1. R BY SMi present their 2nd annual…
REGISTE BER
PTEM
28TH SE
EIVE A
AND REC UNT
£100 DIS
CO
Oil and Gas
Cyber Security
Wednesday 14th and Thursday 15th November 2012
Copthorne Tara Hotel, London, UK
Many major oil and gas companies are suffering increased amounts of cyber-attacks motivated by commercial and criminal
intent. These new attacks are posing a great risk to machinery, which can cost lives, stop production and cause environmental
damage - a significant threat to oil and gas production companies worldwide. The risk of a cyber attack is growing and a
challenge companies will continue to face, leaving them vulnerable if inadequately protected.
KEY SPEAKERS INCLUDE:
• Hassan Karim, Communications Engineer, Saudi Aramco • David Spinks, Chairman CSIRS, CSIRS
• Oskar Wols, Technical Architect, Enterprise Solutions • Serdar Cabuk, Managing Consultant, Deloitte
Architecture, Shell Information Technology International • Samuel Linares, Director, Intermark
• Philip Jones, Information Systems Security Officer, GDF • Adrian Davis, Principal Research Analyst, Information Security
SUEZ EP UK Ltd Forum
• Simon O'Gorman, Head of Cyber Sales, Finmeccanica • David Livingstone, Director, Napier Meridian
• Olav Mo, Oil & Gas Cyber Security Manager, ABB Limited • Justin Lowe, Energy Cyber Security Specialist, PA Consulting
• Iain Brownlie, Senior Consultant, CISSP, ABB Limited Group
• Alan Bentley, SVP Worlds Sales, Lumension Security • David Alexander, Principal Consultant, Regency IT Consulting
• Oded Blatman, CEO, CIP Security • Lieutenant Colonel Tom Fairfax, Managing Director, Security
• Tim Holman, CEO 2-sec, President, ISSA-UK Risk Management Ltd.
• Dr Boldizsar Bencsath, Assistant Professor CrySyS Lab, • Sadie Creese, Professor of Cybersecurity, University of Oxford
Budapest University of Technology and Economics • Danny Berko, Director of Product Marketing, Waterfall Security
PLUS AN INTERACTIVE PRE-CONFERENCE WORKSHOP
Tuesday 13th November 2012, Copthorne Tara Hotel, London
Approaches to network monitoring and situational
awareness in critical infrastructure
Tuesday 13th November 2012, Copthorne Tara Hotel, London 13.30pm – 18.00pm
Workshop leader: Dr Damiano Bolzoni PhD, Chief Operations Officer, SecurityMatters
Sponsored by
CYBER SOLUTIONS
www.smi-online.co.uk/2012cyber-security.asp
Register online or alternatively fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711
2. Oil and Gas Cyber Security
DAY ONE | WEDNESDAY 14TH NOVEMBER 2012 www.smi-online.co.uk/2012cyber-security.asp
8.30 Registration & Coffee • Linking Critical Infrastructures Protection and Industrial Control
Systems Security: Understanding the risk. Analysis of the link between
9.00 Chairman's Opening Remarks the industrial and corporate environments and its impact in key
David Alexander, Head of Vulnerability Research, Regency IT Consulting organizations for the survival of a country
• Current situation of the ICS Security. Study and analysis of the
OPENING ADDRESS convergence between industrial and corporate systems (or traditional
9.10 Information Protection in Oil & Gas — Myths and reality IT), the impact, threat evolution, etc. Analysis of the security in
• Understanding the threat horizon for Oil & Gas industrial systems.
• What is at risk? Prevention and mitigation for the future • Organizational and Management Aspects: IT Manager vs. CSO/CISO
• Effective response to information leakage incidents vs. Plant Manager vs. Manufacturing Manager. Human aspects of
• Common IP pitfalls and applying the key lessons learnt industrial environments security and critical infrastructures protection.
Serdar Cabuk, Managing Consultant, Deloitte
• Key facts (earthquakes) in our environment: Stuxnet, Duqu, Project
9.40 Information flows have a context Basecamp, CIP regulation, Smart Grid, Cyber Security Reports,
• Introduction Horizon 2020, ISA 99, Flame…
• Key elements to have business in control • Today’s ICS Security Landscape in depth analysis: Tsunami is arriving…
• Problem statement Samuel Linares, Cyber Security Services Director, Intermark
• Constant factors
• What do we need 2.40 Panel Discussion — Evaluating the counter measures
• Data flows – rules/criteria • The use of effective PR
• Examples and what next? • An active response
Oskar Wols, Solution Architect, Shell • The legal framework
Tim Holman, UK President, ISSA (Information Systems Security Association)
10.10 Stronger than Firewalls: A Novel Approach for Mitigating Cyber David Alexander, Head of Vulnerability Research, Regency IT Consulting
Threats and Risks Targeted at Oil & Gas Facilities Samuel Linares, Cyber Security Services Director, Intermark
• IT Security Best Practices - Myth vs. Reality
• Emerging Industrial Security Best Practices – modern approach 3.10 Assurance - Much More Than Ticking The Boxes
in meeting SCADA cyber threats • Chatham House study on CNI unearthed some really good standards and
• Regulatory Industrial Security measures review – NERC-CIP practices, and some pretty awful ones too. What made the difference?
