Loading…
This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for the 2017 Singapore ICS Cyber Security Conference! (View the full Singapore Conference website here)  

Register now to grab a spot at the premier ICS cyber security event for key stakeholders in the APAC region.
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, April 25
 

08:30

Welcome to the 2017 Singapore ICS Cyber Security Conference

Welcome address and conference introduction for the 2017 ICS Cyber Security Conference.

 

Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, Chairman of ICS Cyber Security Conference Series, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends and and the threat landscape in the enterprise IT security and critical infrastructure space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several... Read More →


Tuesday April 25, 2017 08:30 - 08:40
Atrium Ballroom 4th Floor

08:40

The Importance of Cybersecurity Training and Policies

Cybersecurity Training and Policies are of Equal Value to Products and Features 

Encryption is touted as the next evolution in securing data.  If the intent is to encrypt text, email content or data objects, the concept is nothing new - mankind has been securing messages in this manner for millennia, the Egyptians used codex’s and the Romans used one time keys and shared secrets.  It is a secure method provided that you ensure integrity of the keys.

If the intent is the encryption of a data channel or communications path, then you may be introducing risk to your system.  If the data is not inspected at either end of the secure channel, then encryption can be creating a secure path for malware into your system.  Encryption can also prevent security appliances from detecting issues.  A deep packet inspection firewall (DPI) for example is rendered useless if deployed to look for anomalous activity on an encrypted path as the firewall will not see packet contents.

Your staff need to be Cybersecurity aware, in fact untrained staff may be your biggest risk. Even in a completely air-gapped system, human interaction can lead to a compromise.  Compromise could come from the use of removable media, or could be intentionally executed by a disgruntled employee.  If a system was compromised, would your staff be capable of detecting it and, if they were, are they suitably trained on how to deal with the issue.

This presentation will give real world examples of how systems have been compromised, how to mitigate this through personnel training and the creation of policies to maintain Cyber awareness within your organization.


Speakers
avatar for Peter Clissold

Peter Clissold

Senior Cyber Security Consultant, Industry Business, Schneider Electric
For over 20 years Peter Clissold has been a leader in the industry with the adoption of new technologies and standards that improve efficiencies in control and driving access to information within the Industrial environment. Peter has been responsible for horizontal and vertical integration... Read More →


Tuesday April 25, 2017 08:40 - 09:25
Hullet Room 4th Floor

08:40

ICS/SCADA Hacking Competition (CTF) - Part 1

NSHC will be organising a CTF in ICS Cyber Conference Singapore. In this CTF, participants will be able to challenge themselves in a series of hacking scenarios and getting some hands-on in bypassing the air gaps in a SCADA environment. There are 6 parts to the CTF. In the first 3 parts, it is an online challenge where participants will receive challenges from simple quizzes to bypassing challenges.In the next 3 parts, participants will be able to explore the ways to bypass the air gaps in a SCADA environment through the use of drones and etc.

Basic Requirements: (Attendees should bring their own laptop)
- Basic programming skills (C++, Python etc)
- Basic network and system skills (TCP/IP, Windows OS) 


Speakers
avatar for Louis Hur Young-il

Louis Hur Young-il

President and Chief Executive Officer, NSHC Corporation
Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four peoples in 2003 while studying... Read More →


Tuesday April 25, 2017 08:40 - 13:00
Moor Room 4th Floor

08:40

SHODAN Hacking Training (Part 1)

COLLECT. ANALYZE. VISUALIZE. MAKE INTERNET INTELLIGENCE WORK FOR YOU. 

Learn how to receive alerts when one of your devices is exposed online, find malware command and control centers, create stunning visualizations and more during this  training on Shodan. This full-day course will discuss the inner workings of Shodan and guide you through various use cases to help you get the most out of the data. 

Bring your own PCAPs, devices or ideas to the course! If there’s enough time left we will scan the Internet for new devices on-the-fly and apply our skills to create some cool new tools. 

REQUIREMENTS

  • Laptop with administrative privileges
  • Basic Python programming skills

  • Familiarity with the command-line

  • Free Shodan account 


Speakers
avatar for John Matherly

John Matherly

Founder & CEO, Shodan, LLC.
John Matherly is an Internet cartographer, speaker and founder of Shodan, the world’s first search engine for the Internet-connected devices. His work at Shodan has helped discover hundreds of thousands of industrial control systems, massive IoT botnets and empirically track the increasingly connected Internet landscape. For the past years, he has b... Read More →



Tuesday April 25, 2017 08:40 - 13:00
Morrison Room 4th Floor

09:30

Surprises in a Decade of Evolving SCADA Security Advice

Over the last decade, Industrial Control System Security has risen to a prominent role in our lives. Much has been said and written to offer our community guidance and structure over this time. Join us for a sometimes humorous, sometimes encouraging, and sometimes pitiful look back at some of the highlights and lowlights from SCADA Security research, advice, and regulation over the past 10 years 


Speakers
avatar for Michael Firstenberg

Michael Firstenberg

Director of Industrial Security, Waterfall Security
Mike Firstenberg is the Director of Industrial Security for Waterfall Security. Mike brings almost two decades of experience in Industrial Control System Security, specializing in Control System Cyber Security. With a proven track record as a hands-on engineer - researching, designing... Read More →


Tuesday April 25, 2017 09:30 - 10:15
Hullet Room 4th Floor

10:25

Break - Exhibits Open
Please visit our exhibitors and sponsors and enjoy refreshments and snacks in the Sponsor Hall.

Tuesday April 25, 2017 10:25 - 10:45
Sponsor Hall

10:45

Online Security Awareness Program for OT – Case Study

Cyber risk is growing for Operational Environments. New threat actors, inherent vulnerabilities and lagging technical controls present significant challenges for the protection of critical assets. Many asset owners and operators recognize that effective security culture requires effective governance between IT security and OT, but a lack of common awareness could lead to alignement and communication issues on both sides.  

Addressing the increased skills gap requires training, but taking time away from mission critical function is often not possible. Industrial companies are now looking for flexible and cost effective solutions that provide the core skills in engineering language across all level  

This session will explain how organizations can enhance their OT environment security, adhere to compliance requirements and benefit from cost savings.


