President CIO Council, is Board member and Chairman of the Cybersecurity Council of the pan European association EuroCIO. He is also the president of CIO Council Romania, member of BCS Elite, former IT&C Director for Hidroelectrica, the Romanian power generation leader and the major supplier of ancillary services required in the Romanian National Energy System. Actually Yugo is CISO of Urgent Cargus.
Cosmin Vilcu este expert în soluții de securitate IT, iar în prezent ocupă funcția de Regional Senior Sales Manager for Eastern Europe & CIS la SonicWall. Cosmin a pus bazele echipei SonicWall în România la începutul anului 2016. Întreaga experiență a fost construită în domeniul tehnologic, Cosmin lucrând în decursul anilor pentru companii precum Kaspersky, Omnilogic, Romtelecom, GTS Telecom, Telemobil sau Romservice. Este certificat SonicWall Network Security.
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
Adrian Ifrim with more than twelve years of experience in the financial, telecom and IT security sectors, currently serving as Senior Manager within the Cyber Risk Advisory team of Deloitte Romania. In addition, he is an expert in information security with focus on penetration testing services and currently holds the Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP) and System Security Certified Practitioner (SSCP) certifications.
Digital businesses are difficult to launch and run even without the challenge of security. And yet, digital business strategies are also being used by hackers to systematically go after lucrative targets. Following up on our release of the 2015 NTT Group Global Threat Intelligence Report, this executive summary highlights key findings from the report that affect today’s digital businesses.
This is a quick review of the State of CyberSecurity industry in 2015, using insights and data from leader companies in the industry like Check Point Software Technologies, Cisco, Akamai, NowSecure, OpenDNS, Skyhigh Networks and more. The scope of the report is focused in four sectors: Mobile, Internet of Things, Cloud Security and Network Security.
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
Understand the cyber threat facing APAC organisations, current legislation and how to utilise international standards to get your business cyber secure in this informative webinar, hosted by Alan Calder.
Cosmin Vilcu este expert în soluții de securitate IT, iar în prezent ocupă funcția de Regional Senior Sales Manager for Eastern Europe & CIS la SonicWall. Cosmin a pus bazele echipei SonicWall în România la începutul anului 2016. Întreaga experiență a fost construită în domeniul tehnologic, Cosmin lucrând în decursul anilor pentru companii precum Kaspersky, Omnilogic, Romtelecom, GTS Telecom, Telemobil sau Romservice. Este certificat SonicWall Network Security.
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
Adrian Ifrim with more than twelve years of experience in the financial, telecom and IT security sectors, currently serving as Senior Manager within the Cyber Risk Advisory team of Deloitte Romania. In addition, he is an expert in information security with focus on penetration testing services and currently holds the Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP) and System Security Certified Practitioner (SSCP) certifications.
Digital businesses are difficult to launch and run even without the challenge of security. And yet, digital business strategies are also being used by hackers to systematically go after lucrative targets. Following up on our release of the 2015 NTT Group Global Threat Intelligence Report, this executive summary highlights key findings from the report that affect today’s digital businesses.
This is a quick review of the State of CyberSecurity industry in 2015, using insights and data from leader companies in the industry like Check Point Software Technologies, Cisco, Akamai, NowSecure, OpenDNS, Skyhigh Networks and more. The scope of the report is focused in four sectors: Mobile, Internet of Things, Cloud Security and Network Security.
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
Understand the cyber threat facing APAC organisations, current legislation and how to utilise international standards to get your business cyber secure in this informative webinar, hosted by Alan Calder.
Technology Disruption in the New Normal, Digital Inclusion and the LawBenjamin Ang
Technology disruption has swept through legal practice and the justice system, as it has in every other aspect of life in our new normal of remote work and online access. While digital transformation has been hugely beneficial to our society, there are new legal and cybersecurity questions that we need to grapple with as we continue to serve the public. Among the public, varying levels of digital capability and access raise new issues of digital inclusion for us to address in policy and operations. This talk seeks to raise awareness of these issues and to develop ideas for practical application.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Cyber Security is a crucial and rising part of concern in the present age with a rapid increase in the graph of digitization. And with an increase in the activities in cyberspace, there is also an increase in the cyber-crimes. Handling the huge volumes of data with security has become an inevitable need of the hour. Antivirus software, Firewalls, and other technological solutions help to secure this data but are not sufficient enough to prevent the cybercrooks from destructing the network and stealing confidential information. This paper mainly focuses on the issues and challenges faced by cybersecurity. It also discusses the risks, cybersecurity techniques to curb cyber-crime, cyber ethics, and cyber trends.
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Benjamin Ang
Lecture on the different cyber norms frameworks for responsible state behaviour in cyberspace - describing Paris Call, Charter of Trust, Microsoft Digital Geneva Convention, Tech Accord, GCSC, Shanghai SCO, UN GGE, UN OEWG - explaining each of the 11 cyber norms from the UN GGE 2015 meeting, and concluding with a case study on ASEAN's approach to international law in cyber operations
Commercial Real Estate - Cyber Risk 2020CBIZ, Inc.
Commercial real estate has always been an attractive cyber target offering sophisticated hackers a wealth of personal information store in banking, lease, and employment records and multiple transaction points. Enter COVID-19. Almost overnight, nearly all routine activities are tied to remote capabilities. Now, it’s cyber threat and cyber risk on steroids. Here's a cyber professional’s view of the situation and links to several additional resources.
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
ABSTRACT: Cybersecurity risk pervades all sectors of the US economy. It challenges the reliability, resiliency, and safety of our infrastructures. The chemical industry, particularly the petro-chemical industry, is a critical infrastructure that is vulnerable to cyber attacks. By its nature, the chemical industry deals with products that are sometimes highly hazardous for people and the environment. Cyber attacks on chemical industry represent a threat beyond the boundaries of the factory involved. This paper presents a brief introduction to how cybersecurity affects the chemical industry.
