Session Sponsor

dark indegy

Who The Event Is For

Meet Senior Decision Makers From:


  • North American E&P Companies
  • North American Midstream Companies
  • North American Refineries & Petrochemical Companies

With The Following Job Titles:


Directors, Head Of, Manager, Officers, Administrators, Architects, Specialists, Auditors, Engineers, Designers, Analysts

  • Process Control
  • Cyber Security
  • SCADA
  • Automation
  • Information Cyber Security
  • Risk
  • Digital Risk
  • Enterprise Risk
  • Incident & Crisis Management
  • Network & Communications
  • Operational Technology
  • Technology
  • Operations
  • Data Privacy
  • Compliance And Regulatory
  • Control Systems
  • Industrial Security
  • Corporate Security
  • Security Systems

Plus Key Suppliers Of:


  • Threat Detection Services
  • Encryption Systems
  • Reservoir Engineering Companies
  • Network Security Systems
  • Phishing Protection Services
  • Intrusion Detection Systems IDS
  • Intrusion Prevention Systems
  • Cyber Incident Response
  • Network Hardware Installation Services
  • Network Software Installation Services
  • Supervisory Applications
  • PLCs
  • Firewalls Layers
  • Cyber Security Protocols

Full Two Day Agenda: Cyber Security For Process Control Remote Oil & Gas Assets 2016

Day One : Sharing Robust E&P Strategies | Highlighting True Risk | Optimizing Remote Access Control Whilst Encouraging Functionality | Cyber Security Policies

9:00 Day One Begins With The Chair's Opening Remarks

Chaired by: Michael Lewis, Policy and Framework Adviser For Information and Risk Strategy, Chevron

KEYNOTE DISCUSSION: E&P STRATEGIES

9:10 Sharing Robust Operator Strategies To Cost-Effectively Secure Networks, Remote Assets And Remote Means Of Communication Against Cyber Attacks

  • Qualifying Affordability : Assessing actual statistics to quantity how affordable implementation strategies have been to cope with cyber security challenges
  • Guidelines Others Are Employing : Hearing techniques and policies operators are employing
  • E&P Specific Challenges : How are they different from very secure refinery or pipeline infrastructure?
  • Multiple Locations : Assessing methods to secure networks at thousands of remote locations and not just one centralized plant
  • Securing SCADA Systems : Understanding what security elements they have in place and sharing tangible data about what works and what doesn't work
  • Response To Intrusion : Assessing what happened, what measures were taken to fix it and what steps are being taken going forward
  • Air Gaps : Determining the optimum number of air gaps that guarantees high security
  • Changing Technologies : Learning whether the operators had to change technologies to harden themselves from a local attack

Michael Lewis, Policy and Framework Adviser For Information and Risk Strategy, Chevron

9:40 Opening Up Discussion And Q&A From The Audience

WHAT ARE OPERATORS CLASSIFYING AS TRUE RISKS?

9:50 E&Ps, Midstream Operators And Refiners Establish What Their True Risks Are: When Can A $1 Million Spending Be Justified On Assets Worth $100k?

  • Identifying what the threats are, what effect are they having on production and what measures are being taken to resolve them
  • Assessing what makes one target susceptible to an attack than another in the absence of metrics
  • Hearing whether a custom programme was built or a package solution was implemented to ward off as well as counter attacks
  • Evaluating if operators are also looking at events that are not necessarily deliberate attacks but just an error that caused the same result: Is it considered in the same realm as the deliberate attack?
  • Debating how end users are determining the likelihood of an external vs. random vs. directed attack
  • Evaluating what kinds of tools and how many layers of protections to ward off cyber threats

Moderated By: Michael Lewis,Policy and Framework Adviser For Information and Risk Strategy Chevron

Downstream Risk Perspective: David Bang, Manager IT Security Architecture & Communications, LyondellBasell

Midstream Risk Perspective: Cesar Felizzola, Automation Manager, DCP Midstream

Upstream  Risk Perspective: Tony Caruso,Cyber Security Adviser, Apache Corporation

