Monday, 17 June

17 June
08:00
Savoy Place
Flowers Room

Onsite/In-person delivery.

(Separate Registration Fees Apply)

WORKSHOP

Incident Command System for Industrial Control Systems

Incident Command System for Industrial Control Systems (ICS4ICS) is designed to improve cybersecurity incident response efforts that impact the industry by combining three capabilities that already exist in most companies:

  1. 1. Incident Command System is a proven process for managing various types of incidents
  2. 2. Cybersecurity teams leverage Computer Incident Response processes to investigate cyber
  3. 3. Industrial Control System/Operational Technology experts manage the technical aspects of many types of incidents

This session will help participants learn how ICS4ICS is the emergency cyber response for workforce development.

17 June
13:00
Strand Palace
Exeter Suite

WORKSHOP

Volunteer Workshop

This custom-designed workshop crafts plans for mission-focused, vibrant and successful sections and divisions. Current and aspiring volunteers will leave this workshop with a plan, with energy, with knowledge and with an expanded network of other volunteers who believe in and want to shape ISA’s future.

Separate registration is required. Click here to register.

17 June
17:00
Strand Palace
Haxell's Private Dining Room

RECEPTION

Young Professionals Reception

Tuesday, 18 June

08:00
Savoy Place
Maxwell Library

BREAK

Morning Tea

08:30
Savoy Place
Kelvin Theatre

KEYNOTE

Security by Design — A Communication Problem?

Sarah-FluchsSarah Fluchs, CTO, admeritia GmbH

For a long time, cybersecurity regulation has mainly addressed critical infrastructure operators. This year, the focus has shifted to product manufacturers with regulations like EU’s Cyber Resilience Act (CRA) the UK Product Security and Telecommunications Infrastructure Act (PSTI) or UNECE R155/156 for cars. In addition, national security authorities from dozens of countries, led by US CISA, are pushing security by design globally through joint recommendations, and many countries are introducing cybersecurity labels for IoT products.

If everybody wants Security by Design – then why is it still not done? Maybe it’s not the technology. Maybe not even the money. Maybe the problem we need to solve is a communication problem between product manufacturers and operators / users. Sarah substantiates this point by summarizing what the above regulations require from manufacturers and shows new approaches for communicating cybersecurity – during design as well as after design, between engineers as well as towards management and an interested public.

09:30
Savoy Place
Kelvin Theatre

INTELLIGENCE EVOLUTION TRACK

Intro to Intelligence Evolution

Megan SamfordMegan Samford, VP, Chief Product Security Officer - Energy Management, Schneider Electric

In this introduction to intelligence evolution, our expert presenter will provide an overview of the latest advancements in artificial intelligence, machine learning and data analytics while exploring how these technologies are transforming the way we understand and interact with the world around us.

09:30
Savoy Place
Turing Theatre

IOT CYBERSECURITY TRACK

Intro to Cybersecurity

Brian-Holliday Brian Holliday, Managing Director, Siemens, Co-Chair Made Smarter Commission, Made Smarter UK

In this introductory session, Brian Holliday will talk about his experience with Made Smarter UK and provide a comprehensive overview of the fundamentals of cybersecurity. Attendees will gain a solid understanding of the key concepts, strategies and best practices for protecting digital assets and mitigating risk in today's interconnected world. Don't miss this opportunity to lay the foundation for a stronger, more secure digital future!

10:15
Savoy Place
Kelvin Theatre

BREAK

Cyber Pavilion Tech Demo: Sponsored by UL Solutions

Join us for a presentation by UL Solutions.

10:45
Savoy Place
Flowers Room

20-minute duration

Onsite/In-person delivery 

(Separate Registration Fees Apply)

SPECIAL EVENT

Cyber Escape Room

Join us in our immersive OT cyber escape room. Using the latest shared immersive technology, we have created a realistic OT environment in a virtual space.

Imagine you are on an offshore oil and gas floating production unit. In the control room, a ransomware message pops up on a control system console. Now your marine team has no visibility or control over the mooring and buoyancy systems. Your team has 15 minutes to solve the challenges our AI engine presents before the facility experiences a loss of stability and capsizes. Can you succeed before the clock runs out? Who will complete the challenge, and who will be the fastest to reach the goal?

