Agenda Day 1 - 29 April 2019
8:30 am - 9:00 am REGISTRATION & COFFEE
9:00 am - 9:10 am 0900 CHAIRMAN’S OPENING REMARKS
9:10 am - 9:50 am EVALUATING THE IMPACT OF THE NIS DIRECTIVE WITHIN INDUSTRY
· Outlining how the NISD has been interpreted and implemented on a practical level within industry
· Challenges to implementing NIST across OT and IT teams
· Lessons identified from the first year under NIST; how successful is NIST in securing cyber systems?
· What further steps are required for NIST to be truly successful? What further steps should be taken to secure ICS from cyber threat
9:50 am - 10:30 am O/T ASSURANCE IN THE CIVIL NUCLEAR SECTORDan Coats - ONR Inspector - Nuclear Security Civil Nuclear Security Programme – Cyber Security & Information Assurance Team, Office for Nuclear Regulation
· The O/T security challenge and the challenges specific to O/T in the nuclear sector
· Understanding how the regulatory framework has evolved the civil nuclear sector
· An overview of results of live testing of OT systems under this redefined framework
· Understanding the challenges faced during this trial – is this model easily translated across other sectors
Dan CoatsONR Inspector - Nuclear Security Civil Nuclear Security Programme – Cyber Security & Information Assurance Team
Office for Nuclear Regulation
10:30 am - 11:00 am FIVE WAYS TO ENSURE THE INTEGRITY OF YOUR INDUSTRIAL OPERATIONSAlon Barel - VP sales EMEA & APAC, Indegy
· Understanding unprecedented changes to industrial operations over the past 24 months
· Maintaining integrity of operations within a complex heterogeneous community accessing your OT network on more devices and conducting more operations through IIoT enabled devices
· Adjusting to the new reality to maintain visibility, security and control gaps
· Five things you need to know to help reduce the security risk
Alon BarelVP sales EMEA & APAC
10:30 am - 11:00 am MORNING COFFEE AND NETWORKING
11:00 am - 11:30 am CYBER TRIAGE: MITIGATING DAMAGE THROUGH ROBUST CYBER PRACTICE
· Outlining the cyber profile of Anglo-American, and their response to cyber incidents
· Implementing triage and recovery systems in response to cyber incident
· Understanding global data management and analysis in a local context. How global threat relates to localised security teams
· Steps to developing a global cyber security model for business
12:00 pm - 12:30 pm PANEL DISCUSSION: HAS THE NIS DIRECTIVE BEEN SUCCESSFUL SO FAR?
· How has the NIS Directive been implemented within industry sectors?
· What challenges have been experienced in implementing NISD? Is it fit for purpose across all business units?
· Does the “NIS Toolkit” work? What parts are missing from this kit?
· What further changes does industry need to see within the NISD
1:00 pm - 2:00 pm NETWORKING LUNCH
2:00 pm - 2:30 pm MANAGING CYBER SECURITY COMMUNICATION ACROSS FUNCTIONSThomas Olsen - Director, Lagoni Engineering
· Demonstrating where a lack of understanding of cyber security at board level is resulting in exposure to hidden risk
· Why communicating cyber security risks to senior levels is a requirement for building cyber security
· How to communicate to the board using specific, industry-relevant, outcome-based case studies
· Understanding how board level ‘buy in’ leads to cultural change on cyber risk
2:10 pm - 2:50 pm IMPLEMENTING AI AND MACHINE LEARNING TO SUPPORT REAL-TIME MONITORING AND DECISION MAKING
· How to use artificial intelligence to detect emerging threats and latent vulnerabilities
· Achieving 100% visibility across OT, IT and Industrial IoT
· Real-world case studies of stealthy cyber-threats identified early by the Industrial Immune System – before a crisis occurred
3:00 pm - 3:30 pm COPING WITH INDUSTRIAL REVOLUTIONS – AN OLD MASTER’S TAKE ON THE TOPIC
· Selected notes on the journey from 1834 through the 2nd, 3rd , and into the 4th – the Cyber-Physical - industrial revolution.
· Cyber Security – many players with different viewpoints of a common problem
· Battling cyber security threats – together or alone
· Navigating the way forward
3:30 pm - 4:00 pm CYBERSECURITY: HOW MUCH IS ENOUGH?Michael Firstenberg - Industrial Security Manager, Waterfall Security
• Exploring "how much is enough" for ICS Cyber Security
• How classic "natural disaster" risk models and other IT-centric security risk models that attempt to quantify the likelihood of attacks are poor fits to physical or cyber security problems
• Understanding how the characteristics of control system networks, industrial processes, safety systems, protection systems, security systems and attack capabilities are all prerequisites to an effective risk assessment
• A review of approaches to risks, calculations, costs, and understand how to communicate these to business decision-makers
Michael FirstenbergIndustrial Security Manager
4:00 pm - 4:30 pm AFTERNOON TEA AND NETWORKING
4:30 pm - 5:20 pm PANEL DISCUSSION: HAS THE NIS DIRECTIVE WORKED?Chris Johnson - Head of Computing Science and Steering Group member of the UK Govt NCSC Industrial Control System, Glasgow University
· What impact has the NIS Directive had within industry sectors?
· How should you be preparing the NIS Directive?
· Understanding your role in implementing the NIS Directive
· Demonstrating best practice under the new NIS Directives
Chris JohnsonHead of Computing Science and Steering Group member of the UK Govt NCSC Industrial Control System