10:20 Question & Answer Session

Hearing accounts from the audience and vendors to further raise awareness of what you are trying to secure

10:30 Networking And Morning Refreshments In The Exhibition Area

REMOTE ACCESS: FOR LOCAL ACCOUNTS & VENDORS

ASCERTAINING HOW TO IMPLEMENT DIFFERENT LEVEL OF ACCESS AND PROPER RESTRICTIONS WITHOUT LIMITING FUNCTIONALITY

ESTABLISHING HIGH QUALITY PROTOCOLS

11:00 Discussing High Quality Protocols To Control Access To PCN Systems And Harden Infrastructure Whilst Maintaining Easy Communication

  • How do you make the decision how connected your PCN is going to be? Sharing the rationale for validating who has access and who doesn't
  • Learning what kinds of things need to be known about intruders entering the systems to make the decision and limit attacks
  • Understand practical steps can be taken to harden the hard and soft infrastructure
  • Determining ways to secure the traffic between to and from the office
  • Measures to prevent unauthorized remote sight access to data

David Bang, Manager IT Security Architecture & Communications, LyondellBasell

11:30 Question & Anser Session

MACHINE-BASED LEARNING

11:40 Using Machine Based Learning for Next-Generation of Cyber Defence

Jeff Cornelius, EVP ICS Solutions, Darktrace

12:00 Question & Answer

12:15 Offstage Discussions, Networking And Lunch In The Exhibition Area

ACCESS CONTROL FOR LOCAL ACCOUNTS

1:15 Assessing How Operators Are Leveraging The PCN Network To Grant Access To The Business Network Whilst Maintaining The Integrity Of Security Systems

  • Scenario Planning : Hear how companies are managing this dichotomy and ensuring network security
  • You have a field worker working wirelessly, who is at one point accessing and uploading data to his PCN network, his SCADA environment, and is also simultaneously updating inventory data on the business network: How do you enable functionality, without exposing yourself to internal threats
  • You have got a consultant or contractor working remotely and he plugs in a modem to dial in: What measures do you take to not expose your entire network to the internet
  • You have a worker in Asia needing access to the system in North America. There is a conflict. But what are the ways to ease communication and protection

Cesar Felizzola, Automation Manager, DCP Midstream

Stephen Crayner, Process Control Engineer, DCP Midstream

1:45 Question & Answer Session

IMPLEMENTING SUSTAINABLE CYBER SECURITY POLICIES

ENABLING EFFECTIVELY COMPLIANCE AND IMPLEMENTING INDUSTRY BEST PRACTICESUSTAINABLE CYBER SECURITY POLICIES

IMPLEMENTING POLICY: FROM PAPER TO PRACTICE

1:55 Evaluating How To Effectively Implement Cyber Security Policies To Manage And Administer The System

  • Policy Updates : Assessing how existing policies have been updated and modified as part of the on-going management of security systems
  • Auditing : Learning how to cost and time effectively undertake the auditing process to ensure the process comes full circle
  • Understanding how to keep up with the pace of industry whilst managing changes to company culture and practices

Lee Neitzel, Office of the CTO, Wurldtech Security Technologies, The International Society of Automation

2:25 Question And Answer Session

2:35 Networking And Afternoon Refreshments In The Exhibition Area

NETWORK ARCHITECTURE FOR REMOTE ACCESS

SETTING UP COMMUNICATION WITHOUT SECURITY COMMUNICATION BETWEEN INDUSTRIAL & IT NETWORKS

NETWORK ARCHITECTURE

3:05 Hearing How To Set Up Communication Without Compromising Security Between Industrial and IT Security Networks

  • Resource Allocation : Quantifying the level of resource allocation required to cost-effectively maintain the integrity of both networks
  • Finding The Balance : Hearing how a balance was found in levels of interaction IT and industrial control networks without limiting functionality

Wm. Arthur Conklin, Ph.D, Director of the Center For Information Security Research and Education, University of Houston

3:35 Question And Answer Session

GOVERNMENT GUIDELINES

3:45 Hearing Recommendations From U.S. Government Agencies To Ensure Remote Assets Remain As Secure As Possible