Speakers
avatar for Mark Bakker

Mark Bakker

International Sales & Business Development Manager, Applied Risk
Mr. Mark Bakker has more than 18 years of experience in Industrial and Process Automation. For the last 9 years his focus has been towards Cyber Security for the process industries (mainly in the critical infrastructure). Mr. Bakker has held various Sales (Management) positions at... Read More →


Tuesday April 25, 2017 10:45 - 11:15
Hullet Room 4th Floor

11:15

Practical Mechanisms for Effective ICS Protection, Threat Detection & Incident Response (Part 1)

Approaching the Industrial Control System Security dilemma through setting up practical mechanisms for effective protection, threat detection and incident response
The protection of industrial control systems is at the agenda of world leaders and definitely it is a responsibility of industrial cyber security experts to turn out from a dream to a reality. 

This workshop will focus on covering how to conduct proper risk assessments that enable the client to design effective cyber security solutions and enables them to mitigate the risks.  Bringing the IT (Information Technology) and OT (Operational Technology) teams to understand each other and to work with each other is very vital to achieving protection.  The workshop will highlight how teams can work together and the discussion will also focus on the importance of understanding the combination of the industrial cyber security, automation, and understanding plant production models by both IT and OT teams in order to design the right cyber secure infrastructure and solutions.  The session will also demonstrate a demo of threat detection and how a well-defined incidence response plan reduces the potential of disruption of plant operations/production as a result of successful cyber-attack.

Why you should attend

  • Why do we need to protect IT and OT environments much more than ever? And what are the emerging threats on both environments?
  • Discuss the integration between IT and OT infrastructures, threat detection, incidence response
  • Develop ideas on how to move into cyber security by design for the new control systems.
  • Learn how to embed industrial cyber security during the engineering project lifecycle
  • Understand how to build a security Operations Center that can serve both IT and OT infrastructures
  • What IT and OT teams need to know about automation project lifecycle?

Speakers
avatar for Ayman AL-Issa

Ayman AL-Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton Inc.
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →


Tuesday April 25, 2017 11:15 - 13:00
Hullet Room 4th Floor

13:00

Lunch - Café Swiss
Please join us for lunch at Café Swiss, dining restaurant that is designed in a stylish modern architecture. Illuminated by an overhead of natural skylight, Café Swiss emanates an inviting aura of warmth and elegance for a tranquil respite. The sumptuous buffet lunch and dinner, offering a variety of European fare, are immensely popular.


Tuesday April 25, 2017 13:00 - 14:00
Café Swiss Level 2, Swissôtel The Stamford

14:00

ICS/SCADA Hacking Competition (CTF) - Part 2

(Continuation of full day competition and hacking workshop)

NSHC will be organising a CTF in ICS Cyber Conference Singapore. In this CTF, participants will be able to challenge themselves in a series of hacking scenarios and getting some hands-on in bypassing the air gaps in a SCADA environment. There are 6 parts to the CTF. In the first 3 parts, it is an online challenge where participants will receive challenges from simple quizzes to bypassing challenges.In the next 3 parts, participants will be able to explore the ways to bypass the air gaps in a SCADA environment through the use of drones and etc.

Basic Requirements: (Attendees should bring their own laptop)

  • Basic programming skills (C++, Python etc)
  • Basic network and system skills (TCP/IP, Windows OS) 

Speakers
avatar for Louis Hur Young-il

Louis Hur Young-il

President and Chief Executive Officer, NSHC Corporation
Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four peoples in 2003 while studying... Read More →


Tuesday April 25, 2017 14:00 - 17:00
Moor Room 4th Floor

14:00

SHODAN Hacking Training (Part 2)

COLLECT. ANALYZE. VISUALIZE. MAKE INTERNET INTELLIGENCE WORK FOR YOU. 

Learn how to receive alerts when one of your devices is exposed online, find malware command and control centers, create stunning visualizations and more during this  training on Shodan. This full-day course will discuss the inner workings of Shodan and guide you through various use cases to help you get the most out of the data. 

Bring your own PCAPs, devices or ideas to the course! If there’s enough time left we will scan the Internet for new devices on-the-fly and apply our skills to create some cool new tools. 

REQUIREMENTS

  • Laptop with administrative privileges
  • Basic Python programming skills

  • Familiarity with the command-line

  • Free Shodan account 


Speakers
avatar for John Matherly

John Matherly

Founder & CEO, Shodan, LLC.
John Matherly is an Internet cartographer, speaker and founder of Shodan, the world’s first search engine for the Internet-connected devices. His work at Shodan has helped discover hundreds of thousands of industrial control systems, massive IoT botnets and empirically track the increasingly connected Internet landscape. For the past years, he has b... Read More →



Tuesday April 25, 2017 14:00 - 17:00
Morrison Room 4th Floor

14:00

Practical Mechanisms for Effective ICS Protection, Threat Detection & Incident Response (Part 2)

(Continuation of Workshop)

Approaching the Industrial Control System Security dilemma through setting up practical mechanisms for effective protection, threat detection and incident response
The protection of industrial control systems is at the agenda of world leaders and definitely it is a responsibility of industrial cyber security experts to turn out from a dream to a reality. 

This workshop will focus on covering how to conduct proper risk assessments that enable the client to design effective cyber security solutions and enables them to mitigate the risks.  Bringing the IT (Information Technology) and OT (Operational Technology) teams to understand each other and to work with each other is very vital to achieving protection.  The workshop will highlight how teams can work together and the discussion will also focus on the importance of understanding the combination of the industrial cyber security, automation, and understanding plant production models by both IT and OT teams in order to design the right cyber secure infrastructure and solutions.  The session will also demonstrate a demo of threat detection and how a well-defined incidence response plan reduces the potential of disruption of plant operations/production as a result of successful cyber-attack.

Why you should attend

  • Why do we need to protect IT and OT environments much more than ever? And what are the emerging threats on both environments?
  • Discuss the integration between IT and OT infrastructures, threat detection, incidence response
  • Develop ideas on how to move into cyber security by design for the new control systems.
  • Learn how to embed industrial cyber security during the engineering project lifecycle
  • Understand how to build a security Operations Center that can serve both IT and OT infrastructures
  • What IT and OT teams need to know about automation project lifecycle?

Speakers
avatar for Ayman AL-Issa

Ayman AL-Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton Inc.
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →


Tuesday April 25, 2017 14:00 - 17:00
Hullet Room 4th Floor

15:45

Break - Exhibits Open
Please visit our exhibitors and sponsors and enjoy refreshments and snacks in the Sponsor Hall.

