phone: +44 (0) 20 7 036 1300 • email:
[email protected] • visit:
www.icscybersecurityevent.com
Pre-conference workshops: 26th April 2016 Main conference: 27th -
28th April 2016 Venue: Pestana Chelsea Bridge Hotel, London, United
Kingdom
phone: +44 (0) 20 7 036 1300 \ email:
[email protected] \ visit:
www.icscybersecurityevent.com
[ _ Enhance your understanding of security solutions and how they
can protect your control systems from malicious intrusions ]
[ _ Gain exclusive insight from a panel of experts including heads
of information security, SCADA engineers and leading academics –
increase your knowledge of the threats facing to your organisation
]
[ _ Learn about critical guidelines and legislations being
developed to monitor and control the quality of ICS cyber security
solutions to ensure total security from EDF Nuclear New Build and
Total E&P ]
Ensuring the safety of your industrial control systems from the
growing cyber threat
Ben Lowater Deputy Director for CNI CESG
Phil Litherland Head of ICS EDF Nuclear New Build
Graham Herries Director of Systems Integration Engineering
Excellence Group Laing O’Rourke
Eireann Leverett Senior Risk Researcher Cambridge Centre for Risk
Studies
Rosella Mattioli Security and Resilience of Communication Networks
Officer ENISA
John Dickinson Cyber Security Control Systems Manager Sellafield
Ltd
Robert Oates Software Intensive Systems Engineer Rolls Royce
Paul Jenkinson IT Security Manager UK Power Networks
Ruud Denneman, Functional Safety and Control Engineering Specialist
Total E&P
CYBER SECURITYIC
CYBER
phone: +44 (0) 20 7 036 1300 \ email:
[email protected] \ visit:
www.icscybersecurityevent.com2
Dear Colleagues,
Following last year’s hugely successful ICS Cyber Security event,
2016 will see the return of the conference to London (26 – 28
April). Boasting a speaker panel from across a range of industries
including Nuclear, Manufacturing, Oil and Gas, who will offer an
analysis of the business risk of cyber intrusions into ICS , and
deliver the premier event for securing ICS from malicious
intrusion.
Industrial Control Systems continue to receive increased attention
globally as both business and governments realise the severe
consequences of a successful cyber attack on CNI or a key facility
and the potential public relations fallout that can occur. As a
result, we are delighted to announce the attendance of Sellafield
Ltd, Alliander, Total E&P and the EDF Energy Nuclear New Build,
presenting case studies and best practices.
ICS Cyber Security 2016 will not only raise your awareness of the
current threats to industrial control systems but it will also
explore how to combat them, emphasising the preventative and
reactive measures that you can take to protect the systems and the
plants that they control though encouraging interaction across your
organisation.
If you would like more information about any aspect of the event
then please do not hesitate to contact our enquiries team on +44
(0) 207 036 1300 or email
[email protected]
Until then, I look forward to welcoming you to London in
April.
Yours sincerely,
SCADA Engineers
Who should attend ICS Cyber Security?
Welcome Letter Confirmed Speakers for 2016
“Do not miss this unique opportunity to learn from leading experts
about how to protect your sensitive SCADA and control
systems from cyber attack”
Phil Litherland, Head of ICS, EDF Nuclear New Build
Chris Morriss, Primary Cyber Scientist, DSTL
Rosella Mattioli, Security and Resilience of Communication Networks
Officer, ENISA
John Dickinson, Cyber Security Control Systems Manager, Sellafield
Ltd
Ruud Denneman, Functional Safety and Control Engineering
Specialist, Total E&P
Chris Rivinus, Head of IT and Finance, Tullow Oil
Mark Camillio, Cyber Leader, AIG
Robert Oates, Software Intensive Systems Engineer, Rolls
Royce
Christopher Hankin, Director, Institute for Security Science and
Technology, Imperial College
Helge Janicke, Head of the Cyber Security Centre and Software
Technology Research Laboratory, De MontFort University
Eireann Leverett, Senior Risk Researcher, Cambridge Centre for Risk
Studies
Paul Jenkinson, IT Security Manager, UK Power Networks
Dr John Easton Lecturer, School of Electronic, Electrical and
Systems Engineering University of Birmingham
Dr Tom Chothia Lecturer, School of Computer Science University of
Birmingham
Graham Herries, Director of Systems Integration, Engineering
Excellence Group, Laing O’Rourke
Erwin Kooi, Information Security Architect, Alliander
Robert Martin, Sr. Secure Software & Technology Principal
Engineer at The MITRE Corporation and Director of the Industrial
Internet Consortium
William Horner, Process Automation Consultant, Horner
Technologies
CYBER
phone: +44 (0) 20 7 036 1300 \ email:
[email protected] \ visit:
www.icscybersecurityevent.com3
Pre-Conference Workshops Tuesday 26th April
New research co-funded by the Engineering and Physical Sciences
Research Council (EPSRC) will focus on the cyber security of the
UK’s vital industrial control systems including manufacturing
plants, power stations, the electricity grid and the rail
network.
