Fill the gap in your information security strategy, minimize risks & vulnerabilities and be cyber-secured
in today’s and tomorrow’s energy infrastructure
6th Cyber & SCADA Security for Power and Utilities Industry 2019
Topics to be addressed
• OT Penetration Testing• Next-gen IDS (Intrusion
Detection Systems) in Utilities • Security through simplicity• SOC cooperation: effective
response to a rapidly evolving threat landscape
• Active Cyber Defence• What about a cybersecurity
culture?• Cyber security in the boardroom
& leadership team• Detecting industrial APT activity• OT Incident Response - How to
survive an OT Security incident• Air-gap in OT security: resurrect
or revamp the old concept?
Benefits of attending
• Meeting selected senior decision- makers from different IT Security/ ICT Risk Information Security/ SCADA & OT Security/Data Privacy divisions of leading Power & Utility companies
• Learning from the selected examples of practical approaches
• Knowledge and expertise exchange
• Direct networking with industry decision makers in a business - friendly environment
Arslan BrömmeNational Information Security OfficerVattenfall, Germany
Jarek SordylBoard MemberEE-ISAC &Cybersecurity DirectorPERN, Poland
Yosi ShneckHead of Cyber Entrepreneurship & Business Development IEC, Israel
Michael Walter KnuchelHead of SAS EngineeringSwissgrid, Switzerland
Kaj PaananenHead of Cyber SecurityUponor, Finland
Peter Ulrik SchjøttCyber Security Business ArchitectVestas, Denmark
Dr. Sandro GayckenDirector Digital Society Institute ESMT Berlin, Germany
Arnold SchuurICS/SCADA Security EngineerICS Defense, The Netherlands
Hervé van WayenbergeCISO Sibelga, Belgium
Jos MentingChief Technologist - CybersecurityENGIE Laborelec, Belgium
Felix SchillerIT-Security Manager50Hertz Transmission, Germany
Panagiotis PanousosInformation & CommunicationsTechnology (ICT) DirectorDESFA, Greece
Greg ChawkeEnterprise Security Architect Ervia, Ireland
Guido GluschkeDirector Institute for Security and SafetyBrandenburg University of Applied Sciences, Germany
Dr. Stefan A. DeutscherProject Advisor toWorld Economic Forum, Germany
Workshop LeaderJan-Tilo KirchhoffManaging Director Compass Security, Germany
Cyber Security Series
Speaker Panel
MEDIA PARTNERS
PARTNER
Berlin, Germany
25th-27th of September 2019
INTERACTIVE WORKSHOP Led by Compass Security
w
Coffee & Networking18:00
17:45 Summary & Closing Remarks by the Workshop Leader
25th of September
15:30 Registration & Welcome Coffee
16:00 Opening Address by the Workshop Leader
OT PENETRATION TESTING
16:15 Penetration testing OT Environments• Safety!= Security – Common misunderstandings between
IT and OT staff• Vulnerability Assessments vs. Penetration Tests – What do I need and
what can I expect• Special requirements and challenges for security assessments in OT• Real world examples of OT Security Issues
Jan-Tilo Kirchhoff - Managing Director Compass Security, Germany
Workshop OutlineWhile conducting vulnerability assessments and penetration tests on office networks and web based services and applications are a staple of todays information security management some organizations still struggle with applying the same measures to there OT environment. In this workshop we will explore the similarities and differences of planning and conducting security assessments of OT environments. Based on real world examples we will demonstrate how attackers attempt to interfere with OT systems and how publicly known attacks have informed the methods used by penetration testers today. Using examples selected from our ICS and IOT security courses participants will get the chance to gain insights and hands-on experience in the realm of OT security.
About Compass SecurityCompass Security Deutschland GmbH, as an independent branch of the Swiss Compass Security Network Computing AG, is a company specializing in security assessments and forensic investigations and is based in Berlin. They carry out penetration tests and security reviews for the clients, enabling them to assess the security of their IT systems against hacking attacks, as well as advising them on suitable measures to improve their defenses. Founded in 1999 Compass Security has over 20 years of experience in national and international projects. Close collaboration with universities enable Compass to perform field research. Thus, the security specialists are always up-to-date.
6th Cyber & SCADA Security for Power and Utilities Industry 2019
Berlin, Germany
25th-27th of September 2019
8:30
9:00
Registration & Welcome CoffeeOpening Address from the Chairman
10:30 Coffee & Networking Break
15:20 Coffee and Networking Break
Conference Day One
26th of September
6th Cyber & SCADA Security for Power and Utilities Industry 2019
Berlin, Germany
25th-27th of September 2019
Closing Remarks from the Chair & Wrap up of Day 117:20
Cocktail Reception17:30
INTRUSION DETECTION SYSTEMS & CYBER-DEFENCE FRAMEWORKS
09:10
• Implementation of IDS: how to improve the network visibility• Configuration challenges: how to deal with them• 2/3/4G as well as clear text radio: evaluate and mitigate the
risks
IDS (Intrusion Detection Systems) in OT & RTU connections via own fiber
09:50
• What challenges are the critical utilities phasing today in regards to Cyber Security?
