Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conference & exhibition
1. SMi proudly present their 4th annual conference on...
European Smart Grid
Cyber and SCADA Security
Marriott Hotel, Regents Park, London UK
10TH - 11TH
MAR
2 014
Enhancing security through predictive
forecasting and monitoring models
2014 HIGHLIGHTS INCLUDE
EVENT HIGHLIGHTS INCLUDE
• European Governments "Minimum Security
measures for Smart Grids"
• Insight into internal and external challenges
to cyber security approaches
• Automating the distribution network
increases threats and utilities are
incorporating new compliance standards
• Hostile behaviors aimed at the Smart Grid
can be detected early Hear what
.
protective countermeasures are being put
in place
• New approaches to predictive forecasting
models and process monitoring
• Waternet, Security Officer Process
Automation, Martin Visser
• ENISA - European Network and Information
Security Agency, Expert in Network &
Information Security, Konstantinos Moulinos
• Scottish and Southern Energy, Technical
Strategy Manager for the Future Networks
Team, Henrik Magnusson
,
• Maersk Oil Qatar Head of Global Information
Security, Claudio Lo Cicero
ransmission Security Cooperation,
• T
Chairman, swissgrid AG, Senior Advisor
Operations, Rudolf Baumann
• California Water and Power Company, Head
of Security, Steve Brunasso
• ENCS, (European Network for Cyber
Security), Program Manager, Rob van
Bekkum
• Enel Engineering and Research, Generation
Systems, Diagnostics and Automation,
Research, Daniela Pestonesi
• Viasat, Director Critical Infrastructure
Security, Brett Luedde
POST- CONFERENCE HALF DAY WORKSHOP 12th MARCH 2014
Data analytics and predictive models for ICS/SCADA cyber security
Presented by Dr Damiano Bolzoni, COO, Security Matters
8.30am - 12.45pm
SPONSORED BY
www.smartgridcybersecurity.co.uk
Register online or fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711
Utility Academic and Goup Discounts Available
,
Book by 29th November 2013 and save £300 • Book by 31st January 2014 and save £100
2. DAY ONE 10th March 2014
European Smart Grid Cyber and SCADA Security
8.30
REGISTRATION & COFFEE
1.50
CYBER SECURITY WHITE BOX TESTING
9.00
CHAIRMAN'S OPENING REMARKS
• Relevant cyber security standards for the smart grid
Edward Hamilton, Head of Threat and Vulnerability
• Smart grid security requirements
Management, Price Waterhouse Coopers
• Security by validation
• Security guiding principles
• Cyber security testing methodologies
9.10
MINIMUM SECURITY MEASURES FOR SMART
• In depth security testing of smart grid devices;
GRIDS
challenges and solutions
• Study methodology and working methods
Robin Massink, Cyber Security Specialist, DNV Kema
• Minimum security measures
• EG2 consultations on minimum security measures
• Recommendation to European Commission
2.30
THE TOPSECTOREN PROJECT MONITORING,
:
• Next steps
PRIVACY TECHNOLOGIES, TESTING AND
Konstantinos Moulinos, Expert in Network &
STANDARDS
Information Security, ENISA - European Network and
Monitoring:
Information Security Agency
• IDS optimal sensor placement
• Sensors for encrypted and un-encrypted data
9.50
CYBER SECURITY RISK BASED ASSESSMENT
• Monitoring solution for ICS SCADA
APPROACH
Privacy enhancing technologies:
• Internal and external challenges to cyber security
• Development and test of a privacy preserving
approaches
protocol for smart metering
• Using formal methods and modelling to assess risk
Testing:
and model controls
• Framework for End-to-End security testing of Smart
• The need for a holistic view in developing projects
Grid systems
• Verification methods used
Henrik Magnusson, Technical Strategy Manager for the
Standards:
Future Networks Team, SSE
• Which standards are applicable to ICS SCADA?
• Risk and security assessments
Frans Campfens, Senior Innovation Manager Alliander N.V
,
.
