CYBER S - IQPC
7
phone: +44 (0) 20 7 036 1300 • email: [email protected] • visit: www.icscybersecurityevent.com Pre-conference workshops: 26th April 2016 Main conference: 27th - 28th April 2016 Venue: Pestana Chelsea Bridge Hotel, London, United Kingdom phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com [ _Enhance your understanding of security solutions and how they can protect your control systems from malicious intrusions ] [ _Gain exclusive insight from a panel of experts including heads of information security, SCADA engineers and leading academics – increase your knowledge of the threats facing to your organisation ] [ _Learn about critical guidelines and legislations being developed to monitor and control the quality of ICS cyber security solutions to ensure total security from EDF Nuclear New Build and Total E&P ] Ensuring the safety of your industrial control systems from the growing cyber threat Ben Lowater Deputy Director for CNI CESG Phil Litherland Head of ICS EDF Nuclear New Build Graham Herries Director of Systems Integration Engineering Excellence Group Laing O’Rourke Eireann Leverett Senior Risk Researcher Cambridge Centre for Risk Studies Rosella Mattioli Security and Resilience of Communication Networks Officer ENISA John Dickinson Cyber Security Control Systems Manager Sellafield Ltd Robert Oates Software Intensive Systems Engineer Rolls Royce Paul Jenkinson IT Security Manager UK Power Networks Ruud Denneman, Functional Safety and Control Engineering Specialist Total E&P CYBER SECURITY ICS Leading Experts Speaking at ICS 2016 include: CYBER
Transcript of CYBER S - IQPC
phone: +44 (0) 20 7 036 1300 • email: [email protected] • visit:
www.icscybersecurityevent.com
Pre-conference workshops: 26th April 2016 Main conference: 27th - 28th April 2016 Venue: Pestana Chelsea Bridge Hotel, London, United Kingdom
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com
[ _ Enhance your understanding of security solutions and how they can protect your control systems from malicious intrusions ]
[ _ Gain exclusive insight from a panel of experts including heads of information security, SCADA engineers and leading academics – increase your knowledge of the threats facing to your organisation ]
[ _ Learn about critical guidelines and legislations being developed to monitor and control the quality of ICS cyber security solutions to ensure total security from EDF Nuclear New Build and Total E&P ]
Ensuring the safety of your industrial control systems from the growing cyber threat
Ben Lowater Deputy Director for CNI CESG
Phil Litherland Head of ICS EDF Nuclear New Build
Graham Herries Director of Systems Integration Engineering Excellence Group Laing O’Rourke
Eireann Leverett Senior Risk Researcher Cambridge Centre for Risk Studies
Rosella Mattioli Security and Resilience of Communication Networks Officer ENISA
John Dickinson Cyber Security Control Systems Manager Sellafield Ltd
Robert Oates Software Intensive Systems Engineer Rolls Royce
Paul Jenkinson IT Security Manager UK Power Networks
Ruud Denneman, Functional Safety and Control Engineering Specialist Total E&P
CYBER SECURITYIC
CYBER
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com2
Dear Colleagues,
Following last year’s hugely successful ICS Cyber Security event, 2016 will see the return of the conference to London (26 – 28 April). Boasting a speaker panel from across a range of industries including Nuclear, Manufacturing, Oil and Gas, who will offer an analysis of the business risk of cyber intrusions into ICS , and deliver the premier event for securing ICS from malicious intrusion.
Industrial Control Systems continue to receive increased attention globally as both business and governments realise the severe consequences of a successful cyber attack on CNI or a key facility and the potential public relations fallout that can occur. As a result, we are delighted to announce the attendance of Sellafield Ltd, Alliander, Total E&P and the EDF Energy Nuclear New Build, presenting case studies and best practices.
ICS Cyber Security 2016 will not only raise your awareness of the current threats to industrial control systems but it will also explore how to combat them, emphasising the preventative and reactive measures that you can take to protect the systems and the plants that they control though encouraging interaction across your organisation.
If you would like more information about any aspect of the event then please do not hesitate to contact our enquiries team on +44 (0) 207 036 1300 or email [email protected]
Until then, I look forward to welcoming you to London in April.
Yours sincerely,
SCADA Engineers
Who should attend ICS Cyber Security?
Welcome Letter Confirmed Speakers for 2016
“Do not miss this unique opportunity to learn from leading experts about how to protect your sensitive SCADA and control
systems from cyber attack”
Phil Litherland, Head of ICS, EDF Nuclear New Build
Chris Morriss, Primary Cyber Scientist, DSTL
Rosella Mattioli, Security and Resilience of Communication Networks Officer, ENISA
John Dickinson, Cyber Security Control Systems Manager, Sellafield Ltd
Ruud Denneman, Functional Safety and Control Engineering Specialist, Total E&P
Chris Rivinus, Head of IT and Finance, Tullow Oil
Mark Camillio, Cyber Leader, AIG
Robert Oates, Software Intensive Systems Engineer, Rolls Royce
Christopher Hankin, Director, Institute for Security Science and Technology, Imperial College
Helge Janicke, Head of the Cyber Security Centre and Software Technology Research Laboratory, De MontFort University
Eireann Leverett, Senior Risk Researcher, Cambridge Centre for Risk Studies
Paul Jenkinson, IT Security Manager, UK Power Networks
Dr John Easton Lecturer, School of Electronic, Electrical and Systems Engineering University of Birmingham
Dr Tom Chothia Lecturer, School of Computer Science University of Birmingham
Graham Herries, Director of Systems Integration, Engineering Excellence Group, Laing O’Rourke
Erwin Kooi, Information Security Architect, Alliander
Robert Martin, Sr. Secure Software & Technology Principal Engineer at The MITRE Corporation and Director of the Industrial Internet Consortium
William Horner, Process Automation Consultant, Horner Technologies
CYBER
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com3
Pre-Conference Workshops Tuesday 26th April
New research co-funded by the Engineering and Physical Sciences Research Council (EPSRC) will focus on the cyber security of the UK’s vital industrial control systems including manufacturing plants, power stations, the electricity grid and the rail network.
