policy
We will open day two by bringing to light questions relating to the accepted role of international governing bodies and law-enforcement agencies in cybercrime. The session will include speakers from governing bodies, as well as ones from industry. It will look at how we can work at increasing collaboration and making the most of the support given by law enforcement.
• An overview of current and planned relevant EU legislation • What are the data protection principles and how can you stay on the right side of data protection laws? • What laws currently govern security obligations and breach reporting? • How is EU and national legislation likely to change in the near future? • What you can do to stay abreast of the changes ahead
Moderator: Joe Dauncey Head of Information Risk & Security, SSE plc
Johan Vandendriessche Partner, Crosslaw
Dirk Fleischer CSO, LANXESS Chris Hankin Director of the Institute for Security Science and Technology Imperial College London George Eapen CISO, GE Middle East
06
Jean-Dominique Nollet Head of Forensic Laboratory, European Cybercrime Centre EC3 Europol
09:20
Presentation: Critical Success Factors in the Design of a Security Operations Centre (SOC) - the need to address risk in the People, Process and Technology domains
• Technology alone is not enough to stand up to cyber threats • Attention needs to be paid to the people, policy, operations and cyber management that bring about security • This presentation examines an enterprise-wide approach to cyber security, where no stone is left unturned Alasdair Rodgers Director Consulting, CTO, Restrata
10:00
Networking Break
10:30 Presentation: Personal Development in a Cyber Asset World
• Why is it so hard? Why haven’t we fixed all these problems already? • What are the competencies needed to safeguard the cyber assets of our organisations • How do we adapt our organisations to manage the cyber risk? Joe Dauncey Head of Information Risk & Security, SSE plc
11:30
Platform: Do you have a plan B?
With the increasing number of incidents and a global shortage of cyber security professionals, organisations need to focus beyond prevention and detection and look instead to their response strategy. Chris Neely from Resilient Systems will cover the fundamentals of Resilient’s award winning Incident Response Platform and how it enables organisations to react faster, coordinate better and respond faster to major cyber attacks and business crises.
Chris Neely Director Sales Engineering, Resilient Systems
11:40
Presentation: The Human Factor: Designing Employee Centred Policies Which Will Maximise Secure Behaviour
• Let’s look at some reasons for why employees ignore security and compliance rules • How can we leverage trust relationships to improve security in organisations? • Why is employing a “fear tactic” to gain compliance likely to fail? • Examples and lessons learned from research in this area
12:50
Seated Lunch
13:50 Presentation: Managing Complex and Evolving Cyber Threat Landscape Using Actionable Cyber Threat Intelligence • Overview of the Cyber Threat landscape • Overview of Cyber Threat Intelligence approaches • Intelligence Sharing and benefits with working with intelligence agencies • Combating APT’s using up-to-date cyber threat intelligence • Using Cyber Threat Intelligence as way to focus and prioritize security resources • Challenges for a successful implementation of Cyber Threat Intelligence programme Burim Bivolaku Global Chief Information Security Officer, Noble Group
14:30
Presentation: Knowing Your Assets: The Importance of Structured Data Management
With no structured assessment of their own assets, many companies are unaware of just how much data they have and where it is • Without a clear understanding of data ownership it is impossible to adequately assess the threat and thus protect yourself • How does data management improve risk assessment and efficacy information security protocols? • What are steps you can take to better manage your vast amounts of corporate data Shash Patel
Prof. M. Angela Sasse
Director, Information Risk Management & Privacy, Air Products
12:20
15:10
Professor of Human-Centred Technology, University College London
Presentation: Defending Against Phishing; Preparing and Using Human Defences
As the security industry has continually failed to cultivate the human element of security, phishing has become the top attack vector for cyber criminals and APT. Despite this, many organizations overlook the potential value humans can provide to their security posture. In this presentation, Andy Sceats will discuss how to reduce susceptibility to human-targeted attacks by providing immersive simulated phishing and how to empower users to be human sensors that can recognize and report suspected attacks, thus reducing the attack detection window.
