This event has ended. Visit the official site or create your own event on Sched.
Welcome to the interactive agenda for SecurityWeek’s ICS 2022 ICS Cyber Security Conference. Sessions are being finalized and the final program will include 4 FULL DAYS of content. (View the full conference website here) (You can Register for the IN-PERSON Conference and trainings here and register for virtual/online only access here)
Main Stage [clear filter]
Tuesday, October 25

9:00am EDT

Welcome Address
avatar for Mike Lennon

Mike Lennon

Managing Director, Conference Chair, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the cyber threat landscape, and enterprise, critical infrastructure, and national security space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages... Read More →

Tuesday October 25, 2022 9:00am - 9:05am EDT
Windsor Ballroom

9:10am EDT

State of the State and Key Findings From (CS)2AI-KPMG Control System Cyber Security Annual Report
The Control Systems Cyber Security Association International (CS2AI), in collaboration with a team including KPMG and other supporting organizations, conducts a yearly analysis on the current state of ICS cyber security. Leveraging the participation of multiple stakeholders across roles and industry sectors, the survey is designed to help answer key questions about how we can best protect critical systems in the face of ever-growing and -evolving threats.

The survey results will be shared at SecurityWeek's ICS Cyber Security Conference and can help defenders improve their security posture through greater understanding of the diverse concerns and decision drivers that the industry faces.

avatar for Derek Harp

Derek Harp

Founder & Chairman, (CS)2AI
Derek Harp, Founder and Chairman of (CS)2AI, has relentlessly pursued new ideas that could change the world through founding, co-founding, advising and investing in new companies for more than twenty years, primarily focused on cyber security. A passionate professional speaker, Derek... Read More →

Tuesday October 25, 2022 9:10am - 9:45am EDT
Windsor Ballroom

9:45am EDT

Securing IT/OT Convergence with Zero Trust
(Access Livestream and On Demand Video Here)

Attacks on manufacturing, energy, transportation and other critical infrastructure have escalated in the recent past. Ransomware impacting critical business systems and Industrial Control System (ICS) targeted malware have the capability to bring operations to a halt or even worse place risk to human life. Cybersecurity is now a boardroom priority.

Join this session by Liia Sarjakoski, Global Industry Solutions Director for Manufacturing and Energy at Palo Alto Networks, to hear more about the ever increasing threats ICS, Industry 4.0 and IT/OT environments are facing. She will share insights from the recent Unit 42 Incident Response Report, as well as other threat intelligence, future predictions based on this data, and recommendations to proactively prepare for future threats which are critical to ensuring safety of the critical infrastructure that our society depends on.

avatar for Liia Sarjakoski

Liia Sarjakoski

Global Industry Solutions Director, Manufacturing and Energy, Palo Alto Networks

Tuesday October 25, 2022 9:45am - 10:30am EDT
Windsor Ballroom

10:45am EDT

[Panel] 72 Hours and Counting: Preparing for and Responding to Critical Infrastructure Cyber Incidents
The Cyber Incident Reporting Act for Critical Infrastructure Act, which was enacted in March 2022, will require critical infrastructure organizations to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours.  This aggressive timeline will require companies to have enhanced identification, escalation, and investigation processes in place.
In this session, we will discuss the new Act, and the practical steps companies should take, both proactively and during an incident, to comply with this and other industry-specific regulations and expectations.  We will also discuss the unique cybersecurity threats for critical infrastructure organizations that make the industry particularly vulnerable to a cyberattack and the importance of heightened focus to help prevent and contain incidents.

avatar for Ben Miller

Ben Miller

Vice President Professional Services and R&D, Dragos
Ben Miller is Vice President of Professional Services and R&D with Dragos, Inc., where he leads a team of analysts in performing active defense inside of ICS/SCADA networks. In this capacity he is responsible for a range of services including threat hunting, incident response, penetration... Read More →
avatar for Matthew R. Baker

Matthew R. Baker

Partner - San Francisco, Baker Botts L.L.P.
Matthew's cross-disciplinary practice focuses on data privacy, cybersecurity, crisis management, and incident response for a broad range of industries. He is well-versed in multi-jurisdictional privacy compliance; cyber risk identification, mitigation, and response strategies; complex... Read More →
avatar for Rachel Ehlers

Rachel Ehlers

Special Counsel, Baker Botts L.L.P.
Rachel has served as breach counsel and led incident response for more than one hundred high-profile cyber incidents – with a particular focus on heavy manufacturing and distribution.  Her practice focuses on technology transactions, cybersecurity and data privacy, and regulatory... Read More →

Tuesday October 25, 2022 10:45am - 11:30am EDT
Windsor Ballroom

11:30am EDT

Framework for Potential OT Cyberattack Scenarios
One of the biggest challenges for operational technology (OT) system cyber defenders is the lack of open-source information on cyber incidents impacting sector industrial control systems (ICS), systems putting defenders at a knowledge disadvantage. Understanding potential threats to the overall organization and critical infrastructure is crucial to preventing and responding to incidents.  

