WORKSHOP
Incident Command System for Industrial Control Systems
Instructor
Brian Peterson, ICS4ICS Program Manager, ISA
Incident Command System for Industrial Control Systems (ICS4ICS) is designed to improve cybersecurity incident response efforts that impact the industry by combining three capabilities that already exist in most companies:
- 1. Incident Command System is a proven process for managing various types of incidents
- 2. Cybersecurity teams leverage Computer Incident Response processes to investigate cyber
- 3. Industrial Control System/Operational Technology experts manage the technical aspects of many types of incidents
This session will help participants learn how ICS4ICS is the emergency cyber response for workforce development.
KEYNOTE
Security by Design — A Communication Problem?
Sarah Fluchs, CTO, admeritia GmbH
For a long time, cybersecurity regulation has mainly addressed critical infrastructure operators. This year, the focus has shifted to product manufacturers with regulations like EU’s Cyber Resilience Act (CRA) the UK Product Security and Telecommunications Infrastructure Act (PSTI) or UNECE R155/156 for cars. In addition, national security authorities from dozens of countries, led by US CISA, are pushing security by design globally through joint recommendations, and many countries are introducing cybersecurity labels for IoT products.
If everybody wants Security by Design – then why is it still not done? Maybe it’s not the technology. Maybe not even the money. Maybe the problem we need to solve is a communication problem between product manufacturers and operators / users. Sarah substantiates this point by summarizing what the above regulations require from manufacturers and shows new approaches for communicating cybersecurity – during design as well as after design, between engineers as well as towards management and an interested public.
INTELLIGENCE EVOLUTION TRACK
Intro to Intelligence Evolution
Megan Samford, VP, Chief Security Officer, US National Security Agreements & US Federal Business, Schneider Electric
In this introduction to intelligence evolution, our expert presenter will provide an overview of the latest advancements in artificial intelligence, machine learning and data analytics while exploring how these technologies are transforming the way we understand and interact with the world around us.
IOT CYBERSECURITY TRACK
The Growing Cyber Threat and Need to Respond in the OT Space
Brian Holliday, Managing Director, Siemens, Co-Chair Made Smarter Commission, Made Smarter UK
In this introductory session, Brian Holliday will talk about his experience with Made Smarter UK and provide a comprehensive overview of the fundamentals of cybersecurity. Attendees will gain a solid understanding of the key concepts, strategies and best practices for protecting digital assets and mitigating risk in today's interconnected world. Don't miss this opportunity to lay the foundation for a stronger, more secure digital future!
TECH DEMO
See and Secure Every Device and Connection in the Industrial Environments
Sponsored by Armis
Nick Morgan, Solution Architect, Armis
A lot of challenges faced in today's Operational Technology (OT) environments stem from the ever-evolving attack surface. Given the growing reliance on interconnected assets and cloud services, operators in manufacturing and critical infrastructure processes are more vulnerable than ever to attack. This session will demonstrate how organizations can see, protect, and manage their OT infrastructure with Armix Centrix™, the cyber exposure management platform.
INTELLIGENCE EVOLUTION TRACK
Leveraging an Outcomes-based Approach with International Standards to Mitigate Cyber Risks
Mohammed Zumla, Managing Consultant, Cyber ICS
Operators of essential services, regulators, government, vendors and consultancies have been navigating their way through compliance. Although the spirit of NIS regulations is to uplift the overall level of cyber resilience for critical national infrastructure, the journey has been complex and often misunderstood by many. This presentation helps all those concerned to focus on this spirit and develop a staged approach to both satisfy compliance requirements and be resilient against the ever-evolving threats.
IOT CYBERSECURITY TRACK
Secure by Design
Rob Barnes, Security Systems Architect, Rolls-Royce SMR Ltd.
In this informative session, Rob Barnes will delve into the core principles of Secure by Design, a critical approach to developing secure software and systems from the ground up. Attendees will learn about best practices for incorporating security into the entire development lifecycle, from design and coding to deployment and maintenance. This talk is designed for anyone looking to enhance their understanding of how to build security into the foundation of digital products and services.
IOT CYBERSECURITY TRACK
Practical Experience with NIS2 Directive Implementation Leveraging ISA/IEC 62443
Ilja David, CEO & Security Manager and Architect, Iron OT
This presentation will explore practical insights from implementing the NIS2 Directive using mainly ISA/IEC 62443 in two large enterprises from the chemical & pharmaceutical industry and from healthcare. It will detail the identification of OT systems within the NIS2 scope, insight into the Czech transposition of NIS2, and steps taken to achieve compliance with NIS2, ISA/IEC 62443 and ISO 27001 together in these organizations. This session aims to equip attendees with actionable steps that might serve as a basis for their own implementations or inspire them on how to do it on their own.
IOT CYBERSECURITY TRACK
Impact of New Tech in Standards
Cindy Segond von Banchet, OT Cybersecurity Lead, Yokogawa Europe
Join us as we discuss the complex interplay between new technology standards in the rapidly evolving world of cybersecurity. Attendees will learn how emerging technologies, such as AI, IoT and cloud computing, are shaping the development and enforcement of security standards. The talk will explore the challenges and opportunities presented by this intersection, as well as the implications for the future of cybersecurity. This session is designed for anyone seeking to enhance their understanding of how new technologies are transforming the standards landscape and how to effectively navigate these changes to maintain a strong security posture.
INTELLIGENCE EVOLUTION TRACK
Fireside Chat: Understanding the Hardware Side of Supply Chain Risk and Protecting It
JC Herz, Senior Vice President, Cyber Supply Chain, Exiger
Cassie Crossley, Vice President, Supply Chain Security, Cybersecurity & Product Security, Governance, Schneider Electric
During this fireside chat, our speakers will explore the dynamic relationship between the hardware side of supply chain risk and how to protect it. Our panel of industry experts will discuss the unique challenges and opportunities, offering valuable insights on how to leverage intelligence to identify and mitigate risks in the hardware supply chain industry. Attendees will learn about the latest trends and best practices for securing their hardware infrastructure and gain practical advice on how to stay ahead of emerging threats.
INTELLIGENCE EVOLUTION TRACK
Supply Chain Intelligence Sharing
Chris Blask, Vice President of Strategy, Cybeats
The CISA SBOM sharing working group recently published a document defining three key roles in SBOM sharing: author, distributor and consumer. In this session, the group's co-chair will discuss the current and future state of supply chain intelligence networks, and provide actionable steps for attendees in any of these roles.
PANEL DISCUSSION
Linking Hardware and Software
Moderator: Steve Mustard, President & CEO, National Automation, Inc.
Megan Samford, VP, Chief Security Officer, US National Security Agreements & US Federal Business, Schneider Electric
Paul Hingley, Business Manager, Industrial Security and Safety Services, Siemens
Anna Burrell, Cyber Security for Industrials, OT SME, Director, Deloitte
Sarah Fluchs, CTO, admeritia GmbH
In this informative panel discussion, we will explore the critical link between hardware and software in securing our digital world. Listen as our panelists talk about the intersection of these two crucial components of cybersecurity, discussing the latest trends, challenges and opportunities in securing both hardware and software systems. Learn about the importance of implementing a holistic approach to cybersecurity, as well as practical strategies for enhancing the security of both hardware and software infrastructure.
INTELLIGENCE EVOLUTION TRACK
Securing Your Networks with the Addition of 5G Technology
Greig Paul, Research Engineer, Electronic and Electrical Engineering, University of Strathclyde
As technology continues to evolve, so do the threats to our network. The addition of 5G technology brings new challenges and opportunities for securing our networks. During this session, we will explore the latest developments in 5G technology and its impact on network security. Our expert speaker will discuss the intelligence evolution and how it affects the security of our networks. Attendees will gain insights into the best practices for securing 5G networks and learn about emerging threats and mitigation strategies.
IOT CYBERSECURITY TRACK
Ensuring IIoT Device Security Through Certification and the ISA Secure Standard
Patrick O'Brien, Cybersecurity Team Leader, exida
As the Industrial Internet of Things (IIoT) continues to expand, ensuring the security of connected devices has become a critical concern for organizations. This technical presentation will delve into the importance of IIoT device certification and the role of the ISA Secure standard in addressing these challenges.
TECH DEMO
Assessment and Certification Strategy for OT-security
Sponsored by UL Solutions
Alexander Koehler, Principal Security Advisor, UL Solutions
Learn how to comply with a multitude of regulations and standards globally, in an efficient and sustainable way.
