Industrial Control Cybersecurity USA October 6th and 7th
Sacramento California USA
Identify, protect, detect, respond and recover.
All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Energy and Water Sector.
Industrial Control Security USA Sacramento California Oct 6/7
1. Industrial Control Security
www.cybersenate.com
www.industrialcontrolsecurityusa.com
www.industrialcontrolsecurityusa.com
6th - 7th October 2014
Holiday Inn, Sacramento, California
Media Partners
Headline Sponsors Conference Sponsors Co Sponsors
®
Refreshment
sponsors
Exhibitors
The Effective Approach for Protecting Oil and Gas Critical Infrastructures from the
Emerging Cyber Threats
Pre Conference Workshop, 5th October 2014
with Ayman AL-Issa, Digital Oil Fields Cyber Security Advisor, ADMA
2. www.industrialcontrolsecurityusa.com
About the Cyber Senate
Our vision
To create a community of global leaders with unparalleled knowledge and experience, a common voice for the international Cyber Security industry. To be the first port of call to facilitate discussion and public and private information sharing.
We address key Cyber topics across industry sectors such as Finance and Banking, Transport, Energy & Power and Healthcare.
Through high value content and a robust network of thought leaders, we raise awareness of global security risks to assist in information sharing and the progression of a safer more resilient society.
For further information contact
The Cyber Senate represents the best in relationship development, information sharing and thought leadership on a global level. A robust and resilient Cyber Security strategy is the most important directive on the international agenda, not only addressing current developments, but also how we intend on protecting and securing future generations.
I look forward to the ICS Cyber Security show with great anticipation, knowing that the potential of each valued speaker and participant, in the right environment and setting, together, have an unrivalled ability to shape the resiliency of our critical national infrastructure.
It is a privilege to be your host.
WEBSITE:www.cybersenate.com
TWITTER:@cybersenate
Every country relies on critical infrastructure to provide essential services – underpinning many of these important functions are Industrial control systems (ICS). As the threat of cyber attacks has increased, those responsible for designing and maintaining these systems have had to think more and more about security. The ICS Cyber Security Conference provides the perfect environment for ICS specialists and security practitioners to meet and discuss the unique challenge involved in securing our Critical National Infrastructure (CNI).
As a company that delivers solutions to government and commercial customers to help secure the CNI, we at BAE Systems Applied Intelligence value the opportunity to participate in ICS Cyber Security Conference. It creates an environment in which we can continue learning about the latest challenges our clients are facing as well as providing the opportunity to discuss our views on security best practices.
James Nesbitt
Organiser and Director
The Cyber Senate
Colin McKinty
Vice President of Cyber Security Strategy, Americas
BAE Systems Applied Intelligence
Industrial Control Security 6th - 7th October 2014
Presentations will be made available via a email dropbox link to all paying attendees post event.
All presentations remain the intellectual property of our speakers and Sagacity Media Ltd. They may not be reproduced without permission.
We always endeavour to provide full details of each presentation, however this ability is subject to speakers agreements.
Presentations are free for all paying delegates, speakers and sponsors.
All opinions expressed today are those of the authors and speakers and do not represent those of Sagacity Media.
Sagacity Media cannot be held responsible for accident or injury sustained during the conference, or any lost or stolen belongings.
3. www.industrialcontrolsecurityusa.com
Refreshment Sponsors
AlertEnterprise delivers IT-OT and Cybersecurity Convergence Software for Security Incident Management and Response to identify and prevent cyber and physical attacks, sabotage and terrorism by uncovering blended threats across IT security, Physical Access Controls and Industrial Control Systems. AlertEnterprise streamlines OT Compliance as well as contractor, employee and vendor security.
www.alertenterprise.com
The National Cybersecurity Institute is an academic and research center located in Washington D.C. dedicated to assisting government, industry, military and academic sectors meet our cyber security challenges. The NCI targets the development of effective cyber security through our academic and research activities including, custom training and CNSS certified programs.