KEY WORDS: cybersecurity, computer security, chemical industry
Global Perspective Cyberlaw, Regulations and Complianceijtsrd
Cyber security provides protection to the internet connected networks and system from the cyber attacks. To stop attacks everyone must know and aware of all cyber law, regulations and compliance to secure the cyber. Cyber security is all about to stop cyber crime. Cyber security is must and we have to know about all safety measures required to stop cybercrime. This paper give details information about cyber security and its safety measure. Also we will discuss about the activities related to it and how actually cybercrime happens and all steps taken by the various organization and Government to have cyber ethics everywhere. Cyber security provides protection against the cybercrime and teach us what essential safety measures one need to follow from all cybercrimes. Securing online information is priority where everyone is involved with technology. Whenever anyone talked about cyber security, straight one thing comes in mind that is cybercrime and what safety measures need to take to be safe from it. Syed Meharanjunisa "Global Perspective: Cyberlaw, Regulations and Compliance" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-5 , August 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31684.pdf Paper Url :https://www.ijtsrd.com/computer-science/computer-security/31684/global-perspective-cyberlaw-regulations-and-compliance/syed-meharanjunisa
Cyberspace is rapidly transforming our lives – how we live, interact, govern and create value. With the JAM (Jan Dhan, Aadhaar and Mobile) trinity, India is at the forefront of global digital transformation. “Digital India” is being hailed as the world's largest technology led programme of its kind.
While internet, smartphones and modern information and
communication devices have been great force multipliers, endless connectivity and proliferation of IoT devices is giving rise to vulnerabilities, risks and concerns. Cyber security is today ranked among top threats by governments and corporates. Heightened concerns about data security and privacy have resulted in a spate of regulations in India and across the world. India is in the process of discussing and enacting its own comprehensive data security and privacy regulation, as well as vertical specific ones. Cyber security is an ecosystem where laws, organisations, skills, cooperation and
technical implementation would need to be in harmony to be
effective.
Overall, a robust regulatory framework based on global and
country-specific regulations, development of a holistic cyber
security eco-system (academia and industry as well as
entrepreneurial) and a coordinated global approach through
proactive cyber diplomacy would help to secure cyber space and promote confidence and trust of key stakeholders including
citizens, businesses, political and security leaders.
CII has been actively working in the cyber security space. The CII Task Force on Public Private Partnership for Security of the Cyber Space has been set up to bring about improvements in the legal framework to strengthen and maintain a safe cyberspace ecosystem by capacity building through education and training programmes. We would facilitate collaboration and cooperation between Government and Industry in the area of cyber security in general and protection of critical information infrastructure in particular, covering cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices.
The global cybersecurity market is expected to witness high adoption, owing to rapid digitalization, higher spending on information security, and the advent of 5G. Various industrial and commercial sectors are implementing cybersecurity solutions to safeguard their data. The market is anticipated to expand at a compound annual growth rate (CAGR) of 11.6% during the period of 2017 to 2022. Read More: https://www.researchonglobalmarkets.com/global-cybersecurity-market.html
IoT is a critical enabler for going digital. Like other domains, getting the basics right is critical to make a thriving IoT ecosystem. I did this workshop in Middle East to educate the audience (from public and private sector) on the three essential enablers for building a trustworthy foundation for IoT projects: reliable connectivity, a robust security framework and an agile monetization environment. Data generated by IoT endpoints may very well be the oil, but it requires these three key enablers to make it all work!
Using international standards to improve EU cyber securityIT Governance Ltd
Cyber security expert Alan Calder takes you through the current cyber threat facing European organisations, the upcoming GDPR and NIS Directive, and how you can use international best practice to get your business cyber secure.
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
This Cybersecurity webinar addresses issues of importance to executive, technical, and academic professionals involved with managing and protecting Electric Utilities and Smart Grids. Cyber threats and vulnerabilities, including cyber attacks, will be addressed; as well as Smart Grid trends, and privacy and data integrity issues. United States, European, and International organizations and initiatives to address cybersecurity for utilities will be discussed. The webinar will conclude with strategies to improve cybersecurity. A second cybersecurity webinar (programmed in September 2017) will address best practices, case studies, and legal and regulatory constraints for architecting smart grids in a secure way.
Telecoms in a convergent world - Emerging issuesMartyn Taylor
Telecommunicationss in a convergent world; Big data and its implications; M2M and the Internet of Things; Digital content and video streaming; Growing use of strategic alliances
Technology Disruption in the New Normal, Digital Inclusion and the LawBenjamin Ang
Technology disruption has swept through legal practice and the justice system, as it has in every other aspect of life in our new normal of remote work and online access. While digital transformation has been hugely beneficial to our society, there are new legal and cybersecurity questions that we need to grapple with as we continue to serve the public. Among the public, varying levels of digital capability and access raise new issues of digital inclusion for us to address in policy and operations. This talk seeks to raise awareness of these issues and to develop ideas for practical application.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Cyber Security is a crucial and rising part of concern in the present age with a rapid increase in the graph of digitization. And with an increase in the activities in cyberspace, there is also an increase in the cyber-crimes. Handling the huge volumes of data with security has become an inevitable need of the hour. Antivirus software, Firewalls, and other technological solutions help to secure this data but are not sufficient enough to prevent the cybercrooks from destructing the network and stealing confidential information. This paper mainly focuses on the issues and challenges faced by cybersecurity. It also discusses the risks, cybersecurity techniques to curb cyber-crime, cyber ethics, and cyber trends.
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Benjamin Ang
Lecture on the different cyber norms frameworks for responsible state behaviour in cyberspace - describing Paris Call, Charter of Trust, Microsoft Digital Geneva Convention, Tech Accord, GCSC, Shanghai SCO, UN GGE, UN OEWG - explaining each of the 11 cyber norms from the UN GGE 2015 meeting, and concluding with a case study on ASEAN's approach to international law in cyber operations
Commercial Real Estate - Cyber Risk 2020CBIZ, Inc.
Commercial real estate has always been an attractive cyber target offering sophisticated hackers a wealth of personal information store in banking, lease, and employment records and multiple transaction points. Enter COVID-19. Almost overnight, nearly all routine activities are tied to remote capabilities. Now, it’s cyber threat and cyber risk on steroids. Here's a cyber professional’s view of the situation and links to several additional resources.
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
ABSTRACT: Cybersecurity risk pervades all sectors of the US economy. It challenges the reliability, resiliency, and safety of our infrastructures. The chemical industry, particularly the petro-chemical industry, is a critical infrastructure that is vulnerable to cyber attacks. By its nature, the chemical industry deals with products that are sometimes highly hazardous for people and the environment. Cyber attacks on chemical industry represent a threat beyond the boundaries of the factory involved. This paper presents a brief introduction to how cybersecurity affects the chemical industry.
