OT Cybersecurity Summit

Keynote: Security by Design - A Communication Problem?

For a long time, cybersecurity regulation has mainly addressed critical infrastructure operators. This year, the focus has shifted to product manufacturers with regulations like EU’s Cyber Resilience Act (CRA) the UK Product Security and Telecommunications Infrastructure Act (PSTI) or UNECE R155/156 for cars. In addition, national security authorities from dozens of countries, led by US CISA, are pushing security by design globally through joint recommendations, and many countries are introducing cybersecurity labels for IoT products.

If everybody wants Security by Design – then why is it still not done? Maybe it’s not the technology. Maybe not even the money. Maybe the problem we need to solve is a communication problem between product manufacturers and operators / users. Sarah substantiates this point by summarizing what the above regulations require from manufacturers and shows new approaches for communicating cybersecurity – during design as well as after design, between engineers as well as towards management and an interested public.

Sarah Fluchs
CTO, admeritia GmbH

×

Sarah Fluchs

Sarah Fluchs is the CTO of admeritia, which specialises in security consulting for the process industry, manufacturing, and critical infrastructures. Prior to her current role, Sarah has developed cybersecurity guidance for the water sector at the German Federal Office for Information Security (BSI).

A process and automation engineer herself; Sarah works on creating security engineering methods that help engineers make informed, conscious security decisions they can truly stand behind – and communicate convincingly.

Sarah has created the Top 20 Secure PLC Coding practices with Dale Peterson, Jake Brodsky and Vivek Ponnada, led a government-funded research project on security by design for ICS, and is the ISA Co-Convenor for revising the ISA/IEC 62443-3-2 standard. As of 2024, she succeeds Joe Weiss as a Co-Managing Director for ISA99.

Intelligence Evolution Track: Intro to Intelligence Evolution

In this introduction to intelligence evolution, our expert presenter will provide an overview of the latest advancements in artificial intelligence, machine learning and data analytics while exploring how these technologies are transforming the way we understand and interact with the world around us.

Megan Samford
VP, Chief Security Officer, US National Security Agreements & US Federal Business, Schneider Electric

×

Megan Samford

IoT Cybersecurity Track: The Growing Cyber Threat and Need to Respond in the OT Space

In this introductory session, Brian Holliday will talk about his experience with Made Smarter UK and provide a comprehensive overview of the fundamentals of cybersecurity. Attendees will gain a solid understanding of the key concepts, strategies and best practices for protecting digital assets and mitigating risk in today's interconnected world. Don't miss this opportunity to lay the foundation for a stronger, more secure digital future!

Brian Holliday
Managing Director, Siemens, Co-Chair Made Smarter Commission, Made Smarter UK

×

Brian Holliday

Brian Holliday is a member of the Executive Management Board of Siemens plc and Managing Director for Siemens Digital Industries, which serves the manufacturing and infrastructure sectors. He is also Chairman of Siemens Industry Software UK.

He is a supervisory board member for the High Value Manufacturing Catapult in addition to being a main board member for Make UK, the Manufacturers’ Organisation and in 2022 was appointed co-chair of Made Smarter, the national digitalisation movement to drive productivity, growth and sustainability in manufacturing.

A Chartered Engineer and Fellow of the Institution of Engineering and Technology, Brian started his career with Texas Instruments and went on to read Computer Systems at Cardiff University before joining Siemens, the global leader in electrification, automation and digitalisation in 1993.

He attained his Executive MBA at Manchester Business School in 2000 and in 2014 became a graduate of the CBI’s Executive Leadership Programme.

Brian was made a Fellow of The Royal Academy of Engineering in September 2022.

Tech Demo - Sponsored by Armis: See and Secure Every Device and Connection in the Industrial Environments

A lot of the challenges faced in today’s Operational Technology (OT) environments stem from the ever-evolving attack surface. Given growing reliance on interconnected assets and cloud services, operators in manufacturing and critical infrastructure processes are more vulnerable than ever to attack. This session will demonstrate how organisations can see, protect and manage their OT infrastructure with Armis Centrix™, the cyber exposure management platform.

Nick Morgan
Solution Architect, Armis

×

Nick Morgan

Nick Morgan possesses over 20 years experience operating as a trusted technical advisor in cybersecurity and networking. As a Solution Architect Nick helps customers to use the Armis Asset Discovery and Visibility capabilities as an enabler for their OT Security Initiatives and ISA/IEC 62443.

Intelligence Evolution Track: Leveraging an outcomes-based Approach with International Standards to Mitigate Cyber Risks

Operators of essential services, regulators, government, vendors and consultancies have been navigating their way through compliance. Although the spirit of NIS regulations is to uplift the overall level of cyber resilience for critical national infrastructure, the journey has been complex and often misunderstood by many. This presentation helps all those concerned to focus on this spirit and develop a staged approach to both satisfy compliance requirements and be resilient against the ever-evolving threats.