Credible failure scenarios can be used to augment the available incident information with a focus on attacks that can cause a physical impact on control systems resulting in the loss of availability, equipment damage, human causalities, loss of revenue etc. EPRI and MITRE will present a Framework for the Use of Potential Cyber Attack Scenarios to Guide Incident Response. The framework makes use of potential cyberattack scenarios to guide incident response that includes analyzing potential failure scenarios, defining associated cyber-attack TTPs using the ATT&CK framework, identifying required data sources, defining representative analytics for detection, identifying potential incident response actions and identifying potential mitigations. The results of failure scenario analysis from a cyber adversary perspective have broad application to ICS environments providing valuable data to enable detection and response to significant cyber attack TTP. Performing trend analysis across scenarios provides additional and significant benefits to include the identification of common adversary TTPs that will aid in prioritizing mitigations. EPRI and MITRE will present on this Framework in the context of energy sector scenarios.

avatar for Adam Hahn

Adam Hahn

Lead Critical Infrastructure Security Engineer, MITRE
Adam Hahn is a Principal Critical Infrastructure Security Engineer at The MITRE Corporation where he supports ATT&CK for ICS development, along with numerous research projects funded by DOE, EPRI, and DHS. Previously he was an assistant professor in the Department of Electrical Engineering... Read More →
avatar for Ben Sooter

Ben Sooter

Program Manager – Cyber Security, Electric Power Research Institute
Ben has 16 years of experience at EPRI and has been with the cyber security team since 2016. He has led the development of our cyber security research lab in Knoxville along with many technical projects related to Threat Management, Threat Hunting, Access Management, Threat Intelligence... Read More →

Tuesday October 25, 2022 11:30am - 12:00pm EDT
Windsor Ballroom
Wednesday, October 26

9:00am EDT

Deep Dive: PIPEDREAM/Incontroller ICS Attack Framework
In this session, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, will dive deep into the technical details and real-world impact on the modular ICS attack framework know as PIPEDREAM/Incontroller that can be used to disrupt and/or destruct devices in industrial environments. In April 2022, a joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created this suite of specialized tools capable of causing major damage to PLCs from Schneider Electric and OMRON Corp. and servers from open-source OPC Foundation.

Analysts believe the malware has not been deployed yet in the wild and that its operator likely plans on using it in future operations. Based on analysis, the framework has been designed to target equipment in electric power and liquified natural gas (LNG) facilities, but it could easily be adapted for other types of environments, as well as devices beyond Schneider and Omron PLCs. Join this session to learn more!

avatar for Mark Plemmons

Mark Plemmons

Sr. Director for Threat Intelligence, Dragos

Wednesday October 26, 2022 9:00am - 9:40am EDT
Windsor Ballroom

9:40am EDT

A PoC Methodology to Choose the ‘Right’ OT Monitoring Tool
OT monitoring is one of the essential cybersecurity controls for OT environments. It supports organizations in multiple cybersecurity domains, namely asset management, vulnerability management, and security monitoring. Products within the OT monitoring space have matured immensely over the past few years. These products typically rely on passive network monitoring, and most also utilize some sort of active scanning (although the latter is being masked under different names for marketing purposes). There are multiple vendors in the market, and it is difficult for organizations to select the ‘right’ one.

To devise a repeatable methodology that helps organizations assess the major players in the OT monitoring space, our first step was to create a testbed by means of an OT lab environment. Using different types of devices, including OT, IIoT, and IT, various industrial systems were built to simulate real-life processes. Additionally, the selection of the devices was diversified in terms of technology, vendor, make and model, protocols, and deployment architecture. We then devised a methodology that assesses candidate tools across the following functional areas:
  • IT Asset Detection
  • OT Asset Detection
  • IT Asset Identification
  • OT Asset Identification
  • IT Vulnerability Detection
  • OT Vulnerability Detection
  • Threat Detection
  • User Interface
  • Integrations

Applying a methodology to our testbed environment, over 4 weeks of a PoC, generated interesting and insightful results (as well as questions). The various candidate tools, namely Claroty, CyberVision, Defender for IoT, Nozomi, Tenable.ot, performed to varying degrees, some excelling significantly in certain domains over others. The PoC validated that the methodology used was a practical framework that is customizable for organizations’ needs. Since then, this PoC methodology has been adapted and applied to multiple organizations in various industries.