www.nationalcybersecurityinstitute.org
VASCO Data Security offers strong authentication and digital signature solutions helping customers protect online accounts, identities, and transactions from fraud and meet regulatory requirements. VASCO helps organizations in 100+ countries to secure access to networks, cloud and mobile applications for their customers, partners, and employees with a wide range of solutions from hardware to software, including mobile and cloud options.
www.vasco.com
®
Headline Sponsors
Conference Sponsors
Co Sponsors
Exhibitors
BAE Systems Applied Intelligence delivers solutions to government and commercial customers; with a focus on critical national infrastructure. For example, IndustrialProtect is a network segmentation appliance developed to secure automation between IT and OT networks. The appliance provides hardware implemented security functions, ensuring the validity, integrity, and authorization of data exchange. www.baesystems.com/ai
Cisco is the worldwide leader in networking that transforms how people connect, communicate, and collaborate. Businesses of all sizes, governments, service providers, and consumers leverage the value of the network using Cisco hardware, software, and services to improve collaboration, simplify operations, increase customer satisfaction, and improve competitive advantage. Learn more at www.cisco.com
Automation.com is the leading online content provider in the automation industry, dedicated to providing information that enables control and automation professionals to do their jobs better. The website and topic-specific e-newsletters feature articles, news, products, supplier and system integrator directories, job center, white papers, application stories and events. The website attracts 115,000+ unique visitors each month. www.automation.com/subscribe
Industrial Control Security 6th - 7th October 2014
Thank you to our Sponsors
4. www.industrialcontrolsecurityusa.com
Day One
09.10
09.00
Chairman’s Opening Remarks
Seth Bromberger, Specialist in Critical Infrastructure Protection, NCi Security and Rene Moreda Director of Business Development, Energy & Utilities, BAE Systems Applied Intelligence
Key Note Presentation: “Realizing the Roadmap Vision: Ensuring Security and Resilience in Today’s Changing World.”
••
Evolving cybersecurity challenges faced by the sector
••
Policy, operational, and cultural considerations for managing cyber risks and ensuring resilience in our changing world
••
DOE’s efforts with industry to support realizing the roadmap vision, such as: R&D projects, Cybersecurity Capability Maturity Model (C2M2), and Cybersecurity Procurement Language for Energy Delivery Systems
••
Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”, including the importance of information sharing and using the NIST Cybersecurity Framework
Abstract - The roadmap for secure energy delivery systems 2020 vision is that “Systems will be designed, installed, operated, and maintained to survive a cyber incident while sustaining critical energy delivery functions.” Today organizations are modernizing infrastructure, automating processes, becoming more connected, and increasingly leveraging telecommunications. Understanding and managing cyber risk is KEY to ensuring secure and resilient infrastructure, including information and operation technology (IT/OT), the role of vendors and external partners, and engaging corporate governance in addressing cyber risks.
Samara Moore, Sr IT and Cyber Security Policy Advisor at U.S. Department of Energy
6th - 7th October 2014
10.00
The development and standardization of cyber security controls and processes
••
Changing nature and increasing importance and vulnerability of internetworks and internetworked processes and process control systems.
••
Importance in adoption, as well as development, of cybersecurity controls
••
Initiatives aimed at accelerating effective adoption of controls.
••
NCCoE as one approach to facilitation of implementation of security frameworks.
••
Larger cybersecurity context for ICS and critical infrastructure initiatives.
Willam Barker, Cybersecurity Standards and Technology Advisor for the Information Technology, NIST
10.40
Coffee and Exhibitor Networking
11.10
security resilience in worked like?
North Corporation
11.50
Electricity Subsector Cybersecurity
••
Review Risk Management Process
••
Review Electricity Subsector
••
Cybersecurity Capability Maturity Model (ES-C2M2)
••
Demonstrate ES-C2M2 Survey
Scott Saunders, CISSP, CISM, MSISA
Chief Information Security Officer, Sacramento Municipal Utilities District
12.40
Networking Luncheon
13.40
Creating a Converged OT / IT Architecture
••
While Operational Technology and Information Technology Architecture shares many commonalities, there are at least as many differences, ranging from primary objectives, guiding principles and even culture.
