1. www.oilandgas-cybersecurity.com
Register online or fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711
ACADEMIC & GROUP DISCOUNTS AVAILABLE
PLUS TWO HALF-DAY POST-CONFERENCE WORKSHOPS
Wednesday 29th June 2016, Movenpick Hotel, Amsterdam, Netherlands
#SMiGroupEnergy
SMi Present the 6th Annual Conference on…
Oil and Gas
Cyber Security
Movenpick Hotel, Amsterdam, Netherlands
27 - 28
JUNE
2016
Dissecting the significance of the relationship between cyber and
physical security in the critical infrastructure of the oil and gas industry
What’s New in 2016:
• Regulation and policy, organising cyber security across
the oil and gas sector
• How does trust improve cyber resilience?
• Cyber security and digital data in IoT ecosystems
• Cyber security in the cloud ecosystems
Chairs for 2016:
Chris Hankin,
Director, Imperial College London
Siv Hilde Houmb,
Associate Professor, NTNU
Featured Speakers:
• Heli Tiirmaa-Klaar, Cyber Security Policy Advisor,
European External Action Service
• Johan Rambi, Privacy and Security Advisor, Alliander
• Lhoussain Lhassani, Senior Specialist Asset Management,
Stedin
• Franco Tessarollo, Security Manager, Hera
• Damiano Bolzoni, COO, Security Matters
• Bethany Yates, Energy Sector Lead, CERT-UK
• Ruud Denneman, Security Manger Production Domain,
Total E&P
BOOK BY 31ST MARCH AND SAVE £400 • BOOK BY 30TH APRIL AND SAVE £300 • BOOK BY 27TH MAY AND SAVE £200
A: Establishing an ICS cyber security programme
for the oil and gas sector and detect all kinds
of cyber incidents
Workshop Leader: Damiano Bolzoni, COO, Security Matters
08.30 – 12.20
B: Applied cyber security in the oil and gas industry:
Let’s play a serious game of cyber chess. From risk assessment
and vendor selection to continuous monitoring and optimisation
Workshop Leader: Arthur Van der Wees, Managing Director, Arthurs Legal
13.30 – 17.20
2. Oil and Gas Cyber Security
Day One | Monday 27th June 2016
Register online at: www.oilandgas-cybersecurity.com • Alternatively
08.30 Registration & Coffee
09.00 Chairman’s Opening Remarks
Chris Hankin, Director, Imperial College London
OPENING ADDRESS
09.10 Regulation and policy: Organising cyber security across
the oil and gas sector
• What governments need to do to help critical
infrastructure companies
• Estonian national cyber security system as an example
of well-functioning public and private partnership
• Different national cyber security models in Europe to
protect critical cyber assets
• Interlinking cyber security issues across sectors
Heli Tiirmaa-Klaar, Cyber Security Policy Advisor,
European External Action Service
09.50 How does trust improve cyber resilience?
• Introduction of the EE-ISAC community and members
• Information and sharing activities
• Lessons learned and next steps
Johan Rambi, Privacy and Security Advisor, Alliander
10.30 Morning Coffee
11.00 ICS security strategy and transformation – client and
vendor perspective
• Building blocks of developing an ICS strategy and
transformation program to execute the strategy
• DO’s and DONTs in executing the strategy
• Security requirements from vendors perspective and
how to address the growing ICS security requirements
from multiple clients
• A scalable approach
Trajce Dimkov, Senior Manager, Deloitte
11.40 Brilliant failures in cyber security
• Double-loop Learning in complex environments
• How to deal with uncertainty and risk in a complex,
dynamic world?
• Building knowledge to support a climate for innovation
and learning
• Raising awareness from those who try, whether they
succeed or fail
Paul Louis Iske, Professor, Maastricht University
12.20 Networking Lunch
13.30 PANEL DISCUSSION: What can governments
do to help?
• What are the best codes and conducts that
can be implemented across industry?
• How can we enforce commitment and practice to
these guidelines?
• Are universal guidelines necessary?
Panelists:
Chris Hankin, Director, Imperial College London
Heli Tiirmaa-Klaar, Cyber Security Policy Advisor, European
External Action Service
Bethany Yates, Energy Sector Lead, CERT-UK
14.10 Maximising the protection of our assets:
Security or resilience?