KEY WORDS: cybersecurity, computer security, chemical industry
Global Perspective Cyberlaw, Regulations and Complianceijtsrd
Cyber security provides protection to the internet connected networks and system from the cyber attacks. To stop attacks everyone must know and aware of all cyber law, regulations and compliance to secure the cyber. Cyber security is all about to stop cyber crime. Cyber security is must and we have to know about all safety measures required to stop cybercrime. This paper give details information about cyber security and its safety measure. Also we will discuss about the activities related to it and how actually cybercrime happens and all steps taken by the various organization and Government to have cyber ethics everywhere. Cyber security provides protection against the cybercrime and teach us what essential safety measures one need to follow from all cybercrimes. Securing online information is priority where everyone is involved with technology. Whenever anyone talked about cyber security, straight one thing comes in mind that is cybercrime and what safety measures need to take to be safe from it. Syed Meharanjunisa "Global Perspective: Cyberlaw, Regulations and Compliance" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-5 , August 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31684.pdf Paper Url :https://www.ijtsrd.com/computer-science/computer-security/31684/global-perspective-cyberlaw-regulations-and-compliance/syed-meharanjunisa
Cyberspace is rapidly transforming our lives – how we live, interact, govern and create value. With the JAM (Jan Dhan, Aadhaar and Mobile) trinity, India is at the forefront of global digital transformation. “Digital India” is being hailed as the world's largest technology led programme of its kind.
While internet, smartphones and modern information and
communication devices have been great force multipliers, endless connectivity and proliferation of IoT devices is giving rise to vulnerabilities, risks and concerns. Cyber security is today ranked among top threats by governments and corporates. Heightened concerns about data security and privacy have resulted in a spate of regulations in India and across the world. India is in the process of discussing and enacting its own comprehensive data security and privacy regulation, as well as vertical specific ones. Cyber security is an ecosystem where laws, organisations, skills, cooperation and
technical implementation would need to be in harmony to be
effective.
Overall, a robust regulatory framework based on global and
country-specific regulations, development of a holistic cyber
security eco-system (academia and industry as well as
entrepreneurial) and a coordinated global approach through
proactive cyber diplomacy would help to secure cyber space and promote confidence and trust of key stakeholders including
citizens, businesses, political and security leaders.
CII has been actively working in the cyber security space. The CII Task Force on Public Private Partnership for Security of the Cyber Space has been set up to bring about improvements in the legal framework to strengthen and maintain a safe cyberspace ecosystem by capacity building through education and training programmes. We would facilitate collaboration and cooperation between Government and Industry in the area of cyber security in general and protection of critical information infrastructure in particular, covering cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices.
The global cybersecurity market is expected to witness high adoption, owing to rapid digitalization, higher spending on information security, and the advent of 5G. Various industrial and commercial sectors are implementing cybersecurity solutions to safeguard their data. The market is anticipated to expand at a compound annual growth rate (CAGR) of 11.6% during the period of 2017 to 2022. Read More: https://www.researchonglobalmarkets.com/global-cybersecurity-market.html
IoT is a critical enabler for going digital. Like other domains, getting the basics right is critical to make a thriving IoT ecosystem. I did this workshop in Middle East to educate the audience (from public and private sector) on the three essential enablers for building a trustworthy foundation for IoT projects: reliable connectivity, a robust security framework and an agile monetization environment. Data generated by IoT endpoints may very well be the oil, but it requires these three key enablers to make it all work!
Using international standards to improve EU cyber securityIT Governance Ltd
Cyber security expert Alan Calder takes you through the current cyber threat facing European organisations, the upcoming GDPR and NIS Directive, and how you can use international best practice to get your business cyber secure.
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
This Cybersecurity webinar addresses issues of importance to executive, technical, and academic professionals involved with managing and protecting Electric Utilities and Smart Grids. Cyber threats and vulnerabilities, including cyber attacks, will be addressed; as well as Smart Grid trends, and privacy and data integrity issues. United States, European, and International organizations and initiatives to address cybersecurity for utilities will be discussed. The webinar will conclude with strategies to improve cybersecurity. A second cybersecurity webinar (programmed in September 2017) will address best practices, case studies, and legal and regulatory constraints for architecting smart grids in a secure way.
Telecoms in a convergent world - Emerging issuesMartyn Taylor
Telecommunicationss in a convergent world; Big data and its implications; M2M and the Internet of Things; Digital content and video streaming; Growing use of strategic alliances
Securing Critical Infrastructures with a cybersecurity digital twin Massimiliano Masi
Critical Infrastructures are common targets for cyber-and-physical attacks. Smart Grids, Water Transport Systems, Railway, or Motorway witness an increase of malware and attacks partially due to the IT/OT convergence. Usually, critical infrastructures are composed by legacy software or hardware that cannot be easily patched or upgraded, facilitating the work of the attackers by exposing vulnerabilities solved in IT decades ago. Moreover, it is usually impossible to have a test system for such infrastructures, where a security countermeasure is evaluated for its impact. In fact, in OT systems, availability is of its utmost importance, thus adding a security countermeasure has to be carefully evaluated to not hinder such property. To overcome such shortcomings, digital twins are used. In this talk, it will be presented how digital twins specifically devised for cybersecurity are used for the evaluation of threats in cyber-and-physical systems in an industrial environment. In particular, it will be shown how a digital twin will be systematically derived from the Architectural representation of a real-world industrial system (the "collaborative intelligent transport system") and how the security measures are evaluated with an specific architectural view.
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
Because of recent cyber-attacks and threats against power utilities, cybersecurity continues to increase in importance and be on the minds of substation design engineers.
One major concern for power distribution utilities is “ensuring that all communication protocols performing control functions and data acquisition for substations are properly secured. With IEC-61850 being one of the most widely used communications protocols by utilities today, particularly in distribution automation (DA),” increases the need for greater security in communication protocols. [1]
IEC-61850 is also becoming the preferred standard for substation design and operations due to the common framework and object-oriented design for point names as well as the increased performance and lower lifecycle cost of SCADA systems utilizing the methodology and protocols. This paper will discuss major vulnerabilities and cybersecurity considerations that require proper analysis when designing and implementing a secure IEC-61850 standard-based SCADA system within a power substation. However, this paper will not discuss implementation methods or provide implementation concepts.
