September

Monday-Thursday,
29 May – 1 June 2023

NO TRAVEL NEEDED

The event will be held in Scotland or available virtually through this platform

GUEST EXPERTS

Technical Content and Training Courses

LEARN & NETWORK

Learn & Network

AboutThe Event intro

This brand new event will focus on the leading international standards and conformance systems that are being used to keep operational technology (OT) safe and secure in industries such as energy, manufacturing, building automation, and more. New developments within the ISA/IEC 62443 standards series will be highlighted and technical training and certification programs designed to help you implement the standards into your business operations and workforce will be reviewed.

Regulators in the North Sea are asking contractors detailed questions about OT Cybersecurity, especially on operations classified as critical infrastructure. This increased scrutiny has resulted in more detailed contractual requirements. Insurance companies are also looking for specific details before writing a cybersecurity policy. ISA has established a series of industrial cybersecurity standards that serve as your roadmap to improve security and protect your operations with strategies such as zero trust architecture and OPC/protocols.

Professionals involved in the security process should attend this event to learn more about workforce development strategies, hardware and software protection practices, and ways to improve infrastructure and data security measures.

Whyshould I attend? top reasons

Professionals involved in the security process should attend this event to learn more about workforce development strategies, hardware and software protection practices, and ways to improve infrastructure and data security measures.

Join an audience of fellow technical professionals including

  • Automation Engineers
  • Process Control Engineers
  • Security Engineers
  • QA Engineers
  • Plant Engineers
  • Manufacturing Engineers
  • ICS Cybersecurity Engineers
  • Digital Transformation Managers
  • Engineering Managers
  • Security Operations Center (SOC) Managers
  • Compliance and Risk Managers
  • Chief Information Officers (CIOs)
  • Chief Information Security Officers (CISOs)
why attend

AgendaPreliminary Programschedule

Agenda

May 29, 2023 08:00

ISA Technical Training Opportunity: CyberSensors: Advancement in Automation CyberPhysical Security (IC87C)

NOTE:  Onsite/In-person delivery

CEU Credits: .7
Course Hours: 8:00 a.m - 4:00 p.m.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.

Description:

The industrial processing and manufacturing world face considerable technical and practical challenges as it strives to provide safe, secure, profitable operations in a wide range of settings with varying levels of automation. In many instances where new sensors and instrumentation technology are being developed for specific use cases identified by the manufacturers, the vendors arrive at solutions that require remote access, may or may not require interoperability with legacy equipment. Perhaps even more importantly is that such system designs and associated operational processes come into direct conflict with cybersecurity demands. The issues – technical, logistical, programmatic – associated with cybersecurity for automation systems continue to expand in scope and urgency. This is driven by the increasing use of network-centric components and instrumentation that is integrated into modern DCS, SCADA, Cloud-Edge and IT/OT systems. This has led to greater capability and connectivity from the advancements of sensors in industrial technologies with a clear need of cybersecurity. This course provides the student with the placement and usage of CyberSensors in your overall strategy.

Who should attend?

  • Project Engineers
  • Maintenance Supervisors and Technicians
  • Analyzer Supervisors and Technicians
  • Measurement Technicians
  • IT/OT Security Professionals
  • SCADA and Automation Engineers
  • Red Team/Blue Team Penetration Testers

Steve Mustard, PE, Eur Ing, CEng, CAP, GICSP, CMCP, FIET
ISA Instructor

May 29, 2023 08:00

ISA Technical Training Opportunity: Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) - Day 1 of 2

NOTE:  Onsite/In-person delivery

CEU Credits: 1.4
Course Hours: 
8:00 a.m - 4:00 p.m.
Certification of Completion: 
A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course.