  • Learn what standards and guidelines are available from the U.S government to help secure ICS
  • Learn about government research efforts to secure ICS

Keith Stouffer, Industrial Control Systems Cyber Security Project Lead, National Institute For Standards And Technology

4:15 Question And Answer Session

4:25 Day One Of The Conference Concludes With Remarks From The Chair

4:35 - 5:35 Networking Drinks In The Exhibition Area

Day Two Agenda

Intrusion Response | Firewalls | Onsite Security And SCADA Systems| Brownfield Asset Security/ Planning Ahead

9:00 Day Two Begins With The Chair's Opening Remarks

Chaired by: Michael Lewis, Policy and Framework Adviser For Information and Risk Strategy, Chevron

OPENING BRIEFING: HOW QUICKLY ARE CYBER ATTACKS ACCELERATING?

9:10 Understanding Which New Threats Operators Can Expect To Face Within The Next Two To Five Years To Improve The On-Going Management Of Security Systems

  • Assessing What The Landscape Will Look Like In The Future : Will there be an increase in one type of an attack versus another and how can operators manage that
  • Evaluating how much of the increase in cyber attack is being driven by obsolescence and how much has been exacerbated by vendors updating their software
  • Providing evidence of how many cyber attacks have been attributed to terror type attack, foreign attacks, espionage and corruption schemes to establish where the real risks lie
  • Sharing guidelines for associate risk and automatic or electrical safety controls to present risks while not losing production

Professor Ravi Sandhu, Executive Director and Chief Scientist, University of Texas at San Antonio

9:40 Question & Answer Session

SECURING SCADA SYSTEMS

9:50 Learn How To Build Out Your System So That It Is Secure To The Last Mile On A Geographically Disperse SCADA System

  • Communication System Capabilities: Comparing the pros and cons of different communication mediums to get a better handle on remote field network options
  • Sharing Tangible Evidence: Sharing tangible data to assess what works and what doesn't to qualify on-site security mechanisms
  • Going The Extra Mile: Assessing how operators are preparing to use protocols on top of the firewalls and active directories without causing disruptions to routine users accessing data
  • Learning how do you ensure that your cyber security model addresses a centralised control system whilst maximizing value

Terry Gilsenan, CIO/VP Technology, PIE Operating

10:20 Question & Answer Session

10:30 Networking And Refreshments In The Exhibition Area

MAKING THE PCN MORE ADAPTIVE

11:00 Explaining How ICS Cyber-Attacks Really Operate and Where Are The Security Gaps That Enable These Attacks

  • The need to monitor the proprietary network protocols and track all changes to the controllers
  • Why changes to PLC code blocks are transparent to "standard" OT protocol inspections (i.e. MODBUS/DNP3/ICCP) and what should be monitored
  • Which additional security gaps must be addressed in order to protect ICS networks against cyber-attacks, malicious insiders and human errors

Join us for this myth-busting session in which we will dispel common fables around industrial cyber-attacks and explain how they really operate.

Barak Perelman, CEO, Indegy

11:20 Questions From The Audience

PANEL DISCUSSION - OPTIMAL NETWORK DESIGN

11:30 Outlining The Preferred Network Design Layout To Protect The Process Control System, Optimize Information Management And Achieve Security Objectives

  • Assessing what the industry is doing around network design to ensure the safety and security of both ICS and IT networks
  • Learning how networks are maintained and who is taking responsibility for their upkeep
  • Examining network trafficking performance and the ability to tract and monitor implementation
  • How they are setting up communications between industrial network and business networks without compromising security

Moderated By: Michael Lewis, Policy and Framework Adviser For Information and Risk Strategy, Chevron

Panelist: Barak Perelman, CEO, Indegy

Panelist: Professor Ravi Sandhu, Executive Director and Chief Scientist, University of Texas at San Antonio