Mohammed Zumla
Managing Consultant, Cyber ICS

×

Mohammed Zumla

Mohammed established Cyber ICS in UK in 2018 in response to the new NIS regulations that were introduced across EU.  He headed up a new cyber regulatory function for UK’s Office for gas and electricity markets (OFGEM), and brokered relationships across lead government departments, Health and Safety Executive, UK’s National Cyber Security Centre, and the Centre for Protection of National Infrastructure.  He influenced government policy and direction for the sector and in doing so wrote the NIS guidance and NIS inspection framework in a collaborative fashion with operators. Further Mohammed wrote the RIIO2 cyber resilience methodology, which is the main instrument to providing funding for the sector by working with senior leadership, boards, and challenge groups.

Mohammed comes from a big 4 background, having built the SCADA consultancy practice whilst at Deloitte UK in 2009. He worked for Qatar Petroleum as head of Security Strategy and became the acting CSO from the onset of the Shamoon attack which affected one of the major subsidiaries. He was deputised as Sector Authority for all industry operators, established a Cyber Security Partnership Forum, performed industry risks and compliance assessments, maturity and capability assessments, and made recommendations to boards to improve the security posture and also enable digital transformation.

Mohammed led the ICS security consultancy at GE, based in Dubai, which was previously an independent boutique known as Wulrdtech. During his tenure, he helped develop regulatory instruments and then led teams to perform assessments against Critical National Infrastructure Operators. He conducted several holistic risk and compliance assessments, writing treatment options, ICS improvement tactical roadmaps and multi-year strategies with maturity capabilities.

With Mohammed’s background from big 4 consultancy, a major oil and gas operator, a major OT vendor and having worked with the EU commission and heading up a cyber regulatory function in UK, he not only provides the compliance view, but also the organisational and national risk and opportunities view, to formulate well balanced recommendations, from a technical, management and organisational perspective from an operational, tactical, and strategic viewpoint.

Mohammed has a master’s degree in information security from the prestigious Royal Holloway University, holds ICS security certifications SANS GICSP and SANS GRID, ISO 27001 lead auditor, ISO 27001 lead implementer, SABSA, TOGAF, CISSP, CISM, Certified ethical hacker, amongst various others.

Mohammed is a member of the World Economic Forum and has contributed towards working groups such as Quantum Cryptography, Cyber Resilience in Oil and Gas, and Cyber Resilience in Electricity. He is a member of CIGRE working group, regularly presents and co-chairs events at the IET in the UK. He previously advised NARUC on their regulatory approach for Cyber, and provided feedback and commentary for the EU commission, ACER, and ENTSO-E in the development of the network code for cyber security.

IoT Cybersecurity Track: Secure by Design

In this informative session, Rob Barnes will delve into the core principles of Secure by Design, a critical approach to developing secure software and systems from the ground up. Attendees will learn about best practices for incorporating security into the entire development lifecycle, from design and coding to deployment and maintenance. This talk is designed for anyone looking to enhance their understanding of how to build security into the foundation of digital products and services.

Rob Barnes
Security Systems Architect, Rolls-Royce SMR Ltd.

×

Rob Barnes

Rob Barnes has been providing specialist cyber security expertise to Rolls-Royce Civil Nuclear UK, its clients, and the Rolls-Royce Small Modular Reactor (SMR) programme since 2017. Prior to that, Barnes worked within the defence area of the business as an Information Assurance (IA) technical lead. Before joining Rolls-Royce, he spent eight years working for Dstl, a part of the UK Ministry of Defence.

IoT Cybersecurity Track: Practical Experience with NIS2 Directive Implementation Leveraging ISA/IEC 62443

The presentation explores practical insights from implementing the NIS2 Directive using mainly ISA/IEC 62443 in two large enterprises from the chemical & pharmaceutical industry and from healthcare. It details the identification of OT systems within the NIS2 scope, insight into the Czech transposition of NIS2, and steps taken to achieve compliance with NIS2, ISA/IEC 62443 and ISO 27001 together in these organizations. This session aims to equip attendees with actionable steps which might serve as a basis for their own implementations or inspire them on how to do it on their own. 

Ilja David
CEO & Security Manager and Architect, Iron OT

×

Ilja David

IoT Cybersecurity Track: Impact of New Tech in Standards

Join us as we discuss the complex interplay between new technology standards in the rapidly evolving world of cybersecurity. Attendees will learn how emerging technologies, such as AI, IoT and cloud computing, are shaping the development and enforcement of security standards. The talk will explore the challenges and opportunities presented by this intersection, as well as the implications for the future of cybersecurity. This session is designed for anyone seeking to enhance their understanding of how new technologies are transforming the standards landscape and how to effectively navigate these changes to maintain a strong security posture.

Cindy Segond von Banchet
OT Cybersecurity Lead, Yokogawa Europe

×

Cindy Segond von Banchet

Intelligence Evolution Track: Fireside Chat: Understanding the Hardware Side of Supply Chain Risk and Protecting It

During this fireside chat, our speakers will explore the dynamic relationship between the hardware side of supply chain risk and how to protect it. Our panel of industry experts will discuss the unique challenges and opportunities, offering valuable insights on how to leverage intelligence to identify and mitigate risks in the hardware supply chain industry. Attendees will learn about the latest trends and best practices for securing their hardware infrastructure and gain practical advice on how to stay ahead of emerging threats.

