Nuclear cyber security conference | Realisation of the Industrial Control Cyber Threat to Critical National Infrastructure

Day One May 22nd 2018

**Programme Subject to Change**

9:00

Welcome from the Cyber Senate and Introduction to our Chairman

Speaker

Chris Blask

Unisys

Director, Industrial Control Systems Security

9:10

The Future of Cyber Security

What will resilience will look like in the 21st century and beyond?

More details to follow!

Speaker

Matthew Griffin

311 Institute

Disruption, Futures and Innovation expert

9:40

Audience Participation and Discussion with the ONR

  • Is regulation have the intended effect?
  • SYAPS – A discussion on the realised and intended benefits

Your views please, comments and questions for the Office for Nuclear Regulation

Speaker

Tom Parkhouse

Office for Nuclear Regulation

Head of Nuclear Cyber Security Regulation within the Civil Nuclear Security Division

10:20

Coffee and Networking

10:50

Perceptions of Drives and Common Misunderstandings

Nuclear Safety Regulatory Perspective

Safety of Supply

-Remit from CNI

-Misalignments

Ensuring cyber supports resilience

Systems are deemed safe, systems are deemed resilient

Perspectives and Outcomes
-Cyber security and safety needs to morph into safety cases

– Assumptions in safety

– Safety and security lifecycles

 

Speaker

Phil Litherland

Context Information Security

Principal Consultant Strategy & Advisory

11:20

Meeting the Growing Cyber Threat – A Journey That Never Ends

  • Initial Analysis and developing the plan (Peter)
  • Keeping the board on side (Peter)
  • Key Milestones – delivering year on year (Will)
  • External support – value added but at a cost (Will)
  • Measuring Progress  (Will)
  • Culture and regulations – how they impact (Peter)
Speaker

Peter Fraser Hopewell

ETC-Enrichment Technology Company

ETC Head of Group Security

Speaker

Will Ollerhead

ETC-Enrichment Technology Company

Group Information Security Manager

11:50

Threat Overview

  • Key incidents
  • Triton Trisis discussion and overview
  • BEIS strategy
Speaker

Simon T

NCSC

Civil Nuclear Sector Lead

12:20

Securing level 1 I&C: A Practitioners’ View

Hinkley Point C is the first UK nuclear plant in a generation. Our focus is to maintain safety by protecting the level 1 automation systems (PLCs). However, most ICS security measures focus on protecting the PC-based level 2 and level 3 systems connected to them. This presentation will discuss one view on the direct threat to level 1 systems, and how they can be hardened.

Speaker

Cavus Batki

EDF Nuclear New Build

Design Authority Cyber Security Specialist

12:50

Networking Lunch

13:50

Panel: How we can adopt a Secure by Design approach, especially given the challenges with new technology being introduced at Level 0/1?

Do we need better collaboration in C Level technology decisions? Are there any policies or protocol to ensure new technologies are tested? Are procurement and cyber teams sharing information on potential threats to introducing new technologies?
Are IOT devices secure by design before installation? Have we thoroughly tested the consequence and impact of new technologies before implementation? Is this part of our cyber risk management strategy? If not how can we better communicate and collaborate with each other, define this process prior to implementation? Is this a cyber risk management discussion, or supply chain? Both?
Should we accept that we will be bolting on security for the foreseeable future and is the best strategy to further accept this and work on our incident response and recovery strategy?

Speaker

Cavus Batki

EDF Nuclear New Build

Design Authority cyber security specialist

Speaker

John Dickinson

Sellafield Ltd

Senior OT Cybersecurity Specialist, Security and Resilience

14:20

If its Not Secure, its Not Safe” - Security in the Nuclear Safety Case

  • How to evaluate the impact of security on the safety case
  • What changes to  mindset and methodology are needed?
  • Do claims, arguments and evidence help or hinder?
Speaker

Robin Bloomfield

Adelard

Partner

14:50

"Red Teaming, and beyond" Presentation and Audience discussion

In 2017, we discussed the “Adoption of a Red Teaming Approach”

Addressing a common approach to IT/OT, understanding consequences, identifying mitigations, how current safety processes can be revised to address security and future steps.

This year, we will discuss how we can possibly take this into a wider assurance model.

Speaker

John Dickinson

Sellafield Ltd

Senior OT Cybersecurity Specialist, Security & Resilience

15:20

Coffee and Networking

 

 

 

15:50

The Importance of Configuration Management in the Context of Operational Security

Cyber incidents really bring home the need for organisations to understand their networks and have good configuration management. This talk explores the challenges of establishing and maintaining good configuration management and why organisations need to do this in order to prevent and respond to cyber-attacks.

Speaker

Richard Holmes

CGI

UK Cyber Security Services Lead

16:20

“Advanced” USB Attacks -- and How to Stop Them

The landscape of USB-based threats is constantly evolving, as with all of cyber security, and traditional countermeasures like patching and antivirus alone just aren’t enough.  We’ll take a look at the USB standard to understand new avenues of attack and exploitation, many of which bypass the file system altogether.  With this understanding, we’ll dissect new threats which exploit USB devices and go beyond the simple infected files of years past.  Specifically, we’ll look at attacks that:

 

  • Spread to your machine without a user opening or executing the files
  • Jump from device to device by infecting the firmware of USB devices and controllers
  • Retrieve passwords and other sensitive information even from a locked PC
  • Take advantage of the USB standard to present itself as a keyboard or other devices to execute arbitrary payloads
  • Manipulate the Intel Management Engine directly via USB
Speaker

Eric Knapp

Honeywell

Chief Engineer and Global Director of Solutions and Technology

16:50

Industrial Control System Security- Enabling Business with Digital Infrastructure

  • The World is Changing for Industrial Enterprises
  • There Will Be Winners and Losers
  • Cryptographic Zoning
  • ISA99 Architecture
  • Plan to Embrace Digital Innovation
Speaker

Chris Blask

Unisys

Director, Industrial Control Systems Security at Unisys

17:20

End of Day One and Networking Drinks Reception

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close

Newsletter Text

Stay Up To Date On Everything The Cyber Senate Is Doing. Click Here To Sign Up For Our Newsletter Today!