Neon-Escape-Room-Graphic-ISA-OTCS

10:45
Savoy Place
Kelvin Theatre

INTELLIGENCE EVOLUTION TRACK

Leveraging an Outcomes-based Approach with International Standards to Mitigate Cyber Risks

Mohammed-Zumla Mohammed Zumla, Managing Consultant, Cyber ICS

Operators of essential services, regulators, government, vendors and consultancies have been navigating their way through compliance. Although the spirit of NIS regulations is to uplift the overall level of cyber resilience for critical national infrastructure, the journey has been complex and often misunderstood by many. This presentation helps all those concerned to focus on this spirit and develop a staged approach to both satisfy compliance requirements and be resilient against the ever-evolving threats.

10:45
Savoy Place
Turing Theatre

IOT CYBERSECURITY TRACK

Secure by Design

Rob-BarnesRob Barnes, Cyber Security Technical Expert, Rolls-Royce Civil Nuclear UK

In this informative session, Rob Barnes will delve into the core principles of Secure by Design, a critical approach to developing secure software and systems from the ground up. Attendees will learn about best practices for incorporating security into the entire development lifecycle, from design and coding to deployment and maintenance. This talk is designed for anyone looking to enhance their understanding of how to build security into the foundation of digital products and services.

11:15
Savoy Place
Maxwell Library

BREAK

Lunch Break I

11:30
Savoy Place
Turing Theatre

IOT CYBERSECURITY TRACK

ENISA Horizontal Policy

Join us for an engaging discussion about the important role of ENISA Horizontal Policy in shaping the cybersecurity landscape in the European Union. Attendees will gain valuable insights into ENISA's work in strengthening cybersecurity across the EU. Don't miss this opportunity to learn more about this essential policy.

12:00
Savoy Place
Turing Theatre

IOT CYBERSECURITY TRACK

Impact of New Tech in Standards

Cindy Segond von BanchetCindy Segond von Banchet, OT Cybersecurity Lead, Yokogawa Europe

Join us as we discuss the complex interplay between new technology standards in the rapidly evolving world of cybersecurity. Attendees will learn how emerging technologies, such as AI, IoT and cloud computing, are shaping the development and enforcement of security standards. The talk will explore the challenges and opportunities presented by this intersection, as well as the implications for the future of cybersecurity. This session is designed for anyone seeking to enhance their understanding of how new technologies are transforming the standards landscape and how to effectively navigate these changes to maintain a strong security posture.

12:15
Savoy Place
Kelvin Theatre

INTELLIGENCE EVOLUTION TRACK

Fireside Chat: Understanding the Hardware Side of Supply Chain Risk and Protecting It

JC Herz-1JC Herz, Senior Vice President, Cyber Supply Chain, Exiger

 

 

Cassie-Crossley-Cassie Crossley, Vice President, Supply Chain Security Security, Schneider Electric

During this fireside chat, our speakers will explore the dynamic relationship between the hardware side of supply chain risk and how to protect it. Our panel of industry experts will discuss the unique challenges and opportunities, offering valuable insights on how to leverage intelligence to identify and mitigate risks in the hardware supply chain industry. Attendees will learn about the latest trends and best practices for securing their hardware infrastructure and gain practical advice on how to stay ahead of emerging threats.

12:30
Savoy Place
Maxwell Library

BREAK

Lunch Break II

12:45
Savoy Place
Kelvin Theatre

INTELLIGENCE EVOLUTION TRACK

Supply Chain Intelligence Sharing

Chris-Blask Chris Blask, Vice President of Strategy, Cybeats

The CISA SBOM sharing working group recently published a document defining three key roles in SBOM sharing: author, distributor and consumer. In this session, the group's co-chair will discuss the current and future state of supply chain intelligence networks, and provide actionable steps for attendees in any of these roles.

13:30
Savoy Place
Kelvin Theatre

PANEL DISCUSSION

Linking Hardware and Software

Rob-BarnesRob Barnes, Cyber Security Technical Expert, Rolls-Royce Civil Nuclear UK

 

 

Megan SamfordMegan Samford, VP, Chief Product Security Officer - Energy Management, Schneider Electric

 

 

Paul HingleyPaul Hingley, Business Manager, Industrial Security and Safety Services, Siemens

In this informative panel discussion, we will explore the critical link between hardware and software in securing our digital world. Listen as our panelists talk about the intersection of these two crucial components of cybersecurity, discussing the latest trends, challenges and opportunities in securing both hardware and software systems. Learn about the importance of implementing a holistic approach to cybersecurity, as well as practical strategies for enhancing the security of both hardware and software infrastructure.