Cassie Crossley
Vice President, Supply Chain Security, Schneider Electric

×

Cassie Crossley

Cassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of Software Supply Chain Security: Securing the End‐to‐End Supply Chain for Software, Firmware, and Hardware. She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy.

JC Herz
Senior Vice President, Cyber Supply Chain, Exiger

×

JC Herz

JC Herz is Exiger’s SVP of Cyber Supply Chain, which delivers product-level risk and assurance of software and cyber-physical devices, including Software Bill of Materials (SBOM) analysis and generation of SBOMs from firmware binaries. She was the co-founder and CEO of Ion Channel, a software supply chain analytics platform Exiger acquired in 2023, and is a fellow at George Mason University’s National Security Institute.

Intelligence Evolution Track: OT Cyber Escape Room Demo

Panel Discussion: Linking Hardware and Software

In this informative panel discussion, we will explore the critical link between hardware and software in securing our digital world. Listen as our panelists talk about the intersection of these two crucial components of cybersecurity, discussing the latest trends, challenges and opportunities in securing both hardware and software systems. Learn about the importance of implementing a holistic approach to cybersecurity, as well as practical strategies for enhancing the security of both hardware and software infrastructure.

Megan Samford
VP, Chief Security Officer, US National Security Agreements & US Federal Business, Schneider Electric

×

Megan Samford

Paul Hingley
Business Manager, Industrial Security and Safety Services, Siemens

×

Paul Hingley

Anna Burrell
Cyber Security for Industrials, OT SME, Director, Deloitte

×

Anna Burrell

I take a holistic view of cyber security within the industrial environment having over 20 years’ experience, as a cyber security consultant with prior experience as an industrial control systems (ICS) engineer. I have worked extensively within the transport, manufacturing, energy and utilities industries, at all lifecycle stages prior to specialising in securing critical infrastructure. I work with both public and private sector organisations to provide industry strategy, architecture and security solutions to support Information Technology (IT) and Operational Technology (OT) integration and business transformation.

Moderator: Steve Mustard
President & CEO, National Automation, Inc.

×

Moderator: Steve Mustard

Licensed Professional Engineer (Texas, Kansas) and UK Chartered Engineer with technical development and management experience in process automation and business process re-engineering across multiple sectors. Fellow of Institution of Engineering and Technology and former Chairman of Americas Regional Board, former Chairman of Control & Automation Technical & Professional Network, former Council member. Senior Member of ISA, Certified Automation Professional (CAP) and former board member of Automation Federation. GIAC Global Industrial Cyber Security Professional (GICSP). GSX Certified Mission Critical Professional (CMCP), and former Chair of Automation Federation's Cyber-security committee. Member of ISA99 committee. Works with companies to improve their performance through the identification of process bottlenecks and the intelligent introduction of technology to remove them. Specialties: Automation, remote monitoring, telemetry, SCADA, risk management, safety assurance, cybersecurity assurance, six sigma, business process analysis.

Sarah Fluchs
CTO, admeritia GmbH

×

Sarah Fluchs

Sarah Fluchs is the CTO of admeritia, which specialises in security consulting for the process industry, manufacturing, and critical infrastructures. Prior to her current role, Sarah has developed cybersecurity guidance for the water sector at the German Federal Office for Information Security (BSI).

A process and automation engineer herself; Sarah works on creating security engineering methods that help engineers make informed, conscious security decisions they can truly stand behind – and communicate convincingly.

Sarah has created the Top 20 Secure PLC Coding practices with Dale Peterson, Jake Brodsky and Vivek Ponnada, led a government-funded research project on security by design for ICS, and is the ISA Co-Convenor for revising the ISA/IEC 62443-3-2 standard. As of 2024, she succeeds Joe Weiss as a Co-Managing Director for ISA99.

Intelligence Evolution Track: Securing Your Networks with the Addition of 5G Technology

As technology continues to evolve, so do the threats to our network. The addition of 5G technology brings new challenges and opportunities for securing our networks. During this session, we will explore the latest developments in 5G technology and its impact on network security. Our expert speaker will discuss the intelligence evolution and how it affects the security of our networks. Attendees will gain insights into the best practices for securing 5G networks and learn about the emerging threats and mitigation strategies.

Greig Paul
Research Engineer, Electronic and Electrical Engineering, University of Strathclyde

×

Greig Paul

IoT Cybersecurity Track: Ensuring IIoT Device Security Through Certification and the ISA Secure Standard

As the Industrial Internet of Things (IIoT) continues to expand, ensuring the security of connected devices has become a critical concern for organizations. This technical presentation will delve into the importance of IIoT device certification and the role of the ISA Secure standard in addressing these challenges.