CAN-24, The Unidirectional Gateway requirements • Does instinct for risk management in cyber count for much more than
• Industrial cyber security reference architecture for SCADA applications adherence to a complex rule book?
• Common Unidirectional Gateway deployment scenarios in
industrial/utility facilities • How would such a rule book keep pace with the cyber environment?
Danny Berko, Product Marketing Manager, Waterfall Security Solutions • Are the right people running the show?
David Livingston, Director, Chatham House
10.50 Morning Coffee
3.40 Afternoon Tea
11.20 Session details to be announced
Oded Blatman, CEO, CIP Security Company Ltd 4.10 Flame. Setting Stuxnet on fire!
• Is the criminal world getting the better of us?
12.00 Overcoming Challenges in Network Security Control Deployments • Are we powerless to stop malevolent hackers?
for SCADA Environments • Is our greed for new technology pulling the wool over our eyes?
• Risk Analysis • Now APTs are a reality for all businesses, what can we do to mitigate
• Traffic Analysis their effects?
• Requirements Refinement Tim Holman, UK President, ISSA (Information Systems Security Association)
• Security Optimization
Hassan Karim, Communications Security Engineer, Saudi Aramco 4.40 Situational Awareness - Understanding the Threat Architecture
• What is “threat” and who might be involved?
12.30 Human Factors in Oil & Gas Cyber Security • What Roles might different people be taking?
• Major human factor considerations in securing Oil & Gas assets • What does this mean for us?
• Situational awareness - Understanding and assessing vulnerability • What should we be looking for?
• Security incident handling and decision making Tom Fairfax, Director & Head of Advisory Services, SRM - Solutions
• Recover from a disaster; safely, securely and efficiently
Olav Mo, Oil & Gas Cyber Security Manager, ABB Limited
Iain Brownlie, Senior Consultant, CISSP, ABB Limited 5.10 Systematic Risk Management and Insider Threats
• SCADA and Cyber-Physical Systems
1.10 Networking Lunch • Systematic risk management in an industrial setting
• Identifying and mitigating insider threats
2.10 Tsunami! Will you keep watching the wave? Christian Probst, Language-based Technology, Technical
• Description of the current socio-economic situation and the impact of University of Denmark
the Critical Infrastructures Protection and Industrial Control Systems
Security (or its absence) in our life (personal and professional), in our 5.40 Chairman's Closing Remarks and Close of Day One
organizations and in our countries. David Alexander, Head of Vulnerability Research, Regency IT Consulting
Register online at www.smi-online.co.uk/2012cyber-security.asp • Altern
Sponsored by
ABB www.abb.com/oilandgas
ABB is a global leader in automation, electrical, safety, telecommunications and instrumentation in the Oil and Gas industry. Full life cycle
and consulting services help protect and optimise assets. ABB offer vulnerability assessments, incident handling, remote access platforms
and security client server management, such as security event monitoring.
CIP Security Company www.cipsec.com
Finmeccanica Cyber Solutions www.finmeccanica.co.uk/cyber
CYBER SOLUTIONS Finmeccanica Cyber Solutions in the UK represents the best in cyber security and information assurance. It secures high level information systems at the
heart of the UK’s security, and enables secure collaboration with allies. Finmeccanica is working with the emergency services to improve interoperability,
deliver real value and front line effectiveness in the fight against terrorism, and resilient contingency planning.
Lumension www.lumension.com
Lumension A global leader in operational endpoint security, develops, integrates and markets security software solutions that help
businesses protect their vital information and manage critical risk across network and endpoint assets.
Lumension: IT Secured. Success Optimized.™ For more information, go to www.lumension.com.
Waterfall Security www.waterfall-security.com
Waterfall Security is the leading provider of Unidirectional Security Gateways™ for industrial control networks and critical infrastructures.