This multi-disciplinary study brings together internationally leading expertise in cyber security, resilience of industrial control systems (ICS), risk management and ethnographic studies of socio- technical environments. The overall purpose of the project is to improve the integration of security and resilience metrics into ICS business risk analysis.
This workshop will provide a series of roundtable discussions around risk perception as a key component of cyber defence, from crossed perspectives: technical, social and organisational. The objective is to assess how various stakeholders across an organisation (e.g., board members, managers, engineers, security personnel, end-users and any other informed people) perceive and deal with cyber risk into ICS. During the workshop, focus group sessions will explore: • The vision of risk as a negotiation
mechanism between people involved in different roles in an organisation
• How gradations of risk scenarios – from acceptable to unacceptable – are managed
• The relationship between commercial- side and production-side regarding risk
• The relationship between costs, risks, organisational culture and available knowledge in order to best protect ICS’
Attendees will leave the session with: • A unique multidisciplinary approach to
risk management • An improved awareness of technical
risks as well as their human and organisational components
• New insights from a converged approach encompassing technical and business perspectives
About our Workshop Leader
Professor John Easton, University of Birmingham.
The Research Institute in Trustworthy Industrial Control Systems (RITICS), based at Imperial College London, is co- ordinating the research with a £2.5 million investment into new projects at Queen’s University of Belfast, the University of Birmingham, City University London and Lancaster University. Input from leading academics from all of the mentioned universities will be included.
This hands-on workshop is designed to increase your understanding of how different strategies can impact the security of an Industrial Control System and the overall preparedness of the business.
The workshop will also aim to highlight the difficulties faced across the typical business where different departments may face different priorities and objectives. Attendees will be split into different teams and will be asked to react to a fictional situation. The focus will be to understand how actions from each department can critically impact the technical security of the industrial control systems as a whole and to develop approaches that can overcome these issues.
Attendees will leave the session with: • An understanding of the different risks
facing industrial control systems • An increased consideration of the
challenges that different areas of the business face with regards to security and operational functionality
• A recognition of the risks that both human error and decision making can pose to the security of ICS
About our Workshop Leader William Horner, Process Automation Consultant, Horner Technologies
William Horner has a general Engineering degree from Brunel University in 1997 and a MBA from Durham Business School in 2010. He has over 18 years’ experience working in various different Process Automation and Operations roles and a track record of delivering innovative new approaches. William has been working with Industrial Control System Security since 2003. Between 2012 and 2015 he led a large global Industrial Control System security initiative across several hundred petrochemical plants, helping to bring various different departments together into an aligned approach to security. William also pioneered the “Maturity Model” as a practical approach to creating awareness and managing cyber risk for the Industrial Control Systems.
RITICS: Developing and Maintaining Trustworthy Industrial Control Systems
Workshop A 10:00 – 12:30 Workshop B 13:30 – 16:00 Operational Efficiency Within ICS
CYBER
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com4
Conference Agenda Day One: Wednesday 27th April CNI Protection The security of ICS is none more prevalent than within CNI for the peace of mind of a nation
Regulation and Education The ever evolving threats to ICS means we must always try to stay one step ahead
08.30 Coffee and Registration
08:50 Chairman’s Opening Remarks
09:10 EDF - Protecting the Future of Britain’s Nuclear Energy Supply • Building a secure cyber environment for ICS – Hinkley Point C case study • Establishing effective human protocols to minimise exposure of critical systems
to malicious intrusions • Learning from other security incidents and successes
Phil Litherland, Head of ICS, EDF Nuclear New Build
09:40 Critical Energy Infrastructure and Cyber Attacks: A Strategic Analysis for Tactical Protection
• The exponential spread of new ‘cyber-weapons’ • The strategic application of these weapons to industrial control systems and the
danger they pose therein • Improving the resilience of CNI to these weapons
Paul Jenkinson, IT Security Manager, Head of IS, UK Power Networks
10:20 Coffee and Networking
10:50 ICS Cyber Panel Discussion: Best Practices Across CNI • Defining the best practices for ICS security across all industries • Going beyond ‘don’t connect SCADA to the internet’ – The challenge of attaching
digital cyber security solutions to analogue control systems • Current and future cyber threats to CNI – improving the resilience of Critical
National Infrastructure to handle them Mr John Dickinson, Cybersecurity Control Systems Manager, Sellafield Ltd Robin Bloomfield, Professor of System and Software Dependability, City University Phil Litherland, Head of ICS, EDF Nuclear New Build
11:30 Policies, Procedures and Best Practices All Need to be Adhered to and/or Applied by People
• Developing a “culture of InfoSec” – what does this actually mean • The interaction between organisational structure and national culture when it
comes to compliance with InfoSec best practice • Exploring the existing research pointing toward a connection between national
cultural attributes and susceptibility to cyber attacks Christopher Rivinus, Head of IT and Finance, Tullow Oil
12:00 Networking Lunch
13:00 Cultural Issues that Impact Compliance with Policy and/or Procedures: A Focus on Rail Transport
• Detailed security analysis of Network Rail and the Rail and Safety Standards Board • Implementing a systems engineered inspired analysis method that can be applied to
critical information systems • Understanding the vulnerabilities of the national train and power networks
Dr John Easton and Dr Tom Chothia, School of Electronic, Electrical and Systems Engineering, University of Birmingham
13:40 The evolving threat to the UK CNI • Describe the rapidly diversifying threat to the UK CNI • Outline the key elements of basic cyber hygiene that are still failing to be implemented
and therefore leaving the UK vulnerable to attack • Describe some of the steps CESG has made under the National Cyber Security
Programme to assist in hardening the CNI • Outline the vision for the new National Cyber Centre as announced by the Chancellor
in November Ben Lowater, Deputy Director for CNI, CESG
14:20 Converging vulnerabilities – Risks posed to ICS from IT and interconnected systems • Converging IT and OT networks have potential business benefits but also bring new