Patrick O'Brien
Cybersecurity Team Leader, exida

×

Patrick O'Brien

Tech Demo - Sponsored by Claroty: Cyber Risk Management for CPS

Many organisations are struggling to move forward with their risk management programme. This session delves deeper into how companies are moving to a pragmatic approach, and how this has helped them to adopt frameworks such as NIST, 62443, OG86, CAF and more. Learn practical examples of how other organisations have leverage the data found through exposure management and how you can leverage this as part of an overall OT Cyber management system. 

Tech Demo - Sponsored by UL Solutions: Assessment and Certification Strategy for OT-security

Learn how to comply with a multitude of regulations and standards globally, in an efficient and sustainable way.

Alexander Koehler
Principal Security Advisor, UL Solutions

×

Alexander Koehler

Alexander Koehler engages in the development of industry security technologies, regulations and standards such as ISA/IEC 62443. He has worked for the industrial automation branches of Hewlett-Packard and Texas Instruments France, and for the German Ministry of Economics and Energy. Koehler has a diploma in mathematics and computer sciences, and maintains IT- and OT-security expertise as a Certified Information Systems Security Professional (CISSP). He was a contributor, pilot and publisher to Trusted Computing and directed the world’s largest implementation in the chemical industry.

Intelligence Evolution Track: Brave New World: How do we start the quantum migration?

When the Quantum Computing Cybersecurity Preparedness Act became law in the United States in December 2022, quantum migration became a reality. Adoption began with U.S. federal agencies and was closely followed by other nation states. Critical nation infrastructures and highly-automated sectors have been identified as particularly vulnerable, and action needs to be taken now.

Andersen Cheng
Founder, Post-Quantum

×

Andersen Cheng

Andersen has considerable experience in venture investing and incubation, achieving significant growth and exits for several high-tech companies including L3-TRL. He is currently Chairman of Post-Quantum and Nomidio, specialising in providing quantum protection and multi-factor biometrics respectively. He was COO of the Carlyle Group's European venture fund, a LabMorgan founding member (the e-finance unit of JP Morgan), and JP Morgan’s European Head of Credit Risk Management.

IoT Cybersecurity Track: Cybersecurity in Action: Real-World Applications of ISA/IEC 62443 in Energy Storage Systems

This presentation explores the integration of cybersecurity measures in energy storage systems (ESS), a vital aspect in the increasingly interconnected and digitalized energy sector. It focuses on the practical application of the ISA/IEC 62443 standard, an essential framework for industrial cybersecurity, especially within the context of ESS. The session highlights common challenges faced by organizations in the energy sector during the implementation of these standards and pinpoints crucial areas requiring attention for a robust cybersecurity posture.

SZ Lin
Chief Cybersecurity Expert, Bureau Veritas

×

SZ Lin

SZ serves as the Chief Cybersecurity Expert at Bureau Veritas, specializing in ICS / OT cybersecurity standards' adoption and audit assessment. Boasting over a decade of experience in ICS / OT network security, IIoT security, and Secure Software Development Life Cycle (SSDLC), SZ has made significant contributions to the open-source software and cybersecurity sectors. Currently, as an official Debian developer, SZ plays a vital role in maintaining and developing within the open-source cybersecurity software team, contributing to packages from Ubuntu and Kali Linux. As the President of the ISA Taiwan Section and an active member of ISA 99, ISAGCA, and the ISASecure committees, SZ is deeply involved in the ISA / IEC 62443 international standard working groups and the SEMI Cybersecurity Consortium. SZ holds prestigious cybersecurity certifications, including CISSP, ISSAP, CSSLP, GICSP (Gold), and is recognized as an ISA / IEC 62443 Cybersecurity Expert. In previous roles, SZ spearheaded the OpenChain Taiwan official working group and has contributed as a technical steering committee member for the Linux Foundation's Civil Infrastructure Platform (CIP) project. SZ's leadership extended to chairing the CIP Linux kernel workgroup and serving as a board member of the ISO / IEC 5230 OpenChain, demonstrating a deep commitment to advancing cybersecurity and open-source standards.

ISAGCA/ISA Secure Welcome Reception

Keynote: The Intersection of Sustainability and Cybersecurity

As the world becomes increasingly digitized, the importance of cybersecurity is greater than ever. At the same time, the growing awareness of the environmental impact of technology has made sustainability a crucial consideration. In this keynote, we will explore the intersection of these two critical issues and discuss how organizations can balance security and sustainability in their digital strategies.

Attendees will gain a deeper understanding of the relationship between cybersecurity and sustainability and learn practical strategies for building a secure and environmentally responsible digital future.

Simon Hodgkinson
Former CISO, BP

×

Simon Hodgkinson

Simon has 38+ years of experience in information technology and cyber security across the software, financial services, and energy sectors. He spent 18 years working for bp in a variety of global roles, including the Group Chief Information Security Officer and VP of Global Infrastructure.

Simon now combines advisory and executive roles for several organisations, including Semperis, Onyxia, Performanta and E&Y.

He has been recognised for his advocacy of diversity and inclusion with several nominations for a top Corporate Ally.

Simon has served as an advisor to NHS Digital and Natural History Museum on cyber security. 

