This brand new event will focus on the leading international standards and conformance systems that are being used to keep operational technology (OT) safe and secure in industries such as energy, manufacturing, building automation, and more. New developments within the ISA/IEC 62443 standards series will be highlighted and technical training and certification programs designed to help you implement the standards into your business operations and workforce will be reviewed.
Regulators in the North Sea are asking contractors detailed questions about OT Cybersecurity, especially on operations classified as critical infrastructure. This increased scrutiny has resulted in more detailed contractual requirements. Insurance companies are also looking for specific details before writing a cybersecurity policy. ISA has established a series of industrial cybersecurity standards that serve as your roadmap to improve security and protect your operations with strategies such as zero trust architecture and OPC/protocols.
Professionals involved in the security process should attend this event to learn more about workforce development strategies, hardware and software protection practices, and ways to improve infrastructure and data security measures.
Continuing Our Safe, Staged Return to Live Events
Location: Ardoe House Hotel & Spa, Aberdeen, Scotland
In addition to our virtual conference component, a live, hybrid audience location will also be available. Local attendees will be able to participate in face-to-face, live sessions, breaks, lunch, reception and tabletop exhibits. Limited space and attendance on a first-come, first-serve basis. Separate registration fee required. Simultaneously, virtual attendees will be able to experience the same scheduled speaker sessions, along with opportunities to interact with online attendees and visit our virtual exhibit hall.
Professionals involved in the security process should attend this event to learn more about workforce development strategies, hardware and software protection practices, and ways to improve infrastructure and data security measures.
Join an audience of fellow technical professionals including
June 1, 2023 08:30
Location: Ballroom Side 1
Cheri Caddy
Deputy Assistant National Cyber Director, ONCD/ The White House
June 1, 2023 09:30
Location: Ballroom Side 1
Risk Management is a key element of a cyber security program, but it is often challenging to quantify and to communicate to executives. Operational Technology (OT) security has additional complexities that need to be considered. Chris, will provide his perspective on the key elements of OT risk management including:
- Evaluating risk at a corporate level
- Building a threat-based risk model
- Engaging the organization in the discussion of risk
- Managing third party risk
- Communicating risk to senior executives
Chris McLaughlin
Johns Manville
June 1, 2023 10:00
Location: Ballroom Side 1
Carlos Beunano
Principal Solutions Architect OT, Armis
June 1, 2023 10:45
Location: Ballroom Side 1
In this session, James will discuss the UK's new Department for Science, Innovation and Technology's programs and how it raise awareness on compliance issues.
James Deacon
Head of International Standards, International Engagement and Enterprise IoT Policy, DSIT
June 1, 2023 11:45
Location: Ballroom Side 1
A certification body viewpoint on protecting the OT Supply Chain.
Jalal Bouhdada
Global Segment Director for Cybersecurity, DNV
June 1, 2023 13:15
Location: Ballroom Side 1
Join us as we break down the ISA/IEC 62443 standard series into how it applies to the asset owner, systems integrator, and product suppliers.
Why does anyone need to apply the standard? What's in it for them? Join ISA as we take a deep dive into understanding why the standard could be beneficial to you and your organization.
Moderator: Scott Reynolds
Security Engineering Manager, Johns Manville
Chris McLaughlin
Johns Manville
Anna Burrell
Senior Manager, Risk Advisory, Deloitte
Steve Mustard
Digital Security and Risk Consultant, BP
June 1, 2023 14:30
Location: Ballroom Side 1
Andre Ristaino
Managing Director, Global Consortia, Conformity Assessment, International Society of Automation
June 1, 2023 15:45
Location: Ballroom Side 1
The shift to Renewables, with its many environmental benefits, is doubtlessly one of the most abrupt shifts our industrial age has witnessed. Two decades have brought an amazing change, but the growth is expected to sky-rocket, with ambitions of leading energy companies to increase generation by multiple folds just within this decade.
Such growth is unachievable unless you build new infrastructure quickly or through acquisition – each with their cyber challenges. This is further compounded by the remote uncrewed nature of these environments.
Based on these factors, how can you manage cyber for renewables? Our research shows that a combination of traditional approaches to ICS/OT security, combined with modern security principals and techniques, is the answer.