levels of risk • Protecting ICS from cyber-attack is mission critical • What consideration is given to external systems and infrastructure that have a direct
relationship to your Industrial control networks and systems? • We will explore threats to ICS systems, how vital infrastructure may be vulnerable in
unforeseen ways - and what you can do about it. Shaun Bligh-Wall, Chief Technologist, Security Consulting, Enterprise Security Services, Hewlett Packard Enterprise
15:00 Coffee and Networking 15:30 Communicating the Business Risk of Cyber Attacks on ICSs to the Decision
Makers and Budget Holders of the Company – Making an Impact • The implications of an unsecure ICS environment from an insurance point of view • Managing the risk • The importance of focusing on the supply chain
Eireann Leverett, Senior Risk Researcher, Cambridge Centre for Risk Studies 16:10 The Research Institute: Trustworthy Industrial Control Systems
• Assessing physical damage as a result of cyber attacks on ICSs • Communicating an appreciation of business risk posed by cyber attacks to vulnerable
industrial entities • Developing technical interventions to improve the resilience of these systems to attack
Mr Christopher Hankin, Director, Institute for Security Science and Technology, Imperial College Awais Rashid, Professor and Co-director, Computing and Communications, Lancaster University
16:50 Chair’s Close and End of Day One
Pa ne
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com5
Conference Agenda Day Two: Thursday 28th April The Issue that Remote Access Poses to ICS Security Whilst increased connectivity has a direct impact on productivity, the security risks must be considered
Future Risk Whilst the security of ICS is important now, it is imperative to continue to consider the future impact
08.30 Coffee and Registration 09.00 Chairman’s Recap 09:15 The Industrial Internet Reference Architecture
• Addressing end-to-end Industrial Internet of Things (IIoT) needs of the energy, healthcare, manufacturing, transportation and public sectors
• Engineering for safety, security, resilience, reliability, and upholding privacy expectations using interchangeable technology and components
• Gaining industry consensus on major security/architecture questions and avoiding market fragmentation Robert Martin, Sr. Secure Software & Technology Principal Engineer at The MITRE Corporation and Director of the Industrial Internet Consortium
09:50 Cyber Security in the Oil and Gas World: A Total Case Study • Improving and updating existing gas operation control systems to ensure compliance
and meet anticipated operational and future regulatory requirements • The way forward today: alternative hardware and software and the final cost for
cyber security (the cost of being “open”) • How to bend the developments of ICS
Ruud Denneman, Functional Safety and Control Engineering Specialist, Total E&P 10:30 An Abbreviated Guide to Peeling Onions
• Who are Iguana, where have they come from? • Why isn’t my IT solution a good fit for OT? • Industrial protocol guards, what are they? • Hardware Cryptography, isn’t that just VPN?
Keith Chappell, Technical Director, CNI and Cyber Security. L-3 TRL Technology 11:00 Coffee and Networking
11:30 The Risk Posed by Internet of Things to ICS Cyber Security • Evaluating on how to best secure IoT against cyber risk • Maintaining improved productivity vs. a secure environment • Developing cyber protection protocols for control systems handling a vast number of
processes Dr. Graham Herries, Director of Systems Integration, Engineering Excellence Group, Laing O’Rourke
12:10 Securing your Smart Grid Networks Against a Cyber Attack • The security risks that smart grids introduce to the system • A proactive move from protective security model to attention/detection/response to
counter these risks • The ramifications these improvements will have for the cyber security of those
systems Erwin Kooi, Information Security Architect, Alliander
12:50 Networking Lunch 13:50 ENISA’s Approach to ICS-SCADA Security
• The EU’s Cyber Security Strategy focusing on ICS-SCADA • Cyber incident post-mortem: best methods of incidence response and forensics • How ENISA interact with the ICS community
Rossella Mattioli, Security and Resilience of Communication Networks Officer, ENISA
14:30 A Cross-Sector Perspective on Safety and Security for Control Systems • The importance of securing industrial control systems from outside threat • Effective internal governance of ICS cyber security • Security-aware systems engineering
Dr. Robert Oates, Software Intensive Systems Engineer, Rolls Royce
15:10 Coffee And Networking
15:40 Rafael Cyber Dome – From cyber security to cyber defense. • Tailored end-to-end cyber defense solution • Unique multi-disciplinary capabilities • Dedicated IT and OT solutions
16:10 The Future of the Insurance Market for Cyber Risk • The impact that data breaches can have on brand and reputation damage,
regulatory scrutiny, stakeholder dissatisfaction, and financial losses • Risk management that helps to assess manage, and respond effectively to the cyber
threats • The way that the insurance market needs to continually evolve with the market and
industries to respond to the ever increasing threats Mark Camillo, Cyber Leader, AIG
16:50 Cyber Critical National Infrastructure Assurance: DSTL’s Role • What the general trend and challenges are cross-sector according to DSTL’s broad
findings over two years • Governance vs technical assurance for ICS • Access vs vulnerability vs criticality – controls for minimising risk
Chris Morriss, Principal Cyber Scientist, DSTL 17:30 Securing Control Systems in the Manufacturing Industry
• The importance of building strong relationships with the IT department • Best practices from the field – gaining experience from different sectors • Combatting process controls for engineers when improving technology and
architecture within operational technology William Horner, Process Automation Consultant, Horner Consulting
18:10 End of Day Two and Close of Conference
Fu tu
re P
ro je
6 phone: +44 (0) 207 368 9300 \ email: [email protected] \ visit: www.icscybersecurityevent.com
2016 SPONSORSHIP OPPORTUNITIES How can you Meet Your Marketing and Business Development Objectives at ICS Cyber Security? Networking Ensure that you have the opportunity to engage with the key decision makers within your industry. We can create a platform for you to effectively interact with your top customers and prospects in the environment of your choice. This can range from formalised private meetings / workshops right through to less structured networking events such as sponsored drinks receptions, coffee breaks or lunches. Ultimately whatever you decide is the right forum; we will support you in your quest to advance relationships with the key people who can influence the future of your business.
Branding Your company can be elevated to a position where they are seen as a market leader. In a fiercely competitive market you need to ensure that your brand is differentiated from the competition. Failure to create a clear identity will see your organisation fade into the background. We ensure that we do everything we can to effectively lift your brand before, during and after the event. Not only do we create a fully integrated marketing campaign, which your company can be part of, but we also offer high impact premium branding opportunities for example on bags, water bottles, pens, lanyards etc.