Intelligence Evolution Track: Cybersecurity and Sustainability: Partners to Drive Growth and Governance

Cybersecurity and sustainability are two sides of the same coin, working together to drive business growth and corporate governance alike. Both cybersecurity and sustainability are driven by regulatory, reporting and standards frameworks that help shareholders, the general public and regulatory bodies to develop trust and understand how an enterprise operates. This presentation will cover how cybersecurity, sustainability and automation act in partnership to accelerate growth and safety. 

Prabhu Soundarrajan
President, ISA

×

Prabhu Soundarrajan

IoT Cybersecurity Track: Clean Energy Cybersecurity

As the world transitions to clean energy sources, the cybersecurity of these systems becomes increasingly critical. This session will explore the unique challenges and opportunities of securing clean energy infrastructure, from solar panels to electric vehicle charging stations.

Attendees will learn about the latest cybersecurity threats and trends in the clean energy sector, as well as strategies for protecting against them.

Emma Stewart
Chief Power Grid Scientist & Research Strategist, Idaho National Laboratory

×

Emma Stewart

Dr. Emma M. Stewart, Ph.D., is a respected power systems specialist with expertise in power distribution, renewable energy, modeling, and simulation, as well as operational cybersecurity. She holds a Ph.D. in Electrical Engineering and an M.Eng. degree in Electrical and Mechanical Engineering. Emma is currently the Chief Power Grid Scientist at Idaho National Labs and the Director of the Center for Securing the Digital Energy Transition. From 2021 to 2023, Dr. Stewart served as the Chief Scientist at the National Rural Electric Cooperative Association (NRECA), where she led NRECA Research and the Co-Op Cyber Program. Her responsibilities included providing electric cooperatives with education, training, information sharing, incident support, technology integration, and R&D services. Dr. Stewart's employment history also includes positions at Lawrence Livermore National Laboratory and Lawrence Berkeley National Laboratory. At Lawrence Livermore National Laboratory, she served as the Associate Program Leader for Cyber and Infrastructure Resilience, managing research on prevention and response to high consequence grid events such as wildfire and cyber attack. At Lawrence Berkeley National Laboratory, she was the Deputy Group Leader in the Grid Integration Group and played a major role in developing the first micro-synchrophasor network in the US enabling the data to be used to prevent wildfire and equipment failure. Before joining national laboratories, Dr. Stewart worked as a Senior Engineer at BEW Engineering, where she led distribution planning, modeling, and analysis consulting for large utility customers in Hawaii and California. Throughout her career, Dr. Stewart has made significant contributions to the field of security of power systems, receiving patents for innovations in power distribution systems and data analytics, and is one of the few who truly works at the center of the clean energy, energy security and cybersecurity venn diagram.

Tech Demo - Sponsored by Dragos: Simplifying Deployment by Preparing in Advance

Need to monitor your OT networks, but worried about how long it will take and paranoid about breaking something? Like anything, good planning and preparation can help smooth the journey. Here, we'll talk about some steps you can take to plan how you'll implement a monitoring solution, gaining quality visibility without causing any unwanted impact.

Neil Brown
Senior Solutions Architect, Dragos

×

Neil Brown

Neil works with customers and prospects to understand their OT cyber security requirements and design solutions based on the Dragos Platform, Threat Intelligence and Professional Services to help them mature their OT cyber security postures. Prior to Dragos, Neil worked for National Grid as a Solutions Architect in their OT Cyber Security team, working across the various National Grid businesses. Before that, Neil spent 15 years in IT and OT roles at a wide range of companies, from chemical, to automotive and healthcare. Education & Qualifications Neil has a Bsc (hons) degree in Computer Science from De Montfort University and is also CISSP certified.

Tech Demo - Sponsored by Cyolo: Enabling secure and simple privileged remote access to OT

In this session, you will learn how Cyolo can enable simple to use and secure remote access for your OT environment such as providing a reduced attack surface, greater visibility and control and practical controls like segmentation, encryption, identity, and privilege management. As a highly flexible solution for on premises, hybrid and cloud connect environments, you will understand how Cyolo can meet the demands of all enterprises, replacing insecure and complex to manage VPN connectivity.

Ian Cuthbertson
Sales Engineer, Cyolo

×

Ian Cuthbertson

Ian is a respected Information Security Expert and Senior Technical Leader known for expertly guiding clients through complex cybersecurity challenges, protecting their most critical assets. With over 25 years of industry experience, Ian has honed his skills at prominent companies such as CrowdStrike, Digital Shadows, RSA, Crossbeam, and IBM, showcasing a diverse and unmatched skill set. His deep expertise covers key areas such as Endpoint Detection and Response (EDR), Threat Intelligence, Secure Remote Access, Threat Hunting, and Network Security. Ian's true passion lies in cultivating talent and supporting professional development, especially for those starting their journey in the industry.

Intelligence Evolution Track: Critical Infrastructure and Threat Intelligence

Critical infrastructure, such as energy, transportation, and communications systems, are essential for the functioning of our society. However, these systems are also vulnerable to cyber-attacks, which can have severe consequences. In this session, we will discuss the importance of threat intelligence in protecting critical infrastructure and share strategies for identifying and mitigating emerging threats.