TECH DEMO
Mitigating Risks in Operational Technology: Best Practices and Innovations
Sponsored by Claroty
David Van Crout, Senior Director, Europe, Claroty
Many organizations are struggling to move forward with their risk management program. This session delves deeper into how companies are moving to a pragmatic approach and how this has helped them to adopt frameworks such as NIST, 62443, OG86, CAF, and more. Learn practical examples of how other organizations have leveraged the data found through exposure management and how you can leverage this as part of an overall OT Cyber management system.
INTELLIGENCE EVOLUTION TRACK
Brave New World: How Do We Start the Quantum Migration?
Andersen Cheng, Founder, Post-Quantum
When the Quantum Computing Cybersecurity Preparedness Act became law in the United States in December 2022, quantum migration became a reality. Adoption began with U.S. federal agencies and was closely followed by other nation states. Critical nation infrastructures and highly-automated sectors have been identified as particularly vulnerable, and action needs to be taken now.
IOT CYBERSECURITY TRACK
Cybersecurity in Action: Real-World Applications of ISA/IEC 62443 in Energy Storage Systems
SZ Lin, Chief Cybersecurity Expert, Bureau Veritas
This presentation explores the integration of cybersecurity measures in energy storage systems (ESS), a vital aspect in the increasingly interconnected and digitalized energy sector. It focuses on the practical application of the ISA/IEC 62443 standard, an essential framework for industrial cybersecurity, especially within the context of ESS. The session highlights common challenges faced by organizations in the energy sector during the implementation of these standards and pinpoints crucial areas requiring attention for a robust cybersecurity posture.
KEYNOTE
The Intersection of Sustainability and Cybersecurity
Simon Hodgkinson, Former CISO, BP
As the world becomes increasingly digitized, the importance of cybersecurity is greater than ever. At the same time, the growing awareness of the environmental impact of technology has made sustainability a crucial consideration. In this keynote, we will explore the intersection of these two critical issues and discuss how organizations can balance security and sustainability in their digital strategies.
Attendees will gain a deeper understanding of the relationship between cybersecurity and sustainability and learn practical strategies for building a secure and environmentally responsible digital future.
INTELLIGENCE EVOLUTION TRACK
Cybersecurity and Sustainability: Partners to Drive Growth and Governance
Prabhu Soundarrajan, President, ISA
Cybersecurity and sustainability are two sides of the same coin, working together to drive business growth and corporate governance alike. Both cybersecurity and sustainability are driven by regulatory, reporting and standards frameworks that help shareholders, the general public and regulatory bodies to develop trust and understand how an enterprise operates. This presentation will cover how cybersecurity, sustainability and automation act in partnership to accelerate growth and safety.
IOT CYBERSECURITY TRACK
Clean Energy Cybersecurity
Emma Stewart, Chief Power Grid Scientist & Research Strategist, Idaho National Laboratory
As the world transitions to clean energy sources, the cybersecurity of these systems becomes increasingly critical. This session will explore the unique challenges and opportunities of securing clean energy infrastructure, from solar panels to electric vehicle charging stations.
Attendees will learn about the latest cybersecurity threats and trends in the clean energy sector, as well as strategies for protecting against them.
TECH DEMO
Simplifying Deployment by Preparing in Advance
Sponsored by Dragos
Neil Brown, Senior Solutions Architect, Dragos
Need to monitor your OT networks, but worried about how long it will take and paranoid about breaking something? Like anything, good planning and preparation can help smooth the journey. Here, we will talk about some steps you can take to plan how you will implement a monitoring solution, gaining quality visibility without causing any unwanted impact.
TECH DEMO
Enabling Secure and Simple Privileged Remote Access to OT
Sponsored by Cyolo
Ian Cuthbertson, Sales Engineer, Cyolo
In this session, you will learn how Cyolo can enable simple to use and secure remote access for your OT environment such as providing a reduced attack surface, greater visibility and control and practical controls like segmentation, encryption, identity, and privilege management. As a highly flexible solution for on premises, hybrid and cloud connect environments, you will understand how Cyolo can meet the demands of all enterprises, replacing insecure and complex to manage VPN connectivity
INTELLIGENCE EVOLUTION TRACK
Critical Infrastructure and Threat Intelligence
Carolyn Swinney, Executive Fellow, University of Essex
Critical infrastructure, such as energy, transportation, and communications systems, are essential for the functioning of our society. However, these systems are also vulnerable to cyber-attacks, which can have severe consequences. In this session, we will discuss the importance of threat intelligence in protecting critical infrastructure and share strategies for identifying and mitigating emerging threats.
IOT CYBERSECURITY TRACK
Navigating the Complexities of Maritime Cybersecurity: Challenges, Controls and Collaboration
Christopher Stein, Lead Engineer, Maritime Cybersecurity, Royal Caribbean Group
The maritime industry is rapidly digitizing, making cybersecurity a critical concern. Join us as we explore the unique challenges of cybersecurity in maritime environments, including the need to balance safety and security and the challenges of applying traditional Industrial Control Systems (ICS) security measures. Learn about the key cybersecurity controls for the maritime industry — such as asset management, multi-factor authentication and risk assessment – and come to understand the importance of collaboration between maritime stakeholders, including shipowners, equipment manufacturers and cybersecurity experts, to develop effective cybersecurity strategies and mitigate risks. Drawing on real-world examples from companies like Royal Caribbean, Christopher Stein will provide insights into how the maritime industry can navigate the complexities of cybersecurity and ensure the safety and security of its operations.
IoT CYBERSECURITY TRACK
Exploring the Security Impacts of GenAI in IT and OT
Dr. Andrew Rogoyski, Director of Innovation, Surrey Institute for People-Centered AI
Generative AI (GenAI) has emerged as a transformative technology with numerous applications across industries. While GenAI presents exciting opportunities for innovation, it also introduces new security challenges in both Information Technology (IT) and Operational Technology (OT) environments. This technical presentation will explore the security impacts of Generative AI in IT and OT.
IOT CYBERSECURITY TRACK
ISA Cybersecurity Programs and Initiatives
Andre Ristaino, Managing Director, Global Consortia, Conformity Assessment, ISA
Join us for an overview of ISA cybersecurity programs and initiatives, including our industry-leading consortia. In this session, we will delve into the details of the ISA/IEC 62443 Cybersecurity Certificate Program, which provides training and knowledge-based recognition in industrial cybersecurity based on the world's only consensus-based series of standards.
IOT CYBERSECURITY TRACK
Where Conflict and Adversaries Collide Within the Cyber Supply Chain
JC Herz, Senior Vice President, Cyber Supply Chain, Exiger
Geopolitical conflict and the geopolitical fault lines in critical industries have made cybersecurity into a higher-dimension intelligence problem: product vulnerabilities, exploitability and targeting are more effectively prioritized and managed with an overlay of supplier risks that are not present or detectable with code scans. These risks can be detected and managed by combining operational transparency with geopolitical risk data metrics on devices, software and upstream service providers and software suppliers. Attendees will walk away with:
- An overview of the intersection of cybersecurity and intelligence
- Positioning of the supply chain challenges relating to threats not simply found through tools
- Non-obvious threats in the software and firmware ecosystem
- How these threats can be detected and managed through a comprehensive program that can be tailored to your risk appetite and regulatory obligations
INTELLIGENCE EVOLUTION TRACK
Defining an Incidence Response Plan on a National Level
Ivan Monforte Fugarolas, Head of Communication, Ecosystem and Cybersecurity Culture, Cybersecurity Agency of Catalonia
As cyber threats continue to evolve and become more sophisticated, having a robust incident response plan is essential for minimizing damage and ensuring a quick recovery. This session will explore the challenges and best practices for defining and implementing an incident response plan on a national level in Spain, with a focus on coordination between government agencies, critical infrastructure operators and other stakeholders.
PANEL DISCUSSION
Evolving Threat Landscape
Moderator: Scott Reynolds, Security Engineering Manager - ITD, Johns Manville
JC Herz, Senior Vice President, Cyber Supply Chain, Exiger
Jack Duffield, Royal Air Force
Johnny Awad, Cyber Leader for Energy and Renewables, Strategy & Transformation, Deloitte
Phil Tonkin, Field Chief Technology Officer, Dragos
This panel discussion will bring together experts in the field of threat intelligence to share their experiences, strategies, and best practices. Our panelists will discuss the current state of threat intelligence, including the latest trends, challenges, and opportunities. Attendees will learn about cyber threat intelligence, addressing and identifying the threats, and emerging risk.
TECH DEMO
Evidencing Zones and Conduits
Sponsored by Fortinet
Stefan Liversidge, OT SE & Subject Matter Expert, Fortinet
Ben White, UKI OT Business Development Manager, Fortinet
Fortinet will present an application of ISA/IEC 62443 Zones and Conduits in the context of simple PID loop environment in Operational Technology. The Demo will show how FortiGate and FortiSwitch can perform Segmentation and Protocol Inspection. We will summarize this demo by then showing Foundational Requirements alignment.