Andy Sceats Managing Director, Phishme
T: +44 203 740 9106 | E: [email protected] | A Conference by Qatalyst Global | www.qatalystglobal.com
Refreshments & Networking
15:30
Case Study: How did Alliander Respond Internally to a Recent Wave of Cyber Attacks on the Utilities Sector
• With recent utility cyber incidents, how did we go about measuring the risk to our organisation? • Building a robust risk management strategy which includes prevention, detection and protection • What were the greatest challenges and how are we looking to overcome them? • What still needs to be done to complete our journey towards cyber safety? Erwin Kooi Lead Security Architect, Alliander
16:10
Group Activity: How Do You Create a Level Understanding of Cyber Security Threats for both IT and Process Control Departments
Process control systems are increasingly becoming the prime target for cyber attackers and spear phishing of engineers is becoming a common attempt to take down the control system. This session will present new research and discuss what should companies do to tighten controls, education, and security for process control departments. We will also look at IT/OT integration strategies Chris Hankin
Director of the Institute for Security Science and Technology
Imperial College London
17:00
Chairman’s Closing Remarks
07
www.criticalcybersecurity.com
London, UK
CYBER SECURITY
FOR CRITICAL ASSETS | EUROPE 17 - 18 November 2015
Upcoming events • Cyber Security for Critical Assets Summit USA, 16th - 17th March 2016, Houston, Texas EVENT SPONSORS
CREATING BESPOKE STRATEGIC BUSINESS EVENTS, CONFERENCES, SUMMITS AND WEBINARS
London, UK
CYBER SECURITY
FOR CRITICAL ASSETS | EUROPE 17 - 18 November 2015
Recent attacks on critical automation systems prove that cyber-attacks can have significant impact on critical infrastructures and essential national services. Penetration of these ICT capabilities may have disastrous consequences for the safety and functioning of EU Member States. The need to ensure ICT robustness against cyber-attacks is thus a key challenge at a national and pan-European level.
FOCUS OF THE CONFERENCE As risks increase and spending on cyber security soars, the 7th Cyber Security for Critical Assets Summit, brings together security thought leaders with the aim of encouraging discussion and sharing amongst the key asset owning companies in Europe. Process control and corporate IT professionals from the Chemicals, Utilities and Oil & Energy sectors will come together to bridge the gap between their departments through meaningful security-focused conversation and debate. This in turn will allow them to build the robust security policies that will protect Europe’s critical assets tomorrow.
EVENT SPONSORS
CREATING BESPOKE STRATEGIC BUSINESS EVENTS, CONFERENCES, SUMMITS AND WEBINARS www.qatalystglobal.com
www.criticalcybersecurity.com
Cyber Security For Critical Assets | EUROPE | 17-18 November 2015
PRESENTING SPONSORS
Lockheed Martin www.civil.lockheedmartin.co.uk
At Lockheed Martin UK Information Systems & Global Solutions we put business first, providing business technology solutions to make our customers’ operations smarter, more efficient, and more profitable. We offer a full spectrum of support to all aspects of managing Process Security, Process Safety, Information Management and IT. Our industry experts have decades of experience in the Energy sector, meaning we know your business today, and have ingenious technology solutions for the challenges of tomorrow. Our energy customers are all about optimising production.
PhishMe www.phishme.com
PhishMe® is the leading provider of threat management for organisations concerned about human susceptibility to advanced targeted attacks. PhishMe’s intelligence-driven solutions empower employees to be an active line of defence by enabling them to identify, report, and mitigate phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, delivering measurable results to help inform and adapt an organisation’s security programs.
Restrata www.restrata.com
Restrata is multi-disciplinary security Front End Engineering Design consultancy with the capability to implement integrated security solutions in the built environment and with specific expertise in critical infrastructure domain in the UK, Middle East and Africa. We take a risk based approach to security design and are now specifically focused on helping our clients improve their capability to manage their Governance Risk and Compliance in the cyber domain and in helping them deliver active cyber defence measures in depth. Nozomi Networks SA provides an innovative, dedicated security solution for SCADA/ICS systems. Our in-field experience in SCADA systems and industry-proven quality software engineering skills provide a best-in-class solution for Critical Infrastructure security needs.