• Cyber security: What to protect and at what cost?
• Investing and optimising the cyber security of our
industrial control systems (ICS): Different roles
• What security is necessary and where this must be
implemented?
• New challenges: The most appropriate approaches to
the changing landscape of threats
• Design and best practices to protect our ICS environment
Lhoussain Lhassani, Senior Specialist Asset Management, Stedin
14.50 Afternoon Tea
15.20 Development and control of risk mitigation strategy
• Introduction of the risk model of Bowstar, a recent
development that has been developed by PIMS
International in close cooperation with Gasunie and
Engie and is used for their vital infrastructure
• Systematic development of the risk model including all
escalations and mitigations for all life cycles (example
on cyber and physical sabotage)
• Development and management of the mitigation plan
with the risk register of Bowstar
Rob Boss, CEO, Pims International and Risk Management
Consultant, Engie and Gasunie
16.00 Embracing shadow IT in critical infrastructure
• How I learned to stop worrying and love shadow IT
• Bring your own device: Bring your own disaster?
• Assessing, preventing, detecting and embracing
Shadow IT
Pieter Jansen, Co-Founder/CEO, Cybersprint
16.40 The insider threat: CERT-UK
• Understanding the human dimension
• Measuring employees levels of awareness
• ‘Insider threat’: What does this really mean to companies?
Bethany Yates, Energy Sector, CERT-UK
17.20 Security culture: Learning from safety
• People are often regarded as the weakest link in our
security defences and are key to good cyber security
• Good safety behaviour all at all times by everyone
is essential to maintain a safe working environment -
similarly maintaining security needs a good security
behaviour for everyone
• How do we measure the security culture in an
organisation and identify if our security programmes are
making the difference?
Andrew Wadsworth, Managing Consultant, Global Energy
and Utilities, PA Consulting Group
18.00 Chairman’s Closing Remarks and Close of Day One
Supported by
THE CHALLENGE OF CYBER SECURITY TO CRITICAL INFRASTRUCTURE
THE INSIDER THREAT
3. 08.30 Registration & Coffee
09.00 Chairman’s Opening Remarks
Chris Hankin, Director, Imperial College London
OPENING ADDRESS / KEYNOTE ADDRESS
09.10 Cybersecurity and digital data in IOT ecosystems
• Connecting value chains into durable IOT ecosystems
• How to deal with complex value chains and data life
cycles
• What does this mean for your organisation?
Arthur Van der Wees, Managing Director, Arthurs Legal
09.50 How does the internet of things (IoT) change the cyber
security risk posture for oil and gas installations?
• How does IoT relate to integrated operations and the
increased use of remote connections and control on oil
and gas installations?
• What is the main advantage of IoT for production/
operation efficiency and how does this affect the rate
at which IoT will be introduced?
• What are the core cybersecurity challenges with IoT in
general?
• What are the additional cybersecurity challenges with
IoT for oil and gas installations?
Siv Hilde Houmb, Associate Professor, NTNU
10.30 Morning Coffee
11.00 Cyber security in the cloud
• What is cloud computing?
• Is it ‘safe’?
• What cyber security threats are hiding inside the cloud?
• How can we deal with them?
Franco Tessarollo, Security Manager, Hera
11.40 Security and prevention challenges in oil and gas
information and data management
• Why is data management is critical for the oil and gas
industry?
• Data management security risks
• Examining the security and integrity strategies
• Defining security roles and responsibilities for data
• An outlook on data integration and Its risks
Gunay Faruk Ozer, Global Head of IT Department,
Genel Energy Plc (Subject to final confirmation)
12.20 Networking Lunch
13.30 Cyber risks, due diligence and regulatory compliance
• Developing policies and procedures
• Internal compliance audits
• External compliance audits
• The cost of non-compliance
Robert Bond, Head of Data Protection and Cyber Security
Group, Charles Russell Speechlys
14.10 PANEL DISCUSSION: Emerging cyber threats
in the oil and gas sector
• What is happening today and why?
• Are advanced persistent threats a real risk or should
we rather spend our money and resources on cleaning
viruses and malware from existing drilling assets?