Thought Leadership If you think that you should be viewed as a true industry leader then you need to demonstrate your market knowledge and expertise through a thought leadership opportunity, such as speaking or chairing. This is a highly unique opportunity for your company to educate the market, and as long as you are credible enough to fit into a high level event programme, we can position your organisation alongside top customers and prospects in our speaker faculty. As part of this speaker faculty your company will be set apart from other industry attendees giving you the competitive edge required to make further strides in the market.
Past attendees include:
2016 sponsors
For more information and to discuss the right opportunity, contact our sponsorship team on +44 (0)207 368 9300 or [email protected]
CYBER
5
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com
TERMS AND CONDITIONS
First Name:
Family Name:
Email:
Yes I would like to receive information about products and services via email
Organisation: Nature of business:
Name:
Signature:
I agree to IQPC’s cancellation, substitution and payment terms
Special dietary requirements: Vegetarian Non-dairy Other:
Please indicate if you have already registered by: Phone Fax Email Web
Please note: if you have not received an acknowledgement before the conference, please call us to confirm your booking.
Total price for your Organisation: (Add total of all individuals attending):
VISA M/C AMEX Card Number:
Exp. Date: Sec:
Name On Card:
Postcode: Country: Cheque enclosed for: £ (Made payable to IQPC Ltd.)
(Please quote 23492.003 with remittance advice) Account No: 51304143 • IBAN Code: GB59 MIDL 4038 1851 3041 43 • Sort Code: 40 38 18 Swift Code: MIDLGB2112V • Account Name: International Quality & Productivity Centre Ltd. Bank: HSBC Bank Plc, 67 George Street, Richmond, Surrey TW9 1HG, United Kingdom
Please note: • All ‘Early Bird’ discounts require payment at time of registration and before the cut-off date in order toreceive any discount. • Any discounts offered (including team discounts) must also require payment at the time of registration. • All discount offers cannot be combined with any other offer.
Please view our registration policy for full information about payment, cancellation, postponement, substitution and discounts.
*Please select Workshop A or B
** This rate applies to thosed involved in Industrial Control System operations UK VAT is charged at 20%. VAT Registration #: GB 799 2259 67
Please read the information listed below as each booking is subject to IQPC Ltd standard terms and conditions. Payment Terms: Upon completion and return of the registration form full payment is required no later than 5 business days from the date of invoice. Payment of invoices by means other than by credit card or purchase order (UK Plc and UK government bodies only) will be subject to a £49 (plus VAT) processing fee per delegate. Payment must be received prior to the conference date. We reserve the right to refuse admission to the conference if payment has not been received. IQPC Cancellation, Postponement and Substitution Policy: You may substitute delegates at any time by providing reasonable advance notice to IQPC. For any cancellations received in writing not less than eight (8) days prior to the conference, you will receive a 90% credit to be used at another IQPC conference which must occur within one year from the date of issuance of such credit. An administration fee of 10% of the contract fee will be retained by IQPC for all permitted cancellations. No credit will be issued for any cancellations occurring within seven (7) days (inclusive) of the conference. In the event that IQPC cancels an event for any reason, you will receive a credit for 100% of the contract fee paid. You may use this credit for another IQPC event to be mutually agreed with IQPC, which must occur within one year from the date of cancellation. In the event that IQPC postpones an event for any reason and the delegate is unable or unwilling to attend in on the rescheduled date, you will receive a credit for 100% of the contract fee paid. You may use this credit for another IQPC event to be mutually agreed with IQPC, which must occur within one year from the date of postponement. Except as specified above, no credits will be issued for cancellations. There are no refunds given under any circumstances. IQPC is not responsible for any loss
or damage as a result of a substitution, alteration or cancellation/postponement of an event. IQPC shall assume no liability whatsoever in the event this conference is cancelled, rescheduled or postponed due to a fortuitous event, Act of God, unforeseen occurrence or any other event that renders performance of this conference impracticable, illegal or impossible. For purposes of this clause, a fortuitous event shall include, but not be limited to: war, fire, labour strike, extreme weather or other emergency. Please note that while speakers and topics were confirmed at the time of publishing, circumstances beyond the control of the organizers may necessitate substitutions, alterations or cancellations of the speakers and/or topics. As such, IQPC reserves the right to alter or modify the advertised speakers and/or topics if necessary without any liability to you whatsoever. Any substitutions or alterations will be updated on our web page as soon as possible. Discounts: All ‘Early Bird’ Discounts require payment at time of registration and before the cutoff date in order to receive any discount. Any other discounts offered by IQPC (including team discounts) also require payment at time of registration. Discount offers cannot be combined with any other offer. • Please do not pass my information to any third party. B2B shop: The purchase of any conference audio, video or digital recording on B2B Shop (www. b2biq.com) includes keynote, topic and panel sessions where the presenters agree to grant permission for their presentation/ sessions to be audio and/or video recorded by IQPC and further agree to release all rights to IQPC related to the contents of the recording, its distribution, sale, reproduction, broadcast in whole or in part and without limitation or compensation. Please be aware that in respect of this IQPC cannot guarantee the inclusion of any or all sessions until after the conference has taken place. © IQPC Ltd. VAT Reg #: GB 799 2259 67
DELEGATE DETAILS - SIMPLY COMPLETE THIS FORM AND CLICK SUBMIT
PAYMENT METHODS
PRICING AND DISCOUNTS
Ways to Register Phone: +44 (0) 20 7368 9300 Fax: +44 (0) 20 7368 9301 Email: [email protected] Website: www.icscybersecurityevent.com
Post: Return your Booking form to: IQPC Ltd, 129 Wilton Rd London, SW1V 1JZ
Pass includes Gold Package Silver Package Bronze Package
Main Conference 27 - 28 April 2016 Access to post-event presentations on B2B Shop at www.b2biq.com Access to 1 Workshop* Access to 2 Workshops
4
4
4
4
4
4
4
Register & Pay by 18th December 2015 £599+VAT SAVE £300
£499+VAT SAVE £300
£299+VAT SAVE £300
Register & Pay by 5th February 2016 £699+VAT SAVE £200
£599+VAT SAVE £200
£399+VAT SAVE £200
Register & Pay by 4th March 2016 £799+VAT SAVE £100