Tuesday April 25, 2017 15:45 - 16:00
Sponsor Hall

17:15

Poolside Welcome Reception

Please join us at the Alligator Pear poolside bar on Level 8 at the Fairmont Singapore for a welcome reception. Open bar serving Wine, Beer and Soft Drinks & Juices.



Tuesday April 25, 2017 17:15 - 18:15
Alligator Pear Poolside Bar Level 8, Fairmont Singapore
 
Wednesday, April 26
 

08:30

Welcome to the 2017 Singapore ICS Cyber Security Conference

Welcome address and conference introduction for the 2017 ICS Cyber Security Conference.

 

Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, Chairman of ICS Cyber Security Conference Series, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends and and the threat landscape in the enterprise IT security and critical infrastructure space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several... Read More →


Wednesday April 26, 2017 08:30 - 08:40
Atrium Ballroom 4th Floor

08:40

Opening Keynote

Ayman Al Issa, Chief Technologist for Industrial Cyber Security in the Middle East & North Africa for Booz Allen Hamilton, will deliver an opening keynote for the 2017 Singapore ICS Cyber Security Conference. 

Internet of Things, Industrial Internet of Things, smart cities, smart grids, smart oil fields, and the advancement of technology in all aspects of our life is great things to have, however, we are "no doubt" getting interconnected and there are no super hooper borders between the adversaries.  Industrial control systems are at the core of our critical infrastructures that we all depend on in every moment of our life, name it as you like, from oil and gas to water and electricity to transport and emergency services, they are all controlled by tiny to major control systems.  Launching a missile could be effective against your adversaries, nevertheless, the whole world understands very well that the electronic war is going to be the norm-war.  

Ayman AL-Issa will brief delegates on the global  industrial cyber security status in a 20 minute nutshell talking about the ICS threats, and what we need to do today, next month and in the coming years.


Speakers
avatar for Ayman AL-Issa

Ayman AL-Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton Inc.
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →


Wednesday April 26, 2017 08:40 - 09:10
Atrium Ballroom 4th Floor

09:10

Development through Industrial Control Systems’ (ICS) Changing Landscape
Singapore's Cyber Security Agency (CSA) will share an overview of their plan for Singapore's critical infrastructure protection in this opening session, along with recent case studies and current concernd facing critical infrastructure operators.

Speakers
avatar for Lim Thian Chin

Lim Thian Chin

Deputy Director, Head of CII Protection, Critical Information Infrastructure Division, Cyber Security Agency of Singapore
Lim Thian Chin is currently the Head of Critical Information Infrastructure (CII) Protection at the Cyber Security Agency of Singapore (CSA). He leads a team that is responsible for building the cyber resiliency of the Nation’'s essential services across 11 CII sectors covering government... Read More →



Wednesday April 26, 2017 09:10 - 09:40
Atrium Ballroom 4th Floor

09:40

Securing SWaT and Beyond

In this talk we describe the Secure Water Treatment (SWaT) testbed at the iTrust Centre for Research in Cybersecurity (Singapore University of Technology and Design). SWaT is a testbed built to design, implement and test advanced ICS security mechanisms on a realistic setting, operating since 2015. We will share ongoing research efforts to detect and mitigate attacks to SWaT. We will also introduce two new testbeds on water distribution (WADI) and electric power grid (EPIC).

Background

SWaT Architecture - SWaT consists of a modern six-stage process. The process begins by taking in raw water, adding necessary chemicals to it, filtering it via an Ultrafiltration (UF) system, de-chlorinating it using UV lamps, and then feeding it to a Reverse Osmosis (RO) system. A backwash process cleans the membranes in UF using the water produced by RO. The cyber portion of SWaT consists of a layered communications network, Programmable Logic Controllers (PLCs), Human Machine Interfaces (HMIs), Supervisory Control and Data Acquisition  (SCADA) workstation, and a Historian. Data from sensors is available to the SCADA system and recorded by the Historian for subsequent analysis.

Research

  • In the first phase of this research, models of SWaT will be created using advanced tools such as LabView and Simulink. Models so created will be used to conduct initial experiments aimed at understanding the response of SWaT to a variety of cyber attacks. Attacks by insiders and outsiders will be considered. This first round of experiments will lead to an understanding of the strengths and weaknesses of the existing defense mechanism in SWaT.
  • In the second stage, a small set of cyber attacks will be tried in the testbed using carefully designed experiments that ensure no damage to the physical system. Such experiments are aimed at verifying whether that what is learnt in simulation applies to the physical testbed. These experiments will lead to an understanding of the weaknesses of the defense mechanism of SWaT.
  • The third stage is expected to lead to enhancement of the defence mechanism using a redesign of the hardware and updated PLC and SCADA software. The redesigned defence mechanism will then be tested against a variety of attacks in the updated simulation model and the testbed.

Speakers
avatar for Martin Ochoa

Martin Ochoa

iTrust Centre for Research in Cybersecurity, Singapore University of Technology and Design
Martín studied Systems Engineering (San José, CR) and Mathematics (Rome). He continued his math studies in Munich (LMU, M.Sc.). Afterwards he completed a PhD in Computer Science (TU Dortmund). Before joining SUTD, he was a post-doc at the Chair for Software Engineering of the TU... Read More →



Wednesday April 26, 2017 09:40 - 10:15
Atrium Ballroom 4th Floor

10:15

Drone Wireless Attacks against Land and Maritime Industrial Sites

Summary: In this talk, Jeff Melrose will present the latest drone threat intelligence for plant land and maritime port industrial site networks. 

With new Drone technologies appearing in the consumer space daily Industrial Site operators are being forced to rethink their most fundamental assumptions about Industrial Sites and Cyber-Physical security. Both Land and Maritime Industrial targets are vulnerable to this new emerging threat. This presentation will cover Electronic Threats, Electronic Defensive measures, Recent Electronic jamming incidents, Latest Drone Threats and capabilities, recent port facility incidents, and Electronic Attack and surveillance with Drones as delivery platform. The presentation will include two drone attack scenarios with video [potentially live - if liability allows] demonstrations of drone attack capabilities on an industrial wireless flowmeter. 

Attendees will gain the following:

  • A new appreciation for the terrifying capabilities now available in hobby drones.
  • A better understanding how drones can now be the bridge that Hacktivists use to make attacks that were only possible in close proximity before.
  • Realization that large scale EW attacks to Industrial system that used to be possible with military grade equipment are now possible with hobby components.
  • An understanding of what a defensive security person must consider when risk evaluating the threats to industrial wireless systems.
  • A new appreciation for Maritime threats that Drones represent including information of actual incidents. 