This multi-disciplinary study brings together internationally
leading expertise in cyber security, resilience of industrial
control systems (ICS), risk management and ethnographic studies of
socio- technical environments. The overall purpose of the project
is to improve the integration of security and resilience metrics
into ICS business risk analysis.
This workshop will provide a series of roundtable discussions
around risk perception as a key component of cyber defence, from
crossed perspectives: technical, social and organisational. The
objective is to assess how various stakeholders across an
organisation (e.g., board members, managers, engineers, security
personnel, end-users and any other informed people) perceive and
deal with cyber risk into ICS. During the workshop, focus group
sessions will explore: • The vision of risk as a negotiation
mechanism between people involved in different roles in an
organisation
• How gradations of risk scenarios – from acceptable to
unacceptable – are managed
• The relationship between commercial- side and production-side
regarding risk
• The relationship between costs, risks, organisational culture and
available knowledge in order to best protect ICS’
Attendees will leave the session with: • A unique multidisciplinary
approach to
risk management • An improved awareness of technical
risks as well as their human and organisational components
• New insights from a converged approach encompassing technical and
business perspectives
About our Workshop Leader
Professor John Easton, University of Birmingham.
The Research Institute in Trustworthy Industrial Control Systems
(RITICS), based at Imperial College London, is co- ordinating the
research with a £2.5 million investment into new projects at
Queen’s University of Belfast, the University of Birmingham, City
University London and Lancaster University. Input from leading
academics from all of the mentioned universities will be
included.
This hands-on workshop is designed to increase your understanding
of how different strategies can impact the security of an
Industrial Control System and the overall preparedness of the
business.
The workshop will also aim to highlight the difficulties faced
across the typical business where different departments may face
different priorities and objectives. Attendees will be split into
different teams and will be asked to react to a fictional
situation. The focus will be to understand how actions from each
department can critically impact the technical security of the
industrial control systems as a whole and to develop approaches
that can overcome these issues.
Attendees will leave the session with: • An understanding of the
different risks
facing industrial control systems • An increased consideration of
the
challenges that different areas of the business face with regards
to security and operational functionality
• A recognition of the risks that both human error and decision
making can pose to the security of ICS
About our Workshop Leader William Horner, Process Automation
Consultant, Horner Technologies
William Horner has a general Engineering degree from Brunel
University in 1997 and a MBA from Durham Business School in 2010.
He has over 18 years’ experience working in various different
Process Automation and Operations roles and a track record of
delivering innovative new approaches. William has been working with
Industrial Control System Security since 2003. Between 2012 and
2015 he led a large global Industrial Control System security
initiative across several hundred petrochemical plants, helping to
bring various different departments together into an aligned
approach to security. William also pioneered the “Maturity Model”
as a practical approach to creating awareness and managing cyber
risk for the Industrial Control Systems.