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Power System Operation
The electric power industry has come a long way since the 1900s, with respect to evolving from legacy analog devices to new and advanced digital technologies. “Today, microprocessor devices used by power utilities have advanced into smarter and more intelligent devices, known as intelligent electronic devices (IEDs). These IEDs aid power operators, technicians, and engineers in better decision making, offering more tools for controlling and monitoring power flow that can perform routine maintenance testing via remote control and automated functions. IEDs can detect and protect against various power fault and system disturbance scenarios along with providing power flow waveforms, metering data, and supervisory control and data acquisition (SCADA) functionality.” [1]
As power control systems and operational technology (OT) systems continue to progress so does their dependence on information technology (IT) systems for communications and enterprise network connectivity. The OT world of SCADA and control systems for power substations continues to evolve with more influence, products and services from the IT world. The need for a unified cyber/physical security approach within the smart substation environment that protects the overall goal of safely delivering electric power to customers is not only a laudable goal, but an absolute requirement as the two traditional OT and IT environments start to become a single solution. The OT and IT convergence are a reality due to the integrated and complex computing e.g. networking and communications taking place within OT environments. This paper reviews some of the major security challenges facing OT and IT convergence with power utilities, particularly within smart grid (SG) and smart substation environments. Also, recommendations are provided for implementing and maintaining proper security controls in the new combined OT/IT environment.
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
SUMMARY - Current power grids increasingly emerging into smart networked grids and are more accessible from the public internet which poses new cyber threats in the grid. More computer based systems are introduced into power networks in order to monitor and control the network. Future model smart grid and micro grid systems will be based on data flows for communication of system status, usage and control throughout the network infrastructure in addition to the power flow. This creates new security threats on the power grid. Instead of relying mainly on power plants for power generation, there will be a combination of multiple generation sources and at the same time wider use of electrical computer based equipment by consumers. Both increase the amount of data flows in the network as well as introduce additional vulnerable spots. Vulnerability of the power grid to cyber-attacks increases even more because of the wide use of SCADA networks. SCADA networks are more accessible to the internet and lack authentication and authorization mechanisms therefore expose the grid to threats such as DDOS, Data interception, Data alteration and additional hacking threats.
The transition from present to future model has already begun and rapidly growing while it already poses new security challenges which must be attended immediately. It is essential to introduce immediately a single comprehensive security solution which will provide fast detection and prevention tools to cope with a variety of threats with different nature and from multiple sources. The solution should not be tightly coupled with each device in the network so it won’t require upgrade of the devices inside the grid.
The Cyber defense solution should be versatile using variety of cyber technologies such as Firewalls, anomaly detection, Big Data analytics, machine learning and more in a network wise combination.
How to keep your IT environment secure using IAM while deploying BYOD and mobile
presentation delivered at the BYOD and Mobility Forum, London on 26 March 2014
IOT in Electrical & Electronics EngineeringLokesh K N
The evaluation of the IOT in the electrical power industry transformed the way things performed in usual manner. IOT increased the use of wireless technology to connect power industry assets and infrastructure in order to lower the power consumption and cost. The implementation of IoT in power system must rely on the line monitoring and real-time control in all aspects of the grid operating parameters, and the basic characteristics are grid information, communication, and automation.
Future trends in Facility Management digitalization - Mark Fitzpatrick - at A...Business Days
Hype, Disruption and Transformation in Digital Facilities Management
The digital technologies that will have the greatest and most immediate impact to FM are:
-Internet of Things (IoT)
-Data Analytics
-Cognitive Technologies (AI & Machine Learning)
-Cloud Services
-User Experience Applications
Derivatives will have an impact in 5 to 10 years:
-Digital Twins
-Virtual Assistants and Smart Workplace
-Augmented Reality
Future trends modern energy management with Frank Katzemich from ApleonaBusiness Days
Modern buidlings and modern FM Services are real money savers:
-Constant Monitoring of technical sub-systems
-Mange real-time building data with intelligent sensors
-Transparent, manageable and efficient data collection
-Processing of collected data based on user and operator needs
-Automated data processing
-Intelligent utilization management
-Intelligent integration of energy space and facility management
-Open standards enable simple, economic and efficient facility operations
Costumer value add:
-Optmisation of energy efficiency and space utilization
-Optimisation of operation
-Implementation of alternative energy sources
-Boost of employee satisfaction and increase productifity
Modern trends in Facility Management - APLEONA DAY 15 mai 2019Business Days
Prezentarea din deschiderea evenimentului sustinuta de Bianca Radulescu (Managing Director Apleona Romania) si Ariane Schütze (Manager Client Solutions) despre Trenduri Moderne in Facility Management.
Automobilul in economia viitorului Bogdan Apahidean, CEO LeasePlanBusiness Days
Iata principalele idei extrase din prezentarea lui Bogdan Apahidean din cadrul conferintei "Impactul economiei si a tehnologiei asupra afacerilor" din cadrul Business Focus Iasi 2019:
1. Provocarile zilei in mobilitatea auto sunt: traficul si impactul asupra mediului
2. Cele mai importante 3 tendinte care influenteaza mobilitatea, in general, si mobilitatea in scop de business, in special, sunt:
a. de la detinere la utilizare – car as a service
b. sharing economy
c. digitalizarea
d. grija fata de mediu
3. Inmatricularile de electrice si plug-in hibride cresc intr-un ritm alert; la fel si investitiile in retele de incarcare
4. Atunci cand vrem sa stim cat ne costa utilizarea unui autovehicul, trebuie sa luam in calcul toate compenentele costului total de utilizare (TCO – total cost of ownership): amortizare, taxe si impozite, asigurari, reparatii si intretinere, anvelope, combustibil si, ceea ce multe companii uita, costul cu personalul implicat in procese (facturi, programari service, administrare daune, etc). De aceea Leasingul operational (o inchieriere pe termen lung cu servicii incluse) este o solutie eficienta de mobilitate pentru ca ofera predictibilitate si elimina riscurile (cel mai important fiind acum riscul de revanzare – odata cu diesel ban, valorile de revanzare ale modelelor diesel pot scadea semnificativ...)