£699+VAT SAVE £100
£499+VAT SAVE £100
Package Options - Vendors and Solution Providers
Register & Pay by 18th December 2015 £1299+VAT SAVE £600
£1199+VAT SAVE £600
£999+VAT SAVE £600
Register & Pay by 5th February 2016 £1499+VAT SAVE £400
£1399+VAT SAVE £400
£1199+VAT SAVE £400
Register & Pay by 4th March 2016 £1699+VAT SAVE £200
£1599+VAT SAVE £200
£1399+VAT SAVE £200
26th - 28th April, 2016 • Pestana Chelsea Bridge Hotel, London, UK
CYBER SECURITYIC
S Venue: London, UK. Travel and accommodation are not included in the registration fee. For updates on the venue and accommodation information, please visit: www.icscybersecurityevent.com
Venue & Accommodation
Pre-conference workshops: 26th April 2016 Main conference: 27th - 28th April 2016 Venue: Pestana Chelsea Bridge Hotel, London, United Kingdom
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com
[ _ Enhance your understanding of security solutions and how they can protect your control systems from malicious intrusions ]
[ _ Gain exclusive insight from a panel of experts including heads of information security, SCADA engineers and leading academics – increase your knowledge of the threats facing to your organisation ]
[ _ Learn about critical guidelines and legislations being developed to monitor and control the quality of ICS cyber security solutions to ensure total security from EDF Nuclear New Build and Total E&P ]
Ensuring the safety of your industrial control systems from the growing cyber threat
Ben Lowater Deputy Director for CNI CESG
Phil Litherland Head of ICS EDF Nuclear New Build
Graham Herries Director of Systems Integration Engineering Excellence Group Laing O’Rourke
Eireann Leverett Senior Risk Researcher Cambridge Centre for Risk Studies
Rosella Mattioli Security and Resilience of Communication Networks Officer ENISA
John Dickinson Cyber Security Control Systems Manager Sellafield Ltd
Robert Oates Software Intensive Systems Engineer Rolls Royce
Paul Jenkinson IT Security Manager UK Power Networks
Ruud Denneman, Functional Safety and Control Engineering Specialist Total E&P
CYBER SECURITYIC
CYBER
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com2
Dear Colleagues,
Following last year’s hugely successful ICS Cyber Security event, 2016 will see the return of the conference to London (26 – 28 April). Boasting a speaker panel from across a range of industries including Nuclear, Manufacturing, Oil and Gas, who will offer an analysis of the business risk of cyber intrusions into ICS , and deliver the premier event for securing ICS from malicious intrusion.
Industrial Control Systems continue to receive increased attention globally as both business and governments realise the severe consequences of a successful cyber attack on CNI or a key facility and the potential public relations fallout that can occur. As a result, we are delighted to announce the attendance of Sellafield Ltd, Alliander, Total E&P and the EDF Energy Nuclear New Build, presenting case studies and best practices.
ICS Cyber Security 2016 will not only raise your awareness of the current threats to industrial control systems but it will also explore how to combat them, emphasising the preventative and reactive measures that you can take to protect the systems and the plants that they control though encouraging interaction across your organisation.
If you would like more information about any aspect of the event then please do not hesitate to contact our enquiries team on +44 (0) 207 036 1300 or email [email protected]
Until then, I look forward to welcoming you to London in April.
Yours sincerely,
SCADA Engineers
Who should attend ICS Cyber Security?
Welcome Letter Confirmed Speakers for 2016
“Do not miss this unique opportunity to learn from leading experts about how to protect your sensitive SCADA and control
systems from cyber attack”
Phil Litherland, Head of ICS, EDF Nuclear New Build
Chris Morriss, Primary Cyber Scientist, DSTL
Rosella Mattioli, Security and Resilience of Communication Networks Officer, ENISA
John Dickinson, Cyber Security Control Systems Manager, Sellafield Ltd
Ruud Denneman, Functional Safety and Control Engineering Specialist, Total E&P
Chris Rivinus, Head of IT and Finance, Tullow Oil
Mark Camillio, Cyber Leader, AIG
Robert Oates, Software Intensive Systems Engineer, Rolls Royce
Christopher Hankin, Director, Institute for Security Science and Technology, Imperial College
Helge Janicke, Head of the Cyber Security Centre and Software Technology Research Laboratory, De MontFort University
Eireann Leverett, Senior Risk Researcher, Cambridge Centre for Risk Studies
Paul Jenkinson, IT Security Manager, UK Power Networks
Dr John Easton Lecturer, School of Electronic, Electrical and Systems Engineering University of Birmingham
Dr Tom Chothia Lecturer, School of Computer Science University of Birmingham
Graham Herries, Director of Systems Integration, Engineering Excellence Group, Laing O’Rourke
Erwin Kooi, Information Security Architect, Alliander
Robert Martin, Sr. Secure Software & Technology Principal Engineer at The MITRE Corporation and Director of the Industrial Internet Consortium
William Horner, Process Automation Consultant, Horner Technologies
CYBER
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com3
Pre-Conference Workshops Tuesday 26th April
New research co-funded by the Engineering and Physical Sciences Research Council (EPSRC) will focus on the cyber security of the UK’s vital industrial control systems including manufacturing plants, power stations, the electricity grid and the rail network.
This multi-disciplinary study brings together internationally leading expertise in cyber security, resilience of industrial control systems (ICS), risk management and ethnographic studies of socio- technical environments. The overall purpose of the project is to improve the integration of security and resilience metrics into ICS business risk analysis.
This workshop will provide a series of roundtable discussions around risk perception as a key component of cyber defence, from crossed perspectives: technical, social and organisational. The objective is to assess how various stakeholders across an organisation (e.g., board members, managers, engineers, security personnel, end-users and any other informed people) perceive and deal with cyber risk into ICS. During the workshop, focus group sessions will explore: • The vision of risk as a negotiation
mechanism between people involved in different roles in an organisation
• How gradations of risk scenarios – from acceptable to unacceptable – are managed
• The relationship between commercial- side and production-side regarding risk
• The relationship between costs, risks, organisational culture and available knowledge in order to best protect ICS’
Attendees will leave the session with: • A unique multidisciplinary approach to
risk management • An improved awareness of technical
risks as well as their human and organisational components
• New insights from a converged approach encompassing technical and business perspectives
About our Workshop Leader
Professor John Easton, University of Birmingham.