Join this session as Raphael explains the PoC methodology that helps organizations choose the ‘right’ OT monitoring tool.

avatar for Raphael Arakelian

Raphael Arakelian

Manager, OT & IoT Security Team, PwC
Raphael Arakelian is a Manager in the ‘OT & IoT Security Team’ at PwC Canada. He is the national lead of PwC Canada’s ‘OT Monitoring Implementation Services’, where he has conducted PoC evaluations as well as implementations for mid-to-large scale industrial organizations... Read More →

Wednesday October 26, 2022 9:40am - 10:15am EDT
Windsor Ballroom

10:30am EDT

{Panel} The End Goal for SBOMs - Lessons Learned and Moving Forward
Many of today’s critical infrastructure systems consist of legacy equipment originally designed to be perimeter-protected or air-gapped from unsecure networks. However, while many of these have become connected over time resulting in a strong emphasis on IT and network based cyber security, device and control system cyber security has not received the same attention.

Join us for an exciting panel discussion that will discuss:
  • Executive Order EO 14028 which has brought the requirement of SBOMs to the forefront.
  • How SBOMs can play a major role in securing the supply chain, devices and control systems. 
  • Where the onus resides for monitoring for vulnerabilities within the supply chain.

avatar for David Leichner

David Leichner

CMO, Cybellum
David Leichner, CMO at Cybellum. David started his career in network security at one of the leading banks on Wall Street followed by a similar role at TRW Space and Defense. Since moving to the supplier side, David has 25 years of executive management and consulting experience garnered... Read More →

avatar for Mirel Sehic

Mirel Sehic

Head of Cybersecurity, Honeywell Building Technologies
Mirel is the VPGM / Head of Cybersecurity for Honeywell Building Technologies (HBT). Having spent over a decade embedded across varying domains Mirel has global experience leading from the front in engineering, operations, marketing and sales disciplines. Employing a strategic mindset... Read More →
avatar for Adam Hahn

Adam Hahn

Lead Critical Infrastructure Security Engineer, MITRE
Adam Hahn is a Principal Critical Infrastructure Security Engineer at The MITRE Corporation where he supports ATT&CK for ICS development, along with numerous research projects funded by DOE, EPRI, and DHS. Previously he was an assistant professor in the Department of Electrical Engineering... Read More →

Wednesday October 26, 2022 10:30am - 11:15am EDT
Windsor Ballroom

11:15am EDT

{Panel} Insights from CISOs on OT Security Journey
Join this session of industry veterans as they discuss the cybersecurity challenges faced in securing the critical operational infrastructure for companies on a digital journey.  Hear lessons learned and insights from their real-world experience on the front lines, building defenses against the evolving and escalating cyber threats to the production networks and industrial control systems they were tasked with protecting.  The discussion will also explore suggestions for moving from a reactive posture to a more proactive stance against the APT’s industry faces today.  And then conclude with Q&A from the audience.

avatar for Ilan Barda

Ilan Barda

CEO, Radiflow
Ilan Barda, founder of Radiflow is a Security and Telecom executive with 20 years of experience in the industry. Ilan has deep experience in developing secure communication equipment from his service in the Information Security division of the IDF.

avatar for Nurettin Erginoz

Nurettin Erginoz

Head of Cybersecurity & Security Consultant, Sabancı DX / EnerjiSA
Nurettin Erginoz, Head of Cyber Security at Sabancı DX & Security Consultant for EnerjiSA - the largest power utility company in Turkey. Nurettin has a Master's degree in Computer Engineering and has been continuing his professional career in the field of Cyber Security for more... Read More →
avatar for John Allen

John Allen

Consultant, Former VP OT Cybersecurity at GSK
John Allen, a strategic consultant in Manufacturing IT bringing leadership in technology, process and culture across OT Cyber Security, Digital Transformation, M&A and Applications Systems. John started his career in IT Operations within the Aerospace industry and then moved into... Read More →
avatar for Emmett Moore III

Emmett Moore III

CEO, Red Trident Inc.
Emmett Moore is the Chief Executive Officer for Red Trident, Inc. providing expertise in ICS/OT Cybersecurity for public and private organizations. Prior to Red Trident, Inc. Emmett was the Cybersecurity Program lead for Cimation, LLC. While at Cimation, Emmett managed teams focused... Read More →

