1. technology and computing

Best International Cyber Security
Practises for Critical Energy
Infrastructure Protection
UPDATED
PROGRAMMES
& REGISTRATION
ICS Cyber Security Energy & Utilities Forum & Exhibition
May 11–14, 2015 Abu Dhabi, UAE
Workshop 1: ICS Cyber Security Awareness for Managers (NEW)
11 May
Workshop 2: Critical Infrastructure Protection:
Including Cyber Security in the Whole Lifecycle
11 May
Workshop 3: A Behind the Headlines Demonstration of Cyber-Attacks
on a Utility – A Hacker’s Perspective
11 May
ICS Cyber Security Energy & Utilities Forum Programme & Exhibition
Officially Supported by:
12–14 May
Supporting Groups:
itSMF
GULF
The IT Service Management Forum
Media Partners:
Official Web Portals:
Official Publications:
Middle East
ICS Cyber Security Energy & Utilities Forum
May 11-14, 2015 Abu Dhabi, UAE
CONTENTS
Advisory Committee .......................................................................................................... 2
ADVISORY COMMITTEE
Event Outline .................................................................................................................... 2
JAY ABDALLAH
Schneider Electric
AYMAN AL-ISSA
Booz Allen Hamilton
EYAD ALQADI
Cisco Systems Int.
NOURI OTHMAN AGHA
aeCERT
ERIC BYRES
Byres Security
NICK COLES
Dome Exhibitions
PAUL DOREY
CSO Confidential Ltd
ERIC KNAPP
Honeywell
JUSTIN LOWE
PA Consulting
GUY MEGUER
Airbus
ALEX TARTER
Ultra Electronics 3eTI
PAUL WRIGHT
Intel Security
SIMON GOLDSMITH
BAE Systems Applied Intelligence
Overview ............................................................................................................................ 3
Workshop 1 (NEW): ICS Cyber Security Awareness for Managers (May 11) ........................ 4
Workshop 2: Critical Infrastructure Protection: Including Cyber Security in the
Whole Lifecycle (May 11) ................................................................................................ 5
Workshop 3: A Behind the Headlines Demonstration of Cyber-Attacks on a
Utility – A Hacker’s Perspective (May 11) ........................................................................ 6
ICS Cyber Security Energy & Utilities Forum Programme (May 12–14) ............................ 7–9
ICS Cyber Security Energy & Utilities Exhibition (May 12–14) ............................................ 10
Exhibition Visitors ........................................................................................................ 10
Networking Opportunities
Conference Reception.................................................................................................... 10
Gala Dinner .................................................................................................................. 10
Venue ................................................................................................................................ 11
Accommodation ................................................................................................................ 11
About Abu Dhabi .............................................................................................................. 11
Visas .................................................................................................................................. 11
Who Will Attend .............................................................................................................. 11
Organisers.......................................................................................................................... 12
Registration .................................................................................................................... 12
LinkedIn Group .................................................................................................................. 12
ICS CYBER SECURITY ENERGY & UTILITIES EVENT TIMETABLE
07.00
Monday
May 11
Tuesday
May 12
Wednesday
May 13
Thursday
May 14
Registration –
all Workshops
Forum
Registration
08.00
12.00
13.00
Workshop 1
Luncheon
Workshop 2
Luncheon
Workshop 3
Luncheon
ICS Cyber Security Forum
Luncheon
14.00
16.00
Luncheon
ICS Cyber Security Forum
ICS Cyber Security Forum
Luncheon
ICS Cyber Security Energy & Utilities Exhibition
Workshop 1: ICS Cyber Security Awareness for Managers
Workshop 2: Critical Infrastructure Protection: Including Cyber Security in the Whole Lifecycle
Workshop 3: A Behind the Headlines Demonstration of Cyber-Attacks on a Utility – A Hacker’s Perspective
Page 2
19.00
Conference
Reception
ICS Cyber Security Energy & Utilities Exhibition
ICS Cyber Security Energy & Utilities Forum
18.00
Workshop 2
ICS Cyber Security Energy & Utilities Exhibition
ICS Cyber Security Forum
17.00
Gala
Dinner
OVERVIEW
Following on from the success of the first two Forums of May 2012 and October 2013, the 3rd ICS Cyber Security Energy & Utilities Forum has been
called to examine the issues of concern here in the region together with the growing number of international partnerships being formed around the
world to tackle and address the increasing number of cyber attacks. According to a recent ICS-CERT report, it highlighted that 53% of the cyber
security incidents worldwide during the first half of one year were related to the energy sectors. When it comes to this region it has been reported
that cyber attacks targeting key installations costs the Gulf countries $1B annually and is growing as exemplified by the recent Kaspersky report on
the current activities of a new group of hackers called ‘Desert Falcons’ targeting businesses throughout the Middle East. One more worrying factor
is that in the future cyber operations could change or manipulate electronic information thus distorting its integrity and therefore seriously affecting
management decision-making and system performance.