Speakers
avatar for Jeff Melrose

Jeff Melrose

Principal Technology Strategist for Cybersecurity, Yokogawa US
Mr. Jeff Melrose is the Principal Cyber Security Manage for Cybersecurity at Yokogawa US. Prior to his assignment with Yokogawa, Mr. Melrose was a Principal Security Engineer at Lockheed Martin and Raytheon designing secure systems for the US Military and US Intelligence Community... Read More →


Wednesday April 26, 2017 10:15 - 11:00
Atrium Ballroom 4th Floor

11:00

Break - Exhibits Open
Please visit our exhibitors and sponsors and enjoy refreshments in the Sponsor Hall.

Wednesday April 26, 2017 11:00 - 11:30
Sponsor Hall

11:30

Analysis of Cyber Terrorism Against Korean Nuclear Power Plant

This topic examines the effect of cyber terrorism against nuclear power utilities & newly discovered vulnerabilities in nuclear power plant systems. Along with the cooperation of KOSPO (Korea Southern Power Co.,Ltd.) and Interpol researchers, we will also walk-though the investigation of 2014’s breach in one of South Korea’s largest nuclear power utility that is responsible for about 40% of the country's electric power supply.


Speakers
avatar for Louis Hur Young-il

Louis Hur Young-il

President and Chief Executive Officer, NSHC Corporation
Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four peoples in 2003 while studying... Read More →



Wednesday April 26, 2017 11:30 - 12:15
Atrium Ballroom 4th Floor

12:15

Panel: Safety & Security
Moderators
Speakers
avatar for Ayman AL-Issa

Ayman AL-Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton Inc.
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →
avatar for Friedhelm Best

Friedhelm Best

Vice President Asia Pacific Region, HIMA Asia Pacific
Friedhelm Best is Vice President of the Asia Pacific Region at HIMA, a leading independent provider of solutions for safety-critical applications.  | Friedhelm previously worked as Director of Global Key Account Management Industry in the Electrical Sector of Eaton Corporation. Friedhelm... Read More →
JW

Jerry Wells

Australian Oil & Gas Company


Wednesday April 26, 2017 12:15 - 13:00
Atrium Ballroom 4th Floor

12:50

Lunch - Café Swiss
Please join us for lunch at Café Swiss, dining restaurant that is designed in a stylish modern architecture. Illuminated by an overhead of natural skylight, Café Swiss emanates an inviting aura of warmth and elegance for a tranquil respite. The sumptuous buffet lunch and dinner, offering a variety of European fare, are immensely popular.


Wednesday April 26, 2017 12:50 - 13:50
Café Swiss Level 2, Swissôtel The Stamford

14:00

An Industrial Immune System: Using Machine Learning for Next Generation ICS Security

As IT and Operational Technology (OT) environments continue to converge, managers of ICS have been faced with the challenge of protecting these crucial systems and data, in spite of inherent security weaknesses and the continual risk of insider threat. In many industrial processes, reliability of an ICS has a direct and immediate impact on the safety of human lives. Existing, legacy approaches have proven inadequate on their own, especially against insiders who, by definition, have authorized access.

There is an urgent need for a new approach to combat the next generation of cyber-threats, across both OT and IT environments. While total prevention of compromise is untenable, utilizing automated self-learning technologies to detect and respond to emerging threats within a network is an achievable cyber security goal, irrespective of whether the suspicious behavior originated on the corporate network or ICS.

Some of the world’s leading energy and manufacturing companies are using these technologies to detect early indicators of cyber-attacks or vulnerabilities across IT and OT environments, without reliance on pre-identified threat feeds, rules, or signatures. These technologies represent an innovative and fundamental step-change in automated cyber-defense.

In this session, delegates will learn:

  • How new machine learning and mathematics are automating advanced threat detection
  • Why 100% network visibility allows you to preempt emerging situations, in real time, across both IT and OT environments
  • How smart prioritization and visualization of threats allows for better resource allocation and lower risk
  • Real-world examples of detected OT threats, from non-malicious insiders to sophisticated cyber-attackers
Sponsored By: Darktrace

Speakers
avatar for Sanjay Aurora

Sanjay Aurora

Managing Director – Asia Pacific, Darktrace
Sanjay Aurora is the Managing Director, Asia Pacific at Darktrace, where he has spearheaded the company’s expansion in the region since 2015, with the rapid adoption of Darktrace’s award-winning Enterprise Immune System technology, and the opening of 9 offices in Asia Pacific... Read More →



Wednesday April 26, 2017 14:00 - 14:30
Morrison Room 4th Floor

14:00

Perpetual Connectivity Enabling Business Transformation

With unpresented pace of digital journey and an increased sophistication in Cyber Security attacks in Process Control Industry, Yokogawa from Thought Leadership and Innovation perspective has crafted the framework for Cyber Security in paying particular attention to Availability, Integrity and Confidentiality from Co-innovating perspective with our customers. 

Yokogawa Electric Corporation collaborated with Global Network & Security Leader deliver Industrial Control System Security Solution for Global Oil & Gas Customer.  The solution that were deployed is a comprehensive security management solution for plant control systems that was jointly developed as an initiative between Global Network & Security Leader, Yokogawa, a leader in mission-critical plant automation systems and Global Oil & Gas Customer. The three companies have agreed to proceed over the next three years with the implementation of Industrial Control System Security at around fifty plants globally.

This session will walk through the past deployments and the Operation Model that Global Network & Security Leader and Yokogawa had delivered for Global Oil & Gas Company Security Initiative project.

Sponsored by: Yokogawa


Speakers
avatar for Lee Chee Hoe

Lee Chee Hoe

Senior Global Cyber Security Sales & Marketing Manager for IIoT & Cybersecurity, Yokogawa Electric International
Mr. Lee Chee Hoe is the Senior Global Cyber Security Sales & Marketing Manager for IIoT & Cybersecurity at Yokogawa Electric International. Mr. Lee Chee Hoe has over 16 years of experience in Industrial Cyber Security spearheading as Security Engineer, Consultant and Project Manager... Read More →



Wednesday April 26, 2017 14:00 - 14:30
Moor Room 4th Floor

14:30

Eliminating Security Blind Spots in ICS Environments

This talk will skip the standard pitch about why ICS networks are vulnerable and the criticality of operational continuity, and go right to the point, which is to explain how ICS cyber-attacks really operate and where are the security gaps that enable these attacks.