WORKSHOP
Standards Workshop: Empowering Global Automation with ISA's International Standards Program
Charley Robinson, Senior Director, ISA Standards
ISA’s international standards play a vital role in promoting safety, cybersecurity, and efficiency across global industry. This workshop will provide an overview of ISA’s international standards program and its relationship to and collaboration with the International Electrotechnical Commission (IEC). A panel of experts representing standards stakeholders will then answer questions from the audience.
View by Topic
View by Track
View by Day
Leadership Workshop: Valued at Work
Lauren Neal , Project Manager , BP, UK
Topic(s): Leadership Career Skills
Type(s): Threat Intelligence - Track 1 Securing the Supply Chain - Track 2
How do you create a workplace culture to get the job done quickly and make your team feel valued at work? In this workshop, we’ll identify barriers, break down strategies for creating an inclusive workplace culture, give tips on recognizing and leveraging unique skills, discuss methods to empower and upskill future leaders and talk about how to foster a culture of recognition. Lauren Neal will lead the group into the above topics, which are key pieces to her best-selling book.
This session will help attendees network and learn from each other in breakout sessions while showcasing the tools for a productive and empowered workforce.
Lauren, a strong advocate for gender equity and career advancement in STEM fields, is the founder and chief program creator at Valued at Work. This consultancy focuses on fostering workplace cultures in traditionally male-dominated sectors, creating an environment no one wants to leave. Lauren is a certified ICAgile team facilitator and coach, specializing in improving team dynamics.
After earning her master's degree in electronic and electrical engineering, Lauren has worked as an engineer and project manager in the energy sector since 2005, contributing to multimillion- dollar global projects both offshore and onshore.
Chartered through the Institution of Engineering and Technology (IET) and the Association of Project Management (APM), Lauren is a highly sought-after speaker, writer, and consultant. She advocates for career advancement within STEM fields and promotes inclusive workplace cultures that extend beyond demographic boundaries.
Released in October 2023, Lauren’s book – “Valued at Work: Shining a Light on Bias to Engage, Enable, and Retain Women in STEM,” has become an Amazon #1 best-seller and was selected as a finalist for the 2024 Business Book Awards.
*International Consortia for Agile
Keynote: Protecting Capital Assets with a Robust Cybersecurity Plan
Lauren Neal , Project Manager , BP, UK
Topic(s): Cybersecurity Threat Intelligence Risk Management OT Security Incident Response Securing the Supply Chain
Type(s): Securing the Supply Chain - Track 2 Threat Intelligence - Track 1
In this session, Lauren will explore practical strategies to protect capital assets in the energy sector from cyberattacks, with a focus on preventing disruptions to energy supply.
Using real-world examples, including the Colonial Pipeline attack, she will discuss key threats facing the sector, such as ransomware, phishing and insider risks. Participants will learn how to:
- Develop a defense-in-depth cybersecurity strategy tailored to the energy sector.
- Implement practical measures such as employee training, network segmentation and incident response planning.
- Evaluate vulnerabilities and take immediate action to enhance security.
Lauren, a strong advocate for gender equity and career advancement in STEM fields, is the founder and chief program creator at Valued at Work. This consultancy focuses on fostering workplace cultures in traditionally male-dominated sectors, creating an environment no one wants to leave. Lauren is a certified ICAgile team facilitator and coach, specializing in improving team dynamics.
After earning her master's degree in electronic and electrical engineering, Lauren has worked as an engineer and project manager in the energy sector since 2005, contributing to multimillion- dollar global projects both offshore and onshore.
Chartered through the Institution of Engineering and Technology (IET) and the Association of Project Management (APM), Lauren is a highly sought-after speaker, writer, and consultant. She advocates for career advancement within STEM fields and promotes inclusive workplace cultures that extend beyond demographic boundaries.
Released in October 2023, Lauren’s book – “Valued at Work: Shining a Light on Bias to Engage, Enable, and Retain Women in STEM,” has become an Amazon #1 best-seller and was selected as a finalist for the 2024 Business Book Awards.
*International Consortia for Agile
Protecting National Cyber Infrastructure During the FIFA World Cup
Ashraf Aboukass , Cybersecurity Executive , Middle East
Topic(s): Threat Intelligence OT Security Cybersecurity
Type(s): Threat Intelligence - Track 1
With over 20 years of work experience in network, information and cybersecurity, Ashraf is a passionate and skilled leader in the field of cybersecurity operations. As the Head of Cybersecurity Operations at an energy company in the Middle East. He oversees the design, implementation and management of cybersecurity strategy, framework and policies. He leads a team of cybersecurity professionals who protect the company's assets, data and systems from cyber threats and incidents and ensures compliance with global standards and regulations.
Prior to joining the energy industry, Ashraf was the Global Head of Security Architecture, Operations and Engineering at Schroders, a leading asset management firm, where he developed and executed security architecture, operations and engineering strategies across the organization and managed multiple security projects and initiatives. He has a Master of Science degree in Software and Systems Security from the University of Oxford and holds several professional certifications, including MCP, CCNA and CCSA. He has also worked as a security consultant, architect and manager for various companies and sectors, such as BAE Systems, Transport for London, Meridian Capital and Network Rail. Ashraf has extensive experience and knowledge in various domains and technologies related to cybersecurity, such as network security, cloud security, endpoint security, threat intelligence, vulnerability management, incident response and security governance.
Addressing Supply Chain Issues with ISA/IEC 62443
Alfredo Santos , Principal Product Strategist , Senhasegura
Topic(s): Securing the Supply Chain ISA/IEC 62443 Standards and Regulations Secure by Design OT Security Cybersecurity
Type(s): Securing the Supply Chain - Track 2
Supply chain security challenges are increasingly critical as global supply chains grow more complex and interconnected. In this presentation, Alfred will review the challenges that can disrupt operations, compromise product integrity and cause financial losses. He will cover the key security challenges, which include:
- Cybersecurity threats: With the digitization of supply chains, cybersecurity has become a major concern. Cyberattacks on IT systems can disrupt operations, steal sensitive data and/or inject malware. The interconnected nature of supply chains means that a breach in one organization can affect the entire network.
- Physical security: Goods must be protected physically during transit. Theft, piracy and tampering are persistent risks, especially with high-value or sensitive goods. Inadequate security at warehouses, ports and transport hubs can lead to significant losses.
- Supplier risk: Supply chains often involve multiple tiers of suppliers. A lack of visibility into lower-tier suppliers can lead to risks such as poor security practices, non-compliance with regulations or sourcing from conflict regions. This can compromise the integrity of the entire supply chain.
- Regulatory compliance: Adherence to international trade regulations, including customs, environmental standards and labor laws, is complex. Non-compliance can lead to fines, delays and reputational damage. Ensuring compliance across all regions and suppliers is a significant challenge.
Alfredo is a leader in the Brazilian identity and access management (IAM) community, a professor on the subject at FIA Business School (Brazilian University), an author of IAM/Identity Governance and Administration (IAG) books and the organizer of the IAM Tech Day event.
He has 25 years of experience in IAM, having worked for important companies and projects, some of them on a global scale. Currently, he leads global IAM projects that impact corporate groups in the Americas, Asia and Europe.
Mind Games in ICS: Turning PLCs into Honeypots with SDN
Dr. Sam Maesschalck , Lead OT Cybersecurity Engineer , Immersive Labs
Topic(s): Threat Intelligence Industrial Control Systems (ICS) Incident Response OT Security Cybersecurity
Type(s): Threat Intelligence - Track 1
Traditional honeypots, designed to attract adversaries and gather intelligence, are increasingly evaded by skilled attackers using anti-honeypot techniques. In this presentation, Sam will discuss an innovative obfuscation strategy that configures real programmable logic controllers (PLCs) to appear as honeypots, tricking adversaries into believing they are interacting with genuine systems when, in fact, they are decoys.
This proposed obfuscation strategy goes beyond traditional defenses by actively misleading attackers while simultaneously gathering valuable threat intelligence. This dual-purpose approach enhances system resilience and equips organizations with detailed intelligence to counter emerging threats.
By utilizing software-defined networking (SDN), the system dynamically reroutes and monitors traffic without disrupting the PLC's operation while maintaining operational integrity. It is designed for seamless integration with security operations centers (SOCs) and existing defensive measures, complementing tools like intrusion detection systems (IDS).
Through a combination of theoretical modeling and practical evaluation, this strategy effectively deceives attackers while enriching the threat intelligence ecosystem. The results underscore the potential of using obfuscation as a proactive mechanism to deter adversaries, capture critical intelligence and redefine the role of honeypots in critical industrial environments.