••
This interactive presentation will walk through a process and approach at establishing a converged, holistic reference architecture which guides the design, implementation, integration and evolution of the ever-increasing intersection of OT and IT technologies.
••
We will review similarities and differences, opportunities for alignment and risks of divergence.
••
Particular focus will highlight observed cultural
Case Study: Maintaining IT/OT Automation in the Face of Increased Threats
The benefits of IT/OT convergence are often delivered through automated business processes that span both industrial and enterprise systems. However the interconnections that facilitate these processes bring risks that must be controlled. How can those responsible for network security balance the drive for automation with the risk appetite of the business?
As a very large engineering company, building highly sensitive products, and a leading provider of cyber security services, we constantly monitor the threat and experience attacks first hand. We have also recently provided a solution for an major international oil and gas company, enabling them to maintain automated processes and minimize risk. In this presentation, we will share our understanding of the threat and explain, thorough this example, how we believe it is possible to retain/introduce converged process automation, and maintain an acceptable risk level
Rene Moreda, Director of Business Development, Energy & Utilities, BAE Systems Applied Intelligence
5. www.industrialcontrolsecurityusa.com
Day One
6th - 7th October 2014
®
18.00
15.40
16.20
Close of conference
Combining Physical Security and IT-OT Convergence to Transform Cybersecurity for Critical Infrastructure
••
Following high profile physical attacks on critical structures, compliance requirements for Critical Industries like Utilities, Chemicals, etc. have made it essential to monitor and report on physical access to control rooms, substations and critical assets.
••
Asset owners and operators of all size need to know who and how much access relevant roles have to specific facilities, critical assets and cyber assets.
••
Learn how new techniques can correlate threats across the domains of IT, OT/ICS, and Physical Security to deliver total 360-degree situational intelligence for effective security incident management and responsemany commonalities, there are at least as many differences, ranging from primary objectives, guidin
Pan Kamal, Vice President, Marketing and Product Management, AlertEnterprise
17.00
Roundtable Discussions
Cyber Security for Supply Chain Roundtable discussion
Scott Saunders, CISO, SMUD
Incident Response: Management and Recovery, what to do when things go wrong
Seth Bromberger of NCi Security
Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats
Ayman Al Issa, Digital Oilfield Cyber Security Advisor, ADMA
BAE Systems Understanding the opportunity and mitigating the risk associated with the growth of IT deployed in ICS systems
Driven by business pressures to realize increased efficiency through automation, OT networks are seeing an uptake in the use of technologies normally associated with IT systems. This technology trend presents those working with ICS systems with a challenge of an increased risk of attack, and also an opportunity to learn from the best practices used by security professionals to secure IT systems. Join us for a discussion and understanding of the threat and how it is possible to retain/introduce converged process automation, and maintain an acceptable risk level.
Rene Moreda, Director of Business Development, Energy & Utilities, BAE Systems Applied Intelligenc
NIST Roundtable “The NCCOE Approach”
William Barker, Cybersecurity
Standards and Technology Advisor for
the Information Technology, NIST
14.30
Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats
Ayman Al Issa, Digital Oilfield Advisor, Abu Dhabi Marine Operating Company
and procedural differences, organizational priorities and methodologies.
Billy Glenn, Principal Enterprise Architect, Pacific Gas and Electric
Heartbleed: What is the impact and what do you need to know?
