Oil and Gas iQ’s Cyber Security for Oil and Gas event will bring together relevant stakeholders to discuss the most pressing cyber security issues facing the oil and gas sector. Presentations will examine threat trends, identify immediate and long-term needs, and reveal up-and-coming technologies for use in evolving threat environments. Security managers, IT strategy implementers, and industry partners will gather in Houston, TX to network, share best practices and explore potential paths to mitigate the threat of energy-focused attacks from cyber adversaries. For more information visit http://bit.ly/1cwasCO
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Cyber Security for Oil and Gas
1. www.OilandGasCyberSecurity.com
September 16-18, 2013 • Houston, TX Metro Area
Richard A. Clarke
Chairman
Good Harbor Security
Risk Management
Michael W. Locatis
Former Assistant Secretary
of Cyber Security and
Communications, DHS
Dmitri Alperovitch
Co-Founder & CTO
Crowdstrike
Jonathan Pollet
Founder, Principal
Consultant
Red Tiger Security
Ian McCredie
Former Head of
Global Security
Services, Shell
Mischel Kwon
Former Director,
US-CERT
Bob Stasio
Former Chief of
Operations, NSA Network
Operations Center
Paul Williams
Executive Director of
Security Services, White
Badger Group
Steven Elwart
Director of Systems
Engineering, Ergon
Refining
Enhancing Mitigation Capabilities for Network Cyber Threats
Featured Speakers
2. Who you will meet:
Security managers, IT strategy implementers,
and industry partners will gather to network,
share best practices and explore potential
paths to mitigate the threat of energy-
focused attacks from cyber adversaries.
Dear Colleague,
As the Obama administration and other key figures in the government continue to
stress the critical nature of cyber security and the dangers/implications of cyber
attacks, critical industries like energy are seeking to update their cyber threat
mitigation efforts in regards to network security. With the range and breadth of cyber
threats on the rise, many of which are specifically targeting energy facilities,
operations and companies, this urgent issue must be addressed at the highest levels.
Because recent attacks ranging from Operation Night Dragon to Shamoon have
redefined the security reality for the energy sector, Oil & Gas iQ’s Cyber Security
for Oil and Gas conference serves as the central meeting point for oil and gas
network security personnel who strive to significantly impact the landscape of cyber
security in their organizations and sector at-large. At this event you will have the
unique opportunity to interact and network with senior-level professionals with the
following expertise:
• Tactical Cyber Security Planning
• Data Management and Security
• Information Analysis and Dissemination
• Critical Infrastructure Network Operations
• Information Technology and Sharing
• Assessing Adversary Capability and Intentions
• Interagency Cooperation
• Information Security
• National Security
• Training and Doctrine
In-depth briefings and presentations from Washington insiders including Richard
Clarke, Michael Locatis and Mischel Kwon will give you the latest on current
government initiatives targeting cybersecurity. Understand the evolving nature of this
cyber threat as it pertains to the oil and gas industry and operations specifically
through comprehensive analysis of attacks and adversaries by leading cybersecurity
experts such as Dmitri Alperovitch, Adam Meyers, Bob Stasio and Jonathan Pollet.
These cybersecurity specialists will address the rise of cyber attacks against the energy
sector, the evolution of the cyber threat from random hacking to advanced persistent
threats, the issues associated with fighting a nation-state adversary with unlimited
funding and resources, and the future of cyber security for energy network
infrastructures. You will also be briefed on sector-wide outreach and partnership
initiatives by your peers who are working to promote the energy sector’s cybersecurity
interests and raise awareness on this key issue at the sector level.
Don’t miss the chance to take part in this exclusive discussion with key leaders and
experts from the oil and gas sector, policy administration, and cyber security
technology and innovations community. Reserve your place as a part of this
unique event by calling 1.800.882.8684 or visiting
www.OilandGasCyberSecurity.com!
I look forward to welcoming you to this exciting event,
Saxon H. Burke
Lead Producer, Oil & Gas iQ
2
Creating Cyber ‘Surgeons’:
Thinking Like the Adversary
September 16-18, 2013
Houston, TX Metro Area
‘Cyber Warriors’ are unique, highly-trained
individuals, who’s skill set is honed on how
cyber adversaries operate. Like surgeons, it
takes an immense amount of work and
training to master the cyber profession.
The following interview with Bob Stasio, Former
Chief of Operations at the NSA Network
Operations Center, explores the development of
American ‘Cyber Soldiers’, personal experiences in
‘Ethical Hacking’, and a discussion on the need for
drastic action and increased cyber security in light
of ever-present and destructive threats (including
April’s ‘Spamhaus’ attack).
Interview questions include:
• Tell us about the development of American
‘Cyber Soldiers’ – what are the goals, the
aims, and the reality?
• Tell us about your work as a ‘Ethical
Hacker’. What does this mean, how is the
intelligence applied for cyber advantage?
• How easy it for hackers to bypass ‘secured
networks’ in order to extract critical and
confidential information? In your opinion,
do enough organizations have well
equipped cyber security measures in place?