Pentru mai multe detalii vezi articolul de pe blogul Business Days: https://www.businessdays.ro/blog/tehnologie-si-inovatie/automobilul-in-economia-viitorului
Razvan Zvoristeanu - Harta investitilor in marketingBusiness Days
Prezentarea din cadrul evenimentului Busines made visible by Promer din 11 aprilie 2019 de la Hotel Pleiada organizat de BD EVENTS
https://www.businessdays.ro/blog/evenimente/concluzii-dupa-evenimentul-business-made-visible-by-promer-organizat-de-bd-events-in-11-aprilie-la-hotel-pleiada
Dan Mocanu si Vlad Diaconu - Cum putem face concurenta irelevanta?Business Days
Prezentare din cadrul evenimentului Business made Visible by Promer organizat de BD EVENTS in 11 aprilie 2019 la Hotel Pleiada din Iasi.
https://www.businessdays.ro/blog/evenimente/concluzii-dupa-evenimentul-business-made-visible-by-promer-organizat-de-bd-events-in-11-aprilie-la-hotel-pleiada
Adrian Mironescu - Cum creezi branduri cu suflet?Business Days
Prezentarea lui Adrian Mironescu din cadrul evenimentului Business made Visible by Promer din 11 aprilie de la Hotel Pleiada din Iasi
https://www.businessdays.ro/blog/evenimente/concluzii-dupa-evenimentul-business-made-visible-by-promer-organizat-de-bd-events-in-11-aprilie-la-hotel-pleiada
Business focus constanta 2018 scurta prezentare a evenimentuluiBusiness Days
Pe 6 iunie 2018 ajungem pentru prima data in istoria evenimentelor Business Days si la Constanta, unde vom organiza evenimentul Business Focus Constanta, la hotel Ibis Constanta.
26 sesiuni interactive de dezvoltare profesionale, dezvoltarea afacerii si dezvoltare personala la care conferentiaza 50 de speakeri de top: antreprenori de succes, manageri din companii performante si experti cu peste 15 ani de experienta in aria de competenta.
Peste 350 de oameni de afaceri din regiune sunt asteptati la cel de al 63-lea eveniment din seria evenimentelor Business Days la care au participat cumulat peste 33.000 de participanti unici si au vorbit peste 2.500 de speakeri in cei 8 ani de activitate de cand investim cu pasiune in dezvoltarea antreprenoriatului si a mediului de afaceri din Romania.
10 sugestii pentru un discurs cu impact de la Ovidiu OlteanBusiness Days
Prezentarea lui Ovidiu Oltean din cadrul sesiunii de dezvoltare personala pe tema arta vorbitului in public pentru manageri si antreprenori ce a avut loc in data de 28 martie la Iasi.
Lista de verificare al unui vorbitor in public profesionist - de la Ovidiu Ol...Business Days
Unul dintre cei mai apreciati moderatori ai evenimentelor Business Days, Ovidiu Oltea recomanda o lista de verificare pentru toti cei care vor sa vorbeasca in public.
Mixul de finantare - Adi Ploscaru - workshop de management financiar din cadr...Business Days
Despre mixul de finantare cu Adi Ploscaru in cadrul workshopului de management si strategie de la evenimentul organizat de platforma Business Days in 28 martie 2018 la Iasi.
Adi Ploscaru - 5 pasi pentru sanatatea ta financiara si a afaceriiBusiness Days
Ce au aflat cei care au participat la sesiunea de dezvoltare personala:
1. Echilibrul dintre Activ şi Pasiv
2. Venituri vs. Cheltuieli => Profit sustenabil
3. Circuitul sǎnǎtos al banilor
4. Randamentul investiţiilor > Costul banilor
5. Rǎsplǎteşte-i pe cei care îţi sunt alǎturi!
Dan Mocanu - Diferentiere prin inovatie - Masterclass - Business Focus Iasi 2018Business Days
trecerea printr-un proces simplu de blue ocea strategy pentru a:
- imbunatatii imediat oferta existenta
- a descoperii potentialul de crestere
- a capta "oceanele" cu utilitate wow la cost scazut
Mihai Bonca - Brand Strategy - Masterclass - Business Focus Iasi 2018Business Days
Strategy - The Art of Creating Superior Performance
Offers sound executive judgement:
• Increases chances to succeed: more than one solution that is
good enough. Discriminates and does not look for perfection.
• Helps decision making: Defends your solutions with arguments
and data. Debates this options. Articulate decisions against
other people solutions.
• Helps avoid minefields: an infinite amount of solutions that
are not good enough.
• Match the best strategy: for the firm with what the
management can understand and do.
Source: Thomas Powell
Does not offer:
• A perfect solution (guaranteed to do that)
Memorandum Of Association Constitution of Company.pptseri bangash
www.seribangash.com
A Memorandum of Association (MOA) is a legal document that outlines the fundamental principles and objectives upon which a company operates. It serves as the company's charter or constitution and defines the scope of its activities. Here's a detailed note on the MOA:
Contents of Memorandum of Association:
Name Clause: This clause states the name of the company, which should end with words like "Limited" or "Ltd." for a public limited company and "Private Limited" or "Pvt. Ltd." for a private limited company.
https://seribangash.com/article-of-association-is-legal-doc-of-company/
Registered Office Clause: It specifies the location where the company's registered office is situated. This office is where all official communications and notices are sent.
Objective Clause: This clause delineates the main objectives for which the company is formed. It's important to define these objectives clearly, as the company cannot undertake activities beyond those mentioned in this clause.
www.seribangash.com
Liability Clause: It outlines the extent of liability of the company's members. In the case of companies limited by shares, the liability of members is limited to the amount unpaid on their shares. For companies limited by guarantee, members' liability is limited to the amount they undertake to contribute if the company is wound up.
https://seribangash.com/promotors-is-person-conceived-formation-company/
Capital Clause: This clause specifies the authorized capital of the company, i.e., the maximum amount of share capital the company is authorized to issue. It also mentions the division of this capital into shares and their respective nominal value.
Association Clause: It simply states that the subscribers wish to form a company and agree to become members of it, in accordance with the terms of the MOA.
Importance of Memorandum of Association:
Legal Requirement: The MOA is a legal requirement for the formation of a company. It must be filed with the Registrar of Companies during the incorporation process.
Constitutional Document: It serves as the company's constitutional document, defining its scope, powers, and limitations.
Protection of Members: It protects the interests of the company's members by clearly defining the objectives and limiting their liability.
External Communication: It provides clarity to external parties, such as investors, creditors, and regulatory authorities, regarding the company's objectives and powers.
https://seribangash.com/difference-public-and-private-company-law/
Binding Authority: The company and its members are bound by the provisions of the MOA. Any action taken beyond its scope may be considered ultra vires (beyond the powers) of the company and therefore void.