••
Defensics and safeguard
••
This is Not Our First Big Discovery
••
How the Heartbleed Bug Works
••
How We Discovered Heartbleed
••
What is the Potential Impact
••
How You Can Test for Heartbleed
••
How Can You Protect Yourself
••
What the Future Holds: Heartbleed
••
Conclusions
••
Deep Packet inspections
Mike Ahmadi, Global Business Development Director, Codenomicon
Mikko Varpiola, Founder and Test Suite Developer, #1
15.10
Coffee break and Exhibitor Networking
BAE Systems Applied Intelligence sponsored drinks reception
6. www.industrialcontrolsecurityusa.com
Day Two
13.20
14.00
14.40
12.20
09.00
08.00
09.10
11.40
10.30
11.00
16.50
Close of Conference
Lies, Damned Lies, and Statistics: Malware Indicator Correlation As Part of a Security Intelligence Function Synopsis:
Advanced threat detection products provide detailed data regarding indicators of compromise. Seth Bromberger from NCI Security analyzed over a year’s worth of data from a large multinational corporation
Leveraging Cyber Security Controls and Process across the Critical Infrastructure Industries
Examples where the same ICS components and cyber security industrial system controls - can and should be used for Telecom, Electricity Grid, Oil/ Gas, Transportation, and Medical.
Patricia Robison, Professor, New York University
Case Study: Cyber security IT/OT Challenges San Onfre Nuclear Generation Station
•
Establishing, implementing, and maintaining the Cyber Security program
•
Critical Data Asset, system and communications protection
•
Physical and operational environment protection
•
Attack mitigation and incident response
•
General site population training
Phillip Beabout, Manager, Security Special Projects and Response Strategy San Onofre Nuclear Generation Station
15.50
Roundtable Discussions
Networking Lunch
Chairman’s Opening Remarks
Seth Bromberger, Specialist in Critical Infrastructure Protection, NCI Security
Rene Moreda, Director of Business Development, Energy & Utilities, BAE Systems Applied Intelligence
Registration
Understanding ICS Active Defenses
••
Preparing for the storm
••
Actively searching for Indicators of Compromise on ICS
••
Understanding White-listing on ICS systems
••
Assurance models and ICS
Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys
Coffee and Exhibitor Networking
Integrating Failure Scenarios into Your Risk Assessment Process
••
Overview of cyber security failure scenarios
••
Failure scenarios for the power delivery sector
••
How to calculate the impact and threat likelihood
••
Risk ranking process
Galen Rasch, Senior Program Manager Power Delivery and Utilization Sector, Electric Power Research Institute
15.20
Coffee and Exhibitor Networking
Tabletop exercises for control systems
Galen Rasche, Sr. Program Manager –
Cyber Security, Electric Power Research Institute
Integrating cyber security methods into operational hardware
Current approaches to supply chain attack analysis and why it doesn’t scale
Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys
General site population training, communications and operational protection considerations
Phillip Beabout, Manager, Security Special Projects and Response Strategy, San Onofre Nuclear Generation Station
6th - 7th October 2014
Cross Sector Roadmap for Cyber security of Industrial Control Systems
••
Initiatives to enhance the security and resilience of ICS
••
Information sharing - how far have we come in the past five years?
••
Public and Private Partnerships; What has worked and where do we need to focus more effort?
••
Third party risk and disclosure - creating awareness and encouraging disclosure
••
Changes in ICS vulnerability
••
What would the Cross Sector Roadmap look like?
Fred Hintermister, Manager, ES-ISAC, North American Electric Reliability Corporation
Continuous Control
••
Think continuous vs point in time inspection
••
Monitor by exception
••
Automate remediation
John Ode, Field Product Manager, Cisco
09.50
and will share the results of his research, along with lessons learned and steps that you can take today to improve your detection of, and response to, malware infections within your organization.
Seth Bromberger, Specialist in Critical Infrastructure Protection, NCI Security
7. www.industrialcontrolsecurityusa.com
Industrial Control Security 6th - 7th October 2014
Technology Laboratory at the National Institute of Standards and Technology (NIST)
Mr. Barker is Cybersecurity Standards and Technology Advisor for the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). At NIST, he led the Computer Security Division, established interagency cybersecurity coordination programs, and was the initial manager of NIST’s Personal Identity Verification program, the National Strategy for Trusted Identities in Cyberspace (NSTIC) Program Management Office, the National Initiative for Cybersecurity Education (NICE) coordination function, and the National Cybersecurity Center of Excellence. Before joining NIST, Mr. Barker worked in Department of Defense cybersecurity organizations, and subsequently in private sector R&D and business development. He has been involved in cybersecurity since 1966.
