Agenda | Note: Subject to change |
|
10:00 - 10:45 am CDT
Relying on Technology to Protect Against Cyber Threats: Critical Lessons
Tim will be discussing how post-WWI French military strategy provides lessons for securing our systems and networks. IT departments in today's organizations are tasked with many job functions, of which, cybersecurity is only one. IT professionals are trying to protect against new and expanding threats with few resources. Much like the French prior to WWII, who took a defensive posture using the most sophisticated technology of the day to compensate for the lack of available manpower, organizations today are relying heavily on technology to protect against cyber threats. Though not a perfect analogy, there are some interesting lessons related to understanding new threats and technology. We will also be discussing risk and controls as it relates to IT and other topics.
|
|
|
10:45 - 11:15 am CDT
Networking break in themed video chat rooms
11:15 - 12:00 pm CDT
Utility Perspective: Ensuring Cybersecurity in Smart Grid Design and Deployment
Jason is a Senior Senior Manager of Enterprise Security for OG&E and an industry subject matter expert for utilities and smart grids. Jason has over 18 years of experience, leading and contributing to enterprise security teams for critical network operations in large utility, defense, and healthcare organizations. Proven record of defining security strategies and building and leading teams to achieve success in an efficient way. Jason will be discussing how to ensure cybersecurity is included in smart grid design and deployment and challenges ensuring that equipment stays updated and patched.
|
|
Jason Nations Senior Manager of Enterprise Security (Accountable for all Cyber Security IT & OT) OGE Energy bio |
12:00 - 12:30 pm CDT
Networking break in themed video chat rooms
12:30 - 1:30 pm CDT
Lunch n' Learn -- Network Compliance Automation: How to Streamline the Firewall Audit Process
Have lunch delivered on us as you tune in to this session!
Verifying that an organization-wide network access policy is correctly implemented by hundreds of firewalls and thousands of access rules is such a complex endeavor that misconfigurations remain the number one cause of electronic security perimeter breaches. This presentation will introduce a workflow to automate your firewall audit process, from the organization of device configurations to tracking ruleset changes and staying ahead of compliance requirement deadlines. We will also present technology solutions to help simplify your NERC CIP program.
|
|
1:30 - 2:00 pm CDT
Networking break in themed video chat rooms
2:00 - 2:45 pm CDT
Securing the Digital Grid
Power and utilities CEOs are not taking the risk of cyberattacks and damaged infrastructure lightly. A recent survey revealed that 48% of CEOs say an attack against critical infrastructure is imminent. As more and more utilities digitize power generation, transmission and distribution, the threat of cyber-attacks grows.
With an unforeseen number of attacks working their way into industrial environments, the ability to protect against, detect and respond to cyber threats is more important than ever. As government policy, environmental commitments and new technologies combine to drive greater efficiency, power and utility organizations need to design-in a cybersecurity policy to protect their digital transformation. During this session, we will discuss
- Cybersecurity needs for the operational systems, including Operational Control Systems, SCADA Systems, Smart Meters, and Substations.
- Practical steps for protecting your critical infrastructure - securing both modern and legacy equipment - without impacting the safety and uptime goals of the business.
- Automated tracking and reporting to support compliance with regulatory cybersecurity guidelines
|
|
|
2:45 - 3:15 pm CDT
Networking break in themed video chat rooms
3:15 - 4:00 pm CDT
Mitigation of External Exposure of Energy Delivery Systems (MEEDS)
Operations technologies, industrial control systems, devices, and energy delivery systems are often inadvertently exposed to the internet, where threat actors can exploit them to gain control of critical networks and systems. MEEDS provides an effective, affordable, and easy-to-use cyber-risk management system designed specifically for energy utilities. The advanced cyber defense technology offers a defense-in-depth solution to mitigating internet exposed energy delivery systems without degradation or disruption of services. It can distill data from web-spiders such as Shodan, one of the world's largest public database and search engine database, which is used by more than 50 percent of Fortune 1000 companies. It provides advance identification for important operations technologies, industrial controls systems, and other systems, that are exposed and vulnerable to outside threats.
The presentation will show how MEEDS can help improve threat intelligence and cyber risk management by proactively identifying, detecting, and responding to vulnerable EDSs inadvertently exposed to the public internet and determining risk and mitigation of vulnerability via an easy-to-use tool. MEEDS is customized to empower utilities by enabling them to reliably and continuously query their network to identify and mitigate cyber risk.
|
|
Sri Nikhil Gourisetti, Ph.D., CISSP Energy Cybersecurity Research Engineer, and Team Lead - Cyber Systems Pacific Northwest National Laboratory - PNNL bio |
4:00 - 5:00 pm CDT
Mix n' Mingle -- Virtual reception in themed video chat rooms
9:30 - 10:15 am CDT
Nation-State Grid Threats and the Recent U.S. Executive Order
Nation-state entities have cyber attacked our critical infrastructures by compromising the weaknesses in people and processes. There are process sensor vulnerabilities that can be exploited locally or remotely which can compromise control and safety. These vulnerabilities can be exploited using hardware backdoors. Consequently, there is now a Presidential Executive Order in place that can help address these weaknesses. At least one credit rating agency has "endorsed" the executive order.
|
|
Joe Weiss, PE, CISM, CRISC, ISA Fellow, IEEE Senior Member Managing Director Applied Control Solutions LLC bio |
10:15 - 10:45 am CDT
Networking break in themed video chat rooms
10:45 - 12:15 pm CDT
Workshop: Cyber Security Components of Blockchain Applications in Energy and Utilities
This workshop covers the cyber security components of blockchain applications in energy and utilities. This effort is sponsored by IEEE Blockchain Work Group and being performed by its TF1 Cybersecurity Task Force. The presenters are active participants of this Cybersecurity Task Force. The workshop will cover the following topics:
- Role of Blockchain in energy and utilities
- Blockchain use cases in utilities
- Cybersecurity components of these blockchain applications
- Distributed Ledger Technology specification and cybersecurity requirements
- Cryptographic key management
- Performance impact
- Timestamp and its association with transactions
- Consensus, proofs and voting
- Permissioned Vs non-permissioned
- Smart Contract security
- Attack surface analysis
- Storage, scalability and architecture
|
|
Lunch Break
Afternoon sessions TBA