• The current risk situation and what is likely to happen
within the next five years
Panelists:
Siv Hilde Houmb, Associate Professor, NTNU
Damiano Bolzoni, COO, Security Matters
Arthur Van der Wees, Managing Director, Arthurs Legal
14.50 Afternoon Tea
15.20 Cyber security in the oil and gas production domain
• What are the threats and risks?
• Mitigating measures through standardising procedures,
establishing competences and understanding behaviour
• Assess how latest technologies and enterprise
architectures could strengthen cyber security
Ruud Denneman, Security Manger Production Domain,
Total E&P
16.00 Detecting all type of cyber incidents
• Cyber-attacks and malware are not the only cyber
incidents happening within industrial networks
• Network segmentation and asset inventory are just the
first steps to secure industrial networks
• An analysis of real-life examples of cyber incidents that
could have affected the business continuity of critical
organisations
• Discussion of the best practices to detect such cyber
incidents
Damiano Bolzoni, COO, Security Matters
16.40 CASE STUDY: The Defence Cyber Protection
Partnership (DCPP): Working together to protect
the defence sector from the cyber threat
• Why assurance of the supply chain’s level of
cyber protection matters
• Why the DCPP was formed and the objectives it was set
• How the cyber security model was developed and what
it will mean for defence suppliers
• Next steps
Daniel Selman, Cyber Industry and Information Security
Policy Deputy Head, Ministry of Defence
17.20 Chairman’s Closing Remarks and Close of Day Two
y fax your registration to +44 (0)870 9090 712 or call +44 (0)870 9090 711
Want to know how you can get involved?
Interested in promoting your services
to this market?
Contact Anna Serazetdinova,
SMi Marketing on +44 (0) 207 827 6180
or email: aserazetdinova@smi-online.co.uk
Oil and Gas Cyber Security
Day Two | Tuesday 28th June 2016
MANAGING THREAT INTELLIGENCE
RESPONDING TO A CYBER ATTACK
RAMIFICATIONS OF THE INTERNET OF THINGS
IN THE OIL AND GAS SECTORS
4. A: Establishing an ICS cyber security
programme for the Oil and Gas sector
and detect all kinds of cyber incidents
Workshop Leader:
Damiano Bolzoni, COO, Security Matters
HALF-DAY POST-CONFERENCE WORKSHOP
Wednesday 29th June 2016
08.30 – 12.20
Movenpick Hotel, Amsterdam, Netherlands
Overview of Workshop
In this workshop we will first discuss the key ingredients
of an ICS cybersecurity programme and the basic
steps organisations can take to establish one. We
will then discuss the different types of cyber incidents
(with real-life examples) that could take place in an
Oil & Gas sector, and those could affect business
continuity. We will not limit our discussion to malware
and cyber attacks, but other types of cyber incidents
as well. We will conclude discussing countermeasures
organisations can put in place to limit the impact or
likelihood of cyber incidents.
Programme
08.30 Registration
09.00 Opening remarks and introductions
09.10 Overview of an ICS cyber security
programme
09.50 Session 2: Basic steps to take to start
implementing an ICS cyber security
programme
10.30 Morning Coffee
11.00 Session 3: Types of cyber incidents and
real life examples
• Cyber attacks
• Misconfiguration
• Software bugs
• Misuse and operational errors
11.40 Countermeasures
12.20 Closing remarks
About the Workshop Leader:
Damiano Bolzoni received his PhD in 2009 from the
University of Twente (the Netherlands) with a thesis
entitled “Revisiting Anomaly-based Network Intrusion
Detection Systems”. Since 2008 he has been working
with several large international Critical Infrastructure
organizations to tackle the issues of cyber security in
the ICS/SCADA domain. He has spoken at a number
of top industry cybersecurity events, including Black
Hat and S4.
5. B: Applied cyber security in the
oil and gas industry: Let’s play a
serious game of cyber chess. From risk
assessment and vendor selection to
continuous monitoring and optimisation
Workshop Leader:
Arthur Van der Wees, Managing Director,
Arthurs Legal
HALF-DAY POST-CONFERENCE WORKSHOP
Wednesday 29th June 2016
13.30 – 17.20
Movenpick Hotel, Amsterdam, Netherlands
Overview of Workshop
Cyber security is and will remain a trending topic.