Scott Saunders, Information and Security Officer, Sacramento Municipal Utilities District
Scott Saunders, Information Security Officer, Sacramento Municipal Utilities District
I direct, manage, plan and administer the operational and administrative activities associated with the running of the Information Security and Assurance program. Develop and implement enterprise security policies, procedures, standards, and guidelines to maintain confidentiality, integrity and availability. Monitor operations to ensure compliance with information security policy. Collaborate with business units to identify security controls commensurate with risks, threats and vulnerabilties to business operations. Act as a subject matter expert on projects to identify and resolve complex information security
Ayman Al Issa, Digital Oil Fields Cyber Security Advisor, Abu Dhabi Marine Operating Company
Ayman has over 20 years of experience in the fields of Automation, Information Technology, and Cyber Security. He has graduated with a Bachelor’s degree in Electronics Engineering and verse in different backgrounds like industrial control systems, systems engineering, and building cyber security strategies and models. He is also information contributor to the ISA99/IEC62443 Industrial Automation and Control Systems Cyber Security Standards, and he is currently leading workgroup 1 in the standard. Realizing that security measures are always behind the emerging cyber risks, he developed an ICS defense-in-depth industrial cyber security model that aims to early detection of threats based on security- through-vision-and-integration.
Rene Moreda Director of Business Development, Energy & Utilities, BAE Systems Applied Intelligence
Mr. Moreda has over 20 years of experience developing, marketing and selling advanced technologies and solutions into the High Tech and Energy sector. He holds a BS in Computer Science from the University of Houston and began his career with Compaq Computers as a Systems Engineer working in Research and Development. Mr. Moreda also spent 12 years working for Microsoft where he designed and implemented advanced technologies and solutions within the Energy industry. He has held the roles of Director of Energy, Chemicals and Utilities for Capgemini – Sogeti USA, and Cyber Security
Sales Consultant for Invensys/ Schneider Electric where he worked within the Nuclear/Fossil Power Plants, Oil and Gas, and Chemicals industries. He currently works for BAE Systems Applied Intelligence, a division of BAE Systems, a global defense, aerospace and security company that delivers solutions to government and commercial customers with a focus on protecting critical national infrastructure.
Samara Moore, IT and Cyber Security Policy Advisor, Department of Energy
Samara Moore, IT and Cyber Security Policy Advisor, Department of Energy
As a Senior Policy Advisor within the Department of Energy (DOE), Samara Moore is the Cybersecurity Program Manager responsible for the cyber policy and oversight for the programs within the Office of the Under Secretary for Science and Energy, and has a leadership role in DOE’s efforts to support security and resilience for the Energy sector. In June 2014, she returned to DOE from the White House National Security Council Staff, where she was the Director for Cybersecurity Critical Infrastructure Protection coordinating across the federal government and partnering with the private sector on information sharing, capability development, and executive engagement efforts to strengthen cybersecurity for all critical infrastructure sectors.
While at DOE, Mrs. Moore led the development of the Electricity Sector Cybersecurity Capability Maturity Model which is being used both domestically and internationally.
William Barker, Cybersecurity Standards and Technology Advisor for the Information
Speakers biographies
8. www.industrialcontrolsecurityusa.com
Industrial Control Security 6th - 7th October 2014
impacts. Lead the analysis, resolution and prevention of suspected security events. Develop and deliver just-in- time information security and privacy awareness and training.
Billy Glenn, Principal Enterprise Architect, Pacific Gas and Electric
Billy was in the US Navy prior to joining Pacific Gas and Electric Company. A 22 year veteran of IT, Billy has strived to always be learning, working in a variety of evolutionary areas: from telecommunications, the creation of enterprise networks, migration from the mainframe to client/server, and over a decade as Internet architect designing and implementing Internet, Intranet and B2B technologies from simple logo-ware to fully-interactive customer self-service portals. More recently, Billy has focused on Enterprise Architecture covering a variety of topics, from mobility to collaboration to security. Today, he is laser-focused on Operational Technology security of PG&E’s various SCADA, DCS, and other Industrial Control Systems – and continues to learn on a daily basis.