Nozomi www.nozominetworks.com
PLATFORM SPONSORS
02
Darktrace www.darktrace.com
Resilient www.resilientsystems.com
Named ‘Best Security Company of the Year’ in the Info Security Products Guide 2015, Darktrace is one of the world’s leading cyber threat defense companies. Its Enterprise Immune System technology detects previously unidentified threats in real time, powered by machine learning & mathematics developed at the University of Cambridge, which analyze the behavior of every device, user and network within an organization.
Resilient Systems (formerly Co3 Systems) empowers organizations to thrive in the face of cyberattacks and business crises. Resilient’s leading Incident Response Platform (IRP) arms response teams with workflows, intelligence, and deep-data analytics to react faster, coordinate better, and respond smarter. Resilient’s security, privacy, and action modules provide organizations with agile, collaborative, and comprehensive action plans.
ASSOCIATE SPONSORS Cyberbit www.cyberbitc.com
CYBERBIT as a global leader in the Cyber arena, offers high end, end-to-end solutions and products for both the emerging markets of Cyber Security and the Cyber Intelligence. CYBERBIT provides comprehensive solutions and exclusive capabilities with worldwide large scale deployment experience as well as global support services on both technological and operational aspects.
NETWORKING SPONSORS
BAE Systems www.baesystems.com
SCADAfence www.scadafence.com
At BAE, we help nations, governments and businesses around the world defend themselves against cybercrime, reduce their risk in the connected world, comply with regulation, and transform their operations. We do this using our unique set of solutions, systems, experience and processes - often collecting and analysing huge volumes of data.
SPEAKERS Oren Aspir CTO Cyberbit
MEDIA PARTNERS
Burim Bivolaku Global Chief Information Security Officer Noble Group Andrea Carcano CEO Nozomi Networks
Shash Patel Director, Information Risk Management & Privacy Air Products
Barry Coatesworth Cyber Security Transformation Consultant
Alasdair Rodgers Director Consulting and CTO Restrata
Joe Dauncey Head of Information Risk and Security SSE Plc
Randi Røisli Joint Venture IT Technical Security Lead Shell
John Dickinson Cybersecurity Control Systems Manager Sellafield Ltd
Prof. M. Angela Sasse Professor of Human-Centred Technology University College London
Eduardo Di Monte Director of Business Continuity AGBAR
Andy Sceats Managing Director Phishme
George Eapen CISO GE Middle East
Mark Swift CISO Trafigura
Dirk Fleischer CSO LANXESS
Steven Trippier Head of Cybersecurity Anglian Water Services
Chris Hankin Director of the Institute for Security Science and Technology Imperial College London Gerhard Heusinkveld Global Expert Process Control DSM Engineering DSM
Johan Vandendriessche Partner - Visiting Professor in ICT Law” at the University of Ghent Crosslaw Scott Keenon Process Security Commercial Lead Lockheed Martin
Erwin Kooi Lead Security Architect Alliander
Graham Wright CISO & Global Head of Digital Risk and Security National Grid
Ad Krikke CISO & DBS Security Manager DSM
Peter Armstrong Executive Director – Cyber Willis Steven Bailey Head of Cyber Security Research Cassidian Cyber Security Greg Day VP & CSO, EMEA Palo Alto Networks Howard Eakin Information Protection Leader EMEA ConocoPhillips
T: +44 203 740 9106 | E: [email protected] | A Conference by Qatalyst Global | www.qatalystglobal.com
Jean-Dominique Nollet Head of Forensic Laboratory, European Cybercrime Centre EC3 Europol Rob Orr Head of Information & Cyber Security Regulation, Civil Nuclear Security Office for Nuclear Regulation
David Atkinson Cyber Security Specialist Darktrace
STEERING COMMITTEE SCADAfence offers cutting edge cyber security solutions, designed to protect the manufacturing industries and critical infrastructure. Traditional IT Security technologies are inadequate due to the different requirements, technologies and components which are found in industrial networks. SCADAfence’s first solution is a non-intrusive network monitoring solution designed to ensure the operational availability of ICS/SCADA networks.
