Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SMi Group's Smart Grid Cyber Security 2019 conference


Published on

SMi Group's Smart Grid Cyber Security 2019 conference returns to London for its 8th year in March 2019

Published in: Education
  • Be the first to comment

  • Be the first to like this

SMi Group's Smart Grid Cyber Security 2019 conference

  1. 1. Register online or fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711 @UtilitiesSMi #SMARTGRIDSMi SMi present their 8th annual conference on… Smart Grid Cyber Security Copthorne Tara Hotel, London, UK PLUS TWO INTERACTIVE WORKSHOPS • COPTHORNE TARA HOTEL, LONDON, UK BENEFITS OF ATTENDING: • Hear from a top Brazilian Utility company on the cyber security challenges and solutions used to overcome them when implementing Cyber Security Systems in critical infrastructure companies in a developing country. • Gain key insights in how to safe-guard systems from breaches and security incidents to abuse of pivileges • Discuss examples of applications and technologies - using the latest techniques to tackle risks in IoT and IT - use of IoT solutions for metering and automation systems and how they deal with the vulnerabilities • Analyse how to securely integrate renewable energy to your smart grid • 7 case studies from utility companies – updates on projects highlighting problems encountered, developments made, and solutions found • A focus on how to overcome security issues when integrating electric vehicles to the smart grid • Key updates from top regulators and government bodies – the status of legislation and efforts towards new protective measures CHAIR FOR 2019: • Dieter Sarrazyn, Scada/ICS/OT Security Consultant, SECUDEA FEATURED UTILITY CASE STUDIES: Robson Luiz Schiefler, Chief Executive Officer G.A., COPEL Duncan Burt, Acting Director of Operations, National Grid Kaija Valdmaa, Project Manager of Estfeed, Elering Michael Knuchel, Substation Automation System Project Manager, Swissgrid Claudie Guyomard, Project Manager, Enedis Nuno Medeiros, Information Systems Officer, EDP Distribuição Giovanni Coppola, Programme Manager, Enel X FEATURED SPEAKERS: • Mario Dionisio, Research and Innovation at DG, EUROPEAN COMMISSION • Iñaki Angulo, Project Manager, TECHNALIA • Gerald Maunier, Security Expert at “the Privacy Security Group”, ESMIG • Dieter Sarrazyn, Scada/ICS/OT security consultant, SECUDEA • Vincent Haerinck, Security Consultant, TOREON • Wilfried Pimenta de Miranda, Director, IOTA CONFERENCE: 20th - 21ST WORKSHOPS: 19th 22nd MAR 2019 Workshop A: Threat Modelling for Energy Tuesday 19th March 2019 | 8.30 – 17.30 Workshop Leader: Sebastien Deleersnyder, CEO, Toreon Workshop B: Supply Chain Cyberthreats/Risk Assessment Considerations Friday 22nd March 2019 | 8.30 – 13.00 Workshop Leaders: Dieter Sarrazyn, SCADA/ICS/OT security consultant, Secudea Stephen Smith, Onrix Identifying new solutions that can tackle the important elements of how to secure the smart grid - including distribution and communication, smart metering, optimization, and installation and servicing. REGISTER BY 30TH NOVEMBER TO SAVE £400• REGISTER BY 14TH DECEMBER TO SAVE £200 • REGISTER BY 31ST JANUARY TO SAVE £100
  2. 2. SMART GRID CYBER SECURITY Day One | Wednesday 20th March 2019 8.30 Registration Coffee 9.00 Chairman’s Opening Remarks Dieter Sarrazyn, Scada/ICS/OT Security Consultant, Secudea SMART GRID CYBER SECURITY POLICY, REGULATION AND LEGISLATION UPDATE OPENING KEYNOTE ADDRESS 9.10 Digitisation of Energy – Cybersecurity in the Electrical Power and Energy System (EPES) - an armour against cyber and privacy attacks • How to build resilience against different levels of cyber and privacy risks • Ensure continuity of the critical business energy operations • Make sure the energy sector is better enabled to easily implement the NIS directive • Increase the resilience of the electric system to different levels of attack • Guarantee the cyber protection measures will be easily reconfigurable to new threats • A set of standards and rules for certification of cybersecurity components, systems and processes that will be made available • Cyber protection policy design and uptake at all levels from management to operational personnel • Manufacturers are encouraged in providing accountability and transparency, enabling third parties monitoring and auditing the privacy and security of their energy devices and systems Mario Dionisio, Research and Innovation at DG, European Commission 9.50 Securing your Smart Grid: Regulation and Technologies • The status of legislation and efforts towards new protective measures: EU Cybersecurity Act and