The focus of this Forum is expanded to include utilities as well as the hydrocarbon sector and their cyber protection needs, both of which are of vital
importance to the various countries in this region given their billion dollar expansion plans. As the GCC petroleum sector alone accounts for 49% of
its GDP, effective cyber security protection of this premium part of their critical national infrastructures is mandatory.
Qatar named cyber security as one of its top 3 research priorities last year together with Saudi Arabia and Bahrain. ictQATAR have recently spoken
about the upcoming regulations to safeguard people and businesses against cyber risks and establishing a streamlined ecosystem with a robust
legal and legislative framework including the Critical Information Infrastructure Protection Law. Kuwait has similarly entered into a $1B programme
involving cyber security with the UK and Oman is enhancing its cyber security programmes across the country and particularly in the energy and the
utilities sectors. Here in the UAE, according to a recent 3 year investigation by Symantec, data revealed that the UAE has the highest number of
communication system breaches across the Middle East. Moreover the UAE budget for cyber security is expected to double to $10 B within the next
decade.
Last year the UAE’s National Electronic Security Authority (NESA) announced a series of publications on a range of key strategies, policies and
standards to align and direct national cyber security efforts throughout the country. These documents included the National Cyber Security Strategy
(NCSS), Critical Information Infrastructure Policy (CIIP) and the UAE Information Assurance (IA) standard which collectively will work towards
enhancing the UAE national cyber security and ICT infrastructure and will be mandatory in their compliance.
Within this region all countries are building national organisations to protect their assets as these countries are also among the most highly
connected globally with high levels of internet usage for government, business and education and that is why cyber threats are growing in number
and sophistication.
Historically most Operational Technology (OT) networks were isolated from the Enterprise Networks and operated independently. However the
advent of internet based ICS systems due to the increased demand for greater business insight in real time has lead energy and utility companies
to integrate industrial control systems (ICS) and their enterprise IT systems in which potential problems can occur and have been demonstrated
internationally in doing so. Therefore those responsible for cyber security within an organisation must understand the difference between ICS and
IT system security in order for them to work together effectively. Moreover understanding the different needs of ICS and IT system security can only
lead to cooperation and collaboration between these historically disconnected camps. What is therefore the key to this, is to properly facilitate
Operational Security (OS), in much the same way that IT Security has come about, yet with different and complimentary parameters as is appropriate.
It comes as no surprise therefore that the market for ICS security is expected to top $10.33 billion by 2018. For example, designing a secure
architecture for a control system can be a difficult exercise as there are so many different types of systems in existence and so many possible
solutions, some of which might not be appropriate to the process control environment. Moreover the security of an organisation’s process control
system can be put at significant risk by third parties and securing the supply chain is one major area of concern.
Recent examples of encountered sector problems include a cyber attack on an
offshore platform that caused the tilting and resultant shutdown of the platform
and significant production losses. In the utility sector particular attention should
be paid to the cyber threats to the substation devices and most people advocate
that utilities and vendors work together to develop standardised processes to
overcome these potential device issues. As recently as 2 years ago, cyber security
was not in the top 10 areas of concern for utilities management and is now rated
as the fourth highest area of concern. A recent international review of utility
executives concluded that 48 % did not have integrated cyber, physical, corporate
and ICS security within their facilities. With regional plans for implementing smart
grids, greater attention needs to be paid to their cyber security needs particularly
as the 2014 Smart Grid Cyber Security Survey indicated 64 % of executives believe
the grid is not yet ready for security.
Page 3
www.csuae.org
WORKSHOP 1 (NEW)
Monday, May 11
ICS Cyber Security Awareness for Managers
In a world where there is often a disconnect between the
worlds of IT and OT, part of this issue is the need for managers
of these systems, from both sides of the firewall, to take
responsibility for understanding the opposing point of view.
This workshop has been designed to provide managers with an
understanding of today’s cyber security challenges. This
knowledge is vital when managing the security of their ICS
environments. The workshop will show how to best support
their organisations cyber security and risk mitigation/risk
reduction strategies for their ICS environments. HS and TC
have worked in partnership with the UK Centre for the
Protection of National Infrastructure and leading stakeholders
from UK Critical National Infrastructure (CNI) Industries to
develop this workshop.