10.30 MORNING COFFEE
,
Rob van Bekkum, Program Manager European Network
11.00 CYBER SECURITY FOR SMART GRID AND
for Cyber Security
CONTROL SYSTEMS ASSETS AND NETWORKS
• Challenges in securing critical infrastructure control
3.10
AFTERNOON TEA
3.40
PREDICTIVE FORECASTING MODELS TO
system assets while maintaining real-time control and
minimizing system downtime
• Automation of the distribution system increases the
ENHANCE SECURITY PROCESS MONITORING
need for comprehensive security and cybersecurity
• New approaches to identify potential security issues
capabilities
• Monitoring and prediction through data analytics
• Cyber-intrusions are certain to increase as
• Getting quantifiable value out of the data sets and
infrastructure transitions to more distributed common
mapping
platforms
• Value for situational awareness
• Case study of how a major utility company
Damiano Bolzoni, COO, Security Matters
addressed these issues and is executing a plan to
incorporate new compliance standards in their
systems
4.20
SECURE POWER SUPPL , MARKET RENEWABLES
Y
,
Brett Luedde, Director Critical Infrastructure Security,
AND SMART GRIDS, ALL DEPENDING ON CYBER
Secure Network Systems, Viasat Inc
SECURITY
• Evolution of the TSC Security Initiative in Central
11.40 SITUATIONAL AWARENESS; 2.0 MONITORING
Europe
INCIDENTS, BEHAVIOUR, RATIONAL RESPONSE
• Importance of International Standards
• Detect hostile behavior aimed at the smart grid
• Impact of European Network Codes
• Monitoring the physical and cyber infrastructures
• Seamless Communication as a condition
once hostile behavior is detected
Rudolf Baumann, Chairman of the Transmission
• Protective countermeasures
• How Alliander will build and operate
Security Cooperation, Senior Advisor Operations,
Johan Rambi, Privacy & Security Officer, Alliander
swissgrid AG
N.V
.
5.00
12.20 NETWORKING LUNCH
CHAIRMAN'S CLOSING REMARKS AND
CLOSE OF DAY ONE
Register online at: www.smartgridcybersecurity.co.uk • Alternatively fax your registration
3. DAY TWO 11th March 2014
8.30
REGISTRATION & COFFEE
9.00
European Smart Grid Cyber and SCADA Security
1.50
PRIVACY AND SECURITY BY DESIGN
• Cost of security
• Delivering Innovation, with security as architecture
• The sign for Privacy and Security
• Case studies
Frank Hyldmar Vice President, ESMIG
,
CHAIRMAN'S OPENING REMARKS
2.00
HOW THE O&G INDUSTRY IS RESPONDING,
IDENTIFYING AND MITIGATING THREAT VECTORS
• Advanced Persistent Threats (APTs): What is old is
new again
• The Front Lines: Employees ARE your first line of
cyber defense
• Active Monitoring and Security Analytics: Pro-active or
reactive
• Managed Security Services v2.0: Smart enterprise
security or not
• Supply Chain Security: Risks and countermeasures
Claudio Lo Cicero, Head of Global Information Security
,
Maersk Oil Qatar A S
2.40
SMART GRID COMMUNICATIONS SECURITY
• Securing Smart Grid comms is not like securing
enterprise IT comms
• IP will be the dominant protocol, replacing proprietary
protocols. Is that good or bad?
• Legacy devices are not going away anytime soon.
So where does that leave us?
• Security spending is still driven by compliance.
• Utilities are deploying mobile technologies to their field
forces – ToughPads, etc.
• AMI and DA are being integrated at the hardware layer
– who should worry more, IT or OT?
• Public comms infrastructures are here to stay in Smart
Grids – as the Telefónica UK awards by DECC
demonstrate
Bob Lockhart, Research Director, Navigant Research
3.20
AFTERNOON TEA
3.50
HOW CAN CYBER SECURITY INSURANCE
MITIGATE THE EFFECT OF ATTACKS AND
ENCOURAGE BEST PRACTICE IN OPERATIONAL
SECURITY
• What are insurable and uninsurable risks?
• What is cyber insurance and how is it tailored for
Smart Grid and SCADA coverage?