14:30
Savoy Place
Kelvin Theatre

INTELLIGENCE EVOLUTION TRACK

Securing Your Networks with the Addition of 5G Technology

Greig Paul, Research Engineer, Electronic and Electrical Engineering, University of Strathclyde

As technology continues to evolve, so do the threats to our network. The addition of 5G technology brings new challenges and opportunities for securing our networks. During this session, we will explore the latest developments in 5G technology and its impact on network security. Our expert speaker will discuss the intelligence evolution and how it affects the security of our networks. Attendees will gain insights into the best practices for securing 5G networks and learn about the emerging threats and mitigation strategies.

14:30
Savoy Place
Turing Theatre

IOT CYBERSECURITY TRACK

Ensuring IIoT Device Security Through Certification and the ISA Secure Standard

Patrick OBrienPatrick O'Brien, Cybersecurity Team Leader, exida

As the Industrial Internet of Things (IIoT) continues to expand, ensuring the security of connected devices has become a critical concern for organizations. This technical presentation will delve into the importance of IIoT device certification and the role of the ISA Secure standard in addressing these challenges.

15:00
Savoy Place
Maxwell Library

BREAK

Afternoon Tea Break

15:15
Savoy Place
Kelvin Theatre

BREAK

Cyber Pavilion Tech Demo: Sponsored by Armis

Join us for a presentation by Armis.

15:45
Savoy Place
Kelvin Theatre

INTELLIGENCE EVOLUTION TRACK

Post Quantum Computing

Andersen Cheng, Founder, Post-Quantum

Is quantum computing the new Y2K? Our presenter will talk about Crypto BoMs, the importance of a quantum plan, challenges and opportunities and the new face quantum computing leaves us with. 

15:45
Savoy Place
Turing Theatre

IOT CYBERSECURITY TRACK

Cybersecurity in Action: Real-World Applications of ISA/IEC 62443 in Energy Storage Systems

SZ-Lin SZ Lin, Embedded Linux Developer, Debian

This presentation explores the integration of cybersecurity measures in energy storage systems (ESS), a vital aspect in the increasingly interconnected and digitalized energy sector. It focuses on the practical application of the ISA/IEC 62443 standard, an essential framework for industrial cybersecurity, especially within the context of ESS. The session highlights common challenges faced by organizations in the energy sector during the implementation of these standards and pinpoints crucial areas requiring attention for a robust cybersecurity posture.

17:00
Savoy Place
Riverside Terrace

RECEPTION

ISAGCA/ISA Secure Welcome Reception

Wednesday, 19 June

08:00
Savoy Place
Maxwell Library

BREAK

Morning Tea

08:30
Savoy Place
Kelvin Theatre

KEYNOTE

The Intersection of Sustainability and Cybersecurity

Simon-Hodgkinson Simon Hodgkinson, Former CISO, BP

As the world becomes increasingly digitized, the importance of cybersecurity is greater than ever. At the same time, the growing awareness of the environmental impact of technology has made sustainability a crucial consideration. In this keynote, we will explore the intersection of these two critical issues and discuss how organizations can balance security and sustainability in their digital strategies.

Attendees will gain a deeper understanding of the relationship between cybersecurity and sustainability and learn practical strategies for building a secure and environmentally responsible digital future.

09:15
Savoy Place
Flowers Room

20-minute duration

Onsite/In-person delivery 

(Separate Registration Fees Apply)

SPECIAL EVENT

Cyber Escape Room

Join us in our immersive OT cyber escape room. Using the latest shared immersive technology, we have created a realistic OT environment in a virtual space.

Imagine you are on an offshore oil and gas floating production unit. In the control room, a ransomware message pops up on a control system console. Now your marine team has no visibility or control over the mooring and buoyancy systems. Your team has 15 minutes to solve the challenges our AI engine presents before the facility experiences a loss of stability and capsizes. Can you succeed before the clock runs out? Who will complete the challenge, and who will be the fastest to reach the goal?

Neon-Escape-Room-Graphic-ISA-OTCS

09:30
Savoy Place
Kelvin Theatre

INTELLIGENCE EVOLUTION TRACK

Combatting Cybersecurity with Sustainability

Prabhu-Soundarrajan Prabhu Soundarrajan, President, ISA

In intelligence evolution, it is important to know where you are in the world. What laws, standards, regulations and technologies are impacting you? In this session, we will discuss new laws, regulations and standards in the EU, UK and US. We will dive into how those new laws and challenges impact us for a new greener and safer network.