What you will Learn on this Workshop
By the end of the workshop, you will know how to:
• Understand and identify what cyber security risks your ICS
face
• Understand what help is available from sources such as NESA,
CPNI and how to access this
• Identify the likely areas of weakness in your ICS environment
(people, process and technology)
• Recognise exactly where your ICS critical assets are vulnerable
• Understand what the organisational response to an ICS
security incident should look like and your responsibilities in
effectively managingthese
• Understand the need for ICS security awareness and training
in organisations at various levels
If you are a…
…Manager responsible for any ICS environment and/or people
working on securing these systems including:
•
•
•
•
Business Technical/Engineering/Procurement Lead
ICS Policy Maker
Site Single Point of Accountability (SPA) for Security
Site IT Manager
…then this workshop is for you.
It provides a high-level understanding of what the cyber
security risks are and the threats currently facing your ICS
environments. In addition, it discusses how to forward plan to
help mitigate and reduce these risks.
There are no pre-requisites for this workshop and no laptop
is required. All supporting material will be provided.
Workshop Duration and Contents
This half-day workshop, with Registration at 07.00 and
commencing at 08.00, consists of two sessions delivered
in a face-to-face environment. Session one covers the ICS
security risk landscape and ICS attack surface relevant to
your industry sector. Session 2 covers forward planning
including changing staff behaviours using security
awareness and cyber security incident management. The
Workshop concludes at 12.30 followed by Luncheon.
Session One –
• IT versus ICS – Similarities and differences
• ICS attack surface
• Introduction to ICS security risk management including
hacking demonstration
Session Two –
• Planning to reduce the cyber security risk
• Introduction to ICS cyber security incident management
Page 4
WORKSHOP LEADER
Tim Harwood, M.Inst.ISP, GSLC, FCMI, is Managing Director of
HS and T Consultancy. Tim is a veteran of the security world and
has been providing information security guidance and expertise
to corporate clients, the UK Government and the UK military for
over 30 years. As Managing Director of Harwood Security and
Training Consultancy, he provides strategic direction for the
company that he founded in 2013.
Tim’s professional background includes security capability
strategy planning and development, information security
capability framework design and implementation and security
awareness strategy design and implementation. He has
developed a security professional development framework for a
global top ten oil and gas company, delivers training as a
member of the SANS and Firebrand faculties and, as a thought
leader, regularly presents at summits and conferences.
In 2013, he participated as a Subject Matter Expert and Steering
Committee member for the design of the new GIAC certification,
the GICSP certification. As part of his work he contributed
questions for the certification exam and worked on the skills and
competency framework for the certification. In addition, he is an
Assessor and Interviewer for the IISP for potential new
members. Additionally, Tim has recently designed and delivered
ICS security training and awareness for CPNI (as part of the UK
National Cyber Security Strategy) as well as ENISA and other
National governments and global companies.
Tim is a Full member of the Institute of Information Security
Professionals (IISP), a Fellow of the Chartered Management
Institute (FCMI) and is the holder of the GIAC Security
Leadership (GSLC) and GIAC Security Essentials (GSEC)
Certifications. Tim is an elected member of the Board of
Directors for the Institute of Information Security Professionals
with the Board portfolio of IS skills and competencies.
WORKSHOP 2
Monday, May 11
Critical Infrastructure Protection:
Including Cyber Security in the Whole Lifecycle
Critical Infrastructures are systems and assets, whether
physical or virtual, so vital to the nations that the incapacity
or destruction of such systems and assets would have a
debilitating impact on security, national economic security,
national public health or safety, or any combination of those
matters. Their adequate protection is not only needed and
recommended, but mandatory since the publication of
different regulatory frameworks and national and
international directives all over the world.
Analyzing and understanding the associated risk to these
infrastructures and their basic relationship with Industrial
Control Systems (ICS) is a must for any professional
involved in different areas, such as ICT, energy, chemical and
nuclear industry, financial systems, public administration
or transport, among others.
This workshop will take the participants towards the study
of the state of the art of the Critical Infrastructures
Protection and Industrial Cyber Security all over the world.
A global approach to the protection of Industrial
Infrastructures including cybersecurity by design in all of
the stages of the life-cycle will be presented and explained.