Amendment of MOA:
While the MOA lays down the company's fundamental principles, it is not entirely immutable. It can be amended, but only under specific circumstances and in compliance with legal procedures. Amendments typically require shareholder
Remote sensing and monitoring are changing the mining industry for the better. These are providing innovative solutions to long-standing challenges. Those related to exploration, extraction, and overall environmental management by mining technology companies Odisha. These technologies make use of satellite imaging, aerial photography and sensors to collect data that might be inaccessible or from hazardous locations. With the use of this technology, mining operations are becoming increasingly efficient. Let us gain more insight into the key aspects associated with remote sensing and monitoring when it comes to mining.
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...PaulBryant58
This article provides a comprehensive guide on how to
effectively manage the convert Accpac to QuickBooks , with a particular focus on utilizing online accounting services to streamline the process.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...Kumar Satyam
According to TechSci Research report, “India Orthopedic Devices Market -Industry Size, Share, Trends, Competition Forecast & Opportunities, 2030”, the India Orthopedic Devices Market stood at USD 1,280.54 Million in 2024 and is anticipated to grow with a CAGR of 7.84% in the forecast period, 2026-2030F. The India Orthopedic Devices Market is being driven by several factors. The most prominent ones include an increase in the elderly population, who are more prone to orthopedic conditions such as osteoporosis and arthritis. Moreover, the rise in sports injuries and road accidents are also contributing to the demand for orthopedic devices. Advances in technology and the introduction of innovative implants and prosthetics have further propelled the market growth. Additionally, government initiatives aimed at improving healthcare infrastructure and the increasing prevalence of lifestyle diseases have led to an upward trend in orthopedic surgeries, thereby fueling the market demand for these devices.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Enterprise Excellence is Inclusive Excellence.pdfKaiNexus
Enterprise excellence and inclusive excellence are closely linked, and real-world challenges have shown that both are essential to the success of any organization. To achieve enterprise excellence, organizations must focus on improving their operations and processes while creating an inclusive environment that engages everyone. In this interactive session, the facilitator will highlight commonly established business practices and how they limit our ability to engage everyone every day. More importantly, though, participants will likely gain increased awareness of what we can do differently to maximize enterprise excellence through deliberate inclusion.
What is Enterprise Excellence?
Enterprise Excellence is a holistic approach that's aimed at achieving world-class performance across all aspects of the organization.
What might I learn?
A way to engage all in creating Inclusive Excellence. Lessons from the US military and their parallels to the story of Harry Potter. How belt systems and CI teams can destroy inclusive practices. How leadership language invites people to the party. There are three things leaders can do to engage everyone every day: maximizing psychological safety to create environments where folks learn, contribute, and challenge the status quo.
Who might benefit? Anyone and everyone leading folks from the shop floor to top floor.
Dr. William Harvey is a seasoned Operations Leader with extensive experience in chemical processing, manufacturing, and operations management. At Michelman, he currently oversees multiple sites, leading teams in strategic planning and coaching/practicing continuous improvement. William is set to start his eighth year of teaching at the University of Cincinnati where he teaches marketing, finance, and management. William holds various certifications in change management, quality, leadership, operational excellence, team building, and DiSC, among others.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
2. Yugo Neumorni
Urgent Cargus, CIO (2019 – present)
Hidroelectrica, CIO, (2014 – 2019)
Vimetco, CIO, (2004 – 2014)
Deloitte & Touche Central Europe, IT Manager, (1998 – 2004)
Board member EuroCIO (www.eurocio.org), 2017 -
Chairman of Cybersecurity Council of EuroCIO 2018 -
CIO Council President and co-founder (www.ciocouncil.ro) since 2009
ISACA Romania President and Board Member 2007 – 2016. www.isaca.com
EMBA, Asebuss- Kennessaw State University, 2007 - 2009
CISA, Certified Information System Auditor, 2001, Budapest, Hungary
CIO Council National Conference organizer (www.cioconference.ro)
Gold Winner of the 2017 SAP Quality Awards, Fast Delivery category in CEE with Hidroelectrica.
Speaker in IT international conferences
Yugo Neumorni is specialized in reorganization, planning, design and implementation of complex
industrial IT environments for multinational companies. His area of expertise includes ERP (SAP)
projects, large scale IT division reorganization and development, IT security & cyber, SCADA and
industrial control systems, IT audit and IT governance, business processes in energy, aluminum and
manufacturing, COBIT framework, ITIL.
3. Agenda
• Power grid
• Smart Power Grid
• Anatomy of a cyberattack. APT
• Vulnerabilities inside SCADA/ICS environment
• Best practices. IDS pillar for Cyber Defense
• Conclusions
4. Romanian Power Grid
Collapse 1977
March 4th 1977: 7,2 Richter
earthquake Romania
• 1,578 deaths, 11,300 de wounded, 35,000
de damaged buildings
• Total damages 2 billions USD
May 10th 1977: Collapse of
national energy system
• Total damages: more than 5bn USD
6. • Our Society is Dependent upon Electricity
• Nuclear Power Plants Need Electricity for
Cooling
• Refrigeration
• Banking system
• Water & gas supply
• Riots
Could We Survive a Long-
Term Power Outage?
7. Power grid Outage.
Domino effect
• In the context of power grids a cascading
outage is a sequence of failures and
disconnections triggered by an initial
event, which can be caused by natural
phenomena (e.g., high wind, flooding or
a lightning shorting a line), human
actions (attacks) or the emergence of
imbalances between load and
generation. An outage that affects a
wide area or even the whole power grid
is also called “blackout” [1], and usually
occurs in a time-scale that is typically
too short to stop it by human
intervention.
• In this respect, most of the major
blackouts in power grids have been
generally caused by an initial event (for
instance, critical loads) that unchains a
series of “cascading failures” [2–7], with
very severe consequences
https://www.researchgate.net/figure/Modernized-algorithm-of-cascade-outages-development-in-power-network-with-DG_fig1_324590826
2003, New York blackout
8. • 225,000 people were left without power for approximately 6 hours on
December 23, 2015, in Ukraine.
• Spear-phishinga schemes, malware, and manipulation of long-known
Microsoft Office macro vulnerabilities
• Collected the credentials to gain access to SCADA systems
• Virtual workstations inside SCADA systems that were trusted to issue
system commands
• Co-opting remote terminal units within SCADA systems to issue “open”
commands to specific breakers at substations
• Severing communications by targeting firmware in serial-to-Ethernet
devices
• Installing and running a modified KillDisk program that deleted
information on what was occurring while making recovery reboots nearly
impossible
• Shutting down uninterruptible power supplies at control centers
• Executing a large denial-of-service attack on utility call centers that
prevented customers from reporting outages
• Spear phishing is a targeted email that appears to be from a known
business or individual
Attacks on DSOs.