Sam is a cybersecurity expert and educator specializing in critical infrastructure protection, focusing on industrial control systems (ICS) and space systems. As a Lead Cyber Security Engineer for Operational Technology at Immersive Labs, he is dedicated to developing innovative training solutions that empower organizations to bolster the security of their OT environments. By leveraging his expertise, he aims to enhance organizational cyber resilience and improve collaboration between OT and IT teams, ensuring critical infrastructure remains secure against evolving cyber threats. As part of his professional role, Sam actively contributes to research in cybersecurity for critical infrastructure.
Previously, Sam was a Senior Security Engineer at Nexova Group, leading the Cyber Awareness and Training initiative for the European Space Agency's Cybersecurity Centre of Excellence (SCCoE). He holds a PhD in computer science from Lancaster University, where his research focused on ICS security, honeypots, and defense-in-depth strategies. During his doctoral studies, he also served as a senior teaching associate, delivering modules on penetration testing, computer networking and software development while mentoring students at various levels.
Sam is a published author in journals such as the International Journal of Critical Infrastructure Protection and Computers & Security and a frequent speaker at conferences. His professional credentials include CISSP certification and participation in key cybersecurity communities, including the UK ICS Community of Interest and the Chartered Institute of Information Security.
With his expertise and passion for cybersecurity, Sam aims to bridge the gap between academic research and practical application within the critical infrastructure sector.
Encrypted Communications? Is it a Good Idea?
Edorta Echave , Head of Industrial Cybersecurity , ARANIA Goup
Topic(s): OT Security Risk Management Incident Response Risk Assessment Cybersecurity Securing the Supply Chain
Type(s): Securing the Supply Chain - Track 2
Encryption is a measure to warrant the confidentiality of communications between devices, software, or systems. This prevents somebody or something from getting access to the information sent. For example, reading and writing digital or analog variables, stopping PLC CPU commands, memory resets, and so on. This can be done inside the OT environments at asset owners’ facilities or in relationships with third parties under supply chain schemes that require an exchange of online data.
This presentation will mention the main protocols that support native encryption features, the pros and cons of use, the integration of defense-in-depth strategy and security network architectures. Finally, Edorta will propose not to encrypt communications, although it may be wrong or common sense says, to improve cybersecurity postures while keeping in mind aspects such as Deep Packet Inspection, Network Monitoring, and SoC integration.
.jpg?width=417&height=417&name=Edorta%20Echave%20(1).jpg)
Edorta is an expert in industrial cybersecurity with more than 15 years of experience, having participated in projects in sectors such as automotive, machine tools, and the manufacturing industry within different specialized companies in the sector. He is currently Head of Industrial Cybersecurity at ARANIA Group, a leading company in steel transformation. He is a member of the Industrial Cybersecurity Center, lecturer at the University of Mondragon and author of training activities in Industrial Cybersecurity.
Best Practices for Unified Security Management System Including Both OT and IT Security
Sam Van Hauwaert , Principal OT GRC Consultant , SecureICS
Jelle Verbeek , Co-Founder , Defend OT
Topic(s): NIS2 ISA/IEC 62443 Standards and Regulations OT Security Cybersecurity Securing the Supply Chain Leadership
Type(s): Securing the Supply Chain - Track 2
The cybersecurity standard, ISA/IEC 62443-2-1, Security for industrial automation and control systems, Part 2-1: Security program requirements for IACS asset owners, has been updated to incorporate a maturity model and a revised structure for the security program elements. This update highlights the need for better integration with information security management systems (ISMS).
In this workshop, Jelle and Sam will discuss best practices for creating a unified ISMS that encompasses both operational technology (OT) and information technology (IT) security.
Sam is a seasoned CISO for critical entities in gas, water, electricity, nuclear, waste management and manufacturing. He specializes in aligning IT and OT management systems, risk management and security architecture.
Jelle Verbeeck brings over 20 years of expertise in cybersecurity, specializing in the integration of Information Security Management Systems (ISMS) and Industrial Cybersecurity frameworks such as ISA/IEC 62443. As Co-Founder of Defend-OT and the developer of Securium OT and IT, an ISMS application designed for on-premise use, Jelle combines technical innovation with practical solutions to address complex cybersecurity challenges. He is also an active member of the ISA Belgium chapter, where he contributes to advancing industrial cybersecurity standards and practices.
Jelle has worked extensively with organizations across various industries to strengthen their security postures and is a passionate advocate for collaborative approaches like tabletop exercises. He is also an insightful thought leader on the opportunities and risks associated with Artificial Intelligence.
At this event, Jelle will share his insights on the recent updates to ISA/IEC 62443-2-1, focusing on the integration of OT and IT security within a unified ISMS. Leveraging his practical experience and expertise, Jelle will guide attendees through best practices for building a robust security program tailored to IACS asset owners.
Applying ISA/IEC 62443-4-1 and 62443-4-2 for Industrial Resilience
Brett Seals , Senior Architect, Industrial Cybersecurity , 1898 & Co.
Pascal Ackermann , Senior Global OT/ICS Threat Protection and Response Engineer , 1898 & Co.
Topic(s): ISA/IEC 62443 Cybersecurity OT Security Standards and Regulations Securing the Supply Chain Industrial Control Systems (ICS) Secure by Design
Type(s): Securing the Supply Chain - Track 2
In today’s interconnected industrial landscape, securing the supply chain is a critical priority for ensuring the integrity, availability, and safety of operational technology (OT) environments. With adversaries exploiting vulnerabilities in third-party software, hardware components and development processes, organizations must adopt a comprehensive approach to supply chain security that addresses product development practices and the security of deployed components.
This presentation will explore how the principles of ISA/IEC 62443-4-1 (Secure Product Development Lifecycle Requirements) and ISA/IEC 62443-4-2 (Technical Security Requirements for IACS Components) can be leveraged to mitigate supply chain risks in industrial environments.
Attendees will gain insights into:
- Implementing secure-by-design practices across the supply chain to reduce vulnerabilities during product development.
- Establishing technical security requirements for IACS components to ensure they meet robust cybersecurity standards before deployment.
- Enhancing trust and verification processes through supplier assessments and secure communication protocols.
Through case studies and actionable recommendations, this session will demonstrate how aligning supply chain security efforts with ISA/IEC 62443-4-1 and ISA/IEC 62443-4-2 can strengthen organizational resilience, improve regulatory compliance and protect critical operations from emerging threats. By integrating these frameworks, organizations can create a secure supply chain foundation that safeguards their industrial environments against evolving cyber risks.
.jpg?width=417&height=417&name=Brett%20Seals%20(1).jpg)
After ten years in the United States Navy, planning, executing and supporting strategic and tactical operations for Navy Expeditionary and U.S. Cyber Command Tier 1 critical assets. Now, Brett builds, leads, and performs defensive and offensive cybersecurity services for 1898 & Co. and their clients.
.jpg?width=417&height=417&name=Pascal%20Ackerman%20(1).jpg)
Pascal is a seasoned industrial security professional with a degree in electrical engineering and with 25+ years of experience in industrial network design and support, information and network security, risk assessments, pen-testing, threat hunting and forensics. He is the author of the book “Industrial Cybersecurity: Efficiently Monitor the Cybersecurity Posture of Your ICS Environment” Industrial Cybersecurity | Security | Print and has appeared on numerous OT/ICS security-related podcasts and webinars.
After more than two decades of hands-on, in-the-field, and consulting experience, he joined 1898 & Co. in 2024 and is currently employed as a senior global Threat Detection and Response Engineer. His passion lies in analyzing new and existing threats to ICS environments, and he fights cyber adversaries both from his home base and while traveling the world with his family as a digital nomad.
Fundamentals of Wi-Fi Security
Lennart Koopmann , Founder , nzyme, LLC
Topic(s): OT Security Cybersecurity
Type(s): Threat Intelligence - Track 1
Wireless networks are everywhere, and organizations are increasingly reliant on them for both information technology (IT) and operational technology (OT) environments. In this technical session, Lennart will discuss the fundamentals of Wi-Fi security, highlight common vulnerabilities, explain how attackers exploit these weaknesses and outline effective methods for detecting malicious activity.
He will present various real-world attack scenarios, with a particular focus on management frames, which are often overlooked but represent a critical attack surface. Additionally, he will introduce novel detection techniques that do not require specialized radio frequency (RF) analysis devices or extensive wireless expertise.
Drawing from his personal experiences developing the free and open-source, nzyme Network Defense System—some of which have been integrated into the MITRE ATT&CK framework—Lennart aims to provide attendees with practical insights for identifying and mitigating threats in modern Wi-Fi environments.