The importance, definition and description of the Industrial
Cybersecurity Trusted Advisor (ICTA) role will be fully
explained and justified. At the end of the day the
participant will have the information and tools needed to
establish the next steps in the way of adequately protecting
the Industrial Infrastructure aligned with existing business,
market, regulation and risks requirements.
Topics Covered
• Current Critical Infrastructure Protection and Industrial
Cybersecurity landscape.
• Industrial Infrastructure evolution (convergence, IT vs OT)
• Threat landscape (Stuxnet, Dragonfly, BlackEnergy, etc...)
• Compliance: upcoming standards, regulations,
cybersecurity strategies, etc.
• Recent research projects (Basecamp, Robus, Shodan,
Shine, etc.)
• The Ecosystem: stakeholders, relations and
interdependencies
• Attacking Industrial Infrastructures: a Real Demonstration
• A real lab-based demo on how to take advantage of the
current weaknesses and vulnerabilities
• Industrial infrastructure from a cybersecurity perspective
• The industrial infrastructure projects lifecycle
• Industrial project cybersecurity risks (for each stage)
• Cybersecurity activities (for each stage)
• Cybersecurity solutions / technologies
• The industrial cybersecurity framework
• Implementing cybersecurity on industrial infrastructures
• Internal/External interdependencies (industrial and
cybersecurity vendors, system integrators, consultancies,
IT vs OT, etc.)
• Associated risks (audit/implement incompatibilities,
organizational risks, etc.)
• The Industrial Cybersecurity Trusted Advisor (ICTA) role
(description, advantages, approaches, etc.)
Please visit www.csuae.org for Workshop 2 Timetable
WORKSHOP LEADERS
Samuel Linares is Senior Lead Technologist at Booz Allen
Hamilton, Middle East and Asia Coordinator at Industrial
Cybersecurity Center, European Commission Independent
Evaluator, ENISA (European Network and Information
Security Agency) CIIP Expert and member of ISACA
Cybersecurity Task Force. With 2 decades of security,
system integration and multinational and multicultural
projects management experience, he has been the main
promoter of the “Industrial Cybersecurity” concept in
Spanish, being recognized as one of the key Spanish and
Latin-American experts.
Since 1999 Ignacio Paredes has been involved in multiple
projects related to information security and during the last
6 years he has specialized in cybersecurity for industrial
sectors. He is an expert in the design and deployment of
technical and administrative security solutions, including
topics such as applications security, secure network design,
critical infrastructure protection, ethical hacking or business
Page 5
continuity planning. He is also Middle East and Asia coordinator
for the Industrial Cybersecurity Center as well as an expert
assisting the implementation of the European Network and
Information Security Agency (ENISA) work programme in the
areas of Information Security Considerations, Information
Security Risk Management, International Standards and Best
Practices and Critical Information Infrastructure Protection.
Ayman Al Issa has over 20 years of experience in the fields of
Automation, Information Technology, and Cyber Security. He is a
member in the Cyber Security Advisory boards of top rated
worldwide universities for the advancement of researches on
industrial cyber security. He is an active member in different
international Security Innovation Alliances that are focused in a
worldwide program for improving the security of industrial control
systems by the close collaboration of the leading IT Security and
industrial control system vendors. Ayman worked for ADMA-OPCO
for 17 years and he was the Digital Oil Fields Cyber Security Advisor.
He joined Booz Allen Hamilton in 2014 as the Chief Technologist
& Senior Advisor/Architect in Industrial Cyber Security – MENA.
WORKSHOP 3
Monday, May 11
A Behind the Headlines Demonstration of Cyber-Attacks on a
Utility – A Hacker’s Perspective
You have all read about the intimidating Stuxnet,
BlackEnergy, Havex, or Sandworm threats that have been
discovered throughout the world, would you now like to see
what’s behind the headlines and how it affects you? Join us
for a hands-on workshop that will provide a real-life
demonstration on how to turn off the water to a country, or
plunge a city into darkness. There is a perception that only
nation states are capable of launching a cyber-attack
against utilities and industrial control systems, during this
workshop we will show you that the reality is anyone from
your employees to hacktivists are capable of doing it.
Who Should Attend
If you have ever wanted to see real attacks against an ICS,
or demystify the technical aspects of cyber security then
this workshop is for you. The workshop content is
appropriate for both senior management-level supervisors
as well as operationally astute technical decision makers.
Most participants are motivated by opportunities to learn
about or apply best security practices to industrial network
protection. This workshop is designed to help attendants
learn how an attacker can comprise your system and how
you can learn to protect yourselves.