OPTIMAL LAYERS OF PROTECTION

FIREWALL CONFIGURATION AND NEXT GENERATION DEFENCES

MONITORING FIREWALL DATA & NEXT GENERATION FIREWALLS

12:00 Assessing Cost And Time Effective Practices For Monitoring Firewalls And Logging Data To Pre-Empt Cyber Security Threats

  • Filtering Data: Hearing how operators are filtering data from large logs to prevent spending time monitoring unimportant information; how do you know what's important and what's not?
  • Knowing what tools are available to cost effectively monitor logs that are being updated continuously
  • Alternative To Monitoring : Evaluating cost and time effective alternatives to monitoring data from >100 firewalls
  • Addressing measures to prohibit ability of external third parties to monitor data logs
  • Fully understanding the IOS Layer 7 Firewall model to open up discussion for suitability and integration
  • Learning how to remove vulnerabilities to the PCN on Purdue layers 0/1, and building firewall applications in level 7

Stuart Wagner, Director of IT Security & Compliance, Enterprise Products

12:30 Extended Q&A: Hearing if someone is using a cheaper more effective system that is generating the same results

12:40 Offstage Discussions, Networking And Lunch In The Exhibition

STRATEGIES FOR IMPLEMENTING CYBER SECURITY: ROUND TABLE

1:50 Evaluating New Technologies And New Ways Of Implementing Cyber Security For Automation In Relation To Appropriateness To Prevent Attacks

Led by: Michael Lewis, Policy and Framework Adviser For Information and Risk Strategy, Chevron

  • Value proposition for E&Ps : Assessing the deployment of new and effective technologies to save money on manpower, reduce device costs and give yourself more opportunity to increase ROI
  • Value Proposition for Suppliers : Announce new innovations in technologies that are addressing shortcoming of existing applications
  • Discussing the differences in technologies fundamentally used in IT networks and understanding which ones operators feel are appropriate in ICS networks
  • Recognizing which cost-effective technologies are best able to secure archaic control and communication systems
  • Seeing E&Ps engage with PCN vendors to assess how they maintain their networks and both parties can work in concert to keep networks secure

2:45 Sharing finding and further accounts from the audience and preventative measures suggested by vendors

3:15 Networking And Refreshments In The Exhibition Area

INTRUSION DETECTION SYSTEMS

4:00 Assessing Methods And Technologies For Detecting Signs Of Intrusion To Deter Manifestation Into Failure Of The Process Control Network

  • Learn what tools and detection systems to deploy to protect layer whilst keeping costs low
  • Hearing how to minimize the fear of excessive alerts and alarms associated with security systems and encourage putting systems into place
  • Assessing the advantages of having software elements installed on network appliances and process control devices from a cost/benefit perspective

Kent Knudsen, Supervisor of Information Security, Plains All American Pipeline

4:30 Question & Answer Session

4:35 The Conference Concludes With Remarks From The Chair

4:45 End of Conference

Interview

Value Proposition

Solutions Delivered Over The Two Days Including:

  • Robust E&P Strategies: Looking At Demonstrating Ways To Cost-Effectively Secure Networks, Remote Assets And Remote Means Of Communication Against Cyber Attacks
  • What Are The True Risks That E&Ps Should Prepare For? Know When A $1 Million Spending On Defenses Is Justified On Assets Worth $100k
  • Access Control: Understand High Quality Protocols To Control Access To PCN Systems And Harden Infrastructure Whilst Maintaining Easy Communication
  • Sustainable Cyber Security Policies: Learn What Is Good Enough
  • Responding To Intrusion: Real World Case Studies On How An Operator Responded To And Managed An Actual Intrusion On Its Network
  • Improving Firewall Policies To Bring Them Up To The Highest Level: Having A Firewall It Isn't A Solution In Itself - It Has To Be Properly Managed And Maintained. A Full Section Of The Conference Has Been Dedicated To This Hot Issue
  • Securing Brownfield Equipment: Demonstrating How To Make Old Equipment And Systems Secure Without Embarking On Million-Dollar-Upgrades

JOIN OUR MAILING LIST

By continuing to use this site you agree to the use of cookies. For more information and to find out how to change this click here