Ukrainian power grid attack
Photo: https://https://thehackernews.com/2016/01/Ukraine-power-system-hacked.html
Photo: https://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf
9. Attacks on Bowman Avenue Dam, NY
• The attacker gained unauthorized access to the SCADA system and was
able to obtain information on operations, including water levels,
temperatures and the status of machinery
• hackers linked to the Iranian Government
• The attacker managed to reach the OT system without being
identified. In addition, he managed to access and manipulate the OT
system without raising any suspicion.
• Deficient peripheral cyber defenses for industrial control systems,
automation computers and Operational Technology (OT) at the dam
• Lack of effective real-time monitoring and responsiveness
• Lack of effective incident response measures
10. Attacks on TSOs / National Dispatch
Photo: https://www.energy-storage.news/news/proposal-for-2gw-of-ev-chargers-and-batteries-to-connect-to-uks-transmission
12. Aurora Experiment 2007
“In 2007, an
American experiment
had shown that it
took just twenty-one
lines of code to
physically destroy a
power generator …”
Klimburg, Alexander.
The Darkening Web:
The War for
Cyberspace (p. 206).
Penguin Publishing
Group.
Photo: https://www.muckrock.com/news/archives/2016/nov/14/aurora-generator-test-homeland-security/
13. CIA plot led to huge blast in Siberian gas pipeline in 1982.
Myth or reality?
• 1982 the most monumental non-
nuclear explosion seen from space
• Soviets tried to steal hardware
embedded software for ICS
• CIA manipulated the software and
allowed to be stealed
• First ever “logic bomb”
• Piece of code that had been
programmed to turn malicious that
massively increased the pipeline
pressure, eventually leading to the
explosion
• Story not confirmed official
The Darkening Web – Alex Klimburg. Photo: amazon.com
14. Industry 4.0?
• We are living the 4th Industrial Revolution
• Humanity will change more in the next 20 years
than in the past 300 years (futurist Gerd
Leonhard)
• The world will have 50 billion connected devices
by 2020 (outdated)
• Internet is a platform of objects
• Smart city; Smart grid; Smart everything
• Smart electric Connected cars into Internet of
Things
• Flying drones; No more smartphones
• Smart clothes; Smart shelves; new shopping
experience
15. European energy system in figures
2015
https://setis.ec.europa.eu/system/files/integrated_set-plan/communication_energy_union_en.pdf
Reliance
94% percent of
transport relies
on oil products,
of which 90% is
imported
94%
Energy inefficient
75% of our
housing stock
is energy
inefficient
75%
Imports
EU imported 53% of
its energy at a cost
of around EUR 400
billion, which makes
it the largest energy
importer in the world
53%
Six Member States depend on a single
external supplier for their entire gas
imports and therefore remain too
vulnerable to supply shocks.
Every additional 1% increase in energy
savings cuts gas imports by 2.6%.
Collectively, the EU spent over EUR 120
billion per year – directly or indirectly – on
energy subsidies, often not justified.
Over EUR 1 trillion need to be invested
into the energy sector in EU by 2020 alone
https://setis.ec.europa.eu/system/files/integrated_set-plan/communication_energy_union_en.pdf
THE WAY FORWARD
Energy security, solidarity and trust;
A fully integrated European energy
market;
Energy efficiency
Decarbonizing the economy
16. European energy system
• “Expanding and improving Europe’s energy networks will be vital for
Europe’s transition to a low-carbon economy. Smarter distribution
grids will be needed to integrate increasing amounts of decentralised
generation, electric vehicles and heat pumps into the network and
encourage consumers to actively manage their energy demand. This
will require additional investment in new infrastructure.”
• “According to figures from the International Energy Agency, the
investment needs in the European distribution network will amount to
480bn euros up to 2035.”
https://setis.ec.europa.eu/system/files/integrated_set-plan/communication_energy_union_en.pdf
17. Future Electric Power Grid
http://l-it.hu/hir/Megujulo_es_takarekos_-_Energiatakarekos_Magyarorszag
18. Future Smart Power Grid
• Mix of Information and Communication
technologies with Power system technology
• Real-time, two-way communications
throughout the grid
• Intelligent devices continually interacting with
each other creating an enterprise-wide
information system
• Allow utilities to understand, optimize, and
regulate demand, supply, costs, security and
reliability
• Grids are "smart“- they don't only transport
electricity but also information
19. Future power grid concepts and challenges
• Power is no longer fully generated from
centralized and conventional thermal power
plants. It is increasingly produced from variable
renewable sources connected at distribution level.
• Distribution system operators (DSOs) and
suppliers are no longer the only players serving
consumers. With the liberalization of end-user
markets, new players (ESCOs, aggregators,
technology companies, etc.) have progressively
entered markets, competing to offer services to
consumers.
• Many consumers are no longer passive recipients
anymore. On the contrary, they are becoming
more active and are increasingly interested in
value-added services beyond energy.
23. Checkpoint Security Report 2018
97%
of organizations are
using outdated cyber
security technologies
64%
of organizations have
experienced a phishing
attack in the past year
59%
of companies consider
ransomware to be their
biggest threat
24%
of companies have
experienced a DDos
attack
32%
of government offices
were victim to a data
breach in the past year
300
apps in the Google
Play store contained
malware and were
downloaded by over
106 million users
100%
of all businesses have
had a mobile malware
attack
82%
of manufacturers have
experienced a phishing
attack in the past year
94%
of companies expect
attacks on mobile
devices to increase
77%
77% of it professionals
feel their security
teams are unprepared
for today’s cyber
security challenges
https://www.checkpoint.com/downloads/product-related/report/2018-security-report.pdf
26. Case: Dragonfly/HAVEX - 2013
• Where: U.S. and Europe
• Target system:
• power grid and petrochemical asset owners
• devices on TCP ports 44818 (Omron, Rockwell Automation), 102
(Siemens) and 502 (Schneider Electric)
• Attack vector: vendor websites and spear phishing in the
form of e-mails with PDF attachments
• Impact: > 2,000 sites (1,000 energy companies in 84
countries)
• Key facts:
• leveraged legitimate functionality in the OPC protocol to map out
industrial devices
• no physical disruption or destruction of the industrial process
27. Case : Sandworm/Blackenergy 2 - 2014
• Where: U.S. and Europe
• Target system:
• power generation site owners / operators
• large suppliers and manufacturers of heavy power related materials
• HMI applications including:
• Siemens SIMATIC WinCC (V7.0, V7.2, V7.3) PCS 7 (V7.1, V8.0, V8.1), TIA Portal V13
• GE CIMPLICITY Version 8.2 with SIM 23 and prior
• Advantech WebAccess
• Attack vector: phishing campaign/ known or 0-day vulnerability in Microsoft Windows
• Impact: multiple systems of NATO, European Union, and energy sectors
• Key facts:
• Advanced Persistent Threat Toolkit to develop modular malware;
• capabilities to attack ARM and MIPS platforms, scripts for Cisco network devices, destructive
plugins, certificate stealer and more
28. Norsk Hydro held hostage by a ransomware attack
• Norsk Hydro has suffered a huge blow as its operations
across Europe and the U.S have been affected by a cyber
attack.
