Nuclear cyber security conference | Realisation of the Industrial Control Cyber Threat to Critical National Infrastructure

Day One May 22nd 2018

**Programme Subject to Change**


Welcome from the Cyber Senate and Introduction to our Chairman


Chris Blask


Director, Industrial Control Systems Security


The Future of Cyber Security

What will resilience will look like in the 21st century and beyond?

More details to follow!


Matthew Griffin

311 Institute

Disruption, Futures and Innovation expert


Audience Participation and Discussion with the ONR

  • Is regulation have the intended effect?
  • SYAPS – A discussion on the realised and intended benefits

Your views please, comments and questions for the Office for Nuclear Regulation


Tom Parkhouse

Office for Nuclear Regulation

Head of Nuclear Cyber Security Regulation within the Civil Nuclear Security Division


Coffee and Networking


Perceptions of Drives and Common Misunderstandings

Nuclear Safety Regulatory Perspective

Safety of Supply

-Remit from CNI


Ensuring cyber supports resilience

Systems are deemed safe, systems are deemed resilient

Perspectives and Outcomes
-Cyber security and safety needs to morph into safety cases

– Assumptions in safety

– Safety and security lifecycles



Phil Litherland

Context Information Security

Principal Consultant Strategy & Advisory


Meeting the Growing Cyber Threat – A Journey That Never Ends

  • Initial Analysis and developing the plan (Peter)
  • Keeping the board on side (Peter)
  • Key Milestones – delivering year on year (Will)
  • External support – value added but at a cost (Will)
  • Measuring Progress  (Will)
  • Culture and regulations – how they impact (Peter)

Peter Fraser Hopewell

ETC-Enrichment Technology Company

ETC Head of Group Security


Will Ollerhead

ETC-Enrichment Technology Company

Group Information Security Manager


Threat Overview

  • Key incidents
  • Triton Trisis discussion and overview
  • BEIS strategy

Simon T


Civil Nuclear Sector Lead


Securing level 1 I&C: A Practitioners’ View

Hinkley Point C is the first UK nuclear plant in a generation. Our focus is to maintain safety by protecting the level 1 automation systems (PLCs). However, most ICS security measures focus on protecting the PC-based level 2 and level 3 systems connected to them. This presentation will discuss one view on the direct threat to level 1 systems, and how they can be hardened.


Cavus Batki

EDF Nuclear New Build

Design Authority Cyber Security Specialist


Networking Lunch


Panel: How we can adopt a Secure by Design approach, especially given the challenges with new technology being introduced at Level 0/1?

Do we need better collaboration in C Level technology decisions? Are there any policies or protocol to ensure new technologies are tested? Are procurement and cyber teams sharing information on potential threats to introducing new technologies?
Are IOT devices secure by design before installation? Have we thoroughly tested the consequence and impact of new technologies before implementation? Is this part of our cyber risk management strategy? If not how can we better communicate and collaborate with each other, define this process prior to implementation? Is this a cyber risk management discussion, or supply chain? Both?
Should we accept that we will be bolting on security for the foreseeable future and is the best strategy to further accept this and work on our incident response and recovery strategy?


Cavus Batki

EDF Nuclear New Build

Design Authority cyber security specialist


John Dickinson

Sellafield Ltd

Senior OT Cybersecurity Specialist, Security and Resilience


If its Not Secure, its Not Safe” - Security in the Nuclear Safety Case

  • How to evaluate the impact of security on the safety case
  • What changes to  mindset and methodology are needed?
  • Do claims, arguments and evidence help or hinder?

Robin Bloomfield




"Red Teaming, and beyond" Presentation and Audience discussion

In 2017, we discussed the “Adoption of a Red Teaming Approach”

Addressing a common approach to IT/OT, understanding consequences, identifying mitigations, how current safety processes can be revised to address security and future steps.

This year, we will discuss how we can possibly take this into a wider assurance model.


John Dickinson

Sellafield Ltd

Senior OT Cybersecurity Specialist, Security & Resilience


Coffee and Networking





The Importance of Configuration Management in the Context of Operational Security

Cyber incidents really bring home the need for organisations to understand their networks and have good configuration management. This talk explores the challenges of establishing and maintaining good configuration management and why organisations need to do this in order to prevent and respond to cyber-attacks.


Richard Holmes


UK Cyber Security Services Lead


“Advanced” USB Attacks -- and How to Stop Them

The landscape of USB-based threats is constantly evolving, as with all of cyber security, and traditional countermeasures like patching and antivirus alone just aren’t enough.  We’ll take a look at the USB standard to understand new avenues of attack and exploitation, many of which bypass the file system altogether.  With this understanding, we’ll dissect new threats which exploit USB devices and go beyond the simple infected files of years past.  Specifically, we’ll look at attacks that:


  • Spread to your machine without a user opening or executing the files
  • Jump from device to device by infecting the firmware of USB devices and controllers
  • Retrieve passwords and other sensitive information even from a locked PC
  • Take advantage of the USB standard to present itself as a keyboard or other devices to execute arbitrary payloads
  • Manipulate the Intel Management Engine directly via USB

Eric Knapp


Chief Engineer and Global Director of Solutions and Technology


Industrial Control System Security- Enabling Business with Digital Infrastructure

  • The World is Changing for Industrial Enterprises
  • There Will Be Winners and Losers
  • Cryptographic Zoning
  • ISA99 Architecture
  • Plan to Embrace Digital Innovation

Chris Blask


Director, Industrial Control Systems Security at Unisys


End of Day One and Networking Drinks Reception

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.


Newsletter Text

Stay Up To Date On Everything The Cyber Senate Is Doing. Click Here To Sign Up For Our Newsletter Today!