1. Session ID:
Session Classification:
SCADAPROTECTIONFOR CRITICAL
INFRASTRUCTURE A COLLABORATIVE
APPROACH
Panelist:Moderator:
Jose Fernandez
Marcelo Branquinho
Tiago Alves de Jesus
Doug Powell
Sergio Thompson-
Flores
TECH-T19
General Interest
Modulo Ecole Polytechnique de
Montreal
Carlton University/Infrastructure
Resilience Research Group (IRRG)
TI Safe BC Hydro

2. ► The Theme: Opening Remarks
► The Debate: Panelist Perspectives
► Panelist Q&A
► Research Revealed
► Audience Q&A
► Closing Comments
► Handout and Contact Info
PANEL AGENDA

3. ► The Complexity of CI Protection
►
► IT, OT, Physical
►
► Government, Industry, Academia
► A GRC and Collaboration Challenge
THETHEME:
OPENING REMARKS

4. ► Academia
► Ecole Polytechnique de Montreal: New lab approaches
► Government
► Infrastructure Resilience Research Group (IRRG)/Carleton University:
Collaborative research projects and training
► Industry
► TI Safe: Real-world implementations, role of industry standards, new
research on anti-virus effectiveness
► BC Hydro: Real-world implementations, why industry needs to step
up
THE DEBATE:
PANELIST PERSPECTIVES

5. ►
► What are the dynamics of all three IT/OT/Physical layers?
► What are the dynamics of the three Government/Industry/Academia vectors?
► Is it even possible to bring these together?
► What is the prevailing threat climate and what are the new
challenges?
► What is the real risk profile?
►
► How are they different (ex. democratized and distributed, more statistical network wide vs.
targeted)?
► Are the current tools really tracking new threat profiles?
PANELIST Q&A

6. ► What work is currently underway?
► What do we know and not know?
► What is the best research, collaboration and resources out there today? What is not working?
► What are the most effective best practices and industry standards (ex: ISA 99)?
► What technology should we look to (ex. GRC, big data analytics, security management)?
► What is needed to drive results through collaboration?
►
► What results should we expect?
►
► How can the vendor help?
► What training is required?
► Breaking news
►
PANELIST Q&A

7. AUDIENCE Q&A

8. ► Introducing new approach to testing the resilience of SCADA
systems: The Industrial Control System (ICS) Sandbox
► Ecole Polytechnique de Montreal
►
work
► How to simulate all layers of a real-world SCADA environment to
understand real-world impacts, i.e. taking down a smart grid
► Testing known SCADA vulnerabilities to identify their impact
RESEARCH REVEALED

9. ► Preview of March 2013 Research White Paper on Utilization
of GRC as a means of monitoring SCADA implementation
and continuous monitoring thereafter
► TI Safe and Modulo
► Benefits of GRC analytics in SCADA environment
► Challenges of implementation in energy company in Brazil
► Cross referencing to business processes
► Cross referencing to IT and Physical Security
RESEARCH REVEALED

10. CLOSING COMMENTS

11. ► Sergio Thompson-Flores, Modulo
► sthompson-flores@modulo.com
► Doug Powell, BC Hydro
► doug.powell@bchydro.com
► Marcelo Branquinho, TI Safe
► marcelo.branquinho@tisafe.com
► http://www.slideshare.net/tisafe
► Tiago Alves de Jesus, Infrastructure Resilience Research
Group (IRRG)/Carlton University
► Tiago De Jesus Tiago.DeJesus@NRCan-RNCan.gc.ca
► Jose Fernandez, Ecole Polytechnique de Montreal
► jose.fernandez@polymtl.ca
HANDOUTS AND CONTACT

12. THANKYOU