• With Cyber so heavily on the agenda of the
federal government, we are seeing daily
news alerts of cyber attacks (including the
‘Spamhaus’ Dutch attack this week) – what
do cases like this highlight about the ever
present and evolving nature of cyber
attacks, and the need for drastic action and
increased cyber security?
• Software vs. human intelligence – what is
your take on the value and role of each for
cyber security?
To read the complete interview visit
www.OilandGasCyberSecurity.com
www.OilandGasCyberSecurity.com • 1-800-882-8684
Why attend:
Oil and Gas iQ’s Cyber Security for Oil and Gas
event will bring together relevant stakeholders
to discuss the most pressing cyber security
issues facing the oil and gas sector.
What you will hear:
Presentations will examine threat trends,
identify immediate and long-term needs,
and reveal up-and-coming technologies for
use in evolving threat environments.
P.S. Don’t miss the full-day workshop
on September 16 by Dmitri Alperovitch
on the targeted energy sector attack,
Operation Night Dragon!
3. ESPIONAGE AND ENERGY FOCUS DAY
Monday, September 16, 2013
3www.OilandGasCyberSecurity.com • 1-800-882-8684
FACILITATOR:
Dmitri Alperovitch,
Co-Founder and CTO,
Crowdstrike
Dmitri Alperovitch is the Co-Founder
and CTO of CrowdStrike Inc., leading its
Intelligence, Research and Engineering
teams. A renowned computer security
researcher, he is a thought-leader on
cybersecurity policies and state tradecraft.
Prior to founding CrowdStrike, Dmitri was
a Vice President of Threat Research at
McAfee, where he led the company’s
global Internet threat intelligence analysis.
With more than a decade of experience in
the field of information security,
Alperovitch is an inventor of ten patented
and sixteen patent-pending technologies
and has conducted extensive research on
reputation systems, spam detection, web
security, public-key and identity-based
cryptography, malware and intrusion
detection and prevention.
“The Obama administration plans to boost U.S. spending on computer network security,
including a 21 percent increase at the Pentagon, after reports of rising cyber attacks and
electronic theft of secrets linked to China.” -Bloomberg News, April 2013
Did You Know?
The energy sector was the target of more than 40 percent of all reported cyberattacks on critical infrastructure
networks last year, according to the Department of Homeland Security (DHS).
According to cybersecurity professionals, malicious software unintentionally downloaded by offshore oil workers has
incapacitated computer networks on some rigs and platforms, exposing gaps in security that could pose serious risks
to people and the environment.
As the number of cyber-attacks increase, realization of the financial implications of persistent cyber threats will boost
cybersecurity spending in this field during the forecasted period. Spending is set to pick up considerably from 2014
onwards. ABI Research calculates that cybersecurity spending on the oil & gas critical infrastructure will reach $1.87
billion by 2018. This includes spending on IT networks, industrial control systems and data security; counter measures;
and policies and procedures.
9:30 Registration and Breakfast
10:00 Uncovering Operation Night Dragon: Lessons Learned for
the Energy Sector
• Attack discovery methodology and process
• Key exploits and hallmarks of the attack that inform the future
• Why energy companies? The importance of the energy sector to
hackers and nation-state adversaries
11:30 BREAK
11:45 Watching You: Espionage Intentions and Adversary
Capabilities
• Detecting unsophisticated but dangerous compromises
• Knowing your information’s value: what is it worth to the adversary?
• Once a target, always a target: waiting for the right time to attack
1:00 LUNCH
1:45 Avoiding Transfers of Wealth and Loss of Proprietary Data
from Cyber Intrusions
• Configuring intrusion detection systems to discover backdoors
• Trojan components: what types of information they are seeking
• Avoiding being compromised by the use of Remote Administration
Tools (RATs)
3:00 END OF ESPIONAGE AND ENERGY FOCUS DAY
1
2
3
4. 4www.OilandGasCyberSecurity.com • 1-800-882-8684
7:30 Registration and Coffee
8:15 Chairperson’s Welcome & Opening Remarks
8:30 Addressing the Evolving Cyber Threat
• Bridging the transition between cyber national security
priorities
• Threat vectors and motivations affecting global business
operations
• Conducting multi-discipline, all-source intelligence
collections on cyber adversaries
9:15 Situational Awareness for the Energy Sector on
the President’s Cyber Security Agenda
• Understanding the Cyber Security Executive Order
ramifications for the energy sector
• Increasing situational awareness for future implementation
requirements
• Working with public-private coalitions on incident
management and information sharing
Michael Locatis
Former Assistant Secretary of Cyber Security
and Communications
DHS
10:00 Networking Break
10:45 Identifying New Trends in Warfare: Cyber v.
Kinetic
• Examining homeland security in light of new warfare trends
• Countering nation-state threats against private sector
entities
• Developing a risk profile for an energy company and the
energy sector
Richard A. Clarke
Chairman
Good Harbor Security Risk Management
11:30 Working With Washington – Cooperation and
Implementation
• Ensuring a flexible response via informal and informal
groups from government and the private sector
• How can private sector cooperation enhance IC
capabilities?