WORKSHOP LEADER
Alex Tarter is an expert and thought leader on new
technologies and solutions for industrial and
commercial applications for the protection of critical
infrastructure. In addition to the work he does
developing security solutions, Alex performs
vulnerability and cyber security work for military and
industrial applications, having prepared more than 50
reports on various aspects of security, cryptography,
and situational awareness for industry, UK MoD, and
US DoD.
He holds a PhD from Lancaster University, and a
Master's of Engineering from Imperial College London,
and is a certified specialist in ISA 99/IEC 62443 cyber
security fundamentals.
He serves as a civilian advisory expert to NATO on
Cyber Defense for the Industrial Resources and
Communications Services Group.
Key Take-Aways
• Learn how to work through the vulnerabilities of an
industrial control system
• Experience first-hand how you can be exploited
• Take steps on what can be done to protect yourselves
• Walk-through real-attacks launched against real
industrial equipment and the damage that can be caused
Page 6
WORKSHOP 3 TIMES
Registration will be at 07.00
The workshop will begin at 08.00
Refreshments will be taken at 10.00
The workshop will conclude at 12.30 followed by lunch
ICS Cyber Security Energy & Utilities Forum Programme
Tuesday, May 12
07.30
Registration and Refreshments
12.00
Luncheon
08.15
WELCOME and INTRODUCTION
13.30
08.30
KEYNOTE ADDRESS
Mike McConnell,
Strategic Advisor and former Vice Chairman,
Booz Allen Hamilton,
Former Director of National Intelligence, USA
SESSION B
Chair: Justin Lowe
09.00
SESSION A
Chair: Aarnout Wennekers,
Advisor (Audit and Corporate Governance),
Ministry of Energy, Qatar
Topics raised in this session focus on the importance of
designing and building ICS security architectures to
provide greater assurance to its stakeholders that the
risks are being managed to acceptable levels. Also there
will be a showcase of a real experiment operating a
network of ICS honeynets deployed over several
continents and what were the lessons learned and how
this knowledge was fed back into the national
standards. Moreover the concept of ICS security will be
demonstrated through case studies in different critical
infrastructure sectors, to show the real value of
industrial network monitoring going beyond the
detection of cyber-attacks, and how the need to
maintain awareness about network and process
operations, which together with actionable intelligence
allows the preservation of overall system health.
This session will focus on specific national cyber
security frameworks giving guidance on how critical
systems need to be adequately protected and how they
compare with a classical approach. Topics covered and
debated will include guidance on understanding the
business risks, selecting and implementing security
improvements, establishing effective response
capabilities and give insights as to how they will
develop and be implemented.
09.00
09.35
RECENT DEVELOPMENTS ON THE FRENCH
LEGAL FRAMEWORK FOR CRITICAL NATIONAL
INFRASTRUCTURE: NEW CYBER LAWS
Pierre-Mayeul Badaire,
Product Unit Director, ERCOM, UAE
COLLABORATIVE CYBER DEFENSE CASE
FINLAND
Vesa Jaakkola, Codenomicon Ltd, Finland
10.10
Refreshments and Exhibition
10.40
ICS SECURITY – A GOOD PRACTICE FRAMEWORK
Justin Lowe, Energy Sector Cyber Security Expert,
PA Consulting, UK
11.15
PANEL SESSION
The speakers in Session A will be joined by other
senior industry figures
Page 7
13.30
BUILDING RESILIENT CYBER SECURITY
ARCHITECTURES FOR INDUSTRIAL CONTROL
SYSTEMS
Christopher Beggs, Managing Director,
Security Infrastructure Solutions (SIS), Australia
14.05
THE GOOD, THE BAD AND THE U-GLY:
45 DAYS OF ICS HONEYNET
Omar Sherin, Head of CIIP, QCERT, Qatar
14.40
Refreshments and Exhibition
15.10
WHERE CYBERSECURITY MEETS OPERATIONAL
VALUE
Damiano Bolzoni, Managing Director,
SecurityMatters, Netherlands
15.45
UNDERSTANDING THE VIEW FROM THE OTHER
SIDE OF THE FIREWALL
Tim Harwood, Managing Director,
Harwood Security and Training Consultancy, UK
16.20
PANEL SESSION
Session B speakers will be joined by other leading
practitioners
17.00
FORUM RECEPTION – EXHIBITION
18.30
CLOSE of DAY 1
ICS Cyber Security Energy & Utilities Forum Programme
Wednesday, May 13
08.00
Delegates Check In and Refreshments
12.45
08.30
SESSION C
Chair: Guy Meguer,
