R BY SMi present their 2nd annual… REGISTE BER PTEM28TH SE EIVE A AND REC UNT £100 DIS CO Oil and Gas Cyber Security Wednesday 14th and Thursday 15th November 2012 Copthorne Tara Hotel, London, UK Many major oil and gas companies are suffering increased amounts of cyber-attacks motivated by commercial and criminal intent. These new attacks are posing a great risk to machinery, which can cost lives, stop production and cause environmental damage - a significant threat to oil and gas production companies worldwide. The risk of a cyber attack is growing and a challenge companies will continue to face, leaving them vulnerable if inadequately protected. KEY SPEAKERS INCLUDE: • Hassan Karim, Communications Engineer, Saudi Aramco • David Spinks, Chairman CSIRS, CSIRS • Oskar Wols, Technical Architect, Enterprise Solutions • Serdar Cabuk, Managing Consultant, Deloitte Architecture, Shell Information Technology International • Samuel Linares, Director, Intermark • Philip Jones, Information Systems Security Officer, GDF • Adrian Davis, Principal Research Analyst, Information Security SUEZ EP UK Ltd Forum • Simon OGorman, Head of Cyber Sales, Finmeccanica • David Livingstone, Director, Napier Meridian • Olav Mo, Oil & Gas Cyber Security Manager, ABB Limited • Justin Lowe, Energy Cyber Security Specialist, PA Consulting • Iain Brownlie, Senior Consultant, CISSP, ABB Limited Group • Alan Bentley, SVP Worlds Sales, Lumension Security • David Alexander, Principal Consultant, Regency IT Consulting • Oded Blatman, CEO, CIP Security • Lieutenant Colonel Tom Fairfax, Managing Director, Security • Tim Holman, CEO 2-sec, President, ISSA-UK Risk Management Ltd. • Dr Boldizsar Bencsath, Assistant Professor CrySyS Lab, • Sadie Creese, Professor of Cybersecurity, University of Oxford Budapest University of Technology and Economics • Danny Berko, Director of Product Marketing, Waterfall Security PLUS AN INTERACTIVE PRE-CONFERENCE WORKSHOP Tuesday 13th November 2012, Copthorne Tara Hotel, London Approaches to network monitoring and situational awareness in critical infrastructure Tuesday 13th November 2012, Copthorne Tara Hotel, London 13.30pm – 18.00pm Workshop leader: Dr Damiano Bolzoni PhD, Chief Operations Officer, SecurityMatters Sponsored by CYBER SOLUTIONSwww.smi-online.co.uk/2012cyber-security.asp Register online or alternatively fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711
Oil and Gas Cyber SecurityDAY ONE | WEDNESDAY 14TH NOVEMBER 2012 www.smi-online.co.uk/2012cyber-security.asp 8.30 Registration & Coffee • Linking Critical Infrastructures Protection and Industrial Control Systems Security: Understanding the risk. Analysis of the link between 9.00 Chairmans Opening Remarks the industrial and corporate environments and its impact in key David Alexander, Head of Vulnerability Research, Regency IT Consulting organizations for the survival of a country • Current situation of the ICS Security. Study and analysis of the OPENING ADDRESS convergence between industrial and corporate systems (or traditional 9.10 Information Protection in Oil & Gas — Myths and reality IT), the impact, threat evolution, etc. Analysis of the security in • Understanding the threat horizon for Oil & Gas industrial systems. • What is at risk? Prevention and mitigation for the future • Organizational and Management Aspects: IT Manager vs. CSO/CISO • Effective response to information leakage incidents vs. Plant Manager vs. Manufacturing Manager. Human aspects of • Common IP pitfalls and applying the key lessons learnt industrial environments security and critical infrastructures protection. Serdar Cabuk, Managing Consultant, Deloitte • Key facts (earthquakes) in our environment: Stuxnet, Duqu, Project 9.40 Information flows have a context Basecamp, CIP regulation, Smart Grid, Cyber Security Reports, • Introduction Horizon 2020, ISA 99, Flame… • Key elements to have business in control • Today’s ICS Security Landscape in depth analysis: Tsunami is arriving… • Problem statement Samuel Linares, Cyber Security Services Director, Intermark • Constant factors • What do we need 2.40 Panel Discussion — Evaluating the counter measures • Data flows – rules/criteria • The use of effective PR • Examples and what next? • An active response Oskar Wols, Solution Architect, Shell • The legal framework Tim Holman, UK President, ISSA (Information Systems Security Association) 10.10 Stronger than Firewalls: A Novel Approach for Mitigating Cyber David Alexander, Head of Vulnerability Research, Regency IT Consulting Threats and Risks Targeted at Oil & Gas Facilities Samuel Linares, Cyber Security Services Director, Intermark • IT Security Best Practices - Myth vs. Reality • Emerging Industrial Security Best Practices – modern approach 3.10 Assurance - Much More Than Ticking The Boxes in meeting SCADA cyber threats • Chatham House study on CNI unearthed some really good standards and • Regulatory Industrial Security measures review – NERC-CIP practices, and some pretty awful ones too. What made the difference? CAN-24, The Unidirectional Gateway requirements • Does instinct for risk management in cyber count for much more than • Industrial cyber security reference architecture for SCADA applications adherence to a complex rule book? • Common Unidirectional Gateway deployment scenarios in industrial/utility facilities • How would such a rule book keep pace with the cyber environment? Danny Berko, Product Marketing Manager, Waterfall Security Solutions • Are the right people running the show? David Livingston, Director, Chatham House 10.50 Morning Coffee 3.40 Afternoon Tea 11.20 Session details to be announced Oded Blatman, CEO, CIP Security Company Ltd 4.10 Flame. Setting Stuxnet on fire! • Is the criminal world getting the better of us? 12.00 Overcoming Challenges in Network Security Control Deployments • Are we powerless to stop malevolent hackers? for SCADA Environments • Is our greed for new technology pulling the wool over our eyes? • Risk Analysis • Now APTs are a reality for all businesses, what can we do to mitigate • Traffic Analysis their effects? • Requirements Refinement Tim Holman, UK President, ISSA (Information Systems Security Association) • Security Optimization Hassan Karim, Communications Security Engineer, Saudi Aramco 4.40 Situational Awareness - Understanding the Threat Architecture • What is “threat” and who might be involved? 12.30 Human Factors in Oil & Gas Cyber Security • What Roles might different people be taking? • Major human factor considerations in securing Oil & Gas assets • What does this mean for us? • Situational awareness - Understanding and assessing vulnerability • What should we be looking for? • Security incident handling and decision making Tom Fairfax, Director & Head of Advisory Services, SRM - Solutions • Recover from a disaster; safely, securely and efficiently Olav Mo, Oil & Gas Cyber Security Manager, ABB Limited Iain Brownlie, Senior Consultant, CISSP, ABB Limited 5.10 Systematic Risk Management and Insider Threats • SCADA and Cyber-Physical Systems 1.10 Networking Lunch • Systematic risk management in an industrial setting • Identifying and mitigating insider threats 2.10 Tsunami! Will you keep watching the wave? Christian Probst, Language-based Technology, Technical • Description of the current socio-economic situation and the impact of University of Denmark the Critical Infrastructures Protection and Industrial Control Systems Security (or its absence) in our life (personal and professional), in our 5.40 Chairmans Closing Remarks and Close of Day One organizations and in our countries. David Alexander, Head of Vulnerability Research, Regency IT Consulting Register online at www.smi-online.co.uk/2012cyber-security.asp • Altern Sponsored by ABB www.abb.com/oilandgas ABB is a global leader in automation, electrical, safety, telecommunications and instrumentation in the Oil and Gas industry. Full life cycle and consulting services help protect and optimise assets. ABB offer vulnerability assessments, incident handling, remote access platforms and security client server management, such as security event monitoring. CIP Security Company www.cipsec.com Finmeccanica Cyber Solutions www.finmeccanica.co.uk/cyber CYBER SOLUTIONS Finmeccanica Cyber Solutions in the UK represents the best in cyber security and information assurance. It secures high level information systems at the heart of the UK’s security, and enables secure collaboration with allies. Finmeccanica is working with the emergency services to improve interoperability, deliver real value and front line effectiveness in the fight against terrorism, and resilient contingency planning. Lumension www.lumension.com Lumension A global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension: IT Secured. Success Optimized.™ For more information, go to www.lumension.com. Waterfall Security www.waterfall-security.com Waterfall Security is the leading provider of Unidirectional Security Gateways™ for industrial control networks and critical infrastructures. Waterfall’s Unidirectional Gateways reduce the cost and complexity of compliance with regulations, as well as with cyber-security best practices. Waterfall’s products are deployed worldwide in utilities and critical national infrastructures. Frost & Sullivan awarded Waterfall the 2012 Network Security Award for Industrial Control Systems Entrepreneurial Company of the Year. Waterfall’s offerings include support for leading industrial applications, including the OSIsoft PI™ Historian, the GE Proficy™ iHistorian, Siemens SIMATIC™/Spectrum™ solutions, as well as OPC, Modbus, DNP3, ICCP and other industrial protocols.