• What does security through simplicity actually mean ?• How to get there ?• Practical Examples or how you could get there
Security through simplicity
Lunch Break, Coffee and Networking12:20
Booking Contact: Reda Bernard tel:+420 228 885 146 fax:+420 255 709 599 email: [email protected]
Arslan BrömmeNational Information Security OfficerVattenfall, Germany
14:00 Active Cyber Defence• What is Active Cyber Defence• The way how to collaborate with National Governmental
Institutions • Current situation in Europe
Panel Discussion Corporate cyber security awareness – latest developments and trends• What is your corporate cyber security philosophy? • Holistic approach to cyber security internal programs• Practical tips to ensure that protection of company’s data is a
topmost priority of the staff • Awareness programs & adopting good ‘cyber-hygiene’• Delivering the message ‘we can be out of business’ if
remained uneducated in risk management
16:40
11:00 Coordination and Cooperation from the perspective of the Energy Computer Emergency Response Team• Threats and vulnerabilities in Energy sector and response to
that• SOC and CERT as special teams responsible for support
organization in cybersecurity• Cooperation between organizations as a key point to success• Sharing information at national and international level and
role of ISACs
CYBER SECURITY ASPECTS & SOCIAL ENGINEERING
16:00 SOC cooperation: effective response to a rapidly evolving threat landscape• What is a SOC, IT and OT SOCs• The problem with a SOC and integration with Incident
Response• Reference model for SOC/Incident Response integration• Insourcing vs outsourcing, partly or fully• Discussion of risks and pitfalls
14:40 What about a cybersecurity culture?• Why is a cybersecurity culture a need?• What is to be taken into account?• How can you measure cybersecurity culture
Peter Ulrik SchjøttCyber Security Business ArchitectVestas, Denmark
Jos MentingChief Technologist – CybersecurityENGIE Laborelec , Belgium
11:40• The cyber challenge in utilities complex systems – IT/OT &
the new VT• Outside the box risk management – in contradiction to the
traditional cyber risk assessment• The cyber organization dilemma – distribution, integration,
professionalism and much more• SCADA and complex systems validation on the fly – digital
twin validation at any stage of process or system life cycle• The organizational cyber picture – Vincent van Gogh or
Gustave Courbet – the challenge of cyber decision makers• Cyber Attack demonstration on a critical utility asset
The cyber picture – is it real?
Yosi ShneckHead of Cyber Entrepreneurship & Business Development IEC, Israel
Michael Walter KnuchelHead of SAS EngineeringSwissgrid, Switzerland
Jarek SordylCybersecurity DirectorPERN & EE-ISAC, Poland
Hervé van WayenbergeCISOSibelga, Belgium
Panelists: Hervé van Wayenberge- Sibelga, Belgium;Jos Menting - ENGIE Laborelec , Belgium;Stefan A. Deutscher - Project Advisor to World Economic Forum
Conference Day Two
10:30 Business Card Exchange and Coffee BreakOpportunity for the participants to share their contactinformation with each other dedicated specifically to strengthening business connections with the industry peers.
08:30
09:00
Registration & Welcome CoffeeOpening Address from the Chairman
Closing Remarks from the Chair & Wrap up of Day 217:20
17:30 Coffee and Networking
16:40 Panel DiscussionIncident reporting & response management• Strengthening information-sharing and plans to cyber
incidents• How to effectively plan and implement technical security
measures, active monitoring systems and regular threat assessment
• Establishing internal collective emergency response teams and technologies
• Incident evaluation• Ensuring business continuity
6th Cyber & SCADA Security for Power and Utilities Industry 2019
Berlin, Germany
25th-27th of September 2019
12:20 Lunch Break, Coffee and Networking
27th of September
INDUSTRIAL, SCADA & OT CYBER SECURITY
Booking Contact: Reda Bernard tel:+420 228 885 146 fax:+420 255 709 599 email: [email protected]
CYBER SECURITY MANAGEMENT
15:20 Coffee and Networking Break
OT Incident Response - How to survive an OT Security incident• How to prepare for an OT Security incident? • How to respond to an OT incident?• How to recover from an OT incident?• Lessons learned
11:00
09:50 Cyber Resilience in the Electricity Ecosystem• Insights from the World Economic Forum project• Key principles for senior leaders• Good practices and lessons learned
Air-gap in OT security: resurrect or revamp the old concept? • Definition• Old VS new DESFA network: the “wins” and the “losses”• Convergence vs isolation: how much air(-gap) can we take?• Things taken into account when securing the OT• Balancing the odds• DESFA’s experience & future thoughts
11:40
• Elements of a cyber security strategy• Implementing an ISMS by using ISO 27001• Impact of new trends, such as digitalization and SOC• Cyber security education
Cyber Security Strategy in the Energy Sector14:40
Panagiotis PanousosInformation & Communications Technology (ICT) DirectorDESFA, Greece