Waterfall’s Unidirectional Gateways reduce the cost and complexity of compliance with regulations, as well as with cyber-security best
practices. Waterfall’s products are deployed worldwide in utilities and critical national infrastructures. Frost & Sullivan awarded Waterfall
the 2012 Network Security Award for Industrial Control Systems Entrepreneurial Company of the Year. Waterfall’s offerings include support
for leading industrial applications, including the OSIsoft PI™ Historian, the GE Proficy™ iHistorian, Siemens SIMATIC™/Spectrum™
solutions, as well as OPC, Modbus, DNP3, ICCP and other industrial protocols.
3. Oil and Gas Cyber Security www.smi-online.co.uk/2012cyber-security.asp
8.30 Registration & Coffee 1.30 The challenges of Security Architectures for Industrial Control
DAY TWO | THURSDAY 15TH NOVEMBER 2012
Systems
9.00 Chairman's Opening Remarks • This presentation looks at the high-level technical issues in
David Alexander, Head of Vulnerability Research, Regency IT Consulting designing and implementing Security Architectures in Industrial
Control Systems integrated into a corporate network.
9.10 Security; a new paradigm? David Alexander, Head of Vulnerability Research, Regency IT Consulting
• Foundations for discussions
• How traditional security silos can respond to the emerging threat 2.00 Defending against APTs
landscape • Why the APT presents a significant challenge
Phil Jones, Information Security & Business Continuity, GDF SUEZ • Current defence options
E&P UK Ltd • Limitations and challenges
• Cutting edge thinking – future solutions
9.40 Are the Cyber risks seen in the past few years hype or reality? Sadie Creese, Professor of Cybersecurity, University of Oxford
• The false myth: SCADA network are not open to public networks.
• What needs to be dealt with at C level 2.30 The challenges and opportunities of the converging worlds of
• Why is security often mistaken for safety Information and Operations technologies
• The "air gap" myth • Why information and operation technologies are converging
• Vulnerability Assessments vs 0 days • What are the challenges of this convergence
• Penetration testing vs CIRT • What are the benefits of convergence
• Real security vs Policy and Awareness and why they must match • The future role of the IT department in operations technology in energy
• The ability to monitor and track behavioural statistics on the companies
network Justin Lowe, Managing Consultant, PA Consulting Group
Simon O'Gorman, Head of Cyber Services Sales, Finmeccanica
3.00 Case Study: Enhancing network monitoring and situational awareness
10.20 Morning Coffee in critical infrastructure
• Current approaches to network monitoring and situational awareness
10.50 Welcome to the Age of Weaponized Malware • Strengths and shortcomings of current approaches
• Numerous countries have now empowered their government • Non-signature based approaches for improved monitoring and
agencies to carry out state-sponsored malware attacks. situational awareness
• How exactly did we get to this point and what are the factors and • Discussion of 2 use cases
threats that you need to be aware of? Damiano Bolzoni, COO, Security Matters
• What are key risk vectors most commonly exploited by recent state
sponsored attacks like Stuxnet and Flame? 3.30 Afternoon Tea
• What are most important pragmatic steps that every organization
can take to reduce their risk without negatively impacting their 4.00 Best practices in supply chain information risk management
productivity? • Identifying and following information in a supply chain
Alan Bentley, SVP World Sales, Lumension Security Ltd. • Using maturity models to drive control selection, assessment and
audit approaches
11.30 Cyber Security Threats to critical National Infrastructure including • Integrating information risk into supply chain management processes
SCADA and PLCs • Aligning information risk to industry standards
• Insider threats Adrian Davis, Principal Research, Information Security Forum
• Advanced Persistent Threats
• Cyber Crime 4.30 Lessons learnt after recent targeted attacks — how to protect against
David Spinks, Chairman, CSIRS future attacks like Flame?
• Insight into the investigations regarding Duqu and Flame
12.00 Panel Discussion — Risk Management Strategies • Targeted attacks on digital signature trust, cryptographic attacks,
• Evaluating the vulnerability of the industry to cyber attacks handling of incidents, collaboration with partners and information
• What strategies are the most effective? sharing.
• The roadmap – Policies and standards • Insight on why and how managing the kind of threat consumes more
David Alexander, Head of Vulnerability Research, Regency IT Consulting resources than the technical work
David Spinks, Chairman, CSIRS • Countermeasure – company-tailored solutions into the network of the
Boldizsar Bencsath, Assistant Professor, Laboratory of customer
Cryptography and Systems Security Boldizsar Bencsath, Assistant Professor, Laboratory of Cryptography
Danny Berko, Product Marketing Manager, Waterfall Security and Systems Security
Solutions
5.00 Chairman's Closing Remarks and Close of Day Two
12.30 Networking Lunch David Alexander, Head of Vulnerability Research, Regency IT Consulting
natively fax your registration to +44 (0)870 9090 712 or call +44 (0)870 9090 711
Supported by
Want to know how
you can get involved?