RITICS: Developing and Maintaining Trustworthy Industrial Control
Systems
Workshop A 10:00 – 12:30 Workshop B 13:30 – 16:00 Operational
Efficiency Within ICS
CYBER
phone: +44 (0) 20 7 036 1300 \ email:
[email protected] \ visit:
www.icscybersecurityevent.com4
Conference Agenda Day One: Wednesday 27th April CNI Protection The
security of ICS is none more prevalent than within CNI for the
peace of mind of a nation
Regulation and Education The ever evolving threats to ICS means we
must always try to stay one step ahead
08.30 Coffee and Registration
08:50 Chairman’s Opening Remarks
09:10 EDF - Protecting the Future of Britain’s Nuclear Energy
Supply • Building a secure cyber environment for ICS – Hinkley
Point C case study • Establishing effective human protocols to
minimise exposure of critical systems
to malicious intrusions • Learning from other security incidents
and successes
Phil Litherland, Head of ICS, EDF Nuclear New Build
09:40 Critical Energy Infrastructure and Cyber Attacks: A Strategic
Analysis for Tactical Protection
• The exponential spread of new ‘cyber-weapons’ • The strategic
application of these weapons to industrial control systems and
the
danger they pose therein • Improving the resilience of CNI to these
weapons
Paul Jenkinson, IT Security Manager, Head of IS, UK Power
Networks
10:20 Coffee and Networking
10:50 ICS Cyber Panel Discussion: Best Practices Across CNI •
Defining the best practices for ICS security across all industries
• Going beyond ‘don’t connect SCADA to the internet’ – The
challenge of attaching
digital cyber security solutions to analogue control systems •
Current and future cyber threats to CNI – improving the resilience
of Critical
National Infrastructure to handle them Mr John Dickinson,
Cybersecurity Control Systems Manager, Sellafield Ltd Robin
Bloomfield, Professor of System and Software Dependability, City
University Phil Litherland, Head of ICS, EDF Nuclear New
Build
11:30 Policies, Procedures and Best Practices All Need to be
Adhered to and/or Applied by People
• Developing a “culture of InfoSec” – what does this actually mean
• The interaction between organisational structure and national
culture when it
comes to compliance with InfoSec best practice • Exploring the
existing research pointing toward a connection between
national
cultural attributes and susceptibility to cyber attacks Christopher
Rivinus, Head of IT and Finance, Tullow Oil
12:00 Networking Lunch
13:00 Cultural Issues that Impact Compliance with Policy and/or
Procedures: A Focus on Rail Transport
• Detailed security analysis of Network Rail and the Rail and
Safety Standards Board • Implementing a systems engineered inspired
analysis method that can be applied to
critical information systems • Understanding the vulnerabilities of
the national train and power networks
Dr John Easton and Dr Tom Chothia, School of Electronic, Electrical
and Systems Engineering, University of Birmingham
13:40 The evolving threat to the UK CNI • Describe the rapidly
diversifying threat to the UK CNI • Outline the key elements of
basic cyber hygiene that are still failing to be implemented
and therefore leaving the UK vulnerable to attack • Describe some
of the steps CESG has made under the National Cyber Security
Programme to assist in hardening the CNI • Outline the vision for
the new National Cyber Centre as announced by the Chancellor
in November Ben Lowater, Deputy Director for CNI, CESG
14:20 Converging vulnerabilities – Risks posed to ICS from IT and
interconnected systems • Converging IT and OT networks have
potential business benefits but also bring new
levels of risk • Protecting ICS from cyber-attack is mission
critical • What consideration is given to external systems and
infrastructure that have a direct
relationship to your Industrial control networks and systems? • We
will explore threats to ICS systems, how vital infrastructure may
be vulnerable in
unforeseen ways - and what you can do about it. Shaun Bligh-Wall,
Chief Technologist, Security Consulting, Enterprise Security
Services, Hewlett Packard Enterprise
15:00 Coffee and Networking 15:30 Communicating the Business Risk
of Cyber Attacks on ICSs to the Decision
Makers and Budget Holders of the Company – Making an Impact • The
implications of an unsecure ICS environment from an insurance point
of view • Managing the risk • The importance of focusing on the
supply chain
Eireann Leverett, Senior Risk Researcher, Cambridge Centre for Risk
Studies 16:10 The Research Institute: Trustworthy Industrial
Control Systems
• Assessing physical damage as a result of cyber attacks on ICSs •
Communicating an appreciation of business risk posed by cyber
attacks to vulnerable
industrial entities • Developing technical interventions to improve
the resilience of these systems to attack
Mr Christopher Hankin, Director, Institute for Security Science and
Technology, Imperial College Awais Rashid, Professor and
Co-director, Computing and Communications, Lancaster
University
16:50 Chair’s Close and End of Day One
Pa ne
phone: +44 (0) 20 7 036 1300 \ email:
[email protected] \ visit:
www.icscybersecurityevent.com5
Conference Agenda Day Two: Thursday 28th April The Issue that
Remote Access Poses to ICS Security Whilst increased connectivity
has a direct impact on productivity, the security risks must be
considered
Future Risk Whilst the security of ICS is important now, it is
imperative to continue to consider the future impact
08.30 Coffee and Registration 09.00 Chairman’s Recap 09:15 The
Industrial Internet Reference Architecture
• Addressing end-to-end Industrial Internet of Things (IIoT) needs
of the energy, healthcare, manufacturing, transportation and public
sectors
• Engineering for safety, security, resilience, reliability, and
upholding privacy expectations using interchangeable technology and
components
• Gaining industry consensus on major security/architecture
questions and avoiding market fragmentation Robert Martin, Sr.