Carolyn Swinney
University of Essex, Executive Fellow

×

Carolyn Swinney

591 Signals Unit, Royal Air Force

Carolyn J. Swinney received the B.Eng. and M.Sc. degrees (Hons.) in electronics engineering from the University of Essex, Colchester, U.K., in 2007 and 2013, respectively, where she is currently pursuing the Ph.D. degree in electronic systems engineering. She graduated as a Communications and Electronics Engineering Officer at the Royal Air Force in 2014. Her main research interests are signal processing, unmanned aerial vehicles, neural networks, machine learning, and cyber security.

IoT Cybersecurity Track: Navigating the Complexities of Maritime Cybersecurity: Challenges, Controls and Collaboration

The maritime industry is rapidly digitizing, making cybersecurity a critical concern. Join us as we explore the unique challenges of cybersecurity in maritime environments, including the need to balance safety and security and the challenges of applying traditional Industrial Control Systems (ICS) security measures. Learn about the key cybersecurity controls for the maritime industry — such as asset management, multi-factor authentication and risk assessment – and come to understand the importance of collaboration between maritime stakeholders, including shipowners, equipment manufacturers and cybersecurity experts, to develop effective cybersecurity strategies and mitigate risks. Drawing on real-world examples from companies like Royal Caribbean, Christopher Stein will provide insights into how the maritime industry can navigate the complexities of cybersecurity and ensure the safety and security of its operations.

Christopher Stein
Lead Engineer, Maritime Cybersecurity, Royal Caribbean Group

×

Christopher Stein

IoT Cybersecurity Track: Exploring the Security Impacts of GenAI in IT and OT

Generative AI (GenAI) has emerged as a transformative technology with numerous applications across industries. While GenAI presents exciting opportunities for innovation, it also introduces new security challenges in both Information Technology (IT) and Operational Technology (OT) environments.

This technical presentation will explore the security impacts of Generative AI in IT and OT.

Dr. Andrew Rogoyski
Director of Innovation, Surrey Institute for People-Centered AI

×

Dr. Andrew Rogoyski

IoT Cybersecurity Track: ISA Cybersecurity Programs and Initiatives

Join us for an overview of ISA cybersecurity programs and initiatives, including our industry-leading consortia. In this session, we will delve into the details of the ISA/IEC 62443 Cybersecurity Certificate Program, which provides training and knowledge-based recognition in industrial cybersecurity based on the world's only consensus-based series of standards.

Andre Ristaino
Managing Director, Global Consortia, Conformity Assessment, ISA

×

Andre Ristaino

Intelligence Evolution Track: Defining an Incidence Response Plan on a National Level

As cyber threats continue to evolve and become more sophisticated, having a robust incident response plan is essential for minimizing damage and ensuring a quick recovery. This session will explore the challenges and best practices for defining and implementing an incident response plan on a national level in Spain, with a focus on coordination between government agencies, critical infrastructure operators, and other stakeholders.

Ivan Monforte Fugarolas
Head of Communication, Ecosystem and Cybersecurity Culture, Cybersecurity Agency of Catalonia

×

Ivan Monforte Fugarolas

Ivan oversees the Communication direction and the strategy to promote the cybersecurity ecosystem at the Cybersecurity Agency of Catalonia. In the last 8 years he has been dedicated professionally to the public administration sphere, initially in the field of communication and in recent times as responsible for planning, supervising and directing the teams of a political Cabinet as well as the coordination and collaboration with the technical teams that carry out the specific policies, both in the field of innovation, Technology and cybersecurity as areas of competence as well as the more specific areas of ordinary management (budgets, hiring, personnel management, planning, launching projects, etc.).

In the field of specific sectorial management, these last 8 years he has been focused on the management and supervision of the main digital transformation and digital innovation projects such as cybersecurity initiatives promoted from the public sphere in collaboration with private entities and companies, technology centers and the digital ecosystem from Catalonia, Spain but also European and international ones

Panel Discussion: Evolving Threat Landscape

This panel discussion will bring together experts in the field of threat intelligence to share their experiences, strategies, and best practices. Our panelists will discuss the current state of threat intelligence, including the latest trends, challenges, and opportunities. Attendees will learn about cyber threat intelligence, addressing and identifying the threats, and emerging risk.

Jack Duffield
Royal Air Force

×

Jack Duffield

Jack Duffield commissioned into the Royal Air Force in 2018. He has experience in cyber security and cyber threat intelligence, at the intersection between military aviation and defensive cyber operations.

Johnny Awad
Senior Manager, Deloitte

×

Johnny Awad

Johnny leads Cyber in Renewables within Deloitte UK. He supports global clients in their critical response efforts following Cyber incidents, and helps organisations establish their Cyber operating models. His role further focusses on risk management and educating the Board on the Cyber risk landscape.

