Conference Program Day 2 - November 4th
7:30 AM - 8:00 AM - Registration/Breakfast
8:00 AM - Day 2 Keynote
Case Study Session: Cloud SCADA Deployment to Control 75% of Guatemala ́s Distribution System
Jorge Guillen, IT Manager • ENERGUATE Distribuidora de Electricidad de Oriente, S.A. (Guatamala)
Rob Sadler, Director of Business Solutions • Minsait ACS (Advanced Control Systems, Inc.)
Attend this session to learn about a project that was designed to provide a state-of-the-art solution for Energuate – managing 80,000 kilometers and providing electricity service to more than 2 million customers in Guatemala. Minsait ACS and Energuate decided that the most innovative, cost-effective option was to fully deploy Energuate’ s SCADA system in the cloud. Partnering with AWS, this project is the first deployment of this nature and this size.
Using PRISM 12 running the Oneview user interface, Energuate has immediate access to critical system information while they monitor and control the operational status of the entire Guatemalan electricity distribution network. Energuate realizes significant improvements in incident resolution times due to faster identification of issues, thereby increasing the productivity of the operators. Energuate now has access to advanced analytics and artificial intelligence technologies to facilitate learning and continuous improvement while reducing supply interruption times and service quality indexes.
8:45 AM - Featured Presentation
Cybersecurity Compliance: It Should be Built in, Not Bolted On
Pam Johnson, Vice President • TDi Technologies
Cybersecurity compliance readiness for assets is an expensive, time-consuming process for Utilities. Many times, the process of collecting data for compliance assessments is done manually. This means the data gathering of evidence is prone to human error, creates unknown and inconsistent outcomes, and gives an uncertainty to the quality of data.
Companies often resolve this problem by trying to “bolt on” a point solution whose purpose is storing information. This still creates problems caused by inconsistencies and manual errors consisting of, but not limited to:
Asset Management databases or spreadsheets containing asset lists which are manually updated with software / OS patch levels that are out of date, inconsistent, and incomplete.
Password updates that must be performed manually, and many times at a cadence not defined by regulatory requirements.
Monitoring of configuration changes that rely on an individual interrogating a device. In environments with hundreds or thousands of devices, this becomes a daunting task at the cadence specified by regulatory requirements.
Checking for viruses and malware is an after-the-fact occurrence using virus and malware scanners.
The goal of an organization is to be ready for an audit at any time. With compliance bodies moving toward standardization of required evidence, like the NERC-CIP Evidence Request Tool, these processes require more than a bolted on, manual, human-driven approach. This session will look at making a “built in” cybersecurity approach to compliance. One that is working in the background doing the hard work for you. By making compliance an inherent part of the system, you are always ready, creating efficiencies with consistent, completeness of information from the source of truth.
Aligning Cyber Risk with Organizational Risk Tolerance and Getting Maximum ROI on Defensive Measures
TJ Roe, VP Sales, North America • Radiflow
This presentation will present a data-driven, standards-based approach using ISA/IEC 62443 to understand risk in your OT networks. We will discuss going beyond normal vulnerability assessments and takes into account the tactics, techniques, and procedures of threat actors per the MITRE ATT&CK methodology, giving you a more accurate indication of true risk to your operations. Coupling this with Factor Analysis of Information Risk (FAIR) provides a model for understanding, analyzing, and quantifying cyber risk and operational risk in financial terms. Using this robust approach helps an organization understand the impact of cyber events to their business operations and provides a roadmap for the mitigations that will provide the most effective defense for the investment made and in line with the organizations risk tolerance.
10:00 AM - Networking Break and Dedicated Exhibit Hall Time Sponsored by Vanti
OT Threat Hunting: Act Before the Breach
Michael Rothschild, Sr. Director, OT Solutions • Tenable
Beyond clear and present OT security threats, what are the most critical OT cyber maintenance issues that can be addressed before the breach? As industrial cyber threats become more sophisticated, responding to a breach after the fact means you’ve already lost the war. When it comes to industrial operations and critical infrastructure, this is too late. It's time to get proactive.
Attend this session to learn about “attack vectors,” a proactive method for defending your OT infrastructure before the emergence of an attack.