09:30
Savoy Place
Turing Theatre

IOT CYBERSECURITY TRACK

Clean Energy Cybersecurity

Emma Stewart, Chief Power Grid Scientist & Research Strategist, Idaho National Laboratory

As the world transitions to clean energy sources, the cybersecurity of these systems becomes increasingly critical. This session will explore the unique challenges and opportunities of securing clean energy infrastructure, from solar panels to electric vehicle charging stations.

Attendees will learn about the latest cybersecurity threats and trends in the clean energy sector, as well as strategies for protecting against them.

10:15
Savoy Place
Kelvin Theatre

BREAK

Cyber Pavilion Tech Demo: Sponsored by Dragos

Join us for a presentation by Dragos.

10:45
Savoy Place
Kelvin Theater

INTELLIGENCE EVOLUTION TRACK

Critical Infrastructure: Introduction to RUSI

Carolyn SwinneyCarolyn Swinney, Head of Defensive Cyber Operations, Royal United Services Institute

Critical infrastructure, such as energy, transportation, and communications systems, are essential for the functioning of our society. However, these systems are also vulnerable to cyber-attacks, which can have severe consequences. In this session, we will discuss the importance of threat intelligence in protecting critical infrastructure and share strategies for identifying and mitigating emerging threats.

10:45
Savoy Place
Turing Theatre

IOT CYBERSECURITY TRACK

Navigating the Complexities of Maritime Cybersecurity: Challenges, Controls and Collaboration

Christopher-Stein Christopher Stein, Lead Engineer, Maritime Cybersecurity, Royal Caribbean Group

The maritime industry is rapidly digitizing, making cybersecurity a critical concern. Join us as we explore the unique challenges of cybersecurity in maritime environments, including the need to balance safety and security and the challenges of applying traditional Industrial Control Systems (ICS) security measures. Learn about the key cybersecurity controls for the maritime industry — such as asset management, multi-factor authentication and risk assessment – and come to understand the importance of collaboration between maritime stakeholders, including shipowners, equipment manufacturers and cybersecurity experts, to develop effective cybersecurity strategies and mitigate risks. Drawing on real-world examples from companies like Royal Caribbean, Christopher Stein will provide insights into how the maritime industry can navigate the complexities of cybersecurity and ensure the safety and security of its operations.

11:15
Savoy Place
Maxwell Library

BREAK

Lunch Break I

11:30
Savoy Place
Turing Theatre

IoT CYBERSECURITY TRACK

Exploring the Security Impacts of GenAI in IT and OT

Andrew-Rogoyski Dr. Andrew Rogoyski, Director of Innovation, Surrey Institute for People-Centered AI

Generative AI (GenAI) has emerged as a transformative technology with numerous applications across industries. While GenAI presents exciting opportunities for innovation, it also introduces new security challenges in both Information Technology (IT) and Operational Technology (OT) environments. This technical presentation will explore the security impacts of Generative AI in IT and OT.

12:00
Savoy Place
Turing Theatre

IOT CYBERSECURITY TRACK

Workforce Development

Sean-McBride-1 Sean McBride, Director, Informatics Research Institute, Idaho State University

Many countries face a national security imperative to develop a workforce capable of securely designing, building, operating, maintaining and defending critical infrastructure industrial automation and control systems. This presentation presents the results of a years-long collaborative research project among the International Society of Automation (ISA), Idaho National Laboratory (INL) and Idaho State University (ISU) to create a curricular guidance document that describes what an industrial cybersecurity professional needs to know that is different from a traditional IT cybersecurity professional. The resulting Curricular Guidance: Industrial Cybersecurity Knowledge document is a foundational element to educating and training the interdisciplinary cybersecurity workforce of the future.

12:30
Savoy Place
Maxwell Library

BREAK

Lunch Break II

12:45
Savoy Place
Kelvin Theatre

INTELLIGENCE EVOLUTION TRACK

Defining an Incidence Response Plan on a National Level

Ivan MonforteIvan Monforte Fugarolas, Head of Communication, Ecosystem and Cybersecurity Culture, Cybersecurity Agency of Catalonia

As cyber threats continue to evolve and become more sophisticated, having a robust incident response plan is essential for minimizing damage and ensuring a quick recovery. This session will explore the challenges and best practices for defining and implementing an incident response plan on a national level in Spain, with a focus on coordination between government agencies, critical infrastructure operators and other stakeholders.