• Insurance is not just about Risk Transfer: Vetting
Incident Response and Operational Risk Management
practices
• Aegis BAE White Paper on Operational Technology; an
Overview on Breach and Vulnerability Analysis
Rick Welsh, Head of Cyber Insurance at Aegis at Lloyds,
Aegis London
4.30
BUILDING AN INTEGRATED SECURITY
OPERATIONS CENTER (ISOC): CHALLENGES,
PITFALLS, AND LESSONS LEARNED
• Correlating logs, alarms, and attack information from
corporate systems, operational technology (OT)
systems, physical security and external sources
,
remains a difficult challenge for many utilities
• An ISOC is designed to collect, integrate, and analyze
alarms and logs from these traditionally siloed domains
• This approach can provide much greater situational
awareness to a utility’s security team
• This presentation will describe the planning process for
an ISOC, discuss challenges and trade-offs with
various design choices, and provide guidelines for
utilities seeking to develop an ISOC
• The results are based on current research and an
examination of existing ISOC implementations in the
electric sector
Galen Rasche, Technical Executive, Electric Power
Research Institute
5.10
CHAIRMAN'S CLOSING REMARKS AND
CLOSE OF DAY TWO
Edward Hamilton, Head of Threat and Vulnerability
Management, Price Waterhouse Coopers
9.10
MODERN SCADA AND CONTROL SYSTEMS
SECURITY
• Legacy and New Control in a secure model
• VMWare SCADA and invisible networks in virtual
environments
• Secure remote access by vendors into development
and production systems. Lifecycle controls to ensure
security and reliability
• Instrumenting network with packet brokers for
operations and secuirty
• Secure design to improve operations reliability and
avoid user errors
• Complete isolation of ICS systems with data diodes.
• Network whitelisting for control systems to secure,
reliable deterministic networks for protection
Steve Brunasso, Manager of Security and Networking,
California Water and Power Company
9.50
ICS CYBER SECURITY IN POWER GENERATION
AND ELECTRIC GRIDS
• CI owner requirements for ICS protection
• The electric grid protection: new frontiers
• Enel Cyber Security Laboratory and main results
• EU FP7 - CRISALIS project: advanced tools
development
Daniela Pestonesi, Automation and Diagnostics, Enel
Engineering & Research SpA
10.30 MORNING COFFEE
11.00 SECURITY GOVERNANCE WITHIN ENEXIS;
BRINGING SECURITY DOMAINS TOGETHER
• Experiences in bringing fragmented security domains
within Enexis together
• The information security related domains (IT
,
outsourced operations, SCADA/DMS, Assets,
Smartmeters etc.)
• Challenges of integration
• Ongoing work, barriers, challenges
Philip Westbroek, Telecommunications and Security
Advisor, Enexis
Mauriche Kroos, Security Officer, Enexis
11.40 WATERNET PERSPECTIVE TO CYBER THREATS,
CHALLENGES AND COUNTERMEASURES (C3)
• Keep track on data integrity
• The added value of information sharing working groups
• Application code review, reality or a bridge to far
• IDS in SCADA, nice to have or must
• Security by design
• Security awareness, top-down approach
• IACS exercising program
Martin Visser Security Officer Process Automation,
,
Waternet
12.20 NETWORKING LUNCH
to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711 • GROUP DISCOUNTS AVAILABLE •
4. POST- CONFERENCE WORKSHOP
12th March 2014, Marriott Hotel, Regents Park, London UK
Data analytics and predictive models for ICS/SCADA cyber security
Overview of workshop
This workshop will present data
analytics approaches for enhancing
cyber security in ICS/SCADA
environments. In recent years cyber
attacks have increased in frequency
and impact. While certain solutions
have been devised to detect
“system-related threats” (e.g., those
based on software exploits), little has
been done in the context of “processrelated threats”.
Programme
8.30 Registration & Coffee
9.00
Chairman's Opening Remarks
9.15
Why data analytics in ICS/SCADA for cyber security:
• What could be detected
9.45
Information sources:
• Which information should be analysed
• Which are the problems related with the analysis
10.45 Morning Coffee
11.00 Modeling information and extracting relevant insights:
• Predictive models
• Dealing with missing data
We will present new approaches to
detect this class of attackers, using
data analytics to model and predict
when the underlying process is not
showing an expected behaviour.
11.45 Visual analytics
12.15 Demo's and hands on
12.45 Q&A and end of workshop
Why you should attend:
• Understand data analytics
approaches for enhancing cyber
security
About the workshop host
Dr Damiano Bolzoni (1981) received his PhD in 2009 from the
University of Twente, where he performed research on anomalybased intrusion detection. Since 2008 he has been involved in
securing computer networks of critical infrastructure. Before joining
the University of Twente, he has been working for the Italian branch
of KPMG, within the Information Risk Management division. Since 2009 he
holds the position of Chief Operations Officer within SecurityMatters BV
.
• Gain insight into the context of
process related threats
• Learn what can be detected
• Hear what information should be
analysed
• What are the problems related with
the analysis?
• How do we extract relevant
insights?
• Dealing with missing data... what
now?