General Manager Middle East,
Cyber Security, AIRBUS, UAE
14.00
CYBER SECURITY IN ENERGY & UTILITIES –
RISK AND REWARD
Simon Goldsmith, Director, Cyber Security,
BAE Systems Applied Intelligence, UAE
CYBER SECURITY FOR PROCESS CONTROL
NETWORK
Debraj Chakraborty,
Solution Sales Specialist (Security),
YOKOGAWA, Bahrain
09.40
Refreshments and Exhibition
10.10
SECURE OPERATIONS
Eyad Alqadi,
Vertical Sales Manager – Oil & Gas Industry,
CISCO, UAE
10.45
CYBER RESPONSE STRATEGIES IN ICS
Greg Day, CTO, FireEye, UK
11.20
CYBER SECURITY COMPLIANCE; HOW TO ENSURE
THE RUBBER HITS THE ROAD
Mohamed Zumla, Cyber Security Consultant, Qatar
11.55
OIL & GAS PANEL SESSION
The speakers in Session C will be joined by
Imran Almarzooqi, Senior IT Security Engineer,
ADCO, UAE
09.05
SESSION D
This session will provide practical answers to challenging
risk management issues including:
• Determining your Risk Appetite: how much risk is
acceptable?
• Understanding the equations: measurements and
methodologies
• Assessing vulnerabilities in industrial control
environments
• Identifying threats within the context of risk
management
• Using risk measurements to enable stronger cyber
security
This session will include an introduction to new tools and
techniques for performing a cyber security risk
assessment. The briefing will include: methods of threat
detection; methods of vulnerability assessment;
determining impact and consequence; technology
controls for mitigating risk; and more. The session will
focus on technical controls only and will not cover risks
associated with personnel or policy.
This session commences with a presentation revealing
why the emergence of the next industrial revolution
provides a unique opportunity for industrial enterprises
and their automation providers to secure their
operational technology. It will be followed by a brief
overview of the potential threats to the process industry
from cyber-attacks and how they can be mitigated.
Of particular interest will be a practical and new
demonstration of how IT and OT vendors are
collaborating to bring next generation of Cyber Security
and compliance solutions to market for critical
infrastructure industry. At the same time the session will
discuss both the challenges and opportunities to address
the ever evolving landscape of security in the age where
agility and Internet of Things (IoT) is prevalent and
securing the supply chain is of increasing concern.
08.30
Luncheon
Eric Knapp, Director,
Cyber Security Solutions and Technology,
Honeywell Process Solutions, USA
Page 8
15.00
Refreshments and Exhibition
15.30
SESSION D CONTINUED
16.45
CLOSE of DAY 2
19.30
FORUM GALA DINNER
ICS Cyber Security Energy & Utilities Forum Programme
Thursday, May 14
07.30
Delegate Check In and Refreshments
08.00
SESSION E
Chair: Eric Knapp
11.00
Of growing concern is how “social engineers” try to
encourage people to download malicious files or click on
malicious links resulting in system invasion, business
disruption and malfunction and the first presentation will
not only demonstrate its impact but also how to combat
it in an ever increasing connected environment. Such
business disruptions have shown to be highly damaging
in economic and business reputation terms and so the
session will include the key approaches in business
continuity and incident management capability with
particular reference to ICS strategies in responding to
cyber attacks.
This session will begin with a vital presentation on some
of the emerging trends and vulnerabilities, and what it
means for the current approach to utility cyber security. It
will cover fundamental questions every utility or
industrial control owner should ask of their security
solution, including what is actually being protected. Of
highly relevant importance is the fact that security
solutions must fit within the operational constraints of
the system and within the risk appetite of the
organisation. Within the electricity sector smart grids
offer many benefits but they also have considerable risks
and threats associated with them. One of these is the
protection of data in transit to and from the devices in
the home. Combining these with the need to
authenticate a large number of system users, the system
commands and the data in transit for a very large number
of devices brings challenges of security and scale.