Oil and Gas Cyber Security www.smi-online.co.uk/2012cyber-security.asp 8.30 Registration & Coffee 1.30 The challenges of Security Architectures for Industrial Control DAY TWO | THURSDAY 15TH NOVEMBER 2012 Systems 9.00 Chairmans Opening Remarks • This presentation looks at the high-level technical issues in David Alexander, Head of Vulnerability Research, Regency IT Consulting designing and implementing Security Architectures in Industrial Control Systems integrated into a corporate network. 9.10 Security; a new paradigm? David Alexander, Head of Vulnerability Research, Regency IT Consulting • Foundations for discussions • How traditional security silos can respond to the emerging threat 2.00 Defending against APTs landscape • Why the APT presents a significant challenge Phil Jones, Information Security & Business Continuity, GDF SUEZ • Current defence options E&P UK Ltd • Limitations and challenges • Cutting edge thinking – future solutions 9.40 Are the Cyber risks seen in the past few years hype or reality? Sadie Creese, Professor of Cybersecurity, University of Oxford • The false myth: SCADA network are not open to public networks. • What needs to be dealt with at C level 2.30 The challenges and opportunities of the converging worlds of • Why is security often mistaken for safety Information and Operations technologies • The "air gap" myth • Why information and operation technologies are converging • Vulnerability Assessments vs 0 days • What are the challenges of this convergence • Penetration testing vs CIRT • What are the benefits of convergence • Real security vs Policy and Awareness and why they must match • The future role of the IT department in operations technology in energy • The ability to monitor and track behavioural statistics on the companies network Justin Lowe, Managing Consultant, PA Consulting Group Simon OGorman, Head of Cyber Services Sales, Finmeccanica 3.00 Case Study: Enhancing network monitoring and situational awareness 10.20 Morning Coffee in critical infrastructure • Current approaches to network monitoring and situational awareness 10.50 Welcome to the Age of Weaponized Malware • Strengths and shortcomings of current approaches • Numerous countries have now empowered their government • Non-signature based approaches for improved monitoring and agencies to carry out state-sponsored malware attacks. situational awareness • How exactly did we get to this point and what are the factors and • Discussion of 2 use cases threats that you need to be aware of? Damiano Bolzoni, COO, Security Matters • What are key risk vectors most commonly exploited by recent state sponsored attacks like Stuxnet and Flame? 3.30 Afternoon Tea • What are most important pragmatic steps that every organization can take to reduce their risk without negatively impacting their 4.00 Best practices in supply chain information risk management productivity? • Identifying and following information in a supply chain Alan Bentley, SVP World Sales, Lumension Security Ltd. • Using maturity models to drive control selection, assessment and audit approaches 11.30 Cyber Security Threats to critical National Infrastructure including • Integrating information risk into supply chain management processes SCADA and PLCs • Aligning information risk to industry standards • Insider threats Adrian Davis, Principal Research, Information Security Forum • Advanced Persistent Threats • Cyber Crime 4.30 Lessons learnt after recent targeted attacks — how to protect against David Spinks, Chairman, CSIRS future attacks like Flame? • Insight into the investigations regarding Duqu and Flame 12.00 Panel Discussion — Risk Management Strategies • Targeted attacks on digital signature trust, cryptographic attacks, • Evaluating the vulnerability of the industry to cyber attacks handling of incidents, collaboration with partners and information • What strategies are the most effective? sharing. • The roadmap – Policies and standards • Insight on why and how managing the kind of threat consumes more David Alexander, Head of Vulnerability Research, Regency IT Consulting resources than the technical work David Spinks, Chairman, CSIRS • Countermeasure – company-tailored solutions into the network of the Boldizsar Bencsath, Assistant Professor, Laboratory of customer Cryptography and Systems Security Boldizsar Bencsath, Assistant Professor, Laboratory of Cryptography Danny Berko, Product Marketing Manager, Waterfall Security and Systems Security Solutions 5.00 Chairmans Closing Remarks and Close of Day Two 12.30 Networking Lunch David Alexander, Head of Vulnerability Research, Regency IT Consultingnatively fax your registration to +44 (0)870 9090 712 or call +44 (0)870 9090 711 Supported by Want to know how you can get involved? Interested in promoting your energy services to this market? Contact Vinh Trinh, SMi Marketing on +44 (0)20 7827 6140, or email: firstname.lastname@example.org