• Secure and effective information sharing between the
government and the private sector
Mischel Kwon
Former Director, US-CERT
Mischel Kwon & Associates
12:15 Lunch
1:15 Informing Your Organization: Key Takeaways for
Educating your Boss
• Preparing senior management for the effects of
Washington cybersecurity focus
• Strategizing the road ahead for merging known threats
with your valuable Intellectual Property
• Developing a way-ahead for resource allocation in terms of
strategic intelligence
John Felker
Vice President, Cyber Programs
SCI Consulting
2:00 Thinking Like the Adversary: Hacker Techniques
and Tools
• Extracting critical and confidential information via social
engineering
• Implementing back doors for long-term data acquisition
• Targeting outsourced service providers for network access
through trusted connections
Bob Stasio
Former Chief of Operations,
NSA Network Operations Center
2:45 Networking Break
3:30 Understanding the Human Factor: Insider Threats
and Vulnerabilities
• The realities of your insider threat and the human element
in securing your information
• Understanding and qualifying threats and vulnerabilities
from within your organization
• Evaluating and designing proactive defense strategies to
effectively counter the Insider Threat
Michelle Moore
Founder
MyM Solutions
4:15 Situational Awareness: the Importance of Oil and
Gas Network Monitoring Systems in Cyberspace
Domains
• Next generation intruder detection through more than
simple scans
• Benefits of monitoring systems and pitfalls to be aware of
• What now? Incident management following the discovery
of an extant threat
Jonathan Pollet
Founder/Principal Consultant
Red Tiger Security
5:00 End of Main Conference Day One
MAIN CONFERENCE DAY ONE
Tuesday, September 17, 2013
5. 5www.OilandGasCyberSecurity.com • 1-800-882-8684
7:30 Registration and Coffee
8:15 Chairperson’s Opening Remarks
8:30 Hallmarks and Lessons Learned from Energy-
Specific Attacks
• Shamoon: intrusions directed at energy companies
• Duku: Control operating systems as key focus areas for
intruders
• Stuxnet: Facts and lessons learned for energy systems
operations managers and implementers
Adam Meyers
Director of Intelligence
Crowdstrike
9:15 Evaluating Legal Implications of System Intrusions
for Energy Companies
• Post incident liability mitigation for BCP
• Reasonable steps to prevent attacks and which technologies
are best to document incidents
• Strategizing the best approach to mitigate company
exposures after an incident
Scott Weber
Partner
Patton Boggs LLP
10:00 Networking Break
10:45 Optimizing Business Success in a Hostile Cyber
Environment
• Strategies for high-value target companies sharing
information in an assumed compromised environment
• Implementing strong policies to counterbalance weaknesses
in systems and behaviors
• Strategies for knowledge sharing with non-security
employees involved in business negotiations
Ian McCredie
Former Head of Global Security Services
Shell
11:30 Case Study for Energy Targeting: Operation Shady
RAT and Operation Aurora
• Training and doctrine for enhanced data protection through
successful monitoring of common operating networks
• Emerging technologies for enhanced system resilience
• Leveraging Cloud technology without sacrificing network
security fundamentals
Dmitri Alperovitch
Co-Founder and CTO
Crowdstrike
12:15 Lunch
1:15 Resolving Back Doors Between Business Networks
and SCADA Systems
• Prioritizing network common elements and operations networks
simultaneously
• Supporting system security holistically through critical
infrastructure tie-ins
• Resolving IT priorities with the realities of operations networks
to foster security measure effectiveness
Sponsorship Opportunities Available
Contact Marc Zamarin IDGA 1-877-886-0722 or
sponsorship@idga.org
2:00 Enhancing SmartDevice Security: Protecting Critical
Information in the Field
• Cybercriminal capabilities and your exposure to data theft from
lost mobile devices
• How to build an app store that ensures a quality brand
• Guidelines for building more secure smartphones using only
commercial software and hardware
Jeff Voas
Computer Scientist
US National Institute for Standards and
Technology
2:45 Networking Break
3:30 Panel Session: Producing Actionable Intelligence
Through Knowledge Sharing
• Cyber security awareness lessons learned for avoiding
operational hazards across industry
• Best practices in system monitoring for same-day attack data
assessment
• Leveraging knowledge transfer through information sharing to
better support IT security personnel
Steven Elwart
Director of Systems Engineering
Ergon Refining
Denise Anderson
Vice President, Government and Cross-Sector Programs
Financial Services Information Sharing and Analysis
Center (FS-ISAC)
4:15 Maintaining Critical Information Fidelity in a Venture
Partnership Environment
• Strategizing information exchange for security-conscious
business enterprises
• Developing effective countermeasures against information leaks
and loss
• Addressing security breaches with partner companies
Paul Williams
Executive Director of Security Services
White Badger Group
5:00 End of Main Conference Day Two
MAIN CONFERENCE DAY TWO
Wednesday, September 18, 2013