• Questions and Answers demonstrations not to be missed
Official Platinum
Media Partner
About Security Matters
SecurityMatters develops and markets state-of-the-art network monitoring
and intrusion detection systems. With 10+ cumulative years of academic
research in IT security and 5+ cumulative years of field experience in security
,
auditing within a worldwide renowned consultancy firm in the past,
SecurityMatters delivers an unmatched technology to detect the latest and
most advanced cyber threats.
SecurityMatters is committed to bring continuous innovations to the market to
cope with the emerging threats.
Official Silver
Media Partner
Official Leading
Media Partners
Want to know how you
can get involved?
Interested in promoting your
services to this market?
Supported by
Contact Julia Rotar
,
SMi Marketing
on +44 (0) 207 827 6088
or e-mail: jrotar@smi-online.co.uk
Don’t miss out on social
media networking!
Follow us on Twitter @UtilitiesSMi
and join us on Linkedin
http://uk.linkedin.com/in/smigroup
www.smartgridcybersecurity.co.uk
5. SPONSORED BY
DNV KEMA Energy & Sustainability with more than 2,300 experts
,
in over 30 countries around the world, is committed to driving the
global transition toward a safe, reliable, efficient, and clean energy
future. With a heritage of nearly 150 years, we specialize in providing
world-class, innovative solutions in the fields of business & technical
consultancy testing, inspections & certification, risk management,
,
and verification. As an objective and impartial knowledge-based
company we advise and support organizations along the energy
,
value chain: producers, suppliers & end-users of energy equipment
,
manufacturers, as well as government bodies, corporations and nongovernmental organizations. DNV KEMA Energy & Sustainability is
part of DNV a global provider of services for managing risk with
,
more than 10,000 employees in over 100 countries. For more
information on DNV KEMA Energy & Sustainability visit
,
www.dnvkema.com
ViaSat cybersecurity platform bundles security automation, and
,
compliance. It defends against attacks to SCADA and industrial
control systems addressing both internal and external threats to the
operations networks. Real-time monitoring, detection, and response
delivers secure situational intelligence that provides operators with
actionable information improving reliability and resiliency
.
www.viasat.com/critical-infrastructure-security
2011-2013 Event Attendees by Country
For Sponsorship or
Speaking Opportunities
please contact
Sadia Malick, Director
P: +44 (0) 20 7827 6748
M: +44 (0) 7538 640 027
Email: smalick@smi-online.co.uk
USA
14%
Middle East
and Asia
10%
Europe
42%
UK and Ireland
34%
www.smartgridcybersecurity.co.uk
6. EUROPEAN SMART GRID CYBER AND SCADA SECURITY
Conference: 10th and 11th March 2014, Marriott Hotel, Regents Park, London UK
Workshop: 12th March 2014
4 WAYS TO REGISTER
ONLINE at www.smartgridcybersecurity.co.uk
POST your booking form to: Events Team, SMi
+44 (0) 870 9090 712
FAX your booking form to
PHONE on +44 (0) 870 9090
Group Ltd, 2nd Floor
South, Harling House, 47-51 Great Suffolk Street, London, SE1 0BS
711
EARLY BIRD
DISCOUNT
Unique Reference Number
Our Reference
□
□
Register by 29th November 2013 and receive £300
off the conference price
Register by 31st January 2014 and receive £100
off the conference price
CONFERENCE PRICES
GROUP DISCOUNTS AVAILABLE
LV U-024 web
I would like to attend: (Please tick as appropriate)
Fee
DELEGATE DETAILS
UTILITY & ACADEMICS
□ Conference & Workshop
£1498.00
+ VAT
£1797.60
Please complete fully and clearly in capital letters. Please photocopy for additional
□
Conference only
£899.00
+VAT
£1078.80
delegates.
□
Workshop only
£599.00
+ VAT
£718.80
COMMERCIAL ORGANISATIONS
□ Conference & Workshop
£2298
+ VAT
£2757.60
□
Conference only
£1699
+VAT
£2038.80
Job Title:
□
Workshop only
£599.00
+VAT
£718.80
Department/Division:
PROMOTIONAL LITERATURE DISTRIBUTION
□ Distribution of your company’s promotional
literature to all conference attendees
£999.00
+ VAT
£1198.80
Title:
Forename:
Surname:
Company/Organisation:
Email:
Total
The conference fee includes refreshments, lunch, conference papers and access
to the Document Portal containing all of the presentations.