Industrial networks are inherently different than IT networks. In most IT cyber-attack scenarios, the same protocols are used for configuration and production operations. However, in industrial networks, different protocols are used for different types of operations. The builders of Stuxnet understood this more than 5 years ago, yet most security specialists still don’t fully understand the difference.

In this session we will discuss: 

  • The need to monitor the proprietary network protocols and track all changes to the controllers
  • Why changes to PLC code blocks are transparent to “standard” OT protocol inspections (i.e. MODBUS/DNP3/ICCP) and what should be monitored
  • Which additional security gaps must be addressed in order to protect ICS networks against cyber-attacks, malicious insiders and human errors

Join us for this myth-busting session in which we will dispel common fables around industrial cyber-attacks and explain how they really operate.

Session attendees will:

  • Gain insight into real-world threats to ICS networks and understand how ICS cyber attacks are really executed
  • Review how attackers can compromise critical industrial controllers (PLCs, RTUs) while remaining undetected
  • Understand the proprietary OT network protocols used by vendors to manage industrial controllers, their strengths and weaknesses
  • Learn about best-practices that should be implemented to secure OT networks and industrial controllers

Speakers
avatar for Mille Gandelsman

Mille Gandelsman

CTO and Co-Founder, Indegy
Mille Gandelsman is the CTO and Co-Founder of Indegy, an industrial cybersecurity startup that provides situational awareness and real-time security for industrial control networks. He leads Indegy’s technology research and product management activities. Prior to Indegy, Gandelsman led engineering efforts for Stratoscale and spen... Read More →


Wednesday April 26, 2017 14:30 - 15:15
Moor Room 4th Floor

14:30

The Need for ICS Security Operations Center

Cybersecurity for Industrial Control Systems (ICS) is gaining importance fast and cannot be covered by one single action.

To accept is easy, to continue is difficult; It takes a lot of efforts for ICS assets to reach an acceptable level of security. However, it takes much more to maintain that level over a sustainable period of time; a pitfall that many organizations have failed, or decided to give up altogether.

One key factor is the lack of individuals with a hybrid IT & OT skillset and experience. To make up for this, it makes sense to congregate different talents in an ICS Cybersecurity Operations Center, or ICS SOC. This approach not only form a team with a collective IT & OT skillsets and experiences, it forges team members to look into ICS anomalies in unison; many in skills, one in mind.


Speakers
avatar for Jos Menting

Jos Menting

Chief Technologist, Lab Manager Cybersecurity, ENGIE Lab LABORELEC
Jos Menting graduated in Technical Physics and Industrial Automation at the Saxion University. After some excursions Mr. Menting started working in I&C engineering for different types of thermal power plants. Both new build as brown field and optimization projects delivered a profound... Read More →


Wednesday April 26, 2017 14:30 - 15:15
Morrison Room 4th Floor

15:15

Break - Exhibits Open
Please visit our exhibitors and sponsors and enjoy refreshments in the Sponsor Hall.

Wednesday April 26, 2017 15:15 - 15:30
Sponsor Hall

15:30

Can SCADA in “the Cloud” be Safe?

The IIoT promises to revolutionize the field of industrial automation with access to cloud-based systems. Expert "big data" analytics promise to yield efficiencies and savings. Cross-client analysis of security data promise to let cloud security vendors draw conclusions about overall threat postures and derive actionable intelligence for individual sites. Industrial "app stores" promise to democratize and revolutionize industrial applications, while dramatically reducing costs.

It's too bad that our industrial data looks nothing like what cloud systems need, and that even if we solved that problem, we're never going to connect the Internet right into the beating heart of our most sensitive control systems.

If only there was a way to gather data from industrial systems safely, and transform that data into cloud-friendly formats. If only there were a way to transmit that now cloud-friendly data out to the Internet - the Internet which is the source of all evil - without any chance at all of evil leaking back into our industrial systems.

When we ask the right questions, the answer no longer seems far-fetched. 


Speakers
avatar for Michael Firstenberg

Michael Firstenberg

Director of Industrial Security, Waterfall Security
Mike Firstenberg is the Director of Industrial Security for Waterfall Security. Mike brings almost two decades of experience in Industrial Control System Security, specializing in Control System Cyber Security. With a proven track record as a hands-on engineer - researching, designing... Read More →


Wednesday April 26, 2017 15:30 - 16:15
Morrison Room 4th Floor

15:30

Safety Instrumented Systems and Cyber Security

Safety instrumented systems are used in many applications today to improve the safety and reliability of process systems. Manufacturers like oil and gas producers, chemical processors or power generators that apply automation to critical plant require high availability systems.  These systems are sometimes referred to as triple modular redundant (TMR) systems, to reduce the risks associated with uncontrolled shutdowns caused by equipment failures. IEC 61511 is a standard that helps governs the application of this technology and has recently undergone a revision that, amongst other changes, requires cybersecurity to be considered in any risk assessment.

Both IEC 61511 and IEC 62443 call for risk assessments to be conducted, however the outcomes of each risk assessment can be very different. This presentation will explore the requirements of a cybersecurity risk assessment and how it could be aligned with the results of a process risk assessment to determine what countermeasures are need. It will explore the current recommendations for cybersecurity in SIS safety systems and also look at what some organizations are implementing to address technical challenges posed by security and geography.


Speakers
avatar for Stefan Schlatter

Stefan Schlatter

Principal Engineer, Schneider Electric
Stefan Schlatter joined Schneider Electric in March 2008 as part of the Teir 3 ClearSCADA Customer Support Team in England before moving to Australia and becoming part of the Industrial Process Automation group. His primary roles have focused around the design, engineering and technical... Read More →


Wednesday April 26, 2017 15:30 - 16:15
Moor Room 4th Floor

16:15

Cybersecurity in Operational Technology – The Need for Focus on Detection and Response

Cyber threats are on the rise. As industry becomes more connected, risks go up. In the face of this reality, having a strategy that’s fully informed by ICS cybersecurity experts and tuned to the specific risks that you face, is well worth the effort. You need to take the right actions to increase resilience, help ensure safety, and maintain availability across your OT environment. As the threat landscape increases, a smart cyber defense strategy for ICS, SCADA, process control, and other OT networks is in order. This strategy employs people, process and technology to ensure that industrial cyber controls are in place to protect critical assets. Most of the organizations focus on protecting their networks, assets, devices and applications, forgetting to give the same focus ondetecting, responding and recovering from the incidents, if they are to occur. This presentation focuses on the detect, respond and recover phases of the NIST framework.