The European Commission, ENISA, NIST and other
standardization development organisations and
regulatory bodies are very active in developing and
providing global cyber security frameworks, guidelines
and standards. On the other hand, companies,
governments and organisations around the world are
looking for practical methods and best practices in
order to apply to the real world.
This workshop will provide you with those practical
insights, by means of the Three Phases Methodology, so
youcanputthisintopracticeinasolidanddurableway
andsoyoucanassess,select,procure,andcontinuously
monitor and optimise IT, Cloud, IoT and the like.
Programme
13.30 Opening remarks
13.30 Setting the cyber scene with brilliant
failiures
14.10 The talk: Update of the latest in global
cyber security standardisation initiatives
(EC, ENISA, NIST)
14.50 Coffee break
15.20 The three methodologies walk: How to
landscape, assess, select, procure, deal out,
monitor and optimise your current and new
cyber security ecosystems and life cycle
16.10 Interactive continuous heat mapping
17.20 Closing remarks
About the Workshop Leader:
Arthur Van der Wees is founder and Managing Partner
of international law firm Arthur’s Legal, as well as
strategist, technology standardisation expert, investor
and frequent speaker worldwide, who has in-depth
experience and is well-connected in the world of
technology, data, innovation, standardisation and
global business.
Sponsorship and Exhibition Opportunities
SMi offer sponsorship, exhibition, advertising and
branding packages, uniquely tailored to complement
your company’s marketing strategy. Prime networking
opportunities exist to entertain, enhance and expand
your client base within the context of an independent
discussion specific to your industry.
Should you wish to join the increasing number of
companiesbenefitingfromsponsoringourconferences
please call:Alia Malickon+44 (0) 20 7827 6168 oremail:
amalick@smi-online.co.uk
6. Please complete fully and clearly in capital letters. Please photocopy for additional delegates.
Title: Forename:
Surname:
Job Title:
Department/Division:
Company/Organisation:
Email:
Company VAT Number:
Address:
Town/City:
Post/Zip Code: Country:
Direct Tel: Direct Fax:
Mobile:
Switchboard:
Signature: Date:
I agree to be bound by SMi’s Terms and Conditions of Booking.
ACCOUNTS DEPT
Title: Forename:
Surname:
Email:
Address (if different from above):
Town/City:
Post/Zip Code: Country:
Direct Tel: Direct Fax:
Payment: If payment is not made at the time of booking, then an invoice will be issued and must
be paid immediately and prior to the start of the event. If payment has not been received then
credit card details will be requested and payment taken before entry to the event. Bookings within
7 days of event require payment on booking. Access to the Document Portal will not be given until
payment has been received.
Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, another
delegate to take your place at any time prior to the start of the event. Two or more delegates may
not ‘share’ a place at an event. Please make separate bookings for each delegate.
Cancellation: If you wish to cancel your attendance at an event and you are unable to send
a substitute, then we will refund/credit 50% of the due fee less a £50 administration charge,
providing that cancellation is made in writing and received at least 28 days prior to the start of the
event. Regretfully cancellation after this time cannot be accepted. We will however provide the
conferencesdocumentationviatheDocumentPortaltoanydelegatewhohaspaidbutisunable
to attend for any reason. Due to the interactive nature of the Briefings we are not normally able
to provide documentation in these circumstances. We cannot accept cancellations of orders
placed for Documentation or the Document Portal as these are reproduced specifically to order.
If we have to cancel the event for any reason, then we will make a full refund immediately, but
disclaim any further liability.
Alterations: It may become necessary for us to make alterations to the content, speakers, timing,
venue or date of the event compared to the advertised programme.
Data Protection: The SMi Group gathers personal data in accordance with the UK Data Protection
Act 1998 and we may use this to contact you by telephone, fax, post or email to tell you about
other products and services. Unless you tick here □ we may also share your data with third parties
offeringcomplementaryproductsorservices.Ifyouhaveanyqueriesorwanttoupdateanyofthe
data that we hold then please contact our Database Manager databasemanager@smi-online.
co.uk or visit our website www.smi-online.co.uk/updates quoting the URN as detailed above your
address on the attached letter.