09:10• What makes an attacker an advanced persistent threat?• Presenting advanced techniques known from past activity• How can attacks be detected?• Approaches on detecting unknown attacker activities
Detecting industrial APT activity
Felix SchillerIT-Security Manager50Hertz Transmission, Germany
The evolution and future of OT-Security• How the OT security has developed (where we are now)• What are the current major changes in it• What will the future look like (for OT security)
14:00
Kaj PaananenHead of Cyber Security Uponor, Finland
Arnold SchuurICS/SCADA Security EngineerICS Defense, The Netherlands
Panelists: Arnold Schuur - ICS Defense, The Netherlands;Guido Gluschke - Brandenburg University of Applied Sciences, Germany;Dr. Stefan A. Deutscher - Project Advisor to World Economic Forum
Dr. Stefan A. DeutscherProject Advisor toWorld Ecnomic Forum, Germany
Guido GluschkeDirector Institute for Security and SafetyBrandenburg University of Applied Sciences, Germany
16:00• Today’s Threat Vectors and the Digital Threat Landscape• Preparing for Executive and Board communications• What to do when it goes wrong
Cyber Security in the boardroom & leadership team
Greg ChawkeEnterprise Security ArchtectErvia, Ireland
For upcoming events, you can visit our website
www.prosperoevents.com/upcoming-events
What we do
We help decision makers in European energy industry to benchmark best practices by organizing peer-to-peer conferences.
What we promise
We promise the longest average minutes (at least 10 minutes within 2 days per participant) of direct peer-to-peer networking with the most senior, relevant, committed, innovative and open-minded end-user experts in Europe about specific energy industry related topics.
How we keep our promise
If our customer finds any other conference in Europe about the same topic with longer average networking time per participant and higher level of networking, then we will refund the registration fee in full in the form of Credit Note that can be used for any of our conferences upcoming 12 months.
Berlin, Germany
25th-27th of September 2019
6th Cyber & SCADA Security for Power and Utilities Industry 2019
PARTNER
6th Cyber & SCADA Security for Power and Utilities Industry 2019
Berlin, Germany
25th-27th of September 2019
MEDIA PARTNERS
Critical Infrastructure Protection Review is the go-to destination for the latest news, insights and expert knowledge, and designed to assist governments, public and private sectors in improving security and resilience of vital critical infrastructures, strengthening their preparedness to withstand and recover from the physical and cyber attacks. For more information, please visit: http://www.criticalinfrastructureprotectionreview.com/
Cyber Defense Magazine is by ethical, honest, passionate information security professionals for IT Security professionals. Our mission is to share cutting edge
knowledge, real world stories and awards on the best ideas, products and services in the information technology industry. For more information, please visit: https://www.cyberdefensemagazine.com/
The Israel Electric Corporation (IEC) is a public and government-owned company, generating and supplying electricity to all sectors; approx. 99.85% of the shares are government-owned. Its activities include the generation, transmission and transformation, distribution, supply and sale of electricity to customers. IEC owns and operates 17 power stations with 63 generating units: 18 steam-driven and 45 gas turbines, of which 14 are combined-cycle units. Its Installed is 13,617 MW. IEC supplies reliable high-quality electricity, complies with leading service standards, maintaining economic, commercial and environmental principles. IEC
is partnering FTTH (Fiber to the HOME) initiative in Israel. IEC employs around 11,000 employees and provides service to approx. 2.8M customers. IECYBER is an elite unit in IEC, providing battle proven portfolio of unique cyber solutions and services. The cyber portfolio, including cyber defense and cyber resilience solutions, is based on vast, real life daily experience, gained in challenging geopolitical environment and atmosphere, focused to protect one of the most critical infrastructure companies, and main vertically integrated electricity supplier in Israel.
ASSOCIATION PARTNER
The European Energy - Information Sharing & Analysis Centre (EE-ISAC) is an industry-driven, information sharing network of trust. EE-ISAC helps utilities to improve the cyber security and resilience of their grid by enabling trust-based data and information sharing. Founded in 2015, EE-ISAC is a joint initiative of 4 major European utility companies together with universities, governmental bodies and technology providers.
The Cyber Security Review is designed to draw on the combined knowledge, skills and expertise of the cyber security community to identify the emerging threats and facilitate the development of coherent policies and robust capabilities. Our mission is to promote dialogue and provide a platform for information exchange and cooperation between stakeholders, industry, academia and security experts worldwide. For more information, please visit: www.cybersecurity-review.com