 


Speakers
avatar for Ganesh Narayanan

Ganesh Narayanan

Director, Advisory-Cyber Security (Operational Technology), Ernst & Young
Ganesh is a Director in EY’s Cybersecurity practice. A SCADA cybersecurity professional with more than 20 years’ experience working on IT systems related industrial control / aviation systems, he has worked with regulators, government agencies and private organizations in defining... Read More →


Wednesday April 26, 2017 16:15 - 17:00
Morrison Room 4th Floor

16:15

Functional Safety at Your Plant Requires IT Security
Speakers
avatar for Friedhelm Best

Friedhelm Best

Vice President Asia Pacific Region, HIMA Asia Pacific
Friedhelm Best is Vice President of the Asia Pacific Region at HIMA, a leading independent provider of solutions for safety-critical applications.  | Friedhelm previously worked as Director of Global Key Account Management Industry in the Electrical Sector of Eaton Corporation. Friedhelm... Read More →


Wednesday April 26, 2017 16:15 - 17:00
Moor Room 4th Floor

17:00

Cocktail Reception in Sponsor Hall
Please join us in the sponsor hall (Hullet Room) for a recption with cocktails and appetizers and network with industy peers. At this VIP reception we have prepared a fantastic menu and premium bar!

Wednesday April 26, 2017 17:00 - 19:00
Sponsor Hall
 
Thursday, April 27
 

08:30

Welcome to the 2017 Singapore ICS Cyber Security Conference

2017 Singapore ICS Cyber Security Conference remarks and annoucements for day 3. 

 

Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, Chairman of ICS Cyber Security Conference Series, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends and and the threat landscape in the enterprise IT security and critical infrastructure space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several... Read More →


Thursday April 27, 2017 08:30 - 08:35
Atrium Ballroom 4th Floor

08:35

Shodan Analysis: Internet-Connected ICS in the APAC Region
Shodan creator John Matherly will share newly collected data and maps of industrial control systems that are connected to the Internet in the APAC region, along with regional and global trends. Data will also be presented on systems that are most likely ICS honeypots. 

Speakers
avatar for John Matherly

John Matherly

Founder & CEO, Shodan, LLC.
John Matherly is an Internet cartographer, speaker and founder of Shodan, the world’s first search engine for the Internet-connected devices. His work at Shodan has helped discover hundreds of thousands of industrial control systems, massive IoT botnets and empirically track the increasingly connected Internet landscape. For the past years, he has b... Read More →


Thursday April 27, 2017 08:35 - 09:20
Atrium Ballroom 4th Floor

09:20

Securing Industrial Control Systems in the Age of IIoT
Join us in this session as we walk through the Digital Transformation journey in one of Malaysia's leading national oil companies. This transformation means adopting technology that can help increase Plant Utilization (PU), Improve Overall Equipment Effectiveness (OEE) and most importantly ZERO Health, Safety, Security and Environment  incidences.
 
With the Industrial Internet of Things and Big data Analytics making mainstream media headlines, we have seen more and more digital transformation initiatives being deployed in the refinery. The national refinery, which was first commissioned in 1992, was using a Distributed Control System (DCS) that relies on primarily analog 4-20mA sensors and final elements. Over the years with new process units being added, the current DCS is a mix of proprietary and open systems utilizing digital busses and analog signals.
 
The use of wireless sensors in the refinery has also been aggressively expanding since the last 10 years. These sensors have been deployed over the existing Process Control Equipment to provide additional monitoring of critical and non-critical equipment. The main driver for using these wireless sensors has been  being the ease and low cost of deployment. With this, the DCS architecture needed to be redrawn to allow for a secure yet reliable method to harness these wireless sensors data back to the end users. The end users of these sensors are now no longer restricted to the operation personnel, but include maintenance engineers for corrosion monitoring, condition based monitoring, instrumentation and control etc.
 
With all this additional connectivity, the refinery has developed numerous internal standards and has made reference to international standards such as  ISA/IEC 62443.  ISA/IEC 62443 is series of standards on the cyber security of industrial automation and control systems.

Speakers
avatar for Jefferi Kamarudin

Jefferi Kamarudin

Staff Engineer, Machinery Control, Malaysia's Oil Company
Jefferi Kamarudin started as an instrument engineer, and had since held various positions in plant maintenance and technical services within the refinery company before assuming his current role of Staff Engineer (Machinery Control). He has vast experience in the design, maintenance... Read More →



Thursday April 27, 2017 09:20 - 10:05
Atrium Ballroom 4th Floor

10:10

Break - Exhibits Open
Please visit our exhibitors and sponsors and enjoy refreshments in the Sponsor Hall.

Thursday April 27, 2017 10:10 - 10:40
Sponsor Hall

10:40

Scythe - Ransomware for Industrial Control Systems (ICS)

As cybersecurity threats continually evolve, ransomware is on the rise as the most profitable attack used by threat actors. Unlike malware, where the primary goal is to steal data or information, a ransomware’s goal is to deny access to resources for a period until a ransom is paid. If the ransom is not paid, then access to resources will be lost or restricted. This type of behavior has serious implications for Industrial Control Systems (ICS) in which availability and integrity of operations should be maintained at all the time.

Thousands of mission critical control systems are directly connected to Internet and subject to new attack techniques. In this research, we will demonstrate a number of advanced (for the first time) methods that can be used in order to infect ICS/SCADA devices with a specific ransomware “Scythe”, bypassing all the controls present on devices as well as other protection and restore mechanisms that could put the device back to it’s safe state. 


Speakers
AA

Alexandru Ariciu

Senior ICS Security Researcher, Applied Risk
Senior Security Researcher, Applied Risk


Thursday April 27, 2017 10:40 - 11:15
Atrium Ballroom 4th Floor

11:15

Protecting Against Unauthorized PLC Modifications

Operations managers need to be 100% certain that their PLCs’ software is shielded from unauthorized modifications, to assure that operational processes go uninterrupted. 

This session will demonstrate how PLC software can be modified without operators being aware, and outline the potential impact on ongoing ICS processes. An attack demo will show how to simulate an engineering workstation operation to change the firmware of the PLC while keeping the communication with the SCADA system intact.

Various defense methods to protect PLCs against such attacks will be presented, including embedded end-point protection mechanisms, proxy application firewalls and periodic configuration validation. 