HALF DAY PRE CONFERENCE WORKSHOP Approaches to network monitoring and situational awareness in critical infrastructure Tuesday 13th November 2012, Copthorne Tara Hotel, London 13.30pm – 18.00pm Workshop leader: Dr Damiano Bolzoni PhD , Chief Operations Officer, SecurityMattersOverview of workshop About the workshop leader:This workshop will present solutions Programme Dr Damiano Bolzoni (1981) received his PhD in 2009currently available for monitoring from the University of Twente, where he performedcritical networks and situational 8.30 Registration and Coffee research on anomaly-based intrusion detection.awareness. We will analyse what are Since 2008 he has been involved in securingthe major strengths and weaknesses 14.00 Chairman’s Opening Remarks computer networks of critical infrastructure. Beforeof each approach, when it can be used joining the University of Twente, he has been workingand what is the output users can 14.30 Current Solutions for Networking for the Italian branch of KPMG, within the Informationexpect. We will wrap up the session • Signature-based Risk Management division. Since 2009 he holds thewith demonstrations of the • Rule-based position of Chief Operations Officer withinapproaches presented using real-life • Behaviour-based SecurityMatters BV.examples. • Visualization About SecurityMatters: 15.30 Advantages and disadvantages of each approach SecurityMatters develops and markets state-of-the-Who should attend? • Where when and what to use art network monitoring and intrusion detectionExecutive-level, Director-level leaders • Which threats can be detected systems. With 10+ cumulative years of academicand their staffs who are charged with • Technical skills required to operate research in IT security, and 5+ cumulative years ofmonitoring networks and field experience in security auditing within asafeguarding shareholder value in the 16.30 Coffee Break worldwide renowned consultancy firm in the past,security world. SecurityMatters delivers an unmatched technology 17.00 Demo’s and hands on exercise to detect the latest and most advanced cyber threats. SecurityMatters is committed to bring continuousWhy attend? 18.00 Q&A and chairman’s closing remarks innovations to the market to cope with the emergingCatch up with current solutions for threats.network monitoring and situationalawareness of critical networks. ENERGY FORWARD PLANNER OCTOBER FEBRUARY MARCH Gas to Liquids E&P Information & Data Unconventional Gas 4th & 5th October 2012 Management 13th & 14th March 2013 Marriott Hotel Regents Park 6 & 7 February 2013 Copthorne Tara Hotel London, UK Copthorne Tara Hotel London, UK London, UK NOVEMBER Oil & Gas Satellite Oil and Gas Cyber Security FLNG Communications 13th & 14th February 2013 20th & 21st March 2013 14th & 15th November 2012 Copthorne Tara Hotel Copthorne Tara Hotel Copthorne Tara Hotel London, UK London, UK London, UK SPONSORSHIP AND EXHIBITION OPPORTUNITIES SMi offer sponsorship, exhibition, advertising and branding packages, uniquely tailored to complement your company’s marketing strategy. Should you wish to join the increasing number of companies benefiting from promoting their businesses at our conferences please call: Jules Omura on +44 (0) 20 7827 6018 or email: email@example.com
OIL AND GAS CYBER SECURITYConference: Wednesday 14th and Thursday 15th November 2012, Copthorne Tara Hotel, London, UK Workshop: Tuesday 13th November 2012, London, UK 4 WAYS TO REGISTER www.smi-online.co.uk/2012cyber-security.aspFAX your booking form to +44 (0) 870 9090 712 POST your booking form to: Events Team, SMi Group Ltd, 2nd Floor South,PHONE on +44 (0) 870 9090 711 Harling House, 47-51 Great Suffolk Street, London, SE1 0BS, UK EARLY BIRD □ Book by 20th July 2012 to receive a £300 off the conference price DISCOUNT □ Book by 28th September 2012 to receive a £100 off the conference price CONFERENCE PRICES I would like to attend: (Please tick as appropriate) Fee Total □ Conference & Workshop £2098.00 + VAT £2517.60 □ Conference only £1499.00 + VAT £1798.80 □ Workshop only £599.00 + VAT £718.80Unique Reference Number PROMOTIONAL LITERATURE DISTRIBUTIONOur Reference LVE-023 □ Distribution of your company’s promotional literature to all conference attendees £999.00 + VAT £1198.80DELEGATE DETAILSPlease complete fully and clearly in capital letters. Please photocopy for additional delegates. GROUP DISCOUNTS AVAILABLETitle: Forename:Surname: The conference fee includes refreshments, lunch, conference