ESMIG - related activities • Focus on ESMIG Security Certification work • A global view of smart grid stakeholders and security implications • Data protection and cybersecurity: how to protect connected devices and the data they exchange Gerald Maunier, Security Expert at “The Privacy Security Group”, ESMIG 10.30 Morning Coffee 11.00 Energy Distribution Network Cyber-Security Procurement • Defining and mapping of asset and technology areas for EDS • Reviewing existing procurement language references, good practice and international standards for cyber security that may be relevant to EDS • Determining cyber security requirements to deliver target cyber security levels which can be aligned to the reference model • Developing cyber security procurement guidance statements (CSPG) that will enable procured products and services to meet the cyber security requirements identified Mark Dunk, Head of Engineering, Energy Network Association SMART GRID CYBER SECURITY – CASE STUDIES 11.40 UTILITY CASE STUDY BRAZIL – Cyber security Challenges in a developing country • Problems faced, and solutions used when implementing Cyber Security Systems in critical infrastructure companies Robson Luiz Schiefler, Chief Executive Officer GA, COPEL 12.20 Networking Lunch 13.20 UTILITY CASE STUDY SWITZERLAND; Implementing Cyber Security in a utility and adding Benefits • Security through simplicity of use instead of obscurity • Transfer of knowledge from IT to OT • Laying the Base for an Initiative to add value • Swissgrid’s initiative secure Substation • Added Value in terms of Monitoring Awareness • Continuous improvement Michael Knuchel, Substation Automation System Project Manager, Swiss Grid SECURITY ISSUES WHEN INTEGRATING ELECTRIC VEHICLES TO THE SMART GRID 14.00 IOTA, a Distributed Ledger for the Economy of Things and Smart Energy • The rise of the economy of things • Problems to be addressed including Trust in the Data (integrity, security, privacy) • IOTA Tangle beyond Blockchain • Innovation potential in smart energy, smart charging and smart decentralised grids • The cocreation pathway Wilfried Pimenta de Miranda, Director, IOTA 14.40 CASE STUDY ITALY – Electric Vehicles Charging Infrastructure as Grid-Edge security case: application and standards • EV charging infrastructure market outlook • Why EV charging infrastructure is a critical infrastructure for grid stability and system security • How standardisation is progressing towards embedded security for EV charging stations applications Giovanni Coppola, Programme Manager, Enel X 15.20 Afternoon Tea SOLUTIONS TO SAFE-GUARD SYSTEMS FROM BREACHES AND SECURITY INCIDENTS TO ABUSE OF PRIVILEGES 15.50 Decentralising Access Control: Flexible Delegations with Distributed PKI • Distributed PKI • Decentralisation Graceful Degradation Trust Architecture • Permission Delegation • Offline Verification • Firmware Update Protection • M2M Communication Protection • Risk Management Friendly Scenario Modelling • Resiliency Mitigation of Lateral Movement Gregor Jehle, CEO, P3KI GmbH 16.30 Supply Chain Security • Industrial smart grid cyber security relies on various components, suppliers, people • These all belong to an organisations supply chain and should be properly secured • An in depth look at today’s issues, threats and weaknesses within the supply chain and how you can attempt to get these back in control to increase your organisations security level Dieter Sarrazyn, Scada/ICS/OT Security Consultant, Secudea 17.10 Chairman’s Closing Remarks and Close of Day One Dieter Sarrazyn, Scada/ICS/OT Security Consultant, Secudea Register online at SPONSORSHIP AND EXHIBITION OPPORTUNITIES SMi offer sponsorship, exhibition, advertising and branding packages, uniquely tailored to complement your company’s marketing strategy. Prime networking opportunities exist to entertain, enhance and expand your client base within the context of an independent discussion specific to your industry. Should you wish to join the increasing number of companies benefiting from sponsoring our conferences please call: Andrew Gibbons, on 44 (0) 207 827 6156 or email Supported by