08.00
FROM THE NEWSPAPER TO THE NETWORK:
HOW WELL CHRONICLED CYBER-ATTACKS CAN
DAMAGE NATION’S UTILITIES
Benga Erinle, President, Ultra Electronics 3eTI, USA
08.35
PROTECTION OF DATA IN SMART GRIDS
David Alexander, Managing Consultant,
Global Utilities and Energy Practice,
PA Consulting, UK
09.10
Refreshments and Exhibition
09.40
LESSONS LEARNED FROM THE SMART METERING
PROGRAMME IN THE UK
William Bowers, Chief Information Security Officer
– Smart Metering DSP Programme, QinetiQ, UK
10.15
UTILITIES PANEL SESSION
The speakers from Session E will be joined by
Alaa Rahma, Head of Protection, Control and
Communications, GCC Interconnection Authority,
KSA; Moazzem Hossain, ADDC, UAE; and Senior
Representatives from ADWEA and DEWA, UAE
SESSION F
Chair: Pierre Haddad, Publisher,
The Security Review, UAE
11.00
SOCIAL ENGINEERING : CLICK HERE FOR DETAILS
Stephen Bailey, Cyber Security Expert,
PA Consulting, UK
11.35
EFFECTIVE BUSINESS CONTINUITY AND INCIDENT
RESPONSE CAPABILITIES IN ENERGY AND
UTILITIES
Kush Srivastava, Lead Auditor,
Continuity & Resilience, UAE
12.10
CYBER RESILIENCE: SURVIVING THE THREAT
Jay Abdallah, EMEA Cyber Security Manager,
Schneider Electric, UAE
12.45
PANEL SESSION
Speakers from Session F
13.15
KEYNOTE CLOSING ADDRESS
WHAT THE CRITICAL INFRASTRUCTURE OWNER
NEEDS ARE NOT NECESSARILY YOUR WANTS:
INTRODUCING THE TRUSTED ADVISOR ROLE
Ayman Al Issa,
Chief Technologist & Senior Advisor/Architect
in Industrial Cyber Security – MENA,
Booz Allen Hamilton, UAE
RECOGNITION OF FORUM EVENT SUPPORT
DELEGATE PRIZE DRAW
14.00
Programme may be subject to change and
The Forum
please visit www.csuae.org for updates
Page 9
Forum Concludes and Luncheon
EXHIBITION
May 12–14
The ICS Cyber Security Energy & Utilities Exhibition, which
will run on May 12-14, is an important part of the event and
this year sponsors and service companies return to the event
given the quality and number of senior level management
who attend.
Now that this event is one of the most important specialised
events in the international energy calendar with a particular
focus on the Middle East, the Organisers have decided to
enhance the exhibition by launching a focused visitor
campaign that will benefit exhibitors even more.
The Exhibition will include equipment and services focusing
on the themes of the event. Exhibition sites are allocated on
a first come, first served basis and include a shell scheme (3m
x 2m), lighting and power.
Exhibition Visitors
The Organisers are mounting an exhibition visitor campaign
to allow all interested parties to view and discuss the latest
developments and expertise that the international exhibitors
will be displaying during the ICS Cyber Security Energy &
Utilities Forum. Potential visitors must register online at
www.csuae.org
Exhibitors to date include:
– Booz Allen Hamilton
– Ultra Electronics 3eTI
– Schneider Electric
– BAE Systems Applied Intelligence
– Airbus
– ATKINS
– DTS Solution
– SANS
– Honeywell
– OWL COMPUTING TECHNOLOGIES
NETWORKING OPPORTUNITIES
Conference Reception
Tuesday, May 12
This is the perfect opportunity to meet your hosts and fellow
delegates plus special guests in an informal setting. All forum
participants and partners are invited to attend. This is an
ideal chance to renew old acquaintances and a useful
opportunity to interact with speakers and fellow delegates
prior to the beginning of the forum.
Gala Dinner
Wednesday, May 13
This special event offers superb networking opportunities
and a unique chance to foster new business relationships.
Enjoy the fine food and impressive backdrop at the exclusive
Gala Dinner.
Delegate and exhibitor partners are welcome to attend and
dress is smart casual.
Page 10
ICS Cyber Security Energy & Utilities Forum
Venue
Accommodation
The ICS Cyber Security Energy & Utilities Forum will be held
at the:
The registration fees for the event do not include
accommodation and delegates are responsible for booking
their own accommodation.
Hilton Abu Dhabi
PO Box 877, Abu Dhabi, UAE
Tel: +971 2 681 1900
Fax: +971 2 681 1696
Hotel bedrooms have been reserved for delegates at a
preferential rate at the Hilton Abu Dhabi. A special online
accommodation booking facility will be available shortly at
www.csuae.org/accommodation.
The Hilton Abu Dhabi enjoys both an enviable setting on the
beautiful Corniche overlooking the Arabian Gulf and a
convenient location, being just a seven minute drive from
downtown Abu Dhabi, two minutes away from Marina
Shopping Mall at the breakwater and only 35 minutes from
Abu Dhabi International Airport.
