SANS EUROPEAN ICS SECURITY SUMMIT

Marriot Hotel, Munich

18th June 2018

training@sans.org +44 (0)20 3384 3470 www.sans.org/ICS-Europe-2018

Sunday June 17th - 201818:30 – 22:00pm Pre-Reg, Networking, Welcome Reception & Speakers Dinner

Monday June 18th - 201808:00 – 09:00am Registration and Coffee09:00 – 09:15am Welcome and Introduction by Chair

Kai Thomsen, Chair ICS Europe Summit9:15 – 10:00pm Lessons From Implementation Projects

Procuring and deploying a secure Industrial Control System. A case study of large-scale ICS implementations, focusing on some tangible examples that demonstrate how to minimise the cost of securing a new ICS system.

Michal Paulski, ICS Security Manager at Accenture Security

10:00 – 10:20am Networking Break10:20 – 11:00am The Building Blocks of Good Detection and Response Services for the

ICS EnvironmentThis session focuses on what is needed to build an effective detection and response group in an organisation. It includes the team roles and individual skills that are required, effective leadership and the synergies and benefits that can be gained by combining in-house expertise and external consultants efficiently.

Søren Egede Knudsen, CTO at Ezenta11:00 – 11:30am Building a successful ICS Cyber Security Programme

Markus presents the key steps to take and the main elements of a successful ICS Cyber Security Programme, ranging from risk assessment to talent manage-ment and communicating at board level. He explains how to work through the various challenges and pull them together to create a valuable programme.

Markus Braendle, SVP & Head of Cyber Security at Airbus11:30 – 12:15pm Working with the EU Directive: High Common Level of Network and

Information Security Studies show that without the provision of essential goods and services our modern society would crumble within days. As a result, governments around the world are passing laws to protect the infrastructures they deem critical for their population.In this talk, Martin sheds some light on the questions and issues raised as a result of such laws and presents Germany’s approach to handling them.

Martin Apel, Director of Critical Infrastructure at BSI12:15 – 13:00pm Lunch13:00 – 13:30pm ICS Trends - These are the Good Old Days

Based on current trends and recent activity within control system cybersecurity environments, system defenders are going to be losing a lot more sleep. This talk will discuss recent ICS incidents from simple infections to highly targeted, multi-faceted, cyber-attacks and where we believe the future of ICS focused attacks will be heading. We will cover the role of malware, both from real-world incidents as well as research and explain what organizations need to pursue to develop the capabilities required to mount an effective response.

Tim Conway, Certified Instructor and Technical Director, ICS and SCADA Programs, SANS Institute Professor Thomas Brandstetter, Professor FH St. Pölten, Co-Founder Limes Security, SANS Instructor

training@sans.org +44 (0)20 3384 3470 www.sans.org/ICS-Europe-2018

13:30 – 14:15pm The Human Factor in ICS – why is it important to create awareness?

Implementing cyber security within ICS environments is not possible without technical measures. But technology is only one part of a holistic security approach. It is equally important to implement organisational measures (e.g. security polices and processes). Special attention should be paid to the human factor because the weakest chain in cyber security is often the human being.

Daniel Buhmann, Business Unit Manager Security Solutions at Koramis GmbH

14:15 – 14:45pm A Real Cyber Physical Experience: Red Teaming on a Power PlantCyber threats continue to rise and cyber criminals are targeting critical infrastructures more than ever. The need for realistic risk assessments and penetration tests is apparent to help prevent potentially catastrophic attacks.

Can Demirel, ICS Cyber Security Services Team Lead at Biznet Bilisim14:45 – 15:30pm When Standards and Regulations Are Not Enough - why industrial

cyber security requires a different approach in the protection of critical infrastructuresFollowing existing standards, approaches and methodologies, implementing common solutions or complying with regulatory frameworks are not enough to protect critical infrastructures.Samuel provides an analysis of why the protection of critical infrastructures requires specific and different approaches, methodologies and solutions.

Samuel Linares, Independent Evaluator at European Commission, CIIP Expert at ENISA and member of ISACA Global Cybersecurity Task Force

15:30 – 15:50pm Networking Break15:50 – 16:35pm Future Challenges and Changes in Industrial Cybersecurity

Challenges that industrial companies and infrastructure organisations face span the full IT-OT consolidation. Broader deployment of automation products in the industry and the trend to digitalisation demands a broadening of the po-tential use cases. This presentation includes a discussion of these expanded challenges and the gaps that need to be filled. Recommendations on the kinds of changes that are required will also be presented.

Thomas Menze, Senior Consultant European Operations at ARC Advisory Group

16:35 – 17:05pm DIY insider Threat Detection/Prevention Within ICS EnvironmentsThis session is designed to help those setting up an internal “insider threat detection/prevention” programme without turning to the large, expensive products that are available. Dieter shows how (sometimes simple) methods and tricks can be used to tackle the insider threat within ICS environments.

Dieter Sarrazyn, ICS/SCADA/OT Security Consultant at Secudea.

17:05 – 17:30pm Critical Infrastructure Cybersecurity in a Turbulent RegionAndrew Bochman, Senior Grid Strategist, National & Homeland Security, Idaho National Laboratory

17:30pm Closing Remarks by Chair followed by Networking Drinks

NB This agenda should be considered a draft and the organisers will continue to make amendments to content and line up.

training@sans.org +44 (0)20 3384 3470 www.sans.org/ICS-Europe-2018 training@sans.org +44 (0)20 3384 3470 www.sans.org/ICS-Europe-2018