Description:

The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

 

You will be able to:

  • Discuss the principles behind creating an effective long term program security
  • Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
  • Define the basics of risk and vulnerability analysis methodologies
  • Describe the principles of security policy development
  • Explain the concepts of defense in depth and zone/conduit models of security
  • Analyze the current trends in industrial security incidents and methods hackers use to attack a system
  • Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

 

You will cover:

  • Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
  • How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
  • Creating A Security Program:  Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • Risk Analysis:  Business Rationale | Risk Identification, Classification, and Assessment 
  • Addressing Risk with Security Policy, Organization, and Awareness: Cyber Security Management System Scope | Organizational Security | Staff Training and Security Awareness
  • Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
  • Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
  • Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
  • Validating or Verifying the Security of Systems: What is being done? | Developing Secure Products and Systems

 

Classroom/Laboratory Demo:

  • PCAP Live Capture Analysis

 

Includes ISA Standards:

  • ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
  • ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels

Glenn Merrell, CAP
ISA Instructor

May 30, 2023 08:00

ISA Technical Training Opportunity: Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) - Day 2 of 2

NOTE:  Onsite/In-person delivery

CEU Credits: 1.4
Course Hours: 
8:00 a.m - 4:00 p.m.
Certification of Completion: 
A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course.

Description:

The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

 

You will be able to:

  • Discuss the principles behind creating an effective long term program security
  • Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
  • Define the basics of risk and vulnerability analysis methodologies
  • Describe the principles of security policy development
  • Explain the concepts of defense in depth and zone/conduit models of security
  • Analyze the current trends in industrial security incidents and methods hackers use to attack a system
  • Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

 

You will cover:

  • Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
  • How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
  • Creating A Security Program:  Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • Risk Analysis:  Business Rationale | Risk Identification, Classification, and Assessment 
  • Addressing Risk with Security Policy, Organization, and Awareness: Cyber Security Management System Scope | Organizational Security | Staff Training and Security Awareness
  • Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
  • Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
  • Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
  • Validating or Verifying the Security of Systems: What is being done? | Developing Secure Products and Systems

 

Classroom/Laboratory Demo:

  • PCAP Live Capture Analysis

 

Includes ISA Standards:

  • ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
  • ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels

Glenn Merrell, CAP
ISA Instructor

May 31, 2023 08:00

ISA Technical Training Opportunity: Cybersecurity Awareness for Industry Professionals (IC31C)

NOTE:  Onsite/In-person delivery

CEU Credits: .7
Course Hours: 8:00 a.m - 4:00 p.m.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.

Upon completion of this course, you will be able to:

  • Define the types of cybersecurity risks that the oil and gas industry and energy sector face.
  • Identify the recommended standards and best practices.
  • Use risk analysis techniques to quantify and prioritize your organization’s cybersecurity risks.
  • Define key OT architectures and components, and the cybersecurity issues related to them.
  • Apply the fundamental cyber-hygiene practices applicable to all chemical industry organizations.
  • Identify the cybersecurity issues associated with remote working.

Steve Mustard, PE, Eur Ing, CEng, CAP, GICSP, CMCP, FIET
ISA Instructor

May 30, 2023 08:00

OPTIONAL Workshop Opportunity: Cyber Incident Response (ICS4ICS) - Complimentary with Conference Registration

NOTE:  Onsite/In-person delivery

Incident Command System for Industrial Control Systems (ICS4ICS) is designed to improve global Industrial Control System cybersecurity incident management capabilities. ICS4ICS will leverage the Incident Command System, as outlined by FEMA, for response structure, roles, and interoperability. The Incident Command System is used by First Responders globally every day when responding to motor vehicle accidents, small and large fires, hurricanes, floods, earthquakes, industrial accidents, and other high impact situations. The Incident Command System has been tested for more than 30 years of emergency and non-emergency applications, throughout all levels of government and within the private sector.

May 31, 2023 08:30

DAY 1 Keynote Presentation: International Cybersecurity

Megan Samford
VP, Chief Product Security Officer - Energy Management, Schneider Electric and Former ISAGCA Advisory Board Chair

June 1, 2023 08:30

DAY 2 Keynote Presentation: International Cybersecurity

Cheri Caddy, Deputy Assistant National Cyber Director for Cyber Technology and R&D
Office of the National Cyber Director/The White House

FAQsFrequently Asked Questions inquire


Increase your understanding of how to use standards and conformance systems to keep operational technology (OT) safe and secure.

We look forward to having you with us in May for this international event in Aberdeen, SCOTLAND !