Pan Kamal, Vice President, Marketing and Product Management, AlertEnterprise
Pan leads all aspects of marketing at AlertEnterprise, including product marketing, demand generation, marketing programs and channel marketing. Additionally, he manages the inbound product management team driving the adoption of IT-OT convergence. Pan is active in cybersecurity, cloud security, virtualization, identity and access management, compliance automation, software- defined security and datacenter management. Pan leverages his experience with SCADA,
critical infrastructure security and smart grid security from his tenure as VP of Marketing at Verano Software / Industrial Defender. Additionally Pan has current experience with physical access control systems and video surveillance, including video analytics. Pan has held various technical and marketing positions at General Dynamics Network Systems, Honeywell, Digital Equipment Corporation, DELL- Wyse, KLEER Industries, and Avocent Corporation. Pan acquired CISA audit certification from ISACA and holds a BS in Electrical Engineering from Boston University. He participated in the Executive Business program at Suffolk University.
Mike Ahmadi, Global
Business Development Director, Codenomicon
Mike Ahmadi is the Global Director of Energy and ICS Security, as well as the Global Director of Medical Security for Codenomicon Ltd.
Mike is well known in the field of critical infrastructure security, including industrial control systems and health care systems.
He currently serves on the technical steering committee for the ISA Security Compliance Institute (ISCI) who manages and maintains the ISASecure certification program. Mike also currently serves as an active member of the US Department of Homeland Security Industrial Control Systems Joint Working Group, and as part of the advisory board for the US Secret Service Electronic Crimes Task Force. Mike has been a co-author in several publications, including the American Bar Association Security and Privacy guide, AAMI Journals, and also serves on the editorial board of ISSA Journal. Mikes interests are critical infrastructure security, including industrial control systems and medical devices and networks.
Fred Hintermister, Manager, ES- ISAC, North American Electric Reliability Corporation
Fred is Manager, Electricity Subsector Information Sharing and Analysis Center (ES-ISAC) at North American Electric Reliability Corporation (NERC). Previous roles have embraced innovation, business development, public-private partnership, risk management, security and insurance new product development. His blended background is uniquely suited to collaborative management of novel and advanced persistent threats, vulnerabilities, and the innovation required to meet them. He holds both MBA and undergraduate degrees from Cornell University, a Master of Science in Technology Commercialization from University of Texas at Austin and an Associate in Arts from Penn State.
Galen Rasch, Senior Program Manager Power Delivery and Utilization Sector, Electric Power Research Institute
Galen Rasche is a Senior Program Manager in the Power Delivery and Utilization (PDU) Sector at the Electric Power Research Institute (EPRI) for the PDU Cyber Security and Privacy Program. Additionally, he is responsible for coordinating the cyber security research across the PDU Sector, Generation Sector, and Nuclear Sector. He is experienced in the areas of cyber security, Smart Grid security and the penetration testing of embedded systems. He is also the CIGRE U.S. National Committee Study Committee D2 representative.
9. www.industrialcontrolsecurityusa.com
Industrial Control Security 6th - 7th October 2014
Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys
Billy is an accomplished author and speaker. Billy is recognized as one of the world’s most respected experts on emerging threats related to Industrial Control Systems (ICS), Critical Infrastructure (CI), and, medical devices. He discovered thousands of security vulnerabilities in hardware and software supporting ICS and critical infrastructure. He has been publically credited by the Department of Homeland Security (DHS) over 50 times for his support to the DHS ICS Cyber Emergency Response Team (ICS-CERT). Billy has led several prestigious security teams including security teams at Microsoft and Google. Billy was a Lead at Google where he led the front line response for externally reported security issues and incidents. Prior to Google, Billy was the Security Program Manager at Internet Explorer (Microsoft). During his time at Microsoft, Billy led the company’s response for several high profile incidents, including the response for Operation Aurora.