Secure Software & Technology Principal Engineer at The MITRE
Corporation and Director of the Industrial Internet
Consortium
09:50 Cyber Security in the Oil and Gas World: A Total Case Study •
Improving and updating existing gas operation control systems to
ensure compliance
and meet anticipated operational and future regulatory requirements
• The way forward today: alternative hardware and software and the
final cost for
cyber security (the cost of being “open”) • How to bend the
developments of ICS
Ruud Denneman, Functional Safety and Control Engineering
Specialist, Total E&P 10:30 An Abbreviated Guide to Peeling
Onions
• Who are Iguana, where have they come from? • Why isn’t my IT
solution a good fit for OT? • Industrial protocol guards, what are
they? • Hardware Cryptography, isn’t that just VPN?
Keith Chappell, Technical Director, CNI and Cyber Security. L-3 TRL
Technology 11:00 Coffee and Networking
11:30 The Risk Posed by Internet of Things to ICS Cyber Security •
Evaluating on how to best secure IoT against cyber risk •
Maintaining improved productivity vs. a secure environment •
Developing cyber protection protocols for control systems handling
a vast number of
processes Dr. Graham Herries, Director of Systems Integration,
Engineering Excellence Group, Laing O’Rourke
12:10 Securing your Smart Grid Networks Against a Cyber Attack •
The security risks that smart grids introduce to the system • A
proactive move from protective security model to
attention/detection/response to
counter these risks • The ramifications these improvements will
have for the cyber security of those
systems Erwin Kooi, Information Security Architect, Alliander
12:50 Networking Lunch 13:50 ENISA’s Approach to ICS-SCADA
Security
• The EU’s Cyber Security Strategy focusing on ICS-SCADA • Cyber
incident post-mortem: best methods of incidence response and
forensics • How ENISA interact with the ICS community
Rossella Mattioli, Security and Resilience of Communication
Networks Officer, ENISA
14:30 A Cross-Sector Perspective on Safety and Security for Control
Systems • The importance of securing industrial control systems
from outside threat • Effective internal governance of ICS cyber
security • Security-aware systems engineering
Dr. Robert Oates, Software Intensive Systems Engineer, Rolls
Royce
15:10 Coffee And Networking
15:40 Rafael Cyber Dome – From cyber security to cyber defense. •
Tailored end-to-end cyber defense solution • Unique
multi-disciplinary capabilities • Dedicated IT and OT
solutions
16:10 The Future of the Insurance Market for Cyber Risk • The
impact that data breaches can have on brand and reputation
damage,
regulatory scrutiny, stakeholder dissatisfaction, and financial
losses • Risk management that helps to assess manage, and respond
effectively to the cyber
threats • The way that the insurance market needs to continually
evolve with the market and
industries to respond to the ever increasing threats Mark Camillo,
Cyber Leader, AIG
16:50 Cyber Critical National Infrastructure Assurance: DSTL’s Role
• What the general trend and challenges are cross-sector according
to DSTL’s broad
findings over two years • Governance vs technical assurance for ICS
• Access vs vulnerability vs criticality – controls for minimising
risk
Chris Morriss, Principal Cyber Scientist, DSTL 17:30 Securing
Control Systems in the Manufacturing Industry
• The importance of building strong relationships with the IT
department • Best practices from the field – gaining experience
from different sectors • Combatting process controls for engineers
when improving technology and
architecture within operational technology William Horner, Process
Automation Consultant, Horner Consulting
18:10 End of Day Two and Close of Conference
Fu tu
re P
ro je
6 phone: +44 (0) 207 368 9300 \ email:
[email protected] \ visit:
www.icscybersecurityevent.com
2016 SPONSORSHIP OPPORTUNITIES How can you Meet Your Marketing and
Business Development Objectives at ICS Cyber Security? Networking
Ensure that you have the opportunity to engage with the key
decision makers within your industry. We can create a platform for
you to effectively interact with your top customers and prospects
in the environment of your choice. This can range from formalised
private meetings / workshops right through to less structured
networking events such as sponsored drinks receptions, coffee
breaks or lunches. Ultimately whatever you decide is the right
forum; we will support you in your quest to advance relationships
with the key people who can influence the future of your
business.