  3. 3. 8.30 Registration Coffee 9.00 Chairman’s Opening Remarks Dieter Sarrazyn, Scada/ICS/OT Security Consultant, Secudea SMART GRID CYBER SECURITY – CASE STUDIES OPENING KEYNOTE ADDRESS 9.10 How can we ensure Great Britain’s energy consumers continue to have a secure, reliable and affordable energy supply in the midst of the changing energy landscape? ‘The Development of the Electricity Systems Operators Forward Plan’ • How to securely integrate renewable energy to the grid (wind farms/solar) • Methods used to find solutions to security problems relating to transmission issues at both transmission and distribution level • Improve accuracy of demand forecasts and increase the visibility of balancing actions to ensure safe, secure and operable systems Duncan Burt, Acting Director of Operations, National Grid 9.50 UTILITY CASE STUDY PORTUGAL: EDP Distribuição Road to Reality - Rolling-out a Secure Smart Grid • Multi-Stakeholder oriented Risk Assessment methodology • Risk Mitigation Strategy: EDPD Smart Grid Architecture and Requirements for securing the grid • Project Framework: Developing and Testing the Secure Smart Grid • Project Main Results, Key Takeaways and Next Steps Nuno Emanuel Pereira, Director of the Networks Digital Platform, EDP Distribuição* Nuno Medeiros, Information Systems Officer, EDP Distribuição* 10.30 Morning Coffee 11.00 UTILITY CASE STUDY FRANCE - Feedback from the SOLENN project – managing sensitive data produced by smart meters • Security in the smart meter Linky Chain • Open data / closed data • The processing of personal data in the SOLENN project Claudie Guyomard, Project Manager, ENEDIS 11.40 UTILITY CASE STUDY ESTONIA – Elering - Enabling access to consumer energy data • Estfeed is a data exchange layer that enables third parties (apps) access consumers smart meter data (e.g. consumption data, production data, smart meter metadata) with the consent of the consumer • Estfeed is a facilitator for smart grids – it allows third party energy services and data sources connected to the platform to exchange energy data securely and verifiably • An update on how the platform allows end consumers, energy service providers, dispersed producers and network operators to use near real-time energy metering data • An explanation on how the data flows on the platform and what the architecture looks like (what are the main components and how do they communicate with each other • Show how to give a consent (access right) to the service provider, energy supplier or private person in Estfeed UI (e-elering, the live Estfeed customer portal). • A short overview of the next big goals will be described – enabling cross-border energy meter data access for service providers to foster the movement of energy services across country border in practice Kaija Valdmaa, Project Manager of Estfeed, Elering 12.20 Networking Lunch 13.20 Cybersecurity implications of the Energy sector evolutions • New tightened ENTSO-E Cybersecurity approach • Cybersecurity implications of the Energy sector evolutions • Decarbonization, Decentralization, New Prosumer IoT leading to an increase in cyber security risk • Cyber security by design for solutions • Shared awareness across all TSOs and RSCs (and DSOs in the future) • Pan-European attack pattern anticipation Alina Neagu, System Operations Advisor, ENTSOE NEW TECHNOLOGIES SHAPING THE FUTURE 14.00 Using security to help transform an industry • Smart DCC is rolling out a secure nation-wide infrastructure for the second-generation of smart meters in the UK • They will also be adopting the existing first-generation meters – with a variety of customers, manufacturers, service providers, security controls and challenges • In the future, they will introduce a new switching service which will enable the industry to transform how consumers change suppliers and understand their relationship with energy use and payment • Smart DCC also has a mandate to encourage innovation – both with smart meter data and in the use of the secure, trusted infrastructure for new IoT opportunities and possibilities • How has security enabled and supported these changes, as well as what it could mean to consumers in the UK in their relationship with energy and data Mark Avery, CISO, Smart DCC 14.40 Helping low security-maturity ICS environments evolve using cross- contamination between security disciplines • Struggles experienced by Belgian energy producers when introducing security in their ICS • Introducing ICS threat modelling – identifying and evaluating threats and vulnerabilities in installation/architecture. • Consider, document, and discuss the security implications of designs in the context of their planned operational environment in a structured fashion. Jasper Hooft, Security Consultant, Toreon 15.20 Afternoon Tea 16.00 Tecnalia’s Cybersecurity Laboratory for the Smart Grid • Lab description: architecture, components (SCADA, SCU, Control and protection devices, merging units, …), systems and supported communication protocols (IEC 60870-5-104, IEC 61850, LDAP, WS, …) • How companies (DSO, Manufacturers, Software developers, …) can benefit from the laboratory • Pen-testing