Attendees will learn best practices for both detection and prevention of unauthorized PLC modifications.


Speakers
avatar for Ilan Barda

Ilan Barda

CEO, RADiFlow
Ilan Barda, founder of Radiflow is a Security and Telecom executive with 20 years of experience in the industry. Mr. Barda’s last position was the CEO of Seabridge, a Siemens subsidiary, with world-wide responsibility for the Siemens/Nokia-Siemens Carrier-Switches portfolio. Ilan... Read More →



Thursday April 27, 2017 11:15 - 11:50
Atrium Ballroom 4th Floor

11:50

Analysis of the Ukraine Grid Attacks

In December 2015, cyber attacks disrupted energy-grid operations in Ukraine, causing blackouts to more then 225,000 customers. 

This presentation will detail the step-by-step process that the threat actors took, and will highlight the opportunities for detection and prevention across the various steps of the attack.  

According to Booz Allen Hamilton, report, the 2015 cyberattacks were likely part of a two-year campaign that targeted several sectors in Ukraine. Researchers identified 11 attacks aimed at the electricity, railway, media, mining and government sectors.


Speakers
avatar for Ayman AL-Issa

Ayman AL-Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton Inc.
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →


Thursday April 27, 2017 11:50 - 12:25
Atrium Ballroom 4th Floor

12:25

Bypassing Air Gaps to Access OT Environments (Research and Demo)

In this presentation, attendees will learn about real threats facing ICS and SCADA systems. This presentation will share about air-gap bypassing, and detailed incident cases of bypassing air gaps. The session will include a demonstration of real hacking using three different air-gap bypassing techniques.


Speakers
avatar for Louis Hur Young-il

Louis Hur Young-il

President and Chief Executive Officer, NSHC Corporation
Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four peoples in 2003 while studying... Read More →


Thursday April 27, 2017 12:25 - 13:00
Atrium Ballroom 4th Floor

13:00

Lunch - Café Swiss
Please join us for lunch at Café Swiss, dining restaurant that is designed in a stylish modern architecture. Illuminated by an overhead of natural skylight, Café Swiss emanates an inviting aura of warmth and elegance for a tranquil respite. The sumptuous buffet lunch and dinner, offering a variety of European fare, are immensely popular.


Thursday April 27, 2017 13:00 - 14:00
Café Swiss Level 2, Swissôtel The Stamford

14:00

Cybersecurity Services for the Next Level of Automation

Driven by business sustainability requirements, access to (near) real-time data within the automation industry has created a growing trend towards interconnectivity between control system and enterprise environments.  A component of this trend is the movement away from proprietary control system platforms and technology, to a more open and interoperable Asset Control System.  This development creates opportunities for businesses, but can also simultaneously increase their exposure to potential vulnerabilities.  Due to the evolving, complex nature of control systems in the enterprise today, many asset owners simply do not know where to start when it comes to devising a security strategy.  A lack of awareness about their current vulnerability state makes the effective application of security controls and /or processes difficult.  Many customers lack experience in determining vulnerability levels, exposure, and possible impacts of threats to network and critical assets.  They also face difficulty in effectively distributing and enforcing appropriate policies and procedures.

This presentation will describe how an external Cybersecurity Services team can provide valuable assessment, implementation, maintenance, and education services for businesses focused on minimizing Operational Technology (OT) cybersecurity risks within their ICS environment.  It will also include an overview of how IT / OT environments are converging today, the challenges with managing that process and the sprawl of the Industrial IoT.  Finally, we’ll discuss some best practices that have been assembled from lessons learned in Building Automation Systems, Water / Wastewater, Refineries, and other critical infrastructure.

Sponsored by: Schneider Electric 


Speakers
avatar for Peter Clissold

Peter Clissold

Senior Cyber Security Consultant, Industry Business, Schneider Electric
For over 20 years Peter Clissold has been a leader in the industry with the adoption of new technologies and standards that improve efficiencies in control and driving access to information within the Industrial environment. Peter has been responsible for horizontal and vertical integration... Read More →



Thursday April 27, 2017 14:00 - 14:30
Moor Room 4th Floor

14:00

ICS Threatscape & KasperskyOS

This session will first cover the ICS threat landscape in the APAC region, using the very latest information from Kaspersky Lab ICS-CERT. The threat landscape includes regional statistics on ICS malware and incidents, with the intention to give a holistic overview not just in the region, but also in each specific countries. Kaspersky Lab ICS-CERT is a new, non-commercial community-based initiative with a mission is to provide free, timely information on the latest ICS threats, vulnerabilities, security incidents, mitigation strategies, incident response, compliance and investigations. It has a growing number of contributing members from ICS product vendors, government agencies, critical infrastructure operators, and other types of entities.

The next topic will focus on a new technology, KasperskyOS; a secure-by- design environment for the ever-growing and increasingly attacked embedded systems and IoT devices. Designed with specific industries in mind, KasperskyOS is aimed not only to solve security issues, but also addresses organizational and business challenges related to secure application development for embedded systems. And yes, KasperskyOS is non-Linux.

Sponsored by: Kaspersky Lab 


Speakers
avatar for Vikram Kalkat

Vikram Kalkat

Kaspersky Industrial Cyber Security Global Business Development, APAC Region, Kaspersky Lab
Vikram Kalkat joined Kaspersky Lab in 2017 to become the lead for KICS business development in the region. In this role, Vikram is responsible in increasing the cybersecurity company’s footprint in the entire APAC region for the KICS line of business. Vikram is also acting as Senior... Read More →


Thursday April 27, 2017 14:00 - 14:30
Morrison Room 4th Floor

14:30

ICS Life After Stuxnet

Stuxnet made headlines in the OT (Operational Technology) world back in 2010. It was a wake up call to those who never really thought ICS (Industrial Control Systems) could be hacked, let alone cause severe damage to a nuclear plant in Iran.

Today, SCADA/ICS engineers are now expected to design not only functional logic, safety logic but also system hardening for cybersecurity. Cybersecurity for ICS or OT poses different problems that are unlike that of Enterprise or IT Cybersecurity.  

While Enterprise security prioritizes data in the order of CIA (Confidentiality, Integrity, Availability), ICS demands the reverse, i.e. AIC. Why is availability so important to ICS? Well, think of how important is your heart pumping to blood to various organs including your brain. Stop for a few seconds and the consequences could be fatal.