Branding Your company can be elevated to a position where they are
seen as a market leader. In a fiercely competitive market you need
to ensure that your brand is differentiated from the competition.
Failure to create a clear identity will see your organisation fade
into the background. We ensure that we do everything we can to
effectively lift your brand before, during and after the event. Not
only do we create a fully integrated marketing campaign, which your
company can be part of, but we also offer high impact premium
branding opportunities for example on bags, water bottles, pens,
lanyards etc.
Thought Leadership If you think that you should be viewed as a true
industry leader then you need to demonstrate your market knowledge
and expertise through a thought leadership opportunity, such as
speaking or chairing. This is a highly unique opportunity for your
company to educate the market, and as long as you are credible
enough to fit into a high level event programme, we can position
your organisation alongside top customers and prospects in our
speaker faculty. As part of this speaker faculty your company will
be set apart from other industry attendees giving you the
competitive edge required to make further strides in the
market.
Past attendees include:
2016 sponsors
For more information and to discuss the right opportunity, contact
our sponsorship team on +44 (0)207 368 9300 or
[email protected]
CYBER
5
phone: +44 (0) 20 7 036 1300 \ email:
[email protected] \ visit:
www.icscybersecurityevent.com
TERMS AND CONDITIONS
First Name:
Family Name:
Email:
Yes I would like to receive information about products and services
via email
Organisation: Nature of business:
Name:
Signature:
I agree to IQPC’s cancellation, substitution and payment
terms
Special dietary requirements: Vegetarian Non-dairy Other:
Please indicate if you have already registered by: Phone Fax Email
Web
Please note: if you have not received an acknowledgement before the
conference, please call us to confirm your booking.
Total price for your Organisation: (Add total of all individuals
attending):
VISA M/C AMEX Card Number:
Exp. Date: Sec:
Name On Card:
Postcode: Country: Cheque enclosed for: £ (Made payable to IQPC
Ltd.)
(Please quote 23492.003 with remittance advice) Account No:
51304143 • IBAN Code: GB59 MIDL 4038 1851 3041 43 • Sort Code: 40
38 18 Swift Code: MIDLGB2112V • Account Name: International Quality
& Productivity Centre Ltd. Bank: HSBC Bank Plc, 67 George
Street, Richmond, Surrey TW9 1HG, United Kingdom
Please note: • All ‘Early Bird’ discounts require payment at time
of registration and before the cut-off date in order toreceive any
discount. • Any discounts offered (including team discounts) must
also require payment at the time of registration. • All discount
offers cannot be combined with any other offer.
Please view our registration policy for full information about
payment, cancellation, postponement, substitution and
discounts.
*Please select Workshop A or B
** This rate applies to thosed involved in Industrial Control
System operations UK VAT is charged at 20%. VAT Registration #: GB
799 2259 67
Please read the information listed below as each booking is subject
to IQPC Ltd standard terms and conditions. Payment Terms: Upon
completion and return of the registration form full payment is
required no later than 5 business days from the date of invoice.