tools used to launch some attacks against the electronic devices • Intruder Detection System • Some examples Iñaki Angulo, Project Manager, Technalia 16.40 Standards-based Approaches to Secure Smart Grid Architecture Specification • Drivers for secure reference architecture design • Methodology for architecture development and related standards • Comparison of design approaches from energy and industrial control systems domain • Example use cases and developed models Dr Oliver Jung, Scientist, Centre for Digital Safety and Security, Austrian Institute of Technology 17.20 Chairman’s Closing Remarks and Close of Day Two Dieter Sarrazyn, Scada/ICS/OT Security Consultant, Secudea Alternatively fax your registration to +44 (0)870 9090 712 or call +44 (0)870 9090 711 MARKETING OPPORTUNITIES Want to know how you can get involved? Interested in promoting your services to this market? Contact Neill Howard, SMi Marketing on +44 (0) 20 7827 6164 or email: SMART GRID CYBER SECURITY Day Two | Thursday 21st March 2019 The Israeli Smart Energy AssociaƟon *Subject to final confirmation
  4. 4. Threat Modelling for Energy Workshop Leader: Sebastien Deleersnyder, CEO, Toreon Overview of Workshop: In this workshop, you’ll learn what threat modelling is, how it works and how to apply it to systems and applications within the Energy sector. You’ll use real-world, hands-on exercise to apply your new skills directly. Why should you attend: This workshop, led by experts in the field, will increase your knowledge on risk analysis techniques and will bring you new insights in risk management. It will help you get a better view on your existing systems or offerings towards your clients. Programme: 8.30 Registration and Coffee 9.00 Opening remarks 9.30 Introduction, diagrams Threat modeling introduction • What is threat modelling and why perform it? • Identifying and addressing threats, Diagrams – what are you building? • Understanding context, Doomsday scenarios, • Hands-on: diagram basic SCADA environment for process control 11.00 Morning Coffee 11.30 Identifying threats – what can go wrong? • STRIDE introduction • Denial of service threats, Elevation of privilege threats, Attack trees • Hands-on: STRIDE analysis of an Internet of Things (IoT) deployment 13.00 Lunch 14.00 Addressing threats • Mitigation patterns, Authentication. Integrity. • Non-repudiation. Confidentiality. • Availability. Authorization. • Classroom exercise: threat mitigations for industrial applications 15.30 Afternoon Tea 16.00 Hands-on exercise - mitigations Attack libraries • Attack libraries. CAPEC, OWASP Top 10 • SANS Top 20 ICS attacks, Classroom exercise: mapping SANS Top 20 attacks to STRIDE Practical threat modeling • Typical steps, validation threat models, effective threat model workshops • Communicating and updating threat models • Threat modeling resources • Open-source tools, commercial tools, general tools 17.30 Close of Worskhop About the Workshop Leader: Sebastien Deleersnyder, CEO, Toreon As security project leader and information security officer for multiple customers I have built up extensive experience in Information Security related disciplines, both at strategic and tactical level. I specialize in Application Security, combining both my software development and information security experience. In the last 10 years I have performed several successful secure development lifecycle projects in the financial and utility sector, started up software security groups, supported customers in selecting and implementing Web Application Firewalls (WAF), delivered web application security training and closed a lot of audit findings regarding application security :-). I started the Belgian OWASP Chapter Leader, was a member of the OWASP Foundation Board and performed several public presentations on Web Application and Web Services Security. I also co-organized the yearly security hacker BruCON conference and trainings in Belgium. I have achieved CISSP, CISM, CISA and Prince2 Practitioners certification. Company Overview: At Toreon, we believe that security is vital for people to live and work confidently and with trust in our digital society. We are ICT security consultants. We help you to leverage your information technology and achieve your organisation’s goals. While you run your business, we keep track of the information risks that your organisation faces and we help you to only take actions that fit your risk appetite. Toreon is all about people. We care about our employees and support their ambitions. We give them the opportunities to develop their skills and the freedom to evolve as a person and as a professional. Working in ever changing, multi-skill teams fosters knowledge sharing and personal development. This leads to well-functioning project teams that support our clients better. FULL-DAY PRE-CONFERENCE WORKSHOP A Tuesday 19th March 2019 08.30 – 17.30 Copthorne Tara Hotel, London, UK