The Research Institute in Trustworthy Industrial Control Systems (RITICS), based at Imperial College London, is co- ordinating the research with a £2.5 million investment into new projects at Queen’s University of Belfast, the University of Birmingham, City University London and Lancaster University. Input from leading academics from all of the mentioned universities will be included.
This hands-on workshop is designed to increase your understanding of how different strategies can impact the security of an Industrial Control System and the overall preparedness of the business.
The workshop will also aim to highlight the difficulties faced across the typical business where different departments may face different priorities and objectives. Attendees will be split into different teams and will be asked to react to a fictional situation. The focus will be to understand how actions from each department can critically impact the technical security of the industrial control systems as a whole and to develop approaches that can overcome these issues.
Attendees will leave the session with: • An understanding of the different risks
facing industrial control systems • An increased consideration of the
challenges that different areas of the business face with regards to security and operational functionality
• A recognition of the risks that both human error and decision making can pose to the security of ICS
About our Workshop Leader William Horner, Process Automation Consultant, Horner Technologies
William Horner has a general Engineering degree from Brunel University in 1997 and a MBA from Durham Business School in 2010. He has over 18 years’ experience working in various different Process Automation and Operations roles and a track record of delivering innovative new approaches. William has been working with Industrial Control System Security since 2003. Between 2012 and 2015 he led a large global Industrial Control System security initiative across several hundred petrochemical plants, helping to bring various different departments together into an aligned approach to security. William also pioneered the “Maturity Model” as a practical approach to creating awareness and managing cyber risk for the Industrial Control Systems.
RITICS: Developing and Maintaining Trustworthy Industrial Control Systems
Workshop A 10:00 – 12:30 Workshop B 13:30 – 16:00 Operational Efficiency Within ICS
CYBER
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com4
Conference Agenda Day One: Wednesday 27th April CNI Protection The security of ICS is none more prevalent than within CNI for the peace of mind of a nation
Regulation and Education The ever evolving threats to ICS means we must always try to stay one step ahead
08.30 Coffee and Registration
08:50 Chairman’s Opening Remarks
09:10 EDF - Protecting the Future of Britain’s Nuclear Energy Supply • Building a secure cyber environment for ICS – Hinkley Point C case study • Establishing effective human protocols to minimise exposure of critical systems
to malicious intrusions • Learning from other security incidents and successes
Phil Litherland, Head of ICS, EDF Nuclear New Build
09:40 Critical Energy Infrastructure and Cyber Attacks: A Strategic Analysis for Tactical Protection
• The exponential spread of new ‘cyber-weapons’ • The strategic application of these weapons to industrial control systems and the
danger they pose therein • Improving the resilience of CNI to these weapons
Paul Jenkinson, IT Security Manager, Head of IS, UK Power Networks
10:20 Coffee and Networking
10:50 ICS Cyber Panel Discussion: Best Practices Across CNI • Defining the best practices for ICS security across all industries • Going beyond ‘don’t connect SCADA to the internet’ – The challenge of attaching
digital cyber security solutions to analogue control systems • Current and future cyber threats to CNI – improving the resilience of Critical
National Infrastructure to handle them Mr John Dickinson, Cybersecurity Control Systems Manager, Sellafield Ltd Robin Bloomfield, Professor of System and Software Dependability, City University Phil Litherland, Head of ICS, EDF Nuclear New Build
11:30 Policies, Procedures and Best Practices All Need to be Adhered to and/or Applied by People
• Developing a “culture of InfoSec” – what does this actually mean • The interaction between organisational structure and national culture when it
comes to compliance with InfoSec best practice • Exploring the existing research pointing toward a connection between national
cultural attributes and susceptibility to cyber attacks Christopher Rivinus, Head of IT and Finance, Tullow Oil
12:00 Networking Lunch
13:00 Cultural Issues that Impact Compliance with Policy and/or Procedures: A Focus on Rail Transport
• Detailed security analysis of Network Rail and the Rail and Safety Standards Board • Implementing a systems engineered inspired analysis method that can be applied to
critical information systems • Understanding the vulnerabilities of the national train and power networks
Dr John Easton and Dr Tom Chothia, School of Electronic, Electrical and Systems Engineering, University of Birmingham
13:40 The evolving threat to the UK CNI • Describe the rapidly diversifying threat to the UK CNI • Outline the key elements of basic cyber hygiene that are still failing to be implemented
and therefore leaving the UK vulnerable to attack • Describe some of the steps CESG has made under the National Cyber Security
Programme to assist in hardening the CNI • Outline the vision for the new National Cyber Centre as announced by the Chancellor
in November Ben Lowater, Deputy Director for CNI, CESG
14:20 Converging vulnerabilities – Risks posed to ICS from IT and interconnected systems • Converging IT and OT networks have potential business benefits but also bring new
levels of risk • Protecting ICS from cyber-attack is mission critical • What consideration is given to external systems and infrastructure that have a direct
relationship to your Industrial control networks and systems? • We will explore threats to ICS systems, how vital infrastructure may be vulnerable in
unforeseen ways - and what you can do about it. Shaun Bligh-Wall, Chief Technologist, Security Consulting, Enterprise Security Services, Hewlett Packard Enterprise
15:00 Coffee and Networking 15:30 Communicating the Business Risk of Cyber Attacks on ICSs to the Decision
Makers and Budget Holders of the Company – Making an Impact • The implications of an unsecure ICS environment from an insurance point of view • Managing the risk • The importance of focusing on the supply chain
Eireann Leverett, Senior Risk Researcher, Cambridge Centre for Risk Studies 16:10 The Research Institute: Trustworthy Industrial Control Systems
• Assessing physical damage as a result of cyber attacks on ICSs • Communicating an appreciation of business risk posed by cyber attacks to vulnerable
industrial entities • Developing technical interventions to improve the resilience of these systems to attack
Mr Christopher Hankin, Director, Institute for Security Science and Technology, Imperial College Awais Rashid, Professor and Co-director, Computing and Communications, Lancaster University
16:50 Chair’s Close and End of Day One
Pa ne
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com5
Conference Agenda Day Two: Thursday 28th April The Issue that Remote Access Poses to ICS Security Whilst increased connectivity has a direct impact on productivity, the security risks must be considered
Future Risk Whilst the security of ICS is important now, it is imperative to continue to consider the future impact
08.30 Coffee and Registration 09.00 Chairman’s Recap 09:15 The Industrial Internet Reference Architecture
• Addressing end-to-end Industrial Internet of Things (IIoT) needs of the energy, healthcare, manufacturing, transportation and public sectors
• Engineering for safety, security, resilience, reliability, and upholding privacy expectations using interchangeable technology and components
• Gaining industry consensus on major security/architecture questions and avoiding market fragmentation Robert Martin, Sr. Secure Software & Technology Principal Engineer at The MITRE Corporation and Director of the Industrial Internet Consortium
09:50 Cyber Security in the Oil and Gas World: A Total Case Study • Improving and updating existing gas operation control systems to ensure compliance
and meet anticipated operational and future regulatory requirements • The way forward today: alternative hardware and software and the final cost for
cyber security (the cost of being “open”) • How to bend the developments of ICS
Ruud Denneman, Functional Safety and Control Engineering Specialist, Total E&P 10:30 An Abbreviated Guide to Peeling Onions
• Who are Iguana, where have they come from? • Why isn’t my IT solution a good fit for OT? • Industrial protocol guards, what are they? • Hardware Cryptography, isn’t that just VPN?