Chris Neely Director of Sales Engineering Resilient Systems
For further information and for speaker profiles please visit:
www.criticalcybersecurity.com Florian Haacke CSO RWE AG
Mark Swift CISO Trafigura
Chris Hankin Professor Imperial College
Andrew Wadsworth Head of Process Control Security Lockheed Martin
Dr. Jean-Marc Rickli Senior Lecturer, Department of Defence Studies King’s College London Christos Sgaras Senior Information Security Specialist Europol
For further information and for Steering Committee profiles please visit: www.criticalcybersecurity.com
03
www.criticalcybersecurity.com
Cyber Security For Critical Assets | EUROPE | 17-18 November 2015
CONFERENCE DAY ONE Tuesday 17th November 2015 08:00 Registration 08:30
Opening Address from the Chair, Shash Patel, Air Products
08:40 Opening Panel: New Threats in a New World: What Are You Doing in Response to the Changing Threat Landscape?
11:10 Platform Presentation: The Industrial Immune System: Using Machine Learning For Real-Time Threat Detection Across OT and IT
The opening panel will examine what new threats are arriving on the cyber scene and how the threat landscape is changing for companies working within the critical infrastructure sector. We will also take a brief look at novel detection tools, as well as how we can mitigate threat without sacrificing flexibility for employees and most importantly the business.
• Learn why ‘immune system’ technologies represent a fundamental innovation for cyber defence • Discover how to apply machine learning and mathematics to detect advanced, internal threats • Understand how to gain 100% network visibility to investigate emerging anomalies in real time • Hear real-world Industrial Immune System case studies
Moderator: Mark Swift, CISO, Trafigura Rob Orr
Head of Information & Cyber Security Regulation, Civil Nuclear Security
David Atkinson Cyber Security Specialist, Darktrace
Office for Nuclear Regulation Barry Coatesworth Cyber Security Transformation Consultant John Dickinson Cybersecurity Control Systems Manager, Sellafield Ltd
04
Oren Aspir CTO, Cyberbit
09:20
Presentation: Why Standard IT technology Fails in Protecting SCADA System: a Real Case
• How to build a real SCADA malware: difference between IT and OT security • Prevent tailored attacks targeting Critical Infrastructure • Real case study on protecting a National Critical Infrastructure Andrea Carcano CEO, Nozomi Networks
10:00
Speed Networking Break
10:40
Presentation: Best Practice for Incident Reporting
How do we: • Convince employees to change behavior? • Ensure criminals get caught? • Not let incidents affect direct partners • Cyber-crime is not just an IT issue - Sharing cyber incidents inside DSM helped enormously to raise awareness and improve culture and behavior
11:20
13:40
Case Study: How Did Anglian Water Create a Culture of Cyber Security Awareness?