Johnny Awad
Senior Manager Industrial Cybersecurity Strategy & Transformation Deloitte
June 1, 2023 16:15
June 1, 2023 08:30
Location: Ballroom Side 1
Cheri Caddy
Deputy Assistant National Cyber Director, ONCD/ The White House
June 1, 2023 09:30
Location: Ballroom Side 2
The indicators would suggest that high profile compromises will continue to dominate the headlines. How to protect the Sector against these growing and evolving threats, particularly when Sustainable Operations requires enhanced platform to beach connectivity? This talk provides an in context understanding of the heightened threat. Guidance on the actions to take in the near term and considerations for a longer-term strategy to mitigate the very nature of the evolving threat landscape.
Victor Lough
Cybersecurity and Solution Services Business Lead, Process Automation at Schneider Electric
June 1, 2023 10:00
Location: Ballroom Side 1
Carlos Beunano
Principal Solutions Architect OT, Armis
June 1, 2023 10:45
Location: Ballroom Side 2
Iain Rennie
Chief Technical Officer, Asset Guardian Solutions Limited
June 1, 2023 11:45
Location: Ballroom Side 2
Franky Thrasher
Manager Nuclear Cybersecurity, ENGIE Electra BEL
June 1, 2023 13:15
Location: Ballroom Side 1
Join us as we break down the ISA/IEC 62443 standard series into how it applies to the asset owner, systems integrator, and product suppliers.
Why does anyone need to apply the standard? What's in it for them? Join ISA as we take a deep dive into understanding why the standard could be beneficial to you and your organization.
Chris McLaughlin
Johns Manville
Anna Burrell
Senior Manager, Risk Advisory, Deloitte
Steve Mustard
Digital Security and Risk Consultant, BP
Moderator: Scott Reynolds
Security Engineering Manager, Johns Manville
June 1, 2023 14:30
Location: Ballroom Side 2
After a short description of what MITRE ATT&CK® for ICS is and how mitigations included in the framework could be linked to IEC 62443 risk assessment, the presenter will describe a detailed risk assessment method based on IEC 62443-3-2 that will use technical requirements linked to MITRE mitigations for risk acceptance criteria. Considering that tactics and techniques as for MITRE ATT&CK® are not based on a specific vulnerability assessment, the method will be more suitable for system integrators and automation solutions development, but it will find application also for asset owners.
Massimiliano Latini
Cyber Security Manager presso, BYHON
June 1, 2023 15:45
Location: Ballroom Side 2
Marty Bince
President, ISA
June 1, 2023 16:15
May 29, 2023 08:00
NOTE: Onsite/In-person delivery (Separate Registration Fees Apply)
CEU Credits: 1.4
Course Hours: 8:00 a.m - 4:00 p.m.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course.
Description:
The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.
You will be able to:
You will cover:
Classroom/Laboratory Demo:
Includes ISA Standards:
Willy Leuvering
ISA Instructor
May 30, 2023 08:00
NOTE: Onsite/In-person delivery (Separate Registration Fees Apply)
CEU Credits: 1.4
Course Hours: 8:00 a.m - 4:00 p.m.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course.
Description:
The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.
You will be able to:
You will cover:
Classroom/Laboratory Demo:
Includes ISA Standards:
Willy Leuvering
ISA Instructor
May 30, 2023 08:00
NOTE: Onsite/In-person delivery
Incident Command System for Industrial Control Systems (ICS4ICS) is designed to improve global Industrial Control System cybersecurity incident management capabilities. ICS4ICS will leverage the Incident Command System, as outlined by FEMA, for response structure, roles, and interoperability. The Incident Command System is used by First Responders globally every day when responding to motor vehicle accidents, small and large fires, hurricanes, floods, earthquakes, industrial accidents, and other high impact situations. The Incident Command System has been tested for more than 30 years of emergency and non-emergency applications, throughout all levels of government and within the private sector.
Brian Peterson
ISAGCA/ICS4ICS/LOGIIC Program Manager
Mark Boddy
ISAGCA
May 31, 2023 08:15
Location: Ballroom Side 1
David J Cameron
Lord Provost, Aberdeen City Council
May 31, 2023 08:30
Location: Ballroom Side 1
Megan Samford
VP Chief Product Security Officer, Energy Management, Schneider Electric
May 31, 2023 09:30
Location: Ballroom Side 1
While risks to the operational supply chain are present in all markets and industries, the devil is in the details. Understanding supply-chain vulnerability begins with understanding the supply chain, its component parts, and how these interact. This presentation will take a regional approach to the offshore operations supply chain specific to the UK continental shelf. While energy operations around the globe may share common equipment and practices, it is in the details that we are able to identify (and ultimately mitigate) the biggest security threats.