Key Takeaways:
- Overview of Wi-Fi management frames and their security implications
- Common vulnerabilities and attack vectors in Wi-Fi networks and devices
- Real-world examples of Wi-Fi exploits and how they are carried out
- Detection strategies that do not require specialized hardware or advanced RF knowledge
Lennart is the creator of the nzyme Network Defense System, a free and open solution that empowers organizations to protect their networks from close-proximity attacks. Prior to nzyme, Lennart founded the Graylog project in 2010 and led the development of its commercial counterpart in 2013.
Improve Cybersecurity Through Collaboration - The Belgian Approach
Phédra Clouner , Deputy Director General , Centre for Cybersecurity Belgium
Topic(s): Standards and Regulations Cybersecurity Threat Intelligence Incident Response NIS2
Type(s): Threat Intelligence - Track 1
Since the inception of the Center for Cybersecurity Belgium, the national cybersecurity agency, just under 10 years ago, we've seen a marked increase in the level of cybersecurity in Belgium. Isn't our ambition to make Belgium one of the least cyber-vulnerable countries in Europe?
In this session, we'll explain how a small country like Belgium approaches cybersecurity. We’ll describe some of our most significant achievements for our different target audiences while also highlighting that cybersecurity is everybody's business and that without strong collaboration, both nationally and
internationally, we can't fulfill our ambition.
.jpg?width=417&height=417&name=Phedra%20Clouner%202%20(1).jpg)
After obtaining master's degrees in Ancient History and Information and Communication Technology at the ULB, Phédra began her career as an IT project manager at the Belgian Ministry of Finance. Specializing in ECM, she became head of information management, business intelligence, and web content management at the Ministry of Justice. At the same time, she became president of document@work, the Belgian-Luxembourg association for enterprise content management, and founded and managed the Belgian branch of FEDISA International. In 2014, she became CISO for the Ministry of Justice and continues to evolve in this field. She has been Deputy Director General of the Belgian national cybersecurity agency (CCB), since its creation a little over 10 years ago. She is vice-chair of the Belgian cybersecurity coalition. She is a founding member of the Women4Cyber initiative, a co-founder of the Belgian chapter of Women4Cyber and a member of the board.
Panel Discussion: Securing Operations and Building Resilience in Critical Infrastructure
Frank Van Caenegem , Vice President Cybersecurity & CISO EMEA , Schneider Electric
Anna Damon , Program VP, Installed Base Security , Schneider Electric
Moderator: Chris McLaughlin , Chief Information Security Officer , Johns Manville
Topic(s): Risk Assessment Risk Management Standards and Regulations ISA/IEC 62443 OT Security Cybersecurity
Type(s): Threat Intelligence - Track 1 Securing the Supply Chain - Track 2
The connectivity of systems and products has created an intertwined ecosystem involving various stakeholders, including product suppliers, asset operators, asset owners and system integrators.
This panel will explore the important transition from being "secure by design" to becoming "secure by operations" in order to enhance cybersecurity resilience in critical infrastructure. We will also discuss how this concept aligns with the ISA/IEC 62443 standard.
The audience will gain valuable insights from a diverse group of participants, including product manufacturers, a government authority, an end user, a system integrator a service provider, ensuring a well-rounded perspective.
Frank is the vice president of cybersecurity and the chief information security officer (CISO) of Europe, the Middle East and Africa (EMEA) at Schneider Electric. He joined the company in May 2023, bringing over 25 years of experience from the insurance industry across Europe, Asia, and South America.
Before his role at Schneider Electric, Frank served as the group CISO for CNP Assurances, an insurance company that is part of the French Group La Caisse des Dépôts. Additionally, he is a board member of CESIN (the French CISO forum) and serves on the board of the cybersecurity firm YesWeHack.
.jpg?width=417&height=417&name=Anna%20Damon%20(1).jpg)
Anna is an experienced leader in business organizations and processes transformation, optimization and efficiency, supporting business growth. Currently, she is in charge of global special transformation projects. She was previously leading the global sales process and CRM business improvement for the 15,000 sales users worldwide, working in a matrix, international and complex environment covering all business models in more than 40 countries, and the broader commercial processes transformations to support in particular, the digitization of sales practices.
She has also been in charge of business development for a 2b€ solutions business and has strong expertise in quality management (from product delivery to customer satisfaction).
Anna has a thorough international remote management experience and is passionate about building efficient and motivated teams, developing people and achieving visible and measurable results while continuously challenging and improving the efficiency of organizations to achieve company growth and profitability targets.
Chris McLaughlin is the chief information security officer (CISO) at Johns Manville, a subsidiary of Berkshire Hathaway. He is also the former president of InfraGard. Active in the industrial security industry, he serves as the vice chair of the International Society for Automation Global Cybersecurity Alliance (ISAGCA).
Panel Discussion: Facing International Regulatory Issues
SZ Lin (林上智) , Co-Founder, Sun Square , President, ISA Taiwan Section
Topic(s): Standards and Regulations Policy and Legislation
Type(s): Securing the Supply Chain - Track 2
ISASecure ISA/IEC 62443 Industrial Automation Control System Security Assurance Program (ACSSA)
Steve Mustard , President , Au2mate
Topic(s): ISA/IEC 62443 Standards and Regulations OT Security Cybersecurity Incident Response Risk Assessment Threat Intelligence
Type(s): Securing the Supply Chain - Track 2
Steve Mustard, PE, CAP, GICSP, CMCP, has over 35 years of experience in the automation industry. He has developed embedded software and hardware for military applications and created products for industrial automation and control systems. Currently, much of his work focuses on assessing the cybersecurity readiness of organizations in critical infrastructure.
In addition to being the former 2021 ISA President, Mustard holds multiple certifications and professional engineering licenses. These include being a licensed Professional Engineer (PE), an ISA Certified Automation Professional (CAP), a UK-registered Chartered Engineer (CEng), a Fellow of the Institution of Engineering & Technology, a European-registered Engineer (EUR Ing), a Global Industrial Cyber Security Professional (GICSP), and a Certified Mission Critical Professional (CMCP).
Seven Steps to a Sustainable OT Program
Chris McLaughlin , Chief Information Security Officer , Johns Manville
Topic(s): OT Security Cybersecurity ISA/IEC 62443 Industrial Control Systems (ICS) Threat Intelligence Leadership
Type(s): Threat Intelligence - Track 1
Many OT security programs fail to sustain their progress because they lack a strong foundation. This presentation will focus on seven steps owners and operators should take to ensure that their programs achieve engagement from their organizations.
- Admit that you have a problem
- Hire an OT expert
- Understand the critical business and OT processes
- Map your OT environment
- Add value
- Make it real
- Implement a governance program
Chris McLaughlin is the chief information security officer (CISO) at Johns Manville, a subsidiary of Berkshire Hathaway. He is also the former president of InfraGard. Active in the industrial security industry, he serves as the vice chair of the International Society for Automation Global Cybersecurity Alliance (ISAGCA).
EU Cyber Resilience Act (CRA) - Challenges for a Secure Product Development Lifecycle
Dr. Lukasz Kister , Product Cyber Security Expert , European Commission CRA Expert Group
Topic(s): Standards and Regulations OT Security Securing the Supply Chain
Type(s): Securing the Supply Chain - Track 2
The new European Union (EU) regulation on product security has officially come into effect. To continue supplying products with digital elements to the EU market, product suppliers must ensure that the processes of designing, manufacturing and supporting these products comply with cybersecurity requirements.
Many public comments have primarily focused on technical requirements, while the Cyber Resilience Act (CRA) takes a comprehensive approach to the entire product lifecycle, addressing aspects such as:
- Risk assessment
- Vulnerability management
- Technical documentation
- Information and instructions to the end user
- End-user security support
This presentation highlights the key challenges posed by the EU CRA, referencing the results of the ISA/IEC JT-62443-4-1 EU CRA Working Subgroup, as well as the European Commission's planned implementation legislation and guidance. The focus is particularly on the impact of industrial automation products.
.jpg?width=417&height=417&name=Lukasz%20kister%20(1).jpg)
Lukasz is a seasoned practitioner with 25 years of experience in security. Throughout his career, he has held various roles, including manager, strategic advisor, lead auditor, and trainer. He served as an expert for the European Commission on Product Cybersecurity within the Cyber Resilience Act (CRA) Expert Group.
Lukasz earned a Ph.D. in security management from the Faculty of Special Engineering at the University of Zilina in Slovakia and an Executive MBA from the French Institute of Management and Warsaw University of Business in Poland.
