The IoT/IIoT/ICS/SCADA Collaboration Seminar will showcase thought leaders, strategies, opportunities, and business cases of implementing security solutions across a broad spectrum of industries. IT, OT and IoT Cyber Security decision makers and practitioners will discuss and evaluate the security risks in the context of IoT/IIoT/ICS/SCADA. Recent Executive Orders (EO) have called upon Industry, Government and Solution Providers to collaborate to ensure Critical Infrastructure is inventoried accurately, analyzed like never before, and defenses and other tactics developed to secure and make the nation more resilient.
“Keeping together is progress. Working together is success.” – Henry Ford
Paul Veeneman, CISSP, CISM, CRISC, CMMC RP, President & COO, Beryllium InfoSec Collaborative
The Nation’s critical infrastructure consists of industrial control systems delivering today’s essential electricity, oil, gas, agriculture, and transportation. Sophisticated threats against an expanded attack surface require government and executive teams to address risk management strategies, realign operations safety and engineering accountability, and deliver comprehensive business and cyber resiliency solutions from top to bottom.
Standards and Risks; Cybercrime and the Internet of Things
Sean Costigan, Professor, George C. Marshall European Center for Security Studies
The merger of the physical and virtual worlds is underway. A confluence of technologies has made this possible under the rubric known as the Internet of Things (IoT). This merger brings sensors and devices in the billions to cyberspace, already dwarfing the Internet of People. A vast increase in hackable devices will create profound vulnerabilities in the physical world, creating new opportunities for cybercrime and a pressing need for standards and action.
2:00 pm-2:30 pm
A Private Sector Perspective on the OT Focused Executive Orders and Policies
Moderator: Karen Anderson, Principal Consultant, Optiv, Inc
Presenter: Robert Lee, CEO, Dragos
What worked well, what didn’t work; and lessons learned
2:30 pm-2:45 pm
Resource Center Break
2:45 pm-3:15 pm
OT…Not just another form of IT Security
Joe Weiss, Managing Partner, Applied Control Solutions, LLC
Control system cyber security is composed of networks (IT and OT) and field devices (engineering). Cyber security is network-focused with technologies, training, and cyber logging available under the purview of the CISO. Control system devices have no cyber security, authentication, cyber logging, training for control system engineers, and engineering management is not involved. There have been almost 12 million actual control system cyber incidents that have killed more than 1,500 with more than $90 Billion in direct damage. How can we reconcile the technical and cultural gaps between networking and engineering?
3:15 -3:45 pm
Vulnerability Risk Assessments Guidance on IOT Controls
Ted Gutierrez, CEO, Co-Founder, SecurityGate.io
In an era of increasing vulnerability depth in IOT ecosystems, risk stakeholders and technical teams are challenged with developing systems and capabilities to identify and manage IoT device security. This discussion will focus on ways to incorporate training, standards, and tools from a business-centric perspective. Attendees will walk away actionable guidance they can implement in their business within 30-60d.
3:45 – 4:15 pm
Architecting a Successful Digital Transformation Solution
David Schultz, President, G5 Consulting & Engineering Services
In order to avoid what is commonly known as pilot purgatory, companies must use an architecture that supports Industry 4.0 concepts. This presentation will cover four sections. The first will define the objectives of a digital transformation strategy. The second will provide an overview of business and manufacturing data and how it is organized. The third will introduce the concept of a unified namespace and how business and manufacturing systems will interact with it. The final section will present the steps to a successful digital transformation.
4:15 -4:45 pm
Here’s Where We Are, Don’t over Rotate
Jamison Utter, Sr Director, Product and Solutions Evangelism, Ordr
The role of cyber resilience is to avoid production disruption due to a cyber event and clearly, we are failing. Through this talk we will explore a few cases where negative bias has improperly influenced risk calculations and led to disruptions and leave you with techniques to create a whole enterprise risk strategy.
4:45 – 5:30pm
Networking in EXPO
Tom Smertneck, ISA
Jamison Utter, Ordr
Paul Veeneman, Beryllium InfoSec Collaborative (Program Chair)
Joe Weiss, Applied Control Solutions, LLC