  5. 5. Supply Chain Cyberthreats/ Risk Assessment Considerations Workshop Leaders: Dieter Sarrazyn, SCADA/ICS/OT security consultant, Secudea Stephen Smith, Onrix Overview of Workshop: This workshop will provide a wider and more detailed understanding of performing supply chain threat identification and risk assessments in order to counter the multitude of potential attack vectors through the supply chain. We will review defence mechanisms that should be ascribed to technology, processes and humans. Why should you attend: • Understand the supply chain cyberthreat problematics • Understand cyber-attack vectors • Knowing how to include supply chain threats within risk assessments • Responding to cyber incidents coming through the supply chain • Follow a pragmatic approach to handle cyber threats and risks • Receive hands-on experiences/examples from within different industrial environments Programme: 8.30 Registration and Coffee 9.00 Opening remarks 9.15 Supply chain cyberthreats • Understand “what” the supply chain is • What potential cyberthreats exist within supply chains 10.30 Possible cyber-attack vectors • How could the present threats take advantage of (potential) weaknesses within (your) supply chain? 11.30 Morning Coffee 11.45 Cyber security scenario-based game • Potential cyber threat scenario’s will be discussed (could be tailored to your organisations) 13.00 Discussion and Questions session About the Workshop Leaders: Dieter Sarrazyn – Secudea ( Dieter is a freelance SCADA/ICS/OT security expert who working extensively on industrial control system security including more than 10 years in a large electricity generation company. He performs SCADA security assessments, provides assistance in securing SCADA environments and helps customers to manage their supplier’s security through doing security requirements management and security FAT and SAT tests. These activities are always part of a larger program, aimed at reducing business risks. Stephen Smith – Onrix ( Industrial Cyber Risk Management Stephen Smith is an independent advisor on digital security risks. He has spent more than 25 years in the ICT industry with a focus on information security and dedicated these past 5 years on risks associated with industrial control systems. He resides in Belgium and provides digital risk services to local and multinational companies in the utilities, manufacturing and transport sectors. His recent work with several companies indicated that there was a growing concern with cyber threats, but that the general maturity level to deal with these threats was not ingrained in these organisations risk management culture. In association with: • European Corporate Security Association (ECSA) • Process Automation User’s Association (WIB) Company Overview: SECUDEA is a Belgian company providing ICS/SCADA/OT security consultancy services, assessments and training. HALF-DAY POST-CONFERENCE WORKSHOP B Friday 22nd March 2019 8.30 – 13.00 Copthorne Tara Hotel, London, UK
  6. 6. Please complete fully and clearly in capital letters. Please photocopy for additional delegates. Title: Forename: Surname: Job Title: Department/Division: Company/Organisation: Email: If you would like to continue to receive email updates about our events, please tick □ Company VAT Number: Address: Town/City: Post/Zip Code: Country: Direct Tel: Direct Fax: Mobile: Switchboard: Signature: Date: I agree to be bound by SMi’s Terms and Conditions of Booking. ACCOUNTS DEPT Title: Forename: Surname: Email: Address (if different from above): Town/City: Post/Zip Code: Country: Direct Tel: Direct Fax: Payment: If payment is not made at the time of booking, then an invoice will be issued and must be paid immediately and prior to the start of the event. If payment has not been received then credit card details will be requested and payment taken before entry to the event. Bookings within 7 days of event require payment on booking. Access to the Document Portal will not be given until payment has been received. Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, another delegate to take your place at any time prior to the start of the event. Two or more delegates may not ‘share’ a place at an event. Please make separate bookings for each delegate. Cancellation: If you wish to cancel your attendance at an event and you are unable to send a substitute, then we will refund/credit 50% of the due fee less a £50 administration charge, providing that cancellation is made in writing and received at least 28 days prior to the start of the event. Regretfully cancellation after this time cannot be accepted. We will however provide the conferences documentation via the Document Portal to any delegate who has paid but is unable to attend for any reason. Due to the interactive nature of the Briefings we are not normally able to provide documentation in these circumstances. We cannot accept cancellations of orders placed for Documentation or the Document Portal as these are reproduced specifically to order. If we have to cancel the event for any reason, then we will make a full refund immediately, but disclaim any further liability. Alterations: It may become necessary for us to make alterations to the content, speakers, timing, venue or date of the event compared to the advertised programme. Privacy policy / Opt Out: For full details on our privacy policy please go to If you no longer wish to receive email updates you can opt out by going to the following webpage VAT at 20% is charged on the attendance fees for all delegates. VAT is also charged on Document portal and literature distribution for all UK customers and for those EU Customers not supplying a registration number for their own country here. ______________________________________________________________________________________ If you have any further queries please call the Events Team on tel +44 (0) 870 9090 711 or you can email □ Book by 30th November 2018 to receive £400 off the conference price □ Book by 14th December 2018 to receive £200 off the conference price □ Book by 31st January 2019 to receive £100 off the conference price EARLY BIRD DISCOUNT □ Please contact me to book my hotel Alternatively call us on +44 (0) 870 9090 711 email: or fax +44 (0) 870 9090 712 I cannot attend but would like to purchase access to the following Document Portal/ paper copy documentation Price Total □ Access to the conference documentation on the Document Portal £499.00 + VAT £598.80 □ The Conference Presentations – paper copy £499.00 - £499.00 (or only £300 if ordered with the Document Portal) Unique Reference Number Our Reference E-089 DELEGATE DETAILS Terms and Conditions of Booking PAYMENT VAT CONFERENCE PRICES DOCUMENTATION VENUE Holiday Inn Kensington Forum, 97 Cromwell Rd, London SW7 4DN, UK SMART GRID CYBER SECURITY Conference: Wednesday 20th Thursday 22nd March 2019, Copthorne Tara Hotel, London, UK Workshops: Tuesday 19th March Friday 22nd March 2019, London, UK 4 WAYS TO REGISTER FAX your booking form to +44 (0) 870 9090 712 PHONE on +44 (0) 870 9090 711 POST your booking form to: Events Team, SMi Group Ltd, Ground First Floor, 1 Westminster Bridge Road London, SE1 7XW I would like to attend: (Please tick as appropriate) Fee TOTAL □ Conference 2 Workshops £2697.00 + VAT £3236.40 □ Conference 1 Workshop □ A □ B £2098.00 + VAT £2517.60 □ Conference only £1499.00 + VAT £1798.80 □ 2 Workshops only £1198.00 + VAT £1437.60 □ 1 Workshop only □ A □ B £599.00 + VAT £718.80 PROMOTIONAL LITERATURE DISTRIBUTION □ Distribution of your company’s promotional literature to all conference attendees £999.00 + VAT £1198.80 The conference fee includes refreshments, lunch, conference papers, and access to the Document Portal. Presentations that are available for download will be subject to distribution rights by speakers. Please note that some presentations may not be available for download. Access information for the document portal will be sent to the e-mail address provided during registration. Details are sent within 24 hours post conference. Payment must be made to SMi Group Ltd, and received before the event, by one of the following methods quoting reference E-089 and the delegate’s name. Bookings made within 7 days of the event require payment on booking, methods of payment: □ UK BACS Sort Code 300009, Account 00936418 □ Wire Transfer Lloyds TSB Bank plc, 39 Threadneedle Street, London, EC2R 8AU Swift (BIC): LOYDGB21013, Account 00936418 IBAN GB48 LOYD 3000 0900 9364 18 □ Cheque We can only accept Sterling cheques drawn on a UK bank. □ Credit Card □ Visa □ MasterCard □ American Express SMi Group will apply surcharges to commercial cards Please tick here □ if the card provided is not a commercial card Card No: □□□□ □□□□ □□□□ □□□□ Valid From □□/□□ Expiry Date □□/□□ CVV Number □□□□ 3 digit security on reverse of card, 4 digits for AMEX card Cardholder’s Name: Signature: Date: I agree to be bound by SMi’s Terms and Conditions of Booking. Card Billing Address (If different from above):