Currently, he is the global product cybersecurity expert at Woodward, Inc., the world's oldest designer, manufacturer and supplier of power conversion and control solutions. Woodward serves multiple industrial sectors, including oil and gas, energy and marine.
As a Certified Industrial Cybersecurity Incident Commander, Lukasz is globally recognized as one of the top ten incident commanders according to the US Federal Emergency Management Agency’s (FEMA) National Incident Management System (NIMS) model. He also holds a certification as an aviation cybersecurity expert from Embry-Riddle Aeronautical University in the US and has completed the industrial cybersecurity certification track at the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
Additionally, Lukasz is an active member of several prestigious professional organizations, including the International Society of Automation (ISA) Industrial Cybersecurity Standardization Committee (ISA99), the Incident Command System for Industrial Control Systems (ICS4ICS) project at the ISA Global Cybersecurity Alliance (ISAGCA), and the Industrial Cybersecurity and Cyber-Informed Engineering (CIE) Communities of Practice at the Idaho National Laboratory (INL). He also participates in the Aviation Cybersecurity Community at the European Aviation Safety Agency (EASA).
On a personal note, Lukasz cherishes his time with his wife and daughters and has a deep affection for the Polish Bison Region.
Understanding Incident Command System for Industrial Control Systems (ICS4ICS)
Brian Peterson , ICS4ICS Program Manager , ISA
Topic(s): Industrial Control Systems (ICS) Incident Response Cybersecurity
Type(s): Securing the Supply Chain - Track 2 Threat Intelligence - Track 1
ICS4ICS combines OT/ICS, incident command, and cybersecurity work into one framework to improve cyber incident response capabilities at companies and organizations. ICS4ICS leverages external resources including FEMA (Federal Emergency Management Admin) Incident Command System, DHS (Department of Homeland Security) CISA cyber incident response materials, and the NIST (National Institute for Science and Technology) Computer Incident Response Guide. ICS4ICS uniquely separates technical cyber incident response work from incident management and administrative activities so the right people are working on the right tasks.
The ICS4ICS Program provides guides for each role to help people understand their role(s). Templates enable companies to quickly deploy processes for ransomware, government reporting, IT/OT tasks, and other activities that support ICS4ICS and cyber incident response. These guides describe how to host an ICS4ICS exercise, deploy an ICS4ICS program and leadership engagement. The ICS4ICS program has over 1,500 participants from 93 countries.
ICS4ICS materials can be used for internal use for free by asset owners. We want to get your feedback on how ISA can work with external consultants to support asset owner needs for services that support their deployment of ICS4ICS.
Brian is an information risk consultant currently serving as the program manager for the Incident Command System for Industrial Control Systems (ICS4ICS) at the International Society of Automation Global Security Alliance (ISAGCA). In addition to this role, he works with other companies as a program and project manager while also conducting research.
With over 30 years of experience as a program and project manager, Brian has spent three decades in cybersecurity, focusing on IT systems, applications and SCADA/DCS systems utilized in sectors such as oil and gas, manufacturing and other industries.
For the past 25 years, Brian has specialized in developing cybersecurity programs, incident response and management capabilities and various processes related to information security, industrial control system (ICS) security and other risk management initiatives.
Keynote: Proven Resilience: Trusting in OT's Own Path to Cybersecurity
John Fitzpatrick , Founder , Lab539
Topic(s): Cybersecurity OT Security Risk Management Securing the Supply Chain Threat Intelligence
Type(s): Threat Intelligence - Track 1 Securing the Supply Chain - Track 2
As the interconnectivity between operational technology (OT) and information technology (IT) environments increases, OT networks are facing greater scrutiny regarding cybersecurity. While it's essential to address these concerns, we must consider whether we should adopt the same security measures used in IT networks, which are currently experiencing record-breaking rates of cyber incidents. Are we truly ready to define success as shutting down our facilities weekly to apply patches, or is there a more effective way to move forward?
In this keynote, we will share firsthand lessons learned from defending critical infrastructure, such as fuel terminals and other essential systems, against cyber threats. We will discuss how zero-day vulnerabilities can be leveraged to your advantage, explain why patching may not always be the solution, and explore security testing within operational technology (OT) networks.
We will also examine why “insecure” systems often pose minimal risk in OT contexts and how enhancing detection capabilities can ensure resilience. By relying on OT’s established strategies, we can effectively protect critical infrastructure from modern threats while maintaining the core principles that define OT security.
John has dedicated many years to leading some of the world's most formidable offensive and defensive cyber teams. While he is currently focused on securing downstream oil infrastructure, his career spans critical industries from finance to defense.
With a passion for uncovering vulnerabilities in supercomputers, John is drawn to exploring emerging and unconventional technologies and continually seeks to evolve cybersecurity practices.
In his free time, he tracks adversaries to disrupt their operations, focusing on Adversary-in-The-Middle (AiTM) attacks.
Beyond Game Over: Levelling Up Operational Technology Penetration Testing
Ric Derbyshire , Senior Security Researcher , Orange Cyberdefense
Topic(s): Threat Intelligence OT Security Cybersecurity Industrial Control Systems (ICS)
Type(s): Threat Intelligence - Track 1
Operational technology (OT) connects the physical and cyber realms in critical sectors. As a result, it is understandable that asset owners seek assurance regarding their OT security. A typical method for ensuring IT security is penetration testing, which aims to replicate the tactics, techniques and procedures (TTPs) used by real adversaries. However, like many OT security measures, penetration testing cannot be directly applied from IT to OT.
A recent study involving practitioners and procurers of operational technology (OT) services highlighted the current methods used for OT penetration testing. We will outline these approaches, identify the challenges associated with penetration testing in an OT environment, and discuss common flaws in existing methods, especially when compared to modern OT attacks.
A significant limitation in OT penetration testing is the failure to replicate real OT attacks, particularly the crucial tactic of process comprehension. Many OT penetration tests conclude once they reach the OT system, declaring "game over," without recognizing that understanding the processes involved is essential for effective testing. In this discussion, we will illustrate how the real challenge is just beginning. We'll show that common perceptions of complex OT attacks are often exaggerated and that a comprehensive understanding of processes is necessary for these attacks to become a reality.
We will show how process comprehension can be safely integrated into current operational technology (OT) penetration testing practices. We will explain when it should be applied during an engagement and address common concerns that asset owners may have regarding its use. Finally, we will highlight the value that process comprehension brings by demonstrating that it not only enhances understanding of vulnerabilities within processes but also clarifies potential threat scenarios and their impacts.
Ric is a principal security researcher at Orange Cyberdefense, an honorary researcher at Imperial College London and a fellow at the Research Institute in Trustworthy Inter-connected Cyber-physical Systems (RITICS). He holds a Ph.D. in computer science from Lancaster University. His research takes a pragmatic and practical approach to both offensive and defensive aspects of cybersecurity, focusing on operational technology, critical national infrastructure, novel attack techniques and quantitative risk assessment.
Improving Cybersecurity Posture with New Regulations and Conformity Assessments
Scott Reynolds , President , ISA
Topic(s): OT Security Cybersecurity ISA/IEC 62443 Secure by Design Securing the Supply Chain Standards and Regulations Risk Management
Type(s): Securing the Supply Chain - Track 2
As technology evolves, manufacturers can leverage new tools to reduce costs while improving accuracy, visibility and customer satisfaction. Emerging technologies such as the Internet of Things (IoT) and artificial intelligence (AI) can increase manufacturers' efficiencies. At the same time, this increase in technology may create openings for cyberattacks on the supply chain and critical infrastructure.
In this session, 2025 ISA President Scott Reynolds will discuss the steps to help ensure your cybersecurity posture.
Scott Reynolds is the industrial security manager at Johns Manville, bringing over 15 years of experience in industrial engineering. He is also an active participant in the OT/IT community.
For over 10 years, Scott has been involved with the International Society of Automation (ISA), where he has held various leadership positions, including his current role as the 2025 ISA President.
Scott holds a degree in electrical engineering technology from the University of Maine and an MBA from the University of South Dakota.
Fences Don't Stop Radio Waves: Analyzing & Breaking TETRA for OT
Jos Wetzels , Founding Partner , Midnight Blue
Topic(s): OT Security Threat Intelligence Cybersecurity Secure by Design Industrial Control Systems (ICS)
Type(s): Threat Intelligence - Track 1
This session will provide an overview of vulnerabilities identified in the TETRA: BURST system related to the TETRA-trunked radio standard and the implications for operational technologies (OT). TETRA is a radio communication standard used globally by law enforcement and critical infrastructure for voice communications in locations such as harbors and airports. Additionally, it plays a role in supervisory control and data acquisition (SCADA) for telecontrol tasks in sectors such as oil rigs, pipelines, transportation and utilities for electricity and water.