• What caused us to shift to a security focused organisation? • How did we translate the reality of cyber-threat to the executive board? • What steps were taken to get the entire company into a “security first” mind-set? • What challenges have we faced so far as an organisation and how are we working to overcome them? • Lessons learned & looking towards the future Steven Trippier Head of Cybersecurity, Anglian Water Services
Presentation: The Unique Cyber Security Challenges Facing Critical National Infrastructure 14:20
• What makes protecting CNI a significantly more complex challenge? • Network dependencies and security • Risk assessment and responses to the threat • Creating an appropriate risk management framework and applying it to mitigate threat Graham Wright CISO & Global Head of Digital Risk and Security, National Grid
Case Study: Combatting the Enemy in Your Network
• What is the scope and organisation of corporate security at LANXESS • Current threat Scenarios facing our organisation • Criminological explanations for deviant and delinquent behaviour focusing on internal offenders • Comprehensive countermeasures undertaken by LANXESS to combat the threat Dirk Fleischer CSO, LANXESS
12:00 Presentation: Exploring the security evolution and Intelligence driven defence including: • A look at the rapidly changing Threat Landscape • Top threats and the top impacts • Would you know if your system was compromised? Scott Keenon Process Security Commercial Lead, Lockheed Martin
12:40
Seated Lunch
Ad Krikke CISO & DBS Security Manager DSM Business Services
T: +44 203 740 9106 | E: [email protected] | A Conference by Qatalyst Global | www.qatalystglobal.com
16:10
Case-Study: Managing Information Sharing with Joint Ventures
• Risks when working with Joint Ventures, where does IT fit in and why use energy in this space? • What are the potential information risks when partnering with an external organisation? • How do we protect our IT infrastructure, which controls are relevant? • A look at our “joint-venture story” Randi Røisli Joint Venture IT Technical Security Lead, Shell
16:50
Presentation: Strategies for Effective Integration of Business IT and Process Control Systems
• How did DSM handle a global roll-out of a MES in our Business Group • How was departmental cooperation achieved from architecture to handover to Managed Operations • Examining a mutual learning process whereby: - Process Control and Automation engineers had to learn to lessen their attention to technical designs of architecture etc. and focus on UX - IT needed to learn to deal with specific plant automation requirements Gerhard Heusinkveld Global Expert Process Control DSM Engineering, DSM
15:00
Presentation: Staying Afloat: Response Plans That Allow Business Continuity in the Face of Attack
• Arguably too much attention is given to preventing an emergency which may be inevitable • How can we construct a solid incident and crisis management plan • How does crisis management fit into a broader cybersecurity strategy and defence of critical assets • How do you mix both worlds? • Case study example of response to an attack or major event Eduardo Di Monte Director of Business Continuity, AGBAR
15:40 Networking Break
17:30
Chairman’s Closing Address
17:40
Networking Drinks & Canapés
05
www.criticalcybersecurity.com
Cyber Security For Critical Assets | EUROPE | 17-18 November 2015
CONFERENCE DAY TWO Wednesday 18th November 2015 08:00 Registration 08:30
Welcome Address from the Chair, Shash Patel, Air Products
08:40
Opening Panel: Let’s Examine the Role of International Governing & Regulatory Bodies in the Cyber Scene
10:50
Presentation: Present and Future Legal Considerations for Constructing a Cyber Security Policy
We will open day two by bringing to light questions relating to the accepted role of international governing bodies and law-enforcement agencies in cybercrime. The session will include speakers from governing bodies, as well as ones from industry. It will look at how we can work at increasing collaboration and making the most of the support given by law enforcement.
• An overview of current and planned relevant EU legislation • What are the data protection principles and how can you stay on the right side of data protection laws? • What laws currently govern security obligations and breach reporting? • How is EU and national legislation likely to change in the near future? • What you can do to stay abreast of the changes ahead
Moderator: Joe Dauncey Head of Information Risk & Security, SSE plc
Johan Vandendriessche Partner, Crosslaw
Dirk Fleischer CSO, LANXESS Chris Hankin Director of the Institute for Security Science and Technology Imperial College London George Eapen CISO, GE Middle East
06
Jean-Dominique Nollet Head of Forensic Laboratory, European Cybercrime Centre EC3 Europol
09:20
Presentation: Critical Success Factors in the Design of a Security Operations Centre (SOC) - the need to address risk in the People, Process and Technology domains
• Technology alone is not enough to stand up to cyber threats • Attention needs to be paid to the people, policy, operations and cyber management that bring about security • This presentation examines an enterprise-wide approach to cyber security, where no stone is left unturned Alasdair Rodgers Director Consulting, CTO, Restrata
10:00
Networking Break
10:30 Presentation: Personal Development in a Cyber Asset World
• Why is it so hard? Why haven’t we fixed all these problems already? • What are the competencies needed to safeguard the cyber assets of our organisations • How do we adapt our organisations to manage the cyber risk? Joe Dauncey Head of Information Risk & Security, SSE plc
11:30
Platform: Do you have a plan B?