papers and access to the Document Portal containing all of the presentations.Job Title:Department/Division:Company/Organisation: VENUE Copthorne Tara Hotel, Scarsdale Place, Kensington, London W8 5SREmail: □ Please contact me to book my hotelCompany VAT Number: Alternatively call us on +44 (0) 870 9090 711,Address: email: firstname.lastname@example.org or fax +44 (0) 870 9090 712Town/City: DOCUMENTATIONPost/Zip Code: Country: I cannot attend but would like to purchase access to the following DocumentDirect Tel: Direct Fax: Portal/paper copy documentation Price Total □ Access to the conference documentationMobile: on the Document Portal £499.00 + VAT £598.80Switchboard: □ The Conference Presentations – paper copy £499.00 - £499.00 (or only £300 if ordered with the Document Portal)Signature: Date:I agree to be bound by SMis Terms and Conditions of Booking.ACCOUNTS DEPT PAYMENTTitle: Forename: Payment must be made to SMi Group Ltd, and received before the event, by one of theSurname: following methods quoting reference E-023 and the delegate’s name. Bookings made within 7 days of the event require payment on booking, methods of payment are below. PleaseEmail: indicate method of payment:Address (if different from above): □ UK BACS Sort Code 300009, Account 00936418 □ Wire Transfer Lloyds TSB Bank plc, 39 Threadneedle Street, London, EC2R 8AU Swift (BIC): LOYDGB21013, Account 00936418Town/City: IBAN GB48 LOYD 3000 0900 9364 18 □ Cheque We can only accept Sterling cheques drawn on a UK bank.Post/Zip Code: Country: □ Credit Card □ Visa □ MasterCard □ American ExpressDirect Tel: Direct Fax: All credit card payments will be subject to standard credit card charges. Card No: □□□□ □□□□ □□□□ □□□□Terms and Conditions of Booking Valid From □□/□□ Expiry Date □□/□□ CVV Number □□□□ 3 digit security on reverse of card, 4 digits for AMEX cardPayment: If payment is not made at the time of booking, then an invoice will be issued and must bepaid immediately and prior to the start of the event. If payment has not been received then credit carddetails will be requested and payment taken before entry to the event. Bookings within 7 days ofevent require payment on booking. Access to the Document Portal will not be given until paymenthas been received. Cardholder’s Name:Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, anotherdelegate to take your place at any time prior to the start of the event. Two or more delegates maynot ‘share’ a place at an event. Please make separate bookings for each delegate. Signature: Date:Cancellation: If you wish to cancel your attendance at an event and you are unable to send a I agree to be bound by SMis Terms and Conditions of Booking.substitute, then we will refund/credit 50% of the due fee less a £50 administration charge,providing that cancellation is made in writing and received at least 28 days prior to the start of the Card Billing Address (If different from above):event. Regretfully cancellation after this time cannot be accepted. We will however provide theconferences documentation via the Document Portal to any delegate who has paid but is unable toattend for any reason. Due to the interactive nature of the Briefings we are not normally able toprovide documentation in these circumstances. We cannot accept cancellations of orders placedfor Documentation or the Document Portal as these are reproduced specifically to order. If we haveto cancel the event for any reason, then we will make a full refund immediately, but disclaim anyfurther liability.Alterations: It may become necessary for us to make alterations to the content, speakers, timing,venue or date of the event compared to the advertised programme.Data Protection: The SMi Group gathers personal data in accordance with the UK Data ProtectionAct 1998 and we may use this to contact you by telephone, fax, post or email to tell you about other VATproducts and services. Unless you tick here □ we may also share your data with third parties VAT at 20% is charged on the attendance fees for all delegates. VAT is also charged on Documentoffering complementary products or services. If you have any queries or want to update any of thedata that we hold then please contact our Database Manager email@example.com Portal and Literature Distribution for all UK customers and for those EU customers not supplyingor visit our website www.smi-online.co.uk/updates quoting the URN as detailed above youraddress on the attached letter. a registration number for their own country here: ______________________________________ If you have any further queries please call the Events Team on tel +44 (0) 870 9090 711 or you can email them at firstname.lastname@example.org