Wednesday October 26, 2022 11:15am - 12:00pm EDT
Windsor Ballroom
Thursday, October 27

11:15am EDT

{Panel} Tackling What’s Next for ICS Cybersecurity
We are often asked how relevant Zero Trust is for critical infrastructure/operational technology (CI/OT). The answer is not only is it highly relevant but, when done properly, will safeguard against what would otherwise be catastrophic attacks. The principles of Zero Trust are ideal in large part because CI/OT's purpose-built nature and correspondingly predictable network traffic (as well as being unpatched for long periods of time and therefore creating vulnerability).  Join Rob Rachwald, Director of Zero Trust Strategy at Palo Alto Networks, for a panel discussion on how others are leveraging the principles of Zero Trust to tackle cyber security's toughest challenge: what's next.  We'll ask panelists to share insights on how Zero Trust is helping them achieve higher levels of security and operational resilience in CI/OT technologies.

avatar for Rob Rachwald

Rob Rachwald

Director of Zero Trust Strategy, Palo Alto Networks

avatar for Jack D. Oden

Jack D. Oden

Program Director, ICS Cybersecurity SME, and Consultant, Parsons
Jack D. Oden, Principal Project Manager and ICS Cybersecurity Subject Matter Expert (SME), is a self-motivated, energetic, and accomplished team player and speaker with twenty years’ experience in negotiating system improvements between users and engineers; developing projects... Read More →
avatar for Del Rodillas

Del Rodillas

Client Partner, Americas Industrials and Critical Infrastructure, ISTARI

Thursday October 27, 2022 11:15am - 12:00pm EDT
Windsor DE

1:15pm EDT

Zero Trust in an ICS Environment
Beginning with a dissertation in 1994, in the subsequent 28 years, Zero Trust has moved from an academic discussion, through struggles that continue with current network and cybersecurity policies and implementation, to the availability of some tools from a wide variety of vendors. ICS often is the last to implement the newest of technology, for very good reason. There are architectures and papers providing much to consider. However, ICS lives in a world where information technology provides the Internet, wide-area and campus-wide communications, as well as some local, dedicated engineering communications. Our goal is to ensure this new technology, like others before it, is useful in an ICS environment. We will see this technology still a concept in development. Alternatively, ICS can be prepared to operate in such an environment provided by others. To those ends, we will examine the information available to carefully consider what should be done.

Key Takeaways:
  • Although it can be considered the latest buzzword, Zero Trust offers the next step in cybersecurity
  • It’s being implemented, but …
  • There is some very good guidance, but it is not mature
  • There are tools, but they do not play well together
  • Just how it applies to ICS
  •  If you have not started, what you can do now to prepare
  • Takeaways and thoughts from various presentations and panels throughout the week

avatar for Jack D. Oden

Jack D. Oden

Program Director, ICS Cybersecurity SME, and Consultant, Parsons
Jack D. Oden, Principal Project Manager and ICS Cybersecurity Subject Matter Expert (SME), is a self-motivated, energetic, and accomplished team player and speaker with twenty years’ experience in negotiating system improvements between users and engineers; developing projects... Read More →

Thursday October 27, 2022 1:15pm - 2:00pm EDT
Windsor Ballroom

2:00pm EDT

Closing Panel: Takeaways and Insights from 2022 ICS Cybersecurity Conference
Join this session as we discuss takeaways from the week and share insights and thoughts based both on stage presentations and from the great networking discussions throughout the week.

avatar for Andrew Ginter

Andrew Ginter

VP Industrial Security, Waterfall Security Solutions
At Waterfall, Andrew leads a team of experts who work with the world's most secure industrial enterprises. Before Waterfall, Andrew led the development of high-end industrial control system products at Hewlett-Packard, of IT/OT middleware products at Agilent Technologies, and of the... Read More →

avatar for Kenny Mesker

Kenny Mesker

Enterprise OT Cybersecurity Architect, Chevron
avatar for Gonda Lamberink

Gonda Lamberink

VP, Critical Manufacturing Security Solutions, Fortress Information Security
avatar for Brian Schleifer

Brian Schleifer

Senior System Security/Cybersecurity Engineer, Modern Technology Solutions (MTSI)

Thursday October 27, 2022 2:00pm - 2:45pm EDT
Windsor Ballroom

2:45pm EDT

Open Mic Exchange, Networking & Beverages
Join us in the Windsor Ballroom for a closing session with an open mic and your chance to ask questions, share insights and network with others for discussions as we wind down a great week!

Thursday October 27, 2022 2:45pm - 4:00pm EDT
Windsor Ballroom
Filter sessions
Apply filters to sessions.