Seth Bromberger, Specialist in Critical Infrastructure Protection, Principal, NCI Security
Seth Bromberger has been involved in network and systems security for over nineteen years. His work history spans multiple industries and sectors, including government, finance, and energy. He is Principal at NCI Security, a consulting firm dedicated to the protection of domestic and international critical infrastructure. Previously, he was the Executive Vice President of Information Sharing and Government Outreach at Energy Sector Security Consortium, a registered 501(c)(3) non-profit organization he co-founded in 2008. Seth has held top-level security clearance and is authorized to handle Protected Critical Infrastructure Information (PCII).
Seth’s work on large scale data analysis and multi-source correlation techniques resulted in his being the listed inventor on patent application 13/339,509, “System And Method For Monitoring a Utility Meter Network”, which describes the TopSight™ system he developed to detect anomalous behavior in a multi- million node Smart Meter network while at Pacific Gas and Electric Company. He is also co-developer of the system described in patent application PCT/US2013/026504, “Method and System for Packet Acquisition, Analysis and Intrusion Detection in Field Area Networks” which is being used by utilities to analyze the complex interactions among devices participating in large- scale mesh networks.
Patricia Robison,
Professor, New York University
Ms. Robison is a technology specialist with expertise in cyber security and technology implementation in the energy and financial services industries..
As a Smart Grid Project Manager at Con Edison, she led the design and first demonstration of the interoperability and cyber security architecture for the Smart Grid Demonstration Project. The design aligns with NIST 7628 Smart Grid Security Framework and incorporates IEC standards where required. The Smart Grid Project at Con Edison leverages the Distribution Control Center Framework implemented in 1995 when she led the project for control center integration at the Area Control Centers.
As a professor at New York University, she designed the curriculum and requirements for NYU’s Certificate in Information Systems Security. She also teaches the Fast Track for Certified Information Systems Security Professional Certification class and the Information Systems Analysis and Design course for NYU’s Master of Science (M.S.) in Management and Systems.
Phillip Beabout,
Manager, Security Special Projects and Response Strategy, San Onofre Nuclear Generation Station
In my current position I am responsible for managing security projects related to the response strategy, SONGS Physical Security Plan, Safeguards Contingency Plan and associated processes and procedures. I am responsible for leading cross-divisional teams in making changes to security infrastructure, procedures, processes, and equipment. As the Security Assessor in Nuclear Oversight, I conducted assessments and audits in support of the Security division as well as working with and leading cross-functional teams such as Operations, Emergency Planning, and Performance Improvement.
John Ode, Field Product Manager, Cisco
John Ode is a Field Product Manager and former Cyber Security Incident Response Leader with over ten years experience deploying and utilizing security products in a critical infrastructure environment. Ode’s broad experiences include, policy and compliance development, computer forensics, e-discovery, cyber security incident response, law enforcement, and military munitions handling. Ode is passionate about solving real-world, complex problems.