Address:
LIVE STREAMING/ON DEMAND/ DOCUMENTATION
Town/City:
Post/Zip Code:
Country:
Direct Tel:
Direct Fax:
Mobile:
Switchboard:
Signature:
Date:
I agree to be bound by SMi's Terms and Conditions of Booking.
Unable to travel, but would like to watch the conference live, ask questions, participate as if you
were in the room.
Price
Total
□ Live Streaming
£999.00
+ VA (UK)
T
£1198.80
□ On demand
£599.00
+ VA (UK)
T
£718.80
(available 24 hours after the event)
□ Access to the conference documentation
on the Document Portal
£499.00
+ VA
T
£598.80
□ The Conference Presentations - paper copy
£499.00
£499.00
(or only £300 if ordered with the Document Portal)
ACCOUNTS DEPT
Title:
Forename:
PAYMENT
Surname:
Payment must be made to SMi Group Ltd, and received before the event, by one of
the following methods quoting reference U-024 and the delegate’s name. Bookings
made within 7 days of the event require payment on booking, methods of payment are
below. Please indicate method of payment:
Email:
Address (if different from above):
□ UK BACS
□ Wire Transfer
Town/City:
Post/Zip Code:
Country:
Direct Tel:
Direct Fax:
VENUE
Marriott Hotel, Regents Park, 128 King Henry's Road
London, NW3 3ST United Kingdom
,
□ Please contact me to book my hotel
Alternatively call us on +44 (0) 870 9090 711,
email: hotels@smi-online.co.uk or fax +44 (0) 870 9090 712
□ Cheque
□ Credit Card
Sort Code 300009, Account 00936418
Lloyds TSB Bank Plc, 39 Threadneedle Street, London, EC2R 8AU
Swift (BIC): LOYDGB21013, Account 00936418
IBAN GB48 LOYD 3000 0900 9364 18
We can only accept Sterling cheques drawn on a UK bank.
□ Visa
□ MasterCard
□ American Express
All credit card payments will be subject to standard credit card charges.
□□□□ □□□□ □□□□ □□□□
Valid From □□/□□
Expiry Date □□/□□
CVV Number □□□□
Card No:
3 digit security on reverse of card, 4 digits for AMEX card
Terms and Conditions of Booking
Payment: If payment is not made at the time of booking, then an invoice will be issued and
must be paid immediately and prior to the start of the event. If payment has not been received
then credit card details will be requested and payment taken before entry to the event.
Bookings within 7 days of event require payment on booking. Access to the Document Portal
will not be given until payment has been received.
Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, another
delegate to take your place at any time prior to the start of the event. T
wo or more delegates
may not ‘share’ a place at an event. Please make separate bookings for each delegate.
Cardholder’s Name:
Signature:
Date:
I agree to be bound by SMi's Terms and Conditions of Booking.
Card Billing Address (If different from above):
Cancellation: If you wish to cancel your attendance at an event and you are unable to send
a substitute, then we will refund/credit 50% of the due fee less a £50 administration charge,
providing that cancellation is made in writing and received at least 28 days prior to the start
of the event. Regretfully cancellation after this time cannot be accepted. We will however
provide the conferences documentation via the Document Portal to any delegate who has
paid but is unable to attend for any reason. Due to the interactive nature of the Briefings we
are not normally able to provide documentation in these circumstances. We cannot accept
cancellations of orders placed for Documentation or the Document Portal as these are
reproduced specifically to order If we have to cancel the event for any reason, then we will
.
make a full refund immediately but disclaim any further liability
,
.
Alterations: It may become necessary for us to make alterations to the content, speakers,
timing, venue or date of the event compared to the advertised programme.
Data Protection: The SMi Group gathers personal data in accordance with the UK Data
Protection Act 1998 and we may use this to contact you by telephone, fax, post or email to
tell you about other products and services. Unless you tick here □ we may also share your
data with third parties offering complementary products or services. If you have any queries
or want to update any of the data that we hold then please contact our Database Manager
databasemanager@smi-online.co.uk or visit our website www
.smi-online.co.uk/updates quoting
the URN as detailed above your address on the attached letter
.
VAT
VAT at 20% is charged on the attendance fees for all delegates. VAT is also charged on live
Streaming, on Demand, Document portal and literature distribution for all UK customers and for
those EU Customers not supplying a registration number for their own country here.
________________________________________________________________________________________________
If you have NOT received registration confirmation within 48 hours of registering, please call +44 (0) 870 9090 711