Topics covered will include:
Looking beyond traditional OT security methods for a complete picture of your industrial attack surface
Capturing relevant situational data for every device and communication pathway
The methods and benefits of OT threat hunting
Airgap Protection and Driving Efficiencies with your SCADA Data and The Cloud
Stuart Brady, Executive - Oil & Gas • Owl Cyber Defense
Cloud connectivity offers a wealth of benefits for SCADA & critical infrastructure operators. New connections, however, can introduce new risks. Inadequately secured connections create opportunities for unauthorized parties to access critical systems, and some security “solutions” have the potential to be hijacked and used to launch attacks by sophisticated threat actors. In addition, routing data through a traditional network architecture--from OT to IT and then out to the cloud--is a complex and expensive process that opens up new possibilities for misconfiguration.
The best long-term strategy for cloud connectivity is to stream OT data directly to the cloud, using hardware-enforced one-way data flows to protect critical systems against inbound threats. With the right technology, operators can transfer status and performance data from OT systems while maintaining air-gapped separation, with no routable network connections. This approach allows organizations to enjoy the full benefits of cloud computing, while ensuring the highest possible level of security for critical networks and devices.
This session will examine the challenges and opportunities associated with cloud connectivity for SCADA systems and other OT technology, with a focus on real-life use cases that demonstrate how organizations are taking advantage of cloud services without adding administrative burdens or inappropriate risks.
Unified Protection of OT and IT: Self-Learning AI for Industrial Cyber Defense
Dr. Jeff Cornelius, EVP, Cyber-Physical Security • Darktrace
The Colonial Pipeline ransomware incident demonstrated that cyber-attacks do not even need to reach OT systems to compromise industrial networks. This attack targeted IT systems, yet OT was manually shut down by the organization out of caution. In light of this, a robust approach to industrial cyber defense must illuminate the complex relationship between OT and IT systems, which are interdependent and increasingly converged.
Darktrace’s Self-Learning AI provides unified protection of OT and IT systems. The AI detects, investigates, and responds to unusual activity across the entire cyber-ecosystem, from email to the factory floor, and also reveals points of IT-OT convergence. In this presentation, we will discuss the technological principles behind Self-Learning AI, and also provide a real-world case study of Darktrace defending against ransomware targeting a critical infrastructure organization in North America.
12:00 PM - Networking Lunch Sponsored by Claroty
The Future of Smart Cities: Risks to Transportation Systems and How to Secure Them
Rick Tiene, VP of Smart Cities, Government, & Critical Infrastructure • Mission Secure, Inc.
Every day we are seeing more examples of hackers becoming increasingly sophisticated and emboldened. SCADA and broader industrial control systems (ICS) used in transportation and traffic management signaling systems are prime targets due to their inherent vulnerabilities and the severity of the potential impact on public safety.
IT practices attempt to protect servers and workstations; firewalls help protect the network perimeter. But SCADA and ICS assets — peripheral controller equipment and devices within the equipment cabinets — remain exposed to both inappropriate commands and direct intrusion. These vulnerabilities can allow malicious attacks to spread throughout the larger operational network and even into the IT network. As we look to the future, Smart Cities and Intelligent Infrastructures will only increase these vulnerabilities, the desirability to attack them, and adverse impacts.
This presentation will highlight the core cyber-physical issues and strategic approaches to begin securing infrastructure transportation systems against 21st-century cyber threats.
Real-World SCADA Transformations To Unleash Operational Data
Jeremiah Hannley, P. Eng, CTO and Managing Partner • Streamline Control
Understanding and having access to the right data at the right time is a powerful driving force to move your business forward. We will discuss how Streamline use an IoT/MQTT middleware to enhance our clients’ operational assets from the field to the board room and allow them to make important decisions in a meaningful way. Through this session, we will walk through a real-world example where we worked with a large midstream company to transform their outdated SCADA system and future proof it using an industry leading solution to do data collection, dashboarding and customized reporting.
Integrating Machine Vision with SCADA: From Data Preprocessing, Data Analytics and Security to Data Management
Jiyoon A. Davis, Ph.D., Relations/Partnership Manager, Data Labeling and Management Platform • AIMMO
The advancement of machine vision has transformed SCADA in the ways to interact with industrial, infrastructure, and facility processes. Machine-to-Machine and Alarm handling and management are use cases where machine vision can improve efficiency of SCADA. Specifically, machine vision can help image recognition, object detection and tracking, video summarization, action recognition, face recognition, event classification, scene detection. The proliferation of camera and sensor surveillance provides opportunities for sophisticated SCADA system powered by machine vision. For example, object detection and tracking recognize alarm conditions, event and scene detection makes industrial robots smarter, and video summarization helps review process monitoring for performance improvement. This presentation will demonstrate how machine vision can be integrated into SCADA system from data preprocessing, data analytics and security, to data management with illustrative examples.