Interested in promoting your
energy services to this market?
Contact Vinh Trinh,
SMi Marketing on
+44 (0)20 7827 6140, or
email: vtrinh@smi-online.co.uk
4. HALF DAY PRE CONFERENCE WORKSHOP
Approaches to network monitoring and situational
awareness in critical infrastructure
Tuesday 13th November 2012, Copthorne Tara Hotel, London
13.30pm – 18.00pm
Workshop leader: Dr Damiano Bolzoni PhD , Chief Operations Officer, SecurityMatters
Overview of workshop About the workshop leader:
This workshop will present solutions Programme Dr Damiano Bolzoni (1981) received his PhD in 2009
currently available for monitoring from the University of Twente, where he performed
critical networks and situational 8.30 Registration and Coffee research on anomaly-based intrusion detection.
awareness. We will analyse what are Since 2008 he has been involved in securing
the major strengths and weaknesses 14.00 Chairman’s Opening Remarks computer networks of critical infrastructure. Before
of each approach, when it can be used joining the University of Twente, he has been working
and what is the output users can 14.30 Current Solutions for Networking for the Italian branch of KPMG, within the Information
expect. We will wrap up the session • Signature-based Risk Management division. Since 2009 he holds the
with demonstrations of the • Rule-based position of Chief Operations Officer within
approaches presented using real-life • Behaviour-based SecurityMatters BV.
examples. • Visualization
About SecurityMatters:
15.30 Advantages and disadvantages of each approach SecurityMatters develops and markets state-of-the-
Who should attend? • Where when and what to use art network monitoring and intrusion detection
Executive-level, Director-level leaders • Which threats can be detected systems. With 10+ cumulative years of academic
and their staffs who are charged with • Technical skills required to operate research in IT security, and 5+ cumulative years of
monitoring networks and field experience in security auditing within a
safeguarding shareholder value in the 16.30 Coffee Break worldwide renowned consultancy firm in the past,
security world. SecurityMatters delivers an unmatched technology
17.00 Demo’s and hands on exercise to detect the latest and most advanced cyber threats.
SecurityMatters is committed to bring continuous
Why attend? 18.00 Q&A and chairman’s closing remarks innovations to the market to cope with the emerging
Catch up with current solutions for threats.
network monitoring and situational
awareness of critical networks.
ENERGY FORWARD PLANNER
OCTOBER FEBRUARY MARCH
Gas to Liquids E&P Information & Data Unconventional Gas
4th & 5th October 2012 Management 13th & 14th March 2013
Marriott Hotel Regents Park 6 & 7 February 2013 Copthorne Tara Hotel
London, UK Copthorne Tara Hotel London, UK
London, UK
NOVEMBER Oil & Gas Satellite
Oil and Gas Cyber Security FLNG Communications
13th & 14th February 2013 20th & 21st March 2013
14th & 15th November 2012
Copthorne Tara Hotel Copthorne Tara Hotel
Copthorne Tara Hotel
London, UK London, UK
London, UK
SPONSORSHIP AND EXHIBITION OPPORTUNITIES
SMi offer sponsorship, exhibition, advertising and branding packages, uniquely tailored to complement your company’s marketing
strategy. Should you wish to join the increasing number of companies benefiting from promoting their businesses at our
conferences please call: Jules Omura on +44 (0) 20 7827 6018 or email: jomura@smi-online.co.uk
5. OIL AND GAS CYBER SECURITY
Conference: Wednesday 14th and Thursday 15th November 2012, Copthorne Tara Hotel, London, UK Workshop: Tuesday 13th November 2012, London, UK
4 WAYS TO REGISTER
www.smi-online.co.uk/2012cyber-security.asp
FAX your booking form to +44 (0) 870 9090 712 POST your booking form to: Events Team, SMi Group Ltd, 2nd Floor South,
PHONE on +44 (0) 870 9090 711 Harling House, 47-51 Great Suffolk Street, London, SE1 0BS, UK
EARLY BIRD □ Book by 20th July 2012 to receive a £300 off the conference price
DISCOUNT □ Book by 28th September 2012 to receive a £100 off the conference price
CONFERENCE PRICES
I would like to attend: (Please tick as appropriate) Fee Total
□ Conference & Workshop £2098.00 + VAT £2517.60
□ Conference only £1499.00 + VAT £1798.80
□ Workshop only £599.00 + VAT £718.80
Unique Reference Number
PROMOTIONAL LITERATURE DISTRIBUTION
Our Reference LVE-023
□ Distribution of your company’s promotional
literature to all conference attendees £999.00 + VAT £1198.80
DELEGATE DETAILS
Please complete fully and clearly in capital letters. Please photocopy for additional delegates. GROUP DISCOUNTS AVAILABLE
Title: Forename:
Surname: The conference fee includes refreshments, lunch, conference papers and access
to the Document Portal containing all of the presentations.