Payment of invoices by means other than by credit card or purchase
order (UK Plc and UK government bodies only) will be subject to a
£49 (plus VAT) processing fee per delegate. Payment must be
received prior to the conference date. We reserve the right to
refuse admission to the conference if payment has not been
received. IQPC Cancellation, Postponement and Substitution Policy:
You may substitute delegates at any time by providing reasonable
advance notice to IQPC. For any cancellations received in writing
not less than eight (8) days prior to the conference, you will
receive a 90% credit to be used at another IQPC conference which
must occur within one year from the date of issuance of such
credit. An administration fee of 10% of the contract fee will be
retained by IQPC for all permitted cancellations. No credit will be
issued for any cancellations occurring within seven (7) days
(inclusive) of the conference. In the event that IQPC cancels an
event for any reason, you will receive a credit for 100% of the
contract fee paid. You may use this credit for another IQPC event
to be mutually agreed with IQPC, which must occur within one year
from the date of cancellation. In the event that IQPC postpones an
event for any reason and the delegate is unable or unwilling to
attend in on the rescheduled date, you will receive a credit for
100% of the contract fee paid. You may use this credit for another
IQPC event to be mutually agreed with IQPC, which must occur within
one year from the date of postponement. Except as specified above,
no credits will be issued for cancellations. There are no refunds
given under any circumstances. IQPC is not responsible for any
loss
or damage as a result of a substitution, alteration or
cancellation/postponement of an event. IQPC shall assume no
liability whatsoever in the event this conference is cancelled,
rescheduled or postponed due to a fortuitous event, Act of God,
unforeseen occurrence or any other event that renders performance
of this conference impracticable, illegal or impossible. For
purposes of this clause, a fortuitous event shall include, but not
be limited to: war, fire, labour strike, extreme weather or other
emergency. Please note that while speakers and topics were
confirmed at the time of publishing, circumstances beyond the
control of the organizers may necessitate substitutions,
alterations or cancellations of the speakers and/or topics. As
such, IQPC reserves the right to alter or modify the advertised
speakers and/or topics if necessary without any liability to you
whatsoever. Any substitutions or alterations will be updated on our
web page as soon as possible. Discounts: All ‘Early Bird’ Discounts
require payment at time of registration and before the cutoff date
in order to receive any discount. Any other discounts offered by
IQPC (including team discounts) also require payment at time of
registration. Discount offers cannot be combined with any other
offer. • Please do not pass my information to any third party. B2B
shop: The purchase of any conference audio, video or digital
recording on B2B Shop (www. b2biq.com) includes keynote, topic and
panel sessions where the presenters agree to grant permission for
their presentation/ sessions to be audio and/or video recorded by
IQPC and further agree to release all rights to IQPC related to the
contents of the recording, its distribution, sale, reproduction,
broadcast in whole or in part and without limitation or
compensation. Please be aware that in respect of this IQPC cannot
guarantee the inclusion of any or all sessions until after the
conference has taken place. © IQPC Ltd. VAT Reg #: GB 799 2259
67
DELEGATE DETAILS - SIMPLY COMPLETE THIS FORM AND CLICK SUBMIT
PAYMENT METHODS
PRICING AND DISCOUNTS
Ways to Register Phone: +44 (0) 20 7368 9300 Fax: +44 (0) 20 7368
9301 Email:
[email protected] Website:
www.icscybersecurityevent.com
Post: Return your Booking form to: IQPC Ltd, 129 Wilton Rd London,
SW1V 1JZ
Pass includes Gold Package Silver Package Bronze Package
Main Conference 27 - 28 April 2016 Access to post-event
presentations on B2B Shop at www.b2biq.com Access to 1 Workshop*
Access to 2 Workshops
4
4
4
4
4
4
4
Register & Pay by 18th December 2015 £599+VAT SAVE £300
£499+VAT SAVE £300
£299+VAT SAVE £300
Register & Pay by 5th February 2016 £699+VAT SAVE £200
£599+VAT SAVE £200
£399+VAT SAVE £200
Register & Pay by 4th March 2016 £799+VAT SAVE £100
£699+VAT SAVE £100
£499+VAT SAVE £100
Package Options - Vendors and Solution Providers
Register & Pay by 18th December 2015 £1299+VAT SAVE £600
£1199+VAT SAVE £600
£999+VAT SAVE £600
Register & Pay by 5th February 2016 £1499+VAT SAVE £400
£1399+VAT SAVE £400
£1199+VAT SAVE £400
Register & Pay by 4th March 2016 £1699+VAT SAVE £200
£1599+VAT SAVE £200
£1399+VAT SAVE £200
26th - 28th April, 2016 • Pestana Chelsea Bridge Hotel, London,
UK
CYBER SECURITYIC
S Venue: London, UK. Travel and accommodation are not included in
the registration fee. For updates on the venue and accommodation
information, please visit: www.icscybersecurityevent.com
Venue & Accommodation