Every piece of data is processed in real-time. These 'data' consist of both sensor data and commands to output elements such as actuators, valves, motors and pumps etc. 

That means latency is a key factor when intercepting such data to analyze becomes challenging. Typically it cannot afford to be delayed more than a few milliseconds. And even if suspicious data is detected, it cannot be filtered out as any false positives could have dire consequences. Nothing shapes human behaviour to ignore 'cry wolf' any more than false alarms. Even to the point of muzzling or by-passing the security mechanism. 

Another aspect of OT is in the area of Functional Safety whereby safety interlocks, Emergency Shutdown System (ESD or SIS) are designed with Safety PLC. Can hackers penetrate the SIS from Process Control System (PCS)? Can malware propagate from PCS to SIS? Can cybersecurity impact safety?

Given that OT is a different animal, are there any effective ways to protect ICS from Cyber attacks? Tune in to find out the current industrial practices and of the shape of things to come. 


Speakers
avatar for David Ong

David Ong

Founder, Excel Marco
Mr. David Ong has obtained his MBA from the University of Louisville in 2002 and a Certified Functional Safety Experts (CFSE). He is the founder for Excel Marco and Attila. Excel Marco is founded in early 2000. Excel Marco is a premier solutions provider for process automation and... Read More →


Thursday April 27, 2017 14:30 - 15:15
Moor Room 4th Floor

14:30

ICS Security Incidents Case Files & Incident Response

Verizon will detail real-world data breaches that its RISK team investigated which involve critical infrastructure and industrial (OT) network environments.

The names and some figures have been changed to protect the innocent! Two real-world scenarios drawing from real-world cybersecurity incident investigations from one of the world’s foremost investigative response teams.  Both scenarios are told from a different stakeholder bringing perspectives involving Legal Counsel, Human Resources, Corporate Communications and others to the breach response effort. Listen to how the different points-of-view cover critical decision pivot points and split-second actions.


Speakers
avatar for Ashish Thapar

Ashish Thapar

Managing Principal – Investigative Response, APJ, Verizon Enterprise Solutions
Ashish Thapar is the Managing Principal, Verizon RISK team for Asia Pacific and Japan region. In this role he is responsible for all customer-facing computer incident response, digital forensics, electronic discovery, and IT investigations. Prior to this role, Ashish was responsible... Read More →


Thursday April 27, 2017 14:30 - 15:15
Morrison Room 4th Floor

15:15

Break - Exhibits Open
Please visit our exhibitors and sponsors and enjoy refreshments and snacks in the Sponsor Hall.

Thursday April 27, 2017 15:15 - 15:30
TBA

15:30

A Maturity Model for ICS Cybersecurity

The ICS Cybersecurity Maturity Model reflects a layered approach to implementing an effective, defense-in-depth cybersecurity strategy. Maturity levels in this model represent a recommended sequence of cybersecurity objectives and an associated set of defensive actions.  Each maturity level adds an additional layer of cybersecurity protection and prepares the company for advance to the next level. The ICS cybersecurity maturity model helps companies take control of cybersecurity investments in a rational way that aligns specific security benefits with investments in technology and resources.

Developed by ARC, the maturity model is focused on helping managers who are not cybersecurity experts (e.g. plant managers) gain control of their cybersecurity strategies.  It provides a framework for structuring and evaluating the costs-benefits of cyber investment decisions, considering their risk appetites, financial resources, and cybersecurity capabilities.

Attendees will be provided with free access to the report 22-page Maturity Model for Industrial Cybersecurity Planning after the presentation.   


Speakers
avatar for Bob Gill

Bob Gill

General Manager, Southeast Asia, ARC Advisory Group
Bob is responsible for managing ARC's operations in Southeast Asia. He joined ARC Advisory Group after a decade-long career in industrial technology media, most recently as Editor-in-Chief at Singapore's Contineo Media, where he had editorial management responsibility for Control... Read More →


Thursday April 27, 2017 15:30 - 16:15
Moor Room 4th Floor

15:30

Never Underestimate the Laziness of Adversaries: Lessons from Real World Attacks

In the world of cyber security, it is easy to be distracted by the most scary, the most obscure and the most exotic. And while that is positively frightening and arguably very entertaining, it doesn't qualify as a very good way to approach securing the systems, processes and information that your business ultimately depends on. Lessons from real world attacks and attack assignments provide a much more realistic foundation that can inform your decisions.

In this talk, delegates will learn:

  • How adversaries would attack you given their objectives. That could well include RTUs with cellular components, microwave links or physical attacks. But in many cases, the answer is less scary, less obscure and less exotic than we have the tendency to believe. Think systems exposed directly to the internet, or viable pathways from L4 through L3.
  • How you would verify if the above holds true for your organisation as well.
  • How you can avoid common pitfalls in securing ISC/SCADA environments.
  • Best practices for securing ICS/SCADA environments with the above in mind. Should you consider L4 breached and if so, what does that really mean?

So yes, IT may be from Venus, and OT may be from Mars, but they don’t exist in isolation and an undue focus on this difference may lead you to focus on the wrong things or overlook the obvious.


Speakers
avatar for Erik de Jong

Erik de Jong

Chief Research Officer, Fox-IT
Erik de Jong Chief Research Officer at Fox-IT (part of NCC Group). Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises worldwide. Prior to... Read More →


Thursday April 27, 2017 15:30 - 16:15
Morrison Room 4th Floor

16:15

ICS Cyber Security Challenges of Mitigation Implementation

As industrial control systems advance to IoT, the risk of cyber-attacks is increasing more than ever before. However, industrial control systems have problems due to different characteristics/specification from information systems,

There is a reality that security measures cannot be implemented easily as information systems. This presentation will address 4 challenges (Awareness, Organization/Process, Knowledge, and Technology) and how to implement security measures.


Speakers
TO

Tadashi Onodera

Manager, Cyber Risk Services, Deloitte
Tadashi Onodera is IT related business specialist and booster of consulting projects. He has more than 14 years job history, now working for Deloitte Japan. Tadashi has worked as a consultant, project manager, system developper, researcher, and more. He is now leading ICS & IoT cyber... Read More →


Thursday April 27, 2017 16:15 - 17:00
Moor Room 4th Floor

16:15

ICS Security Journey
Speakers
avatar for Koh Wan Ching

Koh Wan Ching

System Engineer, Shell
System Engineer, Shell


Thursday April 27, 2017 16:15 - 17:00
Morrison Room 4th Floor