VISAS
No entry visa is required for GCC citizens.
Citizens of the following 33 countries will be issued with
a free-of-charge VISIT VISA on entry to the UAE: Andorra,
Australia, Austria, Belgium, Brunei, Canada, Denmark,
Finland, France, Germany, Greece, Hong Kong, Iceland,
Ireland, Italy, Japan, Liechtenstein, Luxembourg,
Malaysia, Malta, Monaco, New Zealand, Norway,
Portugal, San Marino, Singapore, Spain, Sweden,
Switzerland, The Netherlands, UK, United States and the
Vatican.
Citizens of other countries should apply to their nearest
UAE embassy.
Should you experience problems with visa arrangements,
please contact the Organisers.
ABOUT ABU DHABI
One of the seven emirates, Abu Dhabi is also the capital and
the second largest city in the United Arab Emirates. With a
population of roughly one million, Abu Dhabi is rapidly
growing and developing as an economic, business, tourist and
cultural destination. One of the world’s leading producers of
oil and gas, Abu Dhabi offers a unique mixture of luxurious
hotels, dazzling convention centres, high street fashion
outlets, amazing dunes and beaches, and a wide range of
cuisines. To find out more about Abu Dhabi please log on to
www.visitabudhabi.ae.
Who Will Attend
Given the focus on ICS/IT Security and Networking, delegates with the
following affiliations are expected to attend:
Automation & Process Control
Engineering
System Designers & Engineers
Network Engineers
Head of Corporate Security
Industrial Security Director
HSSE Director
Senior Security Consultants
Security Advisors
CIO
IT Applications Manager
IT Security Specialist
Head of SCADA
Head of IT
Page 11
VENUE & ACCOMMODATION
May 11-14, 2015 Abu Dhabi, UAE
REGISTRATION
ICS Cyber Security Energy & Utilities Forum
May 11-14, 2015 Abu Dhabi, UAE
REGISTRATION FEES
Workshop 1
(May 11)
ICS Cyber Security Awareness for Managers
US$475 (AED 1,745)
Workshop 2
(May 11)
Critical Infrastructure Protection: Includng Cyber Security in the Whole Lifecycle
US$895 (AED 3,285)
Workshop 3
(May 11)
A Behind the Headlines Demonstration of Cyber-Attacks on a Utility –
A Hacker’s Perspective
US$475 (AED 1,745)
ICS Cyber Security Energy & Utilities Forum
(May 12-14)
US$2,215 (AED 8,130)
Exhibition Visitors
FREE TO ATTEND
Each fee includes luncheon(s), refreshments and a comprehensive set of the appropriate Proceedings.
Attendance to the Forum also includes the Conference Reception and Gala Dinner.
HOW TO PAY
4 WAYS TO REGISTER
Payment can be made, either:
To reserve Workshop and/or Forum
places, or to visit the Exhibition:
by making your cheque
payable to Dome Exhibitions, in AED only
and forwarding the cheque to
Dome Exhibitions, PO Box 52641, Abu Dhabi, UAE
by bank transfer in AED or US$ only to:
Dome Exhibitions
A/C no. 329666020002
ADCB – Abu Dhabi
SWIFT Code ADCB AEAA
IBAN No. AE370030000329666020002
Tel: +971 2 674 4040 or
Fax: +971 2 672 1217 or
Email: [email protected] or
Register online: www.csuae.org
Copies of bank transfer documents should be sent to the
Organisers and all bank transfer charges will be the responsibility
of the delegate’s organisation. All delegates will receive an official
attendance invoice together with their joining instructions but their
participation is not confirmed until payment has been received.
ORGANISERS
For further information please refer to our website
at www.csuae.org or contact:
Nerie Mojica Conference Coordinator
Dome Exhibitions
PO Box 52641 Abu Dhabi UAE
Cancellations: All cancellations must be received in writing.
Cancellations received until April 30, 2015 are subject to a service
charge of US$350 (AED1,285) per event where appropriate. The
Organisers reserve the right to retain the whole fee if cancellation
is received after April 30, 2015.
E: [email protected]
T: +971 2 674 4040
F: +971 2 672 1217
Delegates may be substituted at any time.
Once registered, please join our LinkedIn Group and begin communications with your fellow attendees at
http://www.linkedin.com/groups/Oil-Gas-ICS-Cyber-Security-5019246
Page 12