• The company has confirmed that a ransomware has taken
hold of their systems and compromised
its cybersecurity framework.
• Norsk Hydro has called the situation “quite severe” and
plans to restore its systems using backup data
Did not pay the ransomware
Norsk operated on manual
Norsk restored from backups
29. CYBERATTACK ON A GERMAN STEEL-MILL
In late 2014, a German steel mill
was the target of a cyberattack
when hackers successfully took
control of the production
software and caused significant
material damage to the site.
https://www.sentryo.net/cyberattack-on-a-german-steel-mill
The attackers first hacked into the office software network of the industrial site ;
Starting from this network they then penetrated the production management software of the steel mill ;
From there they took over most of the plant’s control systems ;
Once in control, they methodically destroyed human machine interaction components. They succeeded in
preventing a blast furnace from initiating its security settings in time and caused serious damage to the
infrastructure.
30. Anatomy of a cyberattack. APT
Motivation for an attack:
• State-Sponsored Actors;
• Cyberterrorists
• Cybercriminals
• Hacktivist
41%
27%
26%
26%
24%
20%
11%
Motivation
Ransom Insider threat Political reasons
Competition Cyberwar Angry users
Unknown
Stages
• Reconnaissance
• Enumeration
• Penetration
• Escalate privileges
• Command and Control
Communication
• Lateral movement
• Exfiltration
• Sanitation
Assume breach!
31. APT. Reconnaissance. Entry point!
• Companies exposed by public info posted:
– Public websites
– Social networks
– Public acquisition website
• Public info released are used to profile
company and security systems
• CxO are profiled by
– Social networks
– Public info
• Companies are profiled
32. Cybercrime industrialized
• You can get someone’s complete health insurance data by paying $1,250.
• For just $7/hour, you can unleash a Distributed Denial of Service attack on
your competition.
• You can purchase US Fulz records (someone’s identity, passport, SSN, and
others). You can get all that for around $40.
• You can also get 10,000 fake Twitter followers for $15.
• And if you want access to a government server, that can be had for $6.
• You’re dealing with professional organizations that: Provide 24/7
customer service; Offer free trial attacks to demonstrate their prowess;
Payment after the successful attack once you are satisfied with the results.
• The cost of cybercrime in 2016 is estimated to be around $445 billion, and
it is predicted to increase to around $2 Trillion globally by 2019. 3 These
estimates only include known attacks, not undetected cybercrime,
industrial espionage, or state-sponsored attacks.
http://www.oracle.com/us/technologies/linux/anatomy-of-cyber-attacks-wp-4124673.pdf
35. You are for SALE!
MIT Initiative on Digital Economy – 2018 Platform Strategy Summit
36. Critical Infrastructure / Energy sector – Easy of exploitation
• SCADA Systems are “insecure by design”
• PCs run 24*7 without security updates
• Some times antivirus is missing
• Multiple entry points: USBs, laptops,
maintenance connections
• Insufficient segmentation of the networks
• Absence of encryption in earlier
communication protocols (plain text is
often utilized)
• Legacy industrial Control Protocols without
authentication or authorization
• Security is still immature in SCADA/ICS
networks unlike IT enterprise
• Control engineers an Field operators have
little understanding of Cyber Security photo: DTS Solution
37. Critical Infrastructure / Energy sector – Easy of exploitation
Photo: DTS Solution
Threats are multidimensional:
• Default passwords
• Internet connectivity all kinds of SCADA systems
from HVAC to webcams
• 3rd party remote access
• USB infected removable media
• Insecure SCADA devices
• Enterprise IT Business LAN connected to Control
Systems Network
• Legacy Windows Based OS (Windows NT, XP)
• Systems are lasting longer than in the past. HW/SW
are operating beyond their supported lifespan.
Sometimes impossible to be replaced.
38. The best practices
• Make Sure Network Security and Firewalls
Are In Place
• Regularly Update Your Network Security Tools
• Establish a Incident Response Crisis Plan
• Cyber strategy and regulations for utility
companies
• Educate Your Employees
• Separate OT and IT
• Segmentation and traffic controls in ICS.
• Control networks divided into layers
based on control function. (ANSI/ISA-99)
• Add hardware security appliance (PLC,
DCS, RTU) instead of software
• Risk analyses. Permanent Audit and Pen
tests.
• Improve security awareness on C-level
• Improve security awareness on industrial
systems and operations (SCADA)
• Improve security awareness on industrial
systems and operations (SCADA)
• Implement strong Security Policy
INTRUSION DETECTION SYSTEMS
Active defense. Real-time threat detection
and autonomous response
False positive vs False negative
AI, machine learning, data mining
Anomaly detection model
Misuse detection model
39. Cybersecurity – common pitfalls
• 75% of experts consider cybersecurity to be a top
priority
• 16% CxO say their companies are well prepared
to deal with cyberrisk
• US Gov - cybersecurity as “one of the most
serious economic and national security
challenges we face as a nation.”
• Third party suppliers – weakest links
• Billions of new entry points to defend
• Delegating the problem to IT.
• Cyberrisk needs to be treated as a risk-
management issue, not an IT problem
https://www.mckinsey.com/business-functions/risk/our-insights/a-new-posture-for-cybersecurity-in-a-networked-world
40. Security is a culture!
Security = People + Process + Technology
Business impact analyze
Selling cyber security is hard. KPIs and Budgets
The executive should be aware of cyber security.
Policies and Procedures
Security is a culture!
largest ICS espionage as far as we know, lasting around 3 years by cybersecurity community estimates
Rockwell, Siemens, Schneider
no impact, only data exfiltration