13:30
Savoy Place
Kelvin Theatre

PANEL DISCUSSION

Threat Intelligence

Gentry-LaneGentry Lane, CEO & Founder, ANOVA Intelligence

 

 

Jack-DuffieldJack Duffield, Royal United Services Institute 

 

 

Presenter, Schneider Electric
Presenter, Cybersecurity Agency of Catalonia

This panel discussion will bring together experts in the field of threat intelligence to share their experiences, strategies and best practices. Our panelists will discuss the current state of threat intelligence, including the latest trends, challenges and opportunities. Attendees will learn about strategies and best practices for building and maintaining a threat intelligence program that can help your organization stay ahead of emerging threats.

14:30
Savoy Place
Kelvin Theatre

BREAK

Cyber Pavilion Tech Demo: Sponsored by Cyolo

Join us for a presentation by Cyolo.

15:00
Savoy Place
Maxwell Library

BREAK

Afternoon Tea

15:15
Savoy Place
Turing Theatre

WORKSHOP

Standards Workshop: Empowering Global Automation with ISA's International Standards Program

Charley RobinsonCharley Robinson, Director, Standards Administration, ISA

International standards play a vital role in promoting safety, reliability and interoperability across industries. This workshop aims to provide attendees with an in-depth understanding of the International Society of Automation (ISA)'s standards program and its collaboration with the International Electrotechnical Commission (IEC).

Thursday, 20 June

08:00-16:00
Savoy Place

ISA TRAINING COURSE

Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32)

Instructor
Carlos Montes Portela, ISA/IEC 62443 Trainer, Senior OT/ICS Cybersecurity Manager

Separate registration fees apply

  • Onsite/in-person delivery
  • Course Dates: 20-21 June 2024
  • CEU Credits: 1.4
  • A certificate of completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course.
Description

The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

  • Discuss the principles behind creating an effective long term program security
  • Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
  • Define the basics of risk and vulnerability analysis methodologies
  • Describe the principles of security policy development
  • Explain the concepts of defense in depth and zone/conduit models of security
  • Analyze the current trends in industrial security incidents and methods hackers use to attack a system
  • Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks
Topics Covered
  • Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
  • How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
  • Creating A Security Program:  Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • Risk Analysis:  Business Rationale | Risk Identification, Classification, and Assessment 
  • Addressing Risk with Security Policy, Organization, and Awareness: Cyber Security Management System Scope | Organizational Security | Staff Training and Security Awareness
  • Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
  • Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
  • Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
  • Validating or Verifying the Security of Systems: What is being done? | Developing Secure Products and Systems
Classroom/Laboratory Demo
  • PCAP Live Capture Analysis
Includes ISA Standards
  • ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
  • ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels
 

08:00-16:00
Strand Palace
Exeter Suite

ISA TRAINING COURSE

Assessing the Cybersecurity of New Existing IACS Systems (IC33)

Instructor
Prashanth AC, Cybersecurity Strategy and Program, IEC 62443 Expert, Implementer and Trainer

Separate registration fees apply

  • Onsite/in-person delivery
  • Course Dates: 20-21 June 2024
  • CEU Credits: 1.4
  • A certificate of completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course.
Learning Objectives
  • Identify and document the scope of the IACS under assessment
  • Specify, gather, or generate the cybersecurity information required to perform the assessment
  • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
  • Interpret the results of a Process Hazard Analysis (PHA)
  • Organize and facilitate a cybersecurity risk assessment for an IACS
  • Identify and evaluate realistic threat scenarios
  • Identify and assess the effectiveness of existing countermeasures
  • Identify gaps in existing policies, procedures, and standards
  • Evaluate the cost, complexity, and effectiveness of new countermeasures to make meaningful recommendations
  • Establish and document security zones and conduits
  • Develop a Cybersecurity Requirements Specification (CRS)
Topics Covered
  • Preparing for an Assessment
  • Security lifecycle
  • Scope
  • System architecture diagrams
  • Network diagrams
  • Asset inventory
  • Cyber criticality assessment
Cybersecurity Vulnerability Assessment
  • Risk
  • Types of cybersecurity vulnerability assessments
  • High-level assessments
  • Passive and active assessments
  • Penetration testing
  • Conducting high-level assessments
  • Assessment tools
  • Cyber Security Evaluation Tool (CSET)

Program Committee

Steve_Mustard-125x125-min
Steve Mustard, Chair

Chris_Blask-125x125-min
Chris Blask, Member

Scott_Pepper-125x125-min
Scott Pepper, Member

Allan_Friedman-125x125-min
Allan Friedman, PhD, Member

Scott_Reynolds-125x125-min
Scott Reynolds, Member

Scott_Waugh-125x125-min
Scott Waugh, Member

Mark_Weatherford-125x125-min
Mark Weatherford, Member