10. Industrial Control Security 6th - 7th October 2014
Delegate list
Attending extract at time of print
www.industrialcontrolsecurityusa.com
Banu Acimis
Senior Utilities Engineer
California Public Utilities Commission
Mike Ahmadi
Global Business Development Director
Codenomicon
Ayman Al Issa
Digital Oil Fields Cyber Security Advisor
ADMA OPCO
JP Arcuri
VP & IT Officer
Calpine Corporation
William Barker
Chief Cyber Security Standards and Technology Advisor
NIST
Roberto Bayetti
Director California
ISO
Phillip Beabout
Manager, Security Special Projects and Response Strategy
San Onofre Nuclear Generation Station
Tye Bell
ICS Cyber Security Analyst
XTO Energy
Seth Bromberger
Specialist in Critical Infrastructure Protection, Principal
NCI Security
Steven Brunasso
Manager Security Systems
Burbank Water and Power
Reuben Dacher-Shapiro
Program Support Coordinator
National Cybersecurity Institute
Scott Decker
Power Systems Security Architect
PG&E
Luis Escalante
Utility System Analyst
Alameda Municipal Power
Sal Fernandez
Sr. Cyber Threat Specialist, Risk Monitoring, Enterprise Technology Risk Management
PG&E
Pat Figley
Account representative
Alert Enterprise
Jasvir Gill
CEO
Alert Enterprise
Billy Glenn
Principal Enterprise Architect
PG&E
Robert Grill
Sr. Information Security Analyst
SMUD
Margaret Hannaford
Division Manager
Hetch Hetchy Water and Power
Herb Harsch
Hydro-Tech
Northern California Power Agency
Fred Hintermiester
Manager, ES-ISAC
NERC
Jeff Johnson
IT Automation systems supervisor
XTO Energy
Pan Kamal
Vice President of Marketing and Product Management Alert Enterprise
Dr Jane LeClair
COO
National Cybersecurity Institute
11. Industrial Control Security 6th - 7th October 2014
Delegate list
Attending extract at time of print
www.industrialcontrolsecurityusa.com
Daniel Lehr
Asst. Division Manager
Hetch Hetchy Water and Power
Christine Liang
CIP Compliance Engineer
Peak Reliability
Benedict McCracken
Marketing Manager, Americas
BAE Systems Applied Intelligence
Samara Moore
Senior Policy Advisor, Cybersecurity Program Manager
Department of Energy
Rene Moreda
Director of Business Development
BAE Systems
John Ode
Field Product Manager
Cisco
Lei Peng
Network Analyst
Alameda Municipal Power
Michael Pyle
Vice President Cyber Security
Schneider Electric
Ross Quam
Principal Manager, Security
San Onofre Nuclear Generation Station
Galen Rasche
Senior Program Manager Power Delivery and Utilization Sector
EPRI
Steve Rawson
Senior SCADA Engineer
Northern California Power Agency
Billy Rios
Director of Threat Intelligence
Qualys
Patricia Robison
NYU and Smart Grid Project Manager Con Edison
New York University
Rebecca Ruiz
Manager of External Requirements and Analysis
Southern California Edison
Tim Sanguinetti
Hydro-Tech
Northern California Power Agency
Steve Sarver
Manager Security Operations
San Onofre Nuclear Generation Station
Scott Saunders
Chief Information and Security Officer Sacramento Municipal Utilties District
Patrick Sorrells
Supervisor
Sacramento Municipal Utilties District
Brad Taylor
Manager, IT Infrastructure
SFPUC
Zachariah Trublood
CIP Compliance Engineer
Sacramento Municipal Utility District
Mark Trump
Senior Solutions Consultant
BAE Systems Applied Intelligence
Edward Turkaly
Lead Engineer/Technologist
GE Oil & Gas
Mikko Varpiola
Founder and Test Suite Developer
#1, Codenomicon
12. Thank you to our Media Partners
Call for Papers
Industrial control cyber security Europe September 2015
Industrial control cyber security USA October 2015
Sagacity Media Ltd is an independent, content driven event organiser based in the United Kingdom based in the UK, with offices in Sacramento California. We deliver high level networking conferences, training courses, directors clubs, as well as a developing portfolio of next generation media platforms. With over 13 years of B2B events expertise, we bring a passion and a more modern multichannel “next generation approach” to our events.
Our vision is simple: Content is king. Our mission is to deliver the most informative networking platforms in the industry, whilst maintaining a cutting edge in both understanding how our audience’s are consuming media, and how we can deliver the highest value content both on and offline.
If you share our passion, we would be pleased to hear from you, whether its ideas for events, speaking opportunities or you wish to partner with us on our forthcoming shows.
Sincerely,
James Nesbitt
Programme Director
Sagacity Media Ltd
T:+44 (0)20 7096 1754
M:+44 (0)7909 525 306
jnesbitt@sagacity-media.com
www.sagacity-media.com