With the increasing number of incidents and a global shortage of cyber security professionals, organisations need to focus beyond prevention and detection and look instead to their response strategy. Chris Neely from Resilient Systems will cover the fundamentals of Resilient’s award winning Incident Response Platform and how it enables organisations to react faster, coordinate better and respond faster to major cyber attacks and business crises.
Chris Neely Director Sales Engineering, Resilient Systems
11:40
Presentation: The Human Factor: Designing Employee Centred Policies Which Will Maximise Secure Behaviour
• Let’s look at some reasons for why employees ignore security and compliance rules • How can we leverage trust relationships to improve security in organisations? • Why is employing a “fear tactic” to gain compliance likely to fail? • Examples and lessons learned from research in this area
12:50
Seated Lunch
13:50 Presentation: Managing Complex and Evolving Cyber Threat Landscape Using Actionable Cyber Threat Intelligence • Overview of the Cyber Threat landscape • Overview of Cyber Threat Intelligence approaches • Intelligence Sharing and benefits with working with intelligence agencies • Combating APT’s using up-to-date cyber threat intelligence • Using Cyber Threat Intelligence as way to focus and prioritize security resources • Challenges for a successful implementation of Cyber Threat Intelligence programme Burim Bivolaku Global Chief Information Security Officer, Noble Group
14:30
Presentation: Knowing Your Assets: The Importance of Structured Data Management
With no structured assessment of their own assets, many companies are unaware of just how much data they have and where it is • Without a clear understanding of data ownership it is impossible to adequately assess the threat and thus protect yourself • How does data management improve risk assessment and efficacy information security protocols? • What are steps you can take to better manage your vast amounts of corporate data Shash Patel
Prof. M. Angela Sasse
Director, Information Risk Management & Privacy, Air Products
12:20
15:10
Professor of Human-Centred Technology, University College London
Presentation: Defending Against Phishing; Preparing and Using Human Defences
As the security industry has continually failed to cultivate the human element of security, phishing has become the top attack vector for cyber criminals and APT. Despite this, many organizations overlook the potential value humans can provide to their security posture. In this presentation, Andy Sceats will discuss how to reduce susceptibility to human-targeted attacks by providing immersive simulated phishing and how to empower users to be human sensors that can recognize and report suspected attacks, thus reducing the attack detection window.
Andy Sceats Managing Director, Phishme
T: +44 203 740 9106 | E: [email protected] | A Conference by Qatalyst Global | www.qatalystglobal.com
Refreshments & Networking
15:30
Case Study: How did Alliander Respond Internally to a Recent Wave of Cyber Attacks on the Utilities Sector
• With recent utility cyber incidents, how did we go about measuring the risk to our organisation? • Building a robust risk management strategy which includes prevention, detection and protection • What were the greatest challenges and how are we looking to overcome them? • What still needs to be done to complete our journey towards cyber safety? Erwin Kooi Lead Security Architect, Alliander
16:10
Group Activity: How Do You Create a Level Understanding of Cyber Security Threats for both IT and Process Control Departments
Process control systems are increasingly becoming the prime target for cyber attackers and spear phishing of engineers is becoming a common attempt to take down the control system. This session will present new research and discuss what should companies do to tighten controls, education, and security for process control departments. We will also look at IT/OT integration strategies Chris Hankin
Director of the Institute for Security Science and Technology
Imperial College London
17:00
Chairman’s Closing Remarks
07
www.criticalcybersecurity.com
London, UK
CYBER SECURITY
FOR CRITICAL ASSETS | EUROPE 17 - 18 November 2015
Upcoming events • Cyber Security for Critical Assets Summit USA, 16th - 17th March 2016, Houston, Texas EVENT SPONSORS
CREATING BESPOKE STRATEGIC BUSINESS EVENTS, CONFERENCES, SUMMITS AND WEBINARS