Keith Chappell, Technical Director, CNI and Cyber Security. L-3 TRL Technology 11:00 Coffee and Networking
11:30 The Risk Posed by Internet of Things to ICS Cyber Security • Evaluating on how to best secure IoT against cyber risk • Maintaining improved productivity vs. a secure environment • Developing cyber protection protocols for control systems handling a vast number of
processes Dr. Graham Herries, Director of Systems Integration, Engineering Excellence Group, Laing O’Rourke
12:10 Securing your Smart Grid Networks Against a Cyber Attack • The security risks that smart grids introduce to the system • A proactive move from protective security model to attention/detection/response to
counter these risks • The ramifications these improvements will have for the cyber security of those
systems Erwin Kooi, Information Security Architect, Alliander
12:50 Networking Lunch 13:50 ENISA’s Approach to ICS-SCADA Security
• The EU’s Cyber Security Strategy focusing on ICS-SCADA • Cyber incident post-mortem: best methods of incidence response and forensics • How ENISA interact with the ICS community
Rossella Mattioli, Security and Resilience of Communication Networks Officer, ENISA
14:30 A Cross-Sector Perspective on Safety and Security for Control Systems • The importance of securing industrial control systems from outside threat • Effective internal governance of ICS cyber security • Security-aware systems engineering
Dr. Robert Oates, Software Intensive Systems Engineer, Rolls Royce
15:10 Coffee And Networking
15:40 Rafael Cyber Dome – From cyber security to cyber defense. • Tailored end-to-end cyber defense solution • Unique multi-disciplinary capabilities • Dedicated IT and OT solutions
16:10 The Future of the Insurance Market for Cyber Risk • The impact that data breaches can have on brand and reputation damage,
regulatory scrutiny, stakeholder dissatisfaction, and financial losses • Risk management that helps to assess manage, and respond effectively to the cyber
threats • The way that the insurance market needs to continually evolve with the market and
industries to respond to the ever increasing threats Mark Camillo, Cyber Leader, AIG
16:50 Cyber Critical National Infrastructure Assurance: DSTL’s Role • What the general trend and challenges are cross-sector according to DSTL’s broad
findings over two years • Governance vs technical assurance for ICS • Access vs vulnerability vs criticality – controls for minimising risk
Chris Morriss, Principal Cyber Scientist, DSTL 17:30 Securing Control Systems in the Manufacturing Industry
• The importance of building strong relationships with the IT department • Best practices from the field – gaining experience from different sectors • Combatting process controls for engineers when improving technology and
architecture within operational technology William Horner, Process Automation Consultant, Horner Consulting
18:10 End of Day Two and Close of Conference
Fu tu
re P
ro je
6 phone: +44 (0) 207 368 9300 \ email: [email protected] \ visit: www.icscybersecurityevent.com
2016 SPONSORSHIP OPPORTUNITIES How can you Meet Your Marketing and Business Development Objectives at ICS Cyber Security? Networking Ensure that you have the opportunity to engage with the key decision makers within your industry. We can create a platform for you to effectively interact with your top customers and prospects in the environment of your choice. This can range from formalised private meetings / workshops right through to less structured networking events such as sponsored drinks receptions, coffee breaks or lunches. Ultimately whatever you decide is the right forum; we will support you in your quest to advance relationships with the key people who can influence the future of your business.
Branding Your company can be elevated to a position where they are seen as a market leader. In a fiercely competitive market you need to ensure that your brand is differentiated from the competition. Failure to create a clear identity will see your organisation fade into the background. We ensure that we do everything we can to effectively lift your brand before, during and after the event. Not only do we create a fully integrated marketing campaign, which your company can be part of, but we also offer high impact premium branding opportunities for example on bags, water bottles, pens, lanyards etc.
Thought Leadership If you think that you should be viewed as a true industry leader then you need to demonstrate your market knowledge and expertise through a thought leadership opportunity, such as speaking or chairing. This is a highly unique opportunity for your company to educate the market, and as long as you are credible enough to fit into a high level event programme, we can position your organisation alongside top customers and prospects in our speaker faculty. As part of this speaker faculty your company will be set apart from other industry attendees giving you the competitive edge required to make further strides in the market.
Past attendees include:
2016 sponsors
For more information and to discuss the right opportunity, contact our sponsorship team on +44 (0)207 368 9300 or [email protected]
CYBER
5
phone: +44 (0) 20 7 036 1300 \ email: [email protected] \ visit: www.icscybersecurityevent.com
TERMS AND CONDITIONS
First Name:
Family Name:
Email:
Yes I would like to receive information about products and services via email
Organisation: Nature of business:
Name:
Signature:
I agree to IQPC’s cancellation, substitution and payment terms
Special dietary requirements: Vegetarian Non-dairy Other:
Please indicate if you have already registered by: Phone Fax Email Web
Please note: if you have not received an acknowledgement before the conference, please call us to confirm your booking.