JC Herz
Senior Vice President, Cyber Supply Chain, Exiger

×

JC Herz

JC Herz is Exiger’s SVP of Cyber Supply Chain, which delivers product-level risk and assurance of software and cyber-physical devices, including Software Bill of Materials (SBOM) analysis and generation of SBOMs from firmware binaries. She was the co-founder and CEO of Ion Channel, a software supply chain analytics platform Exiger acquired in 2023, and is a fellow at George Mason University’s National Security Institute.

Moderator: Scott Reynolds
Security Engineering Manager - ITD, Johns Manville

×

Moderator: Scott Reynolds

Experienced IT/OT manager with a demonstrated history of working in both municipal and manufacturing environments with a focus in industrial cyber security. Passionate about IT/OT collaboration, workforce development, strategic planning, industrial cyber security, and development of reasonable and useful corporate standards for process control networks.

Phil Tonkin
Field Chief Technology Officer, Dragos

×

Phil Tonkin

Phil Tonkin is Field Chief Technology Officer at Dragos, Inc. where he uses his experience in the energy sector to provide technical insight and strategic guidance in securing industrial operations. His career has included roles in electricity transmission, distribution, and generation; gas transmission, distribution, and storage; and IT. Prior to joining Dragos, he led the OT security program at one of the world’s largest investor-owned utilities for five years.

Tech Demo - Sponsored by Fortinet: Evidencing Zones and Conduits

Fortinet will present an application of ISA/IEC 62443 Zones and Conduits in the context of simple PID loop environment in Operational Technology. The Demo will show how FortiGate and FortiSwitch can perform Segmentation and Protocol Inspection We will summarize this demo by then showing Foundational Requirements alignment.

Stefan Liversidge
OT SE & Subject Matter Expert, Fortinet

×

Stefan Liversidge

Stefan joined Fortinet in 2021 as a Systems Engineer / OT SME and brings over 15 years’ experience in OT and Cyber Security working across Design, Engineering, Commissioning and Consulting disciplines. Stefan has previously worked primarily in the Systems Integration and End User environments, across the CNI and Pharma industries, bringing insights into the challenges faced by OT owner/operators. Stefan is a certified Global Industrial Cyber Professional (GIAC-GICSP) and GIAC Penetration Tester (GPEN) trained at SANS institute and holds a MSc of Engineering.

Ben White
UKI OT Business Development Manager, Fortinet

×

Ben White

Ben has been working in Operational Technology since he graduated from Staffordshire University with a Degree in Business Information Technology in 2008. Leaving University Ben worked for a leading UK independent system integrator, developing from a Graduate Systems Engineer working in the Power Generation, Nuclear and Utilities Sector, to a Programme Manager delivering projects and programs ranging in size, scale and discipline across Utilities, Power Generation and Nuclear then concluding his time here as a Business Development Manager focused in Energy and Industry. Most recently Ben has been working for one of the Global Leading Automation Vendors as a dedicated Cyber Security Business Development Manager covering UK & Ire. Whist in this roll Ben supported his customers across many different Industries ranging from Pharmaceutical to Oil & Gas on their Cyber Security Journey, by supporting their needs through delivering solutions around People, Process and Technology for singular projects or global initiatives for multi-site deployments. To help support Bens Industry experience of 15+ years and strengthen his Cyber Security knowledge/experience, Ben has completed the IEC 62443 Cyber Security Specialist course where he has achieved accreditation for Cyber Security Fundamentals and Risk Assessment Specialist as part of the course. The aim and focus of this course is to gain a better understanding and ability to apply in an Operational Technology environment the best practices contained within the industry defacto Cyber Security series of standards IEC 62443 for Industrial Automation Control Systems.

Why People Love Standards

ISA’s international standards play a vital role in promoting safety, cybersecurity, and efficiency across global industry. This workshop will provide an overview of ISA’s international standards program and its relationship to and collaboration with the International Electrotechnical Commission (IEC). A panel of experts representing standards stakeholders  will then answer questions from the audience.

Charley Robinson
Senior Director, Standards Administration, ISA

×

Charley Robinson

Panel Discussion: Applying Standards to Industry

ISA Training: Assessing the Cybersecurity of New Existing IACS Systems (IC33)

Instructor: Prashanth AC
Cybersecurity Strategy and Program, IEC 62443 Expert, Implementer and Trainer

×

Instructor: Prashanth AC

A leader and critical thinker in the field of OT cybersecurity with 16 years of experience. He acquired Bachelor of Engineering in 2005. He managed military IT/ OT infrastructure at Indian Navy for the first 10 years of career. He leads the Global Cyber Security Pentest Lab, Schneider Electric at Bangalore, India as Lab Manager for 3 + years. Exposed to rich experience of handling pentest of 300+ critical ICS products i.e., PLCs, Safety devices, RTUs, Historians, smart metres, and associated applications. Gained effective practical experience in MITRE ATT&CK, IEC 62443-4-1, IEC 62443-4-2, and OT pentest environment.