Payment must be made to SMi Group Ltd, and received before the event, by one of the
following methods quoting reference E-069 and the delegate’s name. Bookings made within
7 days of the event require payment on booking, methods of payment:
□ UK BACS Sort Code 300009, Account 00936418
□ Wire Transfer Lloyds TSB Bank plc, 39 Threadneedle Street, London, EC2R 8AU
Swift (BIC): LOYDGB21013, Account 00936418
IBAN GB48 LOYD 3000 0900 9364 18
□ Cheque We can only accept Sterling cheques drawn on a UK bank.
□ Credit Card □ Visa □ MasterCard □ American Express
All credit card payments will be subject to standard credit card charges.
Card No: □□□□ □□□□ □□□□ □□□□
Valid From □□/□□ Expiry Date □□/□□
CVV Number □□□□ 3 digit security on reverse of card, 4 digits for AMEX card
Cardholder’s Name:
Signature: Date:
I agree to be bound by SMi’s Terms and Conditions of Booking.
Card Billing Address (If different from above):
VAT at 21% is charged to the attendance fees for all delegates, except taxable persons
Established in the Netherlands – Reverse Charge – Article 194
Vat at 20% is also charged on Document Portal and Literature distribution for all UK customers
and for those EU Customers not supplying a registration number for their own country here
______________________________________________________________________________________
If you have any further queries please call the Events Team on tel +44 (0) 870 9090 711 or you can email events@smi-online.co.uk
□ Book by 31st March to receive £400 off the conference price
□ Book by 30th April to receive £300 off the conference price
□ Book by 27th May to receive £200 off the conference price
EARLY BIRD
DISCOUNT
I would like to attend: (Please tick as appropriate) Fee Total
□ Conference & 2 Workshops £2497.00 +VAT £3021.37
□ Conference & 1 Workshop A □ B □ £1898.00 +VAT £2296.58
□ Conference only £1299.00 +VAT £1571.79
□ 2 Workshops £1198.00 +VAT £1449.58
□ 1 Workshop only £599.00 +VAT £724.79
Workshop A □ Workshop B □
Oil and Gas Companies, Public Sector
□ Conference & 2 Workshops £2097.00 +VAT £2537.37
□ Conference & 1 Workshop A □ B □ £1498.00 +VAT £1812.58
□ Conference only £899.00 +VAT £1087.79
□ 2 Workshops £1198.00 +VAT £1449.58
□ 1 Workshop only £599.00 +VAT £724.79
Workshop A □ Workshop B □
PROMOTIONAL LITERATURE DISTRIBUTION
□ Distribution of your company’s promotional
literature to all conference attendees £999.00 + VAT £1198.80
The conference fee includes refreshments, lunch, conference papers, and access to
the Document Portal. Presentations that are available for download will be subject to
distribution rights by speakers. Please note that some presentations may not be available
for download. Access information for the document portal will be sent to the e-mail
address provided during registration. Details are sent within 24 hours post conference.
□ Please contact me to book my hotel
Alternatively call us on +44 (0) 870 9090 711,
email: events@smi-online.co.uk or fax +44 (0) 870 9090 712
I cannot attend but would like to purchase access to the following
Document Portal/paper copy documentation Price Total
□ Access to the conference documentation
on the Document Portal £499.00 + VAT £598.80
□ The Conference Presentations – paper copy £499.00 - £499.00
(or only £300 if ordered with the Document Portal)
Unique Reference Number
Our Reference LVE-069
DELEGATE DETAILS
Terms and Conditions of Booking
PAYMENT
VAT
DOCUMENTATION
VENUE Movenpick Hotel, Piet Heinkade 11, 1019 BR Amsterdam, Netherlands
Oil and Gas Cyber Security
Conference: Monday 27th & Tuesday 28th June 2016, Movenpick Hotel, Amsterdam, Netherlands Workshops: Wednesday 29th June 2016, Netherlands
4 WAYS TO REGISTER
www.oilandgas-cybersecurity.com
FAX your booking form to +44 (0) 870 9090 712
PHONE on +44 (0) 870 9090 711
POST your booking form to: Events Team, SMi Group Ltd, 2nd Floor
South, Harling House, 47-51 Great Suffolk Street, London, SE1 0BS, UK
CONFERENCE PRICES