Session Managers: Richard Edyvean, Tim Harwood, and Tyler Williams
In the modern computing environments it is vital that all users, no matter their job or seniority,, fully understand the role they have to play in the “defence-in-depth” aspect of security risk reduction. Their knowledge and awareness of current threats and also of where their systems may be vulnerable, added to their in-depth knowledge of their systems normal operating view, makes the way they can operate as a human sensor important to the security of the both the business and ICS environment. This session will help managers and team leaders to plan for raising their staff’s awareness to help mitigate the risk.
Session Managers: Siv Houmb, Bill Jaensch, and Paula de Witte
What if the Macondo explosion was a deliberate cyber security attack? Controls and production systems are especially vulnerable to new advanced persistent threats (APT). The U.S. Department of Homeland Security (DHS) reports that 40% of attacks in 2012 targeted energy critical infrastructure assets with the threats growing from criminal and political motivations. The U.S. is implementing an aggressive 10-year plan to regulate cyber security in the energy industry and is coordinating those efforts with the international standards community. This session will discuss the framework of existing Presidential Directives and new and proposed regulatory legislation from both DHS and the Securities Exchange Commission (SEC). The session will also explore the overlap and differences between U.S. mandated and international standards. Discussion participants will include those who both support and disagree with the current approach including whether the current Presidential Directives framework will work.
Session Managers: Richard Edyvean, Siv Houmb, Tyler Williams, and Paula de Witte
The threat landscape has changed to more sophisticated, targeted attacks on specific industries. The oil and gas industry is specifically vulnerable according to the U.S. Department of Homeland Security. According to statistics, more than 40% of attacks against critical infrastructure assets were targeted at the energy industry - both for political and criminal motives. Over the past few years, cyber security hackers have morphed into sophisticated enterprises where attack tools can be ordered and sold like commodities. Unfortunately the current technologies have not evolved and matured accordingly, leaving a gap which makes the oil and gas industry a major cyber security challenge.
Session Manager: Ronald Heil
Security is not a final product, but rather a process, with a fundamental part of this process being assurance. During this session, different views and practices on providing assurance for line management and external parties will be discussed. Compliance frameworks and models as well as compliance monitoring best practices, are also presented. In this way, participants are provided with a reference of existing practices and the opportunity to share their own experiences on how they deal with assurance implementation at their respective companies.
Session Managers: Richard Edyvean, Sergio Hernando, Siv Houmb and Paula de Witte
The game has changed. From air gapped networks, in which physical security almost guaranteed the absence of problems, we have moved to a hyper connected world. ICS is not exception as an increasing number of operational technology networks are becoming more and more connected to IT networks. On top of this change in paradigm, ICS is undergoing dramatic changes in the threat landscape: different actors with different motivations, using attack vectors ranging from the very basic up to the highly sophisticated and targeting different critical systems. ICS has already been targeted, and it is likely this will be a growing trend in the future. This panel will explore how to enable security monitoring and response capabilities in ICS environments, assuming that traditional preventive security will eventually fail, creating the need to detect and respond. As well as this we will discuss the current overall situation involving monitoring and response in ICS environments, the different available technologies and their benefits and limitations, and what the usual operating models are in order to enable detective and responsive security capabilities in ICS environments. This panel will also cover other challenges, such as specialisation, heterogeneous technology and scalability.
Session Managers: Ronald Heil
Every company has preferred/authorised hardware and software assets, and presently many organisations allow employees to bring their own devices and possible applications to connect to the company infrastructure in order to perform their jobs. This introduces security concerns on both technical and management level that need to be addressed. But next to the authorised behaviour there is also an unauthorised aspect related to employees and third parties/vendors who bring their own hardware and software to perform e.g. maintenance.
How should an enterprise deal with such “user owned” devices? How is access controlled on network, operating system, application and database level? In this session, scenarios are shared and discussed, allowing participants to bring in and share their own experiences on how this topic is dealt with in their organisations.