Stuart Broadley
Co-Chair UK Energy Supply Chain ministerial taskforce and Energy Co-Chair UAE-UK Business Council
May 31, 2023 10:00
Location: Ballroom Side 1
In this technology demonstration, Eaton will discuss its new product solutions and the cyber advantages for your company.
Kimberly Lukin
Lead Engineer Cybersecurity Software and System Engineering System Integration Service (SIS) EMEA, Eaton
May 31, 2023 10:45
Location: Ballroom Side 1
What cybersecurity culture really translates to is every member of an organization embracing attitudes and beliefs that drive secure behaviors when it comes to safeguarding their companies. As a consultant, Steve Mustard has extensive experience in assisting companies with embracing a cybersecurity culture. In this presentation, he will walk through the process, bumps in the road, and tips for ensuring operational success.
Steve Mustard
Digital Security and Risk Consultant, BP
May 31, 2023 11:45
Location: Ballroom Side 1
A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. A SBOM is a nested inventory, a list of ingredients that make up software components. Our speaker, Allan Friedman, has over 15 years of experience in international cybersecurity and technology policy through his former work in R&D and the US Department of Commerce. Join the expert in a detailed discussion of SBOM initiatives around the globe.
Dr. Allan Friedman
Senior Advisor and Strategist, Cybersecurity and Infrastructure Security Agency
May 31, 2023 13:15
Location: Ballroom Side 1
Join ISA and our panelists as we discuss the risk-based approach of suppliers in supply chain risk management.
Moderator: Steve Mustard
Digital Security and Risk Consultant, BP
Cheri Caddy
Deputy Assistant National Cyber Director at ONCD/ the White House
Megan Samford
VP Chief Product Security Officer, Energy Management, Schneider Electric
May 31, 2023 14:30
Location: Ballroom Side 1
May 31, 2023 15:00
Location: Ballroom Side 1
Paul Gaynor
Senior OT Security Consultant, Radiflow
May 31, 2023 15:45
Location: Ballroom Side 1
Manufacturing became the most targeted sector of cyber-attacks as of 2021, overtaking the Financial Services sector for the first time in history. Successful attacks on Manufacturing organisations are resulting in crises. This has been amplified by the hyperconnectivity across the value chain from supplier to consumer.
What have we learnt from these incidents? What are the common threads? How can we feed this into our approach to securing these environments to detect early, reduce the blast radius, prepare for the worst and recover quickly. If we haven't prepared, how do we get back on our feet whilst keeping the impact to a minimum?
Charlotte Evans
Senior Consultant, Risk Advisory, Deloitte
May 31, 2023 16:45
Location: Ballroom Side 1
How can we use the NIST NICE framework to define work roles in the OT space? This needs a degree of taking the NICE framework and amending to include non-NICE knowledge and skill to cover areas such as Control of Work, Cyber impacts to Functional Safety etc which are not covered.
Tim Harwood
CEO, SIker
May 31, 2023 17:15
May 31, 2023 08:15
Location: Ballroom Side 1
David J Cameron
Lord Provost, Aberdeen City Council
May 31, 2023 08:30
Location: Ballroom Side 1
Megan Samford
VP Chief Product Security Officer, Energy Management, Schneider Electric
May 31, 2023 09:30
Location: Ballroom Side 2
What do you need to know about threat intelligence to keep your OT systems secure? Join us for a break down of the basics. Learn to analyze, refine and organize information to use it to minimize and mitigate cybersecurity risks.
Wayne Bursey
Industrial Cybersecurity lead for Ireland and Scotland, Siemens
May 31, 2023 10:00
Location: Ballroom Side 1
In this technology demonstration, Eaton will discuss its new product solutions and the cyber advantages for your company.