The TETRA: BURST vulnerabilities uncovered by Midnight Blue stem from the first public examination of the standard's proprietary cryptography. This analysis revealed both passive and active attack scenarios that could allow for interception, manipulation and injection of network traffic. This poses significant concerns for TETRA users in critical infrastructure. In these cases, radio-based SCADA wide area networks (WANs), which utilize protocols such as IEC-101/104, DNP3 or Modbus, typically span large geographic areas. Consequently, an attacker equipped with software-defined radio (SDR) could potentially infiltrate the TETRA network from outside the physical perimeter of a substation or facility, gaining direct access to the operational technology (OT) network.
This session will discuss several relevant attack scenarios on TETRA SCADA networks and the corresponding hardening and mitigation advice. It will also briefly cover recent evolutions of the standard, the state of TETRA equipment security posture and security parallels with other radio standards used in OT WAN networks.
Jos, a co-founding partner at Midnight Blue, has provided consulting services to government agencies, grid operators and Fortune 500 companies around the world. He played a key role in the first-ever public analysis of the TETRA radio standard, which is used by police and critical infrastructure globally, revealing several critical vulnerabilities.
His research involved reverse engineering, vulnerability research and exploit development across various domains, such as industrial systems, automotive technologies, IoT, networking equipment and deeply embedded systems on chips (SoCs). He discovered zero-day vulnerabilities across tech stacks, including bootloaders, real-time operating systems (RTOS) and proprietary protocol implementations.
Before founding Midnight Blue, Jos worked as a security researcher and reverse engineer at Forescout, where he developed advanced intrusion detection capabilities for operational technology (OT) environments. He is also an accomplished conference speaker, having presented at notable events such as Black Hat, DEF CON, Chaos Communication Congress (CCC), Usenix, Hack In The Box (HITB), OffensiveCon, ReCon, EkoParty and many others.
Offensive Security - How To Use it for More Value and to Build Maturity
Lars Erik Smevold , Architect R&D IT and ICS , Statkraft
Topic(s): OT Security Cybersecurity Threat Intelligence Industrial Control Systems (ICS) Risk Assessment Securing the Supply Chain
Type(s): Threat Intelligence - Track 1
During this session, you will get insight from an upskilling project that includes our vendors of offensive security and our internal employees, from IT, OT, procurement and the business. A practical approach to enhance our vendors' knowledge, challenge their limits, and build our internal competence in various areas. We will also share some of our findings from the project so far.
Lars Erik is a security and process control architect with more than 27 years of experience in Industrial Control Systems (ICS), telecommunications and security – critical infrastructure. He had worked as an automation technician at Norsk Hydro when it was a conglomerate, worked at utility companies, built a security operation center in ICS for small and medium enterprises and worked to build up the Norwegian Energy Sector and Control System CERT(KraftCERT) that is now in Statkraft, a global energy production. He has also been involved in R&D projects over the years.
PAEMD: An MAIT Security Demonstrator for Manufacturing
Peter Hagstrom , Security Engineering & Products Manager , Nexova Group
Topic(s): Securing the Supply Chain OT Security Cybersecurity Aerospace Industrial Control Systems (ICS)
Type(s): Securing the Supply Chain - Track 2
The increasing threat of cyberattacks on the exchange and management of manufacturing data within the supply chain necessitates innovative solutions to protect critical processes.
In this presentation, Peter will introduce a cybersecurity demonstrator designed to simulate cyber threats and enhance security strategies throughout the interconnected stages of the manufacturing, assembly, integration and testing (MAIT) supply chain. With its modular architecture and user-centric design, the demonstrator is valuable for both technical cybersecurity specialists and strategic decision-makers.
Through a real-world case study, Peter will showcase the demonstrator's capability to identify vulnerabilities in product lifecycle management (PLM) data and the additive manufacturing slicing process—two key touchpoints in modern supply chains.
This demonstration will reveal risks that could jeopardize mission-critical components. The demonstrator emphasizes breaches in data confidentiality and integrity, providing actionable insights to mitigate these risks and strengthen resilience throughout the supply chain. By combining simulation capabilities with practical application, this tool aims to ensure reliability, safety and security throughout the manufacturing lifecycle.
Peter is an experienced software engineer and portfolio manager with over 15 years of expertise in cybersecurity and software system design. He currently manages research and development projects in cybersecurity across all critical sectors. Peter specializes in creating robust and secure solutions to address evolving security challenges. With a strong background in software architecture, development and leadership, he has contributed to critical infrastructure projects and has successfully led cross-functional teams to deliver cutting-edge solutions.
Study on High Impact Scenarios with ESCIM
Maite Carli García , Communication Manager & General European Coordinator , Industrial Cybersecurity Center
Topic(s): Securing the Supply Chain OT Security Cybersecurity
Type(s): Securing the Supply Chain - Track 2
2024 has been a year of significant regulatory changes within the European Union (EU), especially in light of the increasing number of cyber-attacks targeting industrial infrastructures. It is crucial not only to learn how to report high-impact incidents in compliance with the new regulations but also to extract valuable lessons from these events. We no longer need to wait for incidents to occur to learn from them. It is now possible to simulate high-impact scenarios and share knowledge with peers.
In this session, Maite, the communications manager for the Industrial Cybersecurity Center (CCI), an independent nonprofit organization, will share the findings from a study conducted in 2024 and 2025. This study focuses on high-impact scenarios across specific sectors and offers best practices for reporting these incidents using the ESCIM platform.
The CCI ESCIM platform was developed to assist organizations in characterizing high-impact scenarios in industrial systems. It provides the opportunity to conduct cyber exercises, review cybersecurity controls and anticipate potential incidents. It also enables users to study various types of incidents that could affect a sector and its automated processes. Additionally, it offers insights into key aspects of incident management, including preparation, identification, containment and recovery, following the NIST framework. The platform can be utilized to develop both real and fictitious case scenarios for training purposes or self-study.
Maite is the communication manager and general European coordinator at the Industrial Cybersecurity Center. After completing several advanced courses and earning her master's degree, she settled in the United Kingdom and has spent the last nine years developing her professional career.
Maite specializes in network and communications administration, industrial critical infrastructures, Industry 4.0 and data analysis technologies within both the healthcare and industrial cybersecurity sectors. She has been invited to speak at and moderate multiple international events.
Threats in Supply Chain
Dr. Marina Krotofil , Senior Cyber Security Advisor, Critical Infrastructure Protection , Information Systems Security Partners (ISSP)
Topic(s): Threat Intelligence Cybersecurity Securing the Supply Chain
Type(s): Securing the Supply Chain - Track 2
.jpg?width=417&height=417&name=Marina%20Krotofil%20(1).jpg)
Marina Krotofil is a cybersecurity professional with over a decade of hands-on experience in securing industrial control systems (ICS) and the Industrial Internet of Things (IIoT). Her expertise has been applied across various industry sectors such as chemical/petrochemical, utilities (water, power), manufacturing, logistics (transportation, storage, and distribution), military infrastructure, building automation and smart infrastructures.
Marina has extensive knowledge in conducting tailored audits for operational technology (OT) environments, including safety systems and supply chains. She has successfully designed and implemented OT demilitarized zones (DMZ) and OT networks in different environments (hardware, virtualized and cloud), ensuring secure integration of IIoT/IoT applications with OT environments using Industry 4.0/5.0 architectures.
Marina’s experience also includes designing and implementing OT information security management systems (ISMS) and specializing in incident response, threat intelligence, information technology (IT)/OT/ICS security and offensive security operations.Unveiling the Persistent Risk of the Internet of Medical Things
Daniel dos Santos , Senior Director, Security Research , Forescout Technologies, Inc.
Topic(s): Cybersecurity Threat Intelligence Securing the Supply Chain
Type(s): Threat Intelligence - Track 1
Healthcare delivery organizations (HDOs) such as hospitals are often targeted by ransomware and other cyber threats. HDOs depend on connected medical devices, such as the Internet of Medical Things (IoMT), to deliver patient care. These devices often have legacy security, run for decades and are not easy to patch, making them ideal targets. While most attackers are after patient data and financial gain, the possibility of taking more life-threatening action and causing harm does exist. Even when IoMT devices are not targeted directly, spillover effects can be life-threatening, like delayed surgeries and slower or stalled patient care.
Daniel will discuss the research on IoMT security performed over the past five years in this presentation. It includes vulnerabilities found on medical devices and their supply chains (e.g., software components and remote management solutions), risks observed on real HDO networks, devices exposed online and attacks observed on dedicated honeypots.