Total price for your Organisation: (Add total of all individuals attending):
VISA M/C AMEX Card Number:
Exp. Date: Sec:
Name On Card:
Postcode: Country: Cheque enclosed for: £ (Made payable to IQPC Ltd.)
(Please quote 23492.003 with remittance advice) Account No: 51304143 • IBAN Code: GB59 MIDL 4038 1851 3041 43 • Sort Code: 40 38 18 Swift Code: MIDLGB2112V • Account Name: International Quality & Productivity Centre Ltd. Bank: HSBC Bank Plc, 67 George Street, Richmond, Surrey TW9 1HG, United Kingdom
Please note: • All ‘Early Bird’ discounts require payment at time of registration and before the cut-off date in order toreceive any discount. • Any discounts offered (including team discounts) must also require payment at the time of registration. • All discount offers cannot be combined with any other offer.
Please view our registration policy for full information about payment, cancellation, postponement, substitution and discounts.
*Please select Workshop A or B
** This rate applies to thosed involved in Industrial Control System operations UK VAT is charged at 20%. VAT Registration #: GB 799 2259 67
Please read the information listed below as each booking is subject to IQPC Ltd standard terms and conditions. Payment Terms: Upon completion and return of the registration form full payment is required no later than 5 business days from the date of invoice. Payment of invoices by means other than by credit card or purchase order (UK Plc and UK government bodies only) will be subject to a £49 (plus VAT) processing fee per delegate. Payment must be received prior to the conference date. We reserve the right to refuse admission to the conference if payment has not been received. IQPC Cancellation, Postponement and Substitution Policy: You may substitute delegates at any time by providing reasonable advance notice to IQPC. For any cancellations received in writing not less than eight (8) days prior to the conference, you will receive a 90% credit to be used at another IQPC conference which must occur within one year from the date of issuance of such credit. An administration fee of 10% of the contract fee will be retained by IQPC for all permitted cancellations. No credit will be issued for any cancellations occurring within seven (7) days (inclusive) of the conference. In the event that IQPC cancels an event for any reason, you will receive a credit for 100% of the contract fee paid. You may use this credit for another IQPC event to be mutually agreed with IQPC, which must occur within one year from the date of cancellation. In the event that IQPC postpones an event for any reason and the delegate is unable or unwilling to attend in on the rescheduled date, you will receive a credit for 100% of the contract fee paid. You may use this credit for another IQPC event to be mutually agreed with IQPC, which must occur within one year from the date of postponement. Except as specified above, no credits will be issued for cancellations. There are no refunds given under any circumstances. IQPC is not responsible for any loss
or damage as a result of a substitution, alteration or cancellation/postponement of an event. IQPC shall assume no liability whatsoever in the event this conference is cancelled, rescheduled or postponed due to a fortuitous event, Act of God, unforeseen occurrence or any other event that renders performance of this conference impracticable, illegal or impossible. For purposes of this clause, a fortuitous event shall include, but not be limited to: war, fire, labour strike, extreme weather or other emergency. Please note that while speakers and topics were confirmed at the time of publishing, circumstances beyond the control of the organizers may necessitate substitutions, alterations or cancellations of the speakers and/or topics. As such, IQPC reserves the right to alter or modify the advertised speakers and/or topics if necessary without any liability to you whatsoever. Any substitutions or alterations will be updated on our web page as soon as possible. Discounts: All ‘Early Bird’ Discounts require payment at time of registration and before the cutoff date in order to receive any discount. Any other discounts offered by IQPC (including team discounts) also require payment at time of registration. Discount offers cannot be combined with any other offer. • Please do not pass my information to any third party. B2B shop: The purchase of any conference audio, video or digital recording on B2B Shop (www. b2biq.com) includes keynote, topic and panel sessions where the presenters agree to grant permission for their presentation/ sessions to be audio and/or video recorded by IQPC and further agree to release all rights to IQPC related to the contents of the recording, its distribution, sale, reproduction, broadcast in whole or in part and without limitation or compensation. Please be aware that in respect of this IQPC cannot guarantee the inclusion of any or all sessions until after the conference has taken place. © IQPC Ltd. VAT Reg #: GB 799 2259 67
DELEGATE DETAILS - SIMPLY COMPLETE THIS FORM AND CLICK SUBMIT
PAYMENT METHODS
PRICING AND DISCOUNTS
Ways to Register Phone: +44 (0) 20 7368 9300 Fax: +44 (0) 20 7368 9301 Email: [email protected] Website: www.icscybersecurityevent.com
Post: Return your Booking form to: IQPC Ltd, 129 Wilton Rd London, SW1V 1JZ
Pass includes Gold Package Silver Package Bronze Package
Main Conference 27 - 28 April 2016 Access to post-event presentations on B2B Shop at www.b2biq.com Access to 1 Workshop* Access to 2 Workshops
4
4
4
4
4
4
4
Register & Pay by 18th December 2015 £599+VAT SAVE £300
£499+VAT SAVE £300
£299+VAT SAVE £300
Register & Pay by 5th February 2016 £699+VAT SAVE £200
£599+VAT SAVE £200
£399+VAT SAVE £200
Register & Pay by 4th March 2016 £799+VAT SAVE £100
£699+VAT SAVE £100
£499+VAT SAVE £100
Package Options - Vendors and Solution Providers
Register & Pay by 18th December 2015 £1299+VAT SAVE £600
£1199+VAT SAVE £600
£999+VAT SAVE £600
Register & Pay by 5th February 2016 £1499+VAT SAVE £400
£1399+VAT SAVE £400
£1199+VAT SAVE £400
Register & Pay by 4th March 2016 £1699+VAT SAVE £200
£1599+VAT SAVE £200
£1399+VAT SAVE £200
26th - 28th April, 2016 • Pestana Chelsea Bridge Hotel, London, UK
CYBER SECURITYIC
S Venue: London, UK. Travel and accommodation are not included in the registration fee. For updates on the venue and accommodation information, please visit: www.icscybersecurityevent.com
Venue & Accommodation