Kimberly Lukin
Lead Engineer Cybersecurity Software and System Engineering System Integration Service (SIS) EMEA, Eaton
May 31, 2023 10:45
Location: Ballroom Side 2
Cybersecurity technologies advancement, operational process enhancement, and people talent maturity provide assurance in safe guarding operating facilities. However, the continued cyberthreats dictate the need for adopting a standardization model that safe guards the operating facilities when both control and the safety instrumented system layers are concurrently compromised. Hence, this presentation will introduce a proposed model for “Plant Safe Shutdown”. The model will include guidelines and best practices that support the operating facility upon a cyberattack that paralyzes human and/or machine interventions. A case study with empirical data is used in this presentation to demonstrate the enhancements and outcomes on the overall operational improvements.
Dr. Soliman Almadi
Senior Engineering Consultant, Saudi Aramco
May 31, 2023 11:45
Location: Ballroom Side 2
This session will explore the critical importance of building and maintaining an up-to-date asset inventory, and the challenges and experiences encountered in the process. The session will highlight why an accurate asset inventory is essential for developing and maturing capabilities such as threat intelligence, and how organizations can overcome common obstacles to achieve this goal. Attendees will gain valuable insights and practical strategies for improving their asset inventory management practices and enhancing their overall security posture.
Ismail Ait Mouhou
Senior Global OT Security Advisor, Shell
May 31, 2023 13:15
Location: Ballroom Side 1
Join ISA and our panelists as we discuss the risk-based approach of suppliers in supply chain risk management.
Moderator: Steve Mustard
Digital Security and Risk Consultant, BP
Megan Samford
VP Chief Product Security Officer, Energy Management, Schneider Electric
Cheri Caddy
Deputy Assistant National Cyber Director, ONCD/ The White House
May 31, 2023 14:30
Location: Ballroom Side 2
The so-called “IT/OT Convergence” may be a misnomer. While the lines between Information Technology and Operational Technology are becoming increasingly blurry, the fact that these remain two distinct stakeholder communities may inadvertently increase the security risk within a supply chain. Shared responsibility can lead to confusion and misunderstandings around the unintended consequences of software patches, device installation, data security, and governance. Understanding the risks and drivers for IT and OT can be a valuable first step in better managing the common goal of a secure supply chain and uninterrupted operations.
Anjay Mandalia
Principal SE UK, TXOne
May 31, 2023 15:00
Location: Ballroom Side 1
Paul Gaynor
Senior OT Security Consultant, Radiflow
May 31, 2023 15:45
Location: Ballroom Side 2
This presentation will look to examine the most common MITRE ATT&CK tactics used in previous energy sector incidents, coupled with current threat trends. Using Bridewell's 2023 CNI Research and dedicated security operations threat intelligence team, we will highlight common threat tactics that organisations can consider gaining a deeper understanding of the key threats that could impact their critical assets. By mapping the most common tactics to security requirements such as those in ISA/IEC 62443 3-3, organisations can prioritise the implementation of controls to effectively maintain their future cyber resilience.
Lydia Walker
Principal Consultant, Bridewell
May 31, 2023 16:45
Location: Ballroom Side 2
Incident Command System for Industrial Control Systems (ICS4ICS) is designed to improve global Industrial Control System cybersecurity incident management capabilities. ICS4ICS will leverage the Incident Command System, as outlined by FEMA, for response structure, roles, and interoperability. The Incident Command System is used by First Responders globally every day when responding to motor vehicle accidents, small and large fires, hurricanes, floods, earthquakes, industrial accidents, and other high impact situations. The Incident Command System has been tested for more than 30 years of emergency and non-emergency applications, throughout all levels of government and within the private sector.
The ISA Global Cybersecurity Alliance has joined forces with the Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity response teams from more than 50 participating companies to adopt the Incident Command System, as outlined by FEMA, for response structure, roles, and interoperability. This is the system used by First Responders worldwide daily when responding to very small and very large emergency situations like motor vehicle accidents, fires, to hurricanes, floods, earthquakes, industrial accidents, and other high impact situations.
Incident Command System for Industrial Control Systems (ICS4ICS) was explained in a webinar in June 2021. In July 2021, ICS4ICS announced that four individuals obtained their Incident Commander credentials as part of the cybersecurity first responder credentialing program. ICS4ICS clarifying information was provided during a follow-up video in August 2021.
Mark Boddy
ISAGCA
May 31, 2023 17:15