.jpg?width=417&height=417&name=Daniel%20Dos%20Santos%20(1).jpg)
Daniel is the head of research at Forescout, where he leads a team of researchers that identify new vulnerabilities and monitor active threats against managed and unmanaged devices. Prior to his role at Forescout, he served as a postdoctoral researcher at the University of Eindhoven, specializing in intrusion detection techniques for operational technology (OT) and critical infrastructure.
Daniel holds a Ph.D. in computer science and has published over 35 peer-reviewed papers on cybersecurity. He is a named inventor on 9 patents and has discovered or reported hundreds of Common Vulnerabilities and Exposures (CVEs). Additionally, he is a frequent speaker at security conferences.
Panel Discussion: IT/OT Convergence
Moderator: Scott Reynolds , President , ISA
Ric Derbyshire , Senior Security Researcher , Orange Cyberdefense
Jos Wetzels , Founding Partner , Midnight Blue
Dr. Marina Krotofil , Senior Cyber Security Advisor, Critical Infrastructure Protection , Information Systems Security Partners (ISSP)
Topic(s): OT Security Cybersecurity Securing the Supply Chain Threat Intelligence Secure by Design
Type(s): Securing the Supply Chain - Track 2 Threat Intelligence - Track 1
The convergence of information technology (IT) and operational technology (OT) presents both opportunities and challenges. Our expert panelists will explore the key aspects of IT/OT convergence, discussing its implications for efficiency, security and productivity in manufacturing environments.
Topics covered will include:
- The role of Industry 4.0 and the Industrial Internet of Things (IIoT) play in driving IT/OT convergence.
- Strategies for bridging the gap between IT and OT teams to foster collaboration and data-driven decision-making.
- A discussion of real-world examples of successful IT/OT convergence in industrial settings.
- The potential of emerging technologies, such as AI and edge computing, to further advance the convergence of IT and OT systems.
Scott Reynolds is the industrial security manager at Johns Manville, bringing over 15 years of experience in industrial engineering. He is also an active participant in the OT/IT community.
For over 10 years, Scott has been involved with the International Society of Automation (ISA), where he has held various leadership positions, including his current role as the 2025 ISA President.
Scott holds a degree in electrical engineering technology from the University of Maine and an MBA from the University of South Dakota.
Ric is a principal security researcher at Orange Cyberdefense, an honorary researcher at Imperial College London and a fellow at the Research Institute in Trustworthy Inter-connected Cyber-physical Systems (RITICS). He holds a Ph.D. in computer science from Lancaster University. His research takes a pragmatic and practical approach to both offensive and defensive aspects of cybersecurity, focusing on operational technology, critical national infrastructure, novel attack techniques and quantitative risk assessment.
Jos, a co-founding partner at Midnight Blue, has provided consulting services to government agencies, grid operators and Fortune 500 companies around the world. He played a key role in the first-ever public analysis of the TETRA radio standard, which is used by police and critical infrastructure globally, revealing several critical vulnerabilities.
His research involved reverse engineering, vulnerability research and exploit development across various domains, such as industrial systems, automotive technologies, IoT, networking equipment and deeply embedded systems on chips (SoCs). He discovered zero-day vulnerabilities across tech stacks, including bootloaders, real-time operating systems (RTOS) and proprietary protocol implementations.
Before founding Midnight Blue, Jos worked as a security researcher and reverse engineer at Forescout, where he developed advanced intrusion detection capabilities for operational technology (OT) environments. He is also an accomplished conference speaker, having presented at notable events such as Black Hat, DEF CON, Chaos Communication Congress (CCC), Usenix, Hack In The Box (HITB), OffensiveCon, ReCon, EkoParty and many others.
Marina Krotofil is a cybersecurity professional with over a decade of hands-on experience in securing industrial control systems (ICS) and the Industrial Internet of Things (IIoT). Her expertise has been applied across various industry sectors such as chemical/petrochemical, utilities (water, power), manufacturing, logistics (transportation, storage, and distribution), military infrastructure, building automation and smart infrastructures.
Marina has extensive knowledge in conducting tailored audits for operational technology (OT) environments, including safety systems and supply chains. She has successfully designed and implemented OT demilitarized zones (DMZ) and OT networks in different environments (hardware, virtualized and cloud), ensuring secure integration of IIoT/IoT applications with OT environments using Industry 4.0/5.0 architectures.
Marina’s experience also includes designing and implementing OT information security management systems (ISMS) and specializing in incident response, threat intelligence, information technology (IT)/OT/ICS security and offensive security operations.Panel Discussion: Navigating Legal and Regulatory Cybersecurity Requirements with Standards – NIS2, Radio Equipment Directive, Machinery Act, CRA, etc.
Moderator: Scott Reynolds , President , ISA
Dr. Lukasz Kister , Product Cyber Security Expert , European Commission CRA Expert Group
Eloise Ryon , Senior Manager, Europe Digital Policy , Schneider Electric
Steve Ferguson , Senior Director of Advocacy , ISA
Topic(s): ISA/IEC 62443 NIS2 CRA OT Security Standards and Regulations Cybersecurity
Type(s): Securing the Supply Chain - Track 2 Threat Intelligence - Track 1
In today's rapidly evolving digital landscape, staying up-to-date with legal and regulatory cybersecurity requirements has become a critical aspect of doing business.
This expert panel will explore the role of standards like ISA/IEC 62443 and best practices in streamlining compliance efforts. The discussion will include a focus on key regulations such as NIS2, the Radio Equipment Directive, the Machinery Act and the Cybersecurity Act (CRA).
Scott Reynolds is the industrial security manager at Johns Manville, bringing over 15 years of experience in industrial engineering. He is also an active participant in the OT/IT community.
For over 10 years, Scott has been involved with the International Society of Automation (ISA), where he has held various leadership positions, including his current role as the 2025 ISA President.
Scott holds a degree in electrical engineering technology from the University of Maine and an MBA from the University of South Dakota.
Lukasz is a seasoned practitioner with 25 years of experience in security. Throughout his career, he has held various roles, including manager, strategic advisor, lead auditor, and trainer. He served as an expert for the European Commission on Product Cybersecurity within the Cyber Resilience Act (CRA) Expert Group.
Lukasz earned a Ph.D. in security management from the Faculty of Special Engineering at the University of Zilina in Slovakia and an Executive MBA from the French Institute of Management and Warsaw University of Business in Poland.
Currently, he is the global product cybersecurity expert at Woodward, Inc., the world's oldest designer, manufacturer and supplier of power conversion and control solutions. Woodward serves multiple industrial sectors, including oil and gas, energy and marine.
As a Certified Industrial Cybersecurity Incident Commander, Lukasz is globally recognized as one of the top ten incident commanders according to the US Federal Emergency Management Agency’s (FEMA) National Incident Management System (NIMS) model. He also holds a certification as an aviation cybersecurity expert from Embry-Riddle Aeronautical University in the US and has completed the industrial cybersecurity certification track at the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
Additionally, Lukasz is an active member of several prestigious professional organizations, including the International Society of Automation (ISA) Industrial Cybersecurity Standardization Committee (ISA99), the Incident Command System for Industrial Control Systems (ICS4ICS) project at the ISA Global Cybersecurity Alliance (ISAGCA), and the Industrial Cybersecurity and Cyber-Informed Engineering (CIE) Communities of Practice at the Idaho National Laboratory (INL). He also participates in the Aviation Cybersecurity Community at the European Aviation Safety Agency (EASA).
On a personal note, Lukasz cherishes his time with his wife and daughters and has a deep affection for the Polish Bison Region.
.jpg?width=417&height=417&name=Eloise%20Ryon%20(1).jpg)
Eloïse is Schneider Electric's senior manager of Europe Digital Policy. She chairs the cybersecurity task force at Orgalim and co-chairs the International Society of Automation Global Security Alliance (ISAGCA) Europe working group. Her primary areas of expertise include cybersecurity, artificial intelligence and data protection.
.jpg?width=417&height=417&name=Steve%20Ferguson%20(1).jpg)
Steve is the senior director for advocacy at the International Society of Automation (ISA). Throughout his career, he has focused on industry standards, regulations, model building codes and promoting the development of these standards through research.
Prior to his role at ISA, Steve served as the director of research at the American Society of Mechanical Engineers and as the senior manager of standards at the American Society of Heating, Refrigerating and Air-Conditioning Engineers.
Steve has extensive experience in automation, heating, ventilation, air conditioning (HVAC), energy efficiency, sustainability, renewable energy, energy policy, robotics, pressure technology and bioengineering. He attended undergraduate and graduate school at Vanderbilt University where he earned his bachelor’s degree in mechanical engineering. While in graduate school, he developed fault detection software for Robonaut at NASA's Johnson Space Center.