He possesses certifications like ISA 62443 Cybersecurity Expert, CISSP, CISM, GPEN, GICSP, ISO 27001:2013 LA and AWS Security. He is passionate about IT-OT convergence and attack surfaces exposed in such engineering. He continues to pursue offensive security at his home lab during his free time endeavour. He started a OT Cybersecurity startup ‘SECOT PVT Ltd’. It got very quick success in bagging projects in middle east (RA of 120 electric substations and few more in oil & gas). During his tenure, he practiced IEC 62443-2-X series as a service provider for asset owners.

He joined Siemens Energy at Erlangen, Germany to contribute to the cybersecurity of Grid Automation Technologies for electrical utilities. Prashanth contributed to strategic decisions for OT cybersecurity in the digitalisation journey of GAT, Siemens Energy. Interacted with many of the important Energy companies in Europe, Middle East, and US. He practiced NERC-CIP, IEC 62443-3-2, IEC 62443-3-3, local regulations, NIST CSF during this role.

He is currently working with SKF Group and contributes to formulating OT cybersecurity strategy, policy, governance, processes, including IT-OT convergence for 100+ manufacturing factories across the globe.

ISA Training: Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32)

Note: Registration for this course is closed as the class is full.

Onsite/In-person delivery

• Course days: 20-21 June 2024
• Course Hours: 8:30 a.m. - 5:00 p.m.
• CEU Credits: 1.4
• Certification of Completion: A certificate of completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course.

Description:

The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

You will be able to:

• Discuss the principles behind creating an effective long term program security
• Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
• Define the basics of risk and vulnerability analysis methodologies
• Describe the principles of security policy development
• Explain the concepts of defense in depth and zone/conduit models of security
• Analyze the current trends in industrial security incidents and methods hackers use to attack a system
• Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

You will cover:

• Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
• How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
• Creating A Security Program:  Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
• Risk Analysis:  Business Rationale | Risk Identification, Classification, and Assessment 
• Addressing Risk with Security Policy, Organization, and Awareness: Cyber Security Management System Scope | Organizational Security | Staff Training and Security Awareness
• Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
• Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
• Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
• Validating or Verifying the Security of Systems: What is being done? | Developing Secure Products and Systems

Classroom/Laboratory Demo:

• PCAP Live Capture Analysis

Includes ISA Standards:

• ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
• ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
• ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels

Instructor: Carlos Montes Portela
ISA/IEC 62443 Trainer, Senior OT/ICS Cybersecurity Manager

×

Instructor: Carlos Montes Portela

Carlos Montes Portela received a B.Sc. degree in Software Engineering and a M.Sc. degree in Business Process Management and IT (cum laude). His master thesis focused on the design space of the ICT architecture of the Smart Grid taking into account security and privacy issues.

Carlos has over 25 years of experience in different roles: software engineer, technical and functional designer, IT architect, EAI/SOA architect, team leader, senior smart grid innovator and senior OT security officer.

Currently, Carlos is an independent business owner. Form his company Dicarma he offers coaching, training and consulting services on cybersecurity related topics. As a TOGAF, CISSP and CISM certified OT Security Manager, Carlos is currently contracted by a Dutch DSO where he is responsible for OT ISO-27001 and ISA/IEC-62443 based ISMS. Carlos also researches the applicability of the ISA/IEC 62443 standards for charging infrastructures for electric vehicles for an association related to EV charging. Furthermore, Carlos is an active member of the Dutch standardization committee NEC65 and WG10 of TC65 at the IEC where the IEC-62443 standards are developed. Carlos is also an informative member of the ISA-99 committee. He conducts training courses for ISA-Europe in the Dutch, English and Spanish languages. Carlos is a Certified Trainer and Subject Matter Expert for the ISA/IEC62443 training program.

Incident Command System for Industrial Control Systems Workshop

Note: In-person/Onsite Delivery

Incident Command System for Industrial Control Systems (ICS4ICS) is designed to improve cybersecurity incident response efforts that impact the industry by combining three capabilities that already exist in most companies:

1. Incident Command System is a proven process for managing various types of incidents
2. Cybersecurity teams leverage Computer Incident Response processes to investigate cyber
3. Industrial Control System/Operational Technology experts manage the technical aspects of many types of incidents

This session will help participants learn how ICS4ICS is the emergency cyber response for workforce development.

Brian Peterson
ICS4ICS Program Manager, ISA

×

Brian Peterson

Volunteer Workshop

This custom-designed workshop crafts plans for mission-focused, vibrant and successful sections and divisions. Current and aspiring volunteers will leave this workshop with a plan, with energy, with knowledge and with an expanded network of other volunteers who believe in and want to shape ISA’s future.

Separate registration is required. Click here to register.

Young Professionals Reception

ISA OT Cyber Summit Kick Off Reception sponsored by Black & Veatch Corporation

105 Strand, London

WC2R 0AA, United Kingdom

Join us for a reception to kick off the ISA OT Cybersecurity Summit! We'll be gathering at Oche | The Strand, a unique venue in the heart of London, for an evening of networking and fun. Don't miss this opportunity to connect with fellow cybersecurity professionals in a casual setting.