Job Title:
Department/Division:
Company/Organisation: VENUE Copthorne Tara Hotel, Scarsdale Place, Kensington, London W8 5SR
Email: □ Please contact me to book my hotel
Company VAT Number: Alternatively call us on +44 (0) 870 9090 711,
Address:
email: hotels@smi-online.co.uk or fax +44 (0) 870 9090 712
Town/City:
DOCUMENTATION
Post/Zip Code: Country: I cannot attend but would like to purchase access to the following Document
Direct Tel: Direct Fax: Portal/paper copy documentation Price Total
□ Access to the conference documentation
Mobile:
on the Document Portal £499.00 + VAT £598.80
Switchboard: □ The Conference Presentations – paper copy £499.00 - £499.00
(or only £300 if ordered with the Document Portal)
Signature: Date:
I agree to be bound by SMi's Terms and Conditions of Booking.
ACCOUNTS DEPT PAYMENT
Title: Forename: Payment must be made to SMi Group Ltd, and received before the event, by one of the
Surname: following methods quoting reference E-023 and the delegate’s name. Bookings made within
7 days of the event require payment on booking, methods of payment are below. Please
Email: indicate method of payment:
Address (if different from above):
□ UK BACS Sort Code 300009, Account 00936418
□ Wire Transfer Lloyds TSB Bank plc, 39 Threadneedle Street, London, EC2R 8AU
Swift (BIC): LOYDGB21013, Account 00936418
Town/City: IBAN GB48 LOYD 3000 0900 9364 18
□ Cheque We can only accept Sterling cheques drawn on a UK bank.
Post/Zip Code: Country: □ Credit Card □ Visa □ MasterCard □ American Express
Direct Tel: Direct Fax: All credit card payments will be subject to standard credit card charges.
Card No: □□□□ □□□□ □□□□ □□□□
Terms and Conditions of Booking Valid From □□/□□ Expiry Date □□/□□
CVV Number □□□□ 3 digit security on reverse of card, 4 digits for AMEX card
Payment: If payment is not made at the time of booking, then an invoice will be issued and must be
paid immediately and prior to the start of the event. If payment has not been received then credit card
details will be requested and payment taken before entry to the event. Bookings within 7 days of
event require payment on booking. Access to the Document Portal will not be given until payment
has been received.
Cardholder’s Name:
Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, another
delegate to take your place at any time prior to the start of the event. Two or more delegates may
not ‘share’ a place at an event. Please make separate bookings for each delegate. Signature: Date:
Cancellation: If you wish to cancel your attendance at an event and you are unable to send a I agree to be bound by SMi's Terms and Conditions of Booking.
substitute, then we will refund/credit 50% of the due fee less a £50 administration charge,
providing that cancellation is made in writing and received at least 28 days prior to the start of the Card Billing Address (If different from above):
event. Regretfully cancellation after this time cannot be accepted. We will however provide the
conferences documentation via the Document Portal to any delegate who has paid but is unable to
attend for any reason. Due to the interactive nature of the Briefings we are not normally able to
provide documentation in these circumstances. We cannot accept cancellations of orders placed
for Documentation or the Document Portal as these are reproduced specifically to order. If we have
to cancel the event for any reason, then we will make a full refund immediately, but disclaim any
further liability.
Alterations: It may become necessary for us to make alterations to the content, speakers, timing,
venue or date of the event compared to the advertised programme.
Data Protection: The SMi Group gathers personal data in accordance with the UK Data Protection
Act 1998 and we may use this to contact you by telephone, fax, post or email to tell you about other
VAT
products and services. Unless you tick here □ we may also share your data with third parties VAT at 20% is charged on the attendance fees for all delegates. VAT is also charged on Document
offering complementary products or services. If you have any queries or want to update any of the
data that we hold then please contact our Database Manager databasemanager@smi-online.co.uk Portal and Literature Distribution for all UK customers and for those EU customers not supplying
or visit our website www.smi-online.co.uk/updates quoting the URN as detailed above your
address on the attached letter. a registration number for their own country here: ______________________________________
If you have any further queries please call the Events Team on tel +44 (0) 870 9090 711 or you can email them at events@smi-online.co.uk