Nuclear cyber security conference | Realisation of the Industrial Control Cyber Threat to Critical National Infrastructure

Day Two May 23rd 2018

**Programme Subject to Change**

9:00

Welcome Back

Speaker

Chris Blask

Unisys

Director, Industrial Control Systems Security

9:10

Industry 4.0 Standardization on Cybersecurity & Interoperability from the Nuclear Integrator’s Perspective

  • Cybersecurity in Industry 4.0
  • Interoperability and Functional Safety in Industry 4.0
  • The Safety / Cybersecurity Interface
  • Relation to Generic and Nuclear Cybersecurity Standards
  • Impact on Nuclear and Critical Infrastructure
Speaker

Dr. Karl WAEDT

Framatome GmbH ICPGDA

Concepts & Architecture / Cybersecurity

9:40

Injecting Cybersecurity Throughout the Nuclear Infrastructure Lifecycle

  • Impact of Cybersecurity in an industrial mega-project
  • Cybersecurity activities in the infrastructure lifecycle
  • New approach to Cybersecurity Risk Evaluation in Nuclear environments
  • Cybersecurity in the Nuclear supply chain management
  • Closing Remarks
Speaker

Alfonso Martín

iHacklabs

Senior Manager Industrial Cybersecurity

10:20

Coffee an Networking

10:50

Civil Nuclear Power - The Cyber Security Perspective

The talk will discuss the situation at nuclear facilities in the digital age. It will elaborate on the cyber-related challenges of the safety and security domains. Furthermore, the talk will introduce the concept of design basis threat which represents the IAEA methodology for risk treatment in terms of physical protection and will have a look how cyber fits into this model. Finally, some international initiatives on cyber security will be presented.

Speaker

Guido Gluschke

Institute for Security and Safety (ISS) at the Brandenburg University of Applied Sciences

Co-Director

11:20

Risk Assessments in critical infrastructure ICS, An Operators Perspective

  • A contextual approach
  • How to tackle Cyber Security Risk?
  • Risk Management Methodology
  • Defining parameters
  • Real World KPI’s
Speaker

Franky Thrasher

ENGIE Laborelec

Information Systems Security Officer and Senior Cybersecurity Expert

11:50

Bring Your Own Device: Bring Your Own Risk

  • BYOD in Context
  • BYOD Benefits
  • BYOD Risks and Threats
  • BYOD Security
  • BYOD Law
  • BYOD Policy, Guidance and Solutions
  • Conclusions for the Nuclear Industry
Speaker

Dai Davis

Percy Crow Davis & Co

Technology Lawyer

12:20

Hacking ICS in Nuclear Facilities, from Telemetry to Mobile Data

With 20 years’ involvement in industrial control systems security, and several of our team experienced in running electricity, water, and gas control rooms, we are very familiar with the security challenges in the sector- so familiar that we correctly predicted an attack similar to Stuxnet at an ICS security event in 2007.

In this session we will demonstrate live ICS hacks, showing how ladder logic can be manipulated. We’ll also cover why remote telemetry is becoming increasingly important in the nuclear industry: telemetry loss during the Fukushima incident significantly affected the ability to manage it. We’ll explore some of the security issues that mobile data and satellite communications bring to the security of nuclear sites. This includes the compromise of private APNs for mobile data, and satcom terminal hacks, with ways to mitigate risk.

Speaker

Chris Pritchard

Pen Test Partners

Security Consultant

12:50

Networking Lunch

13:50

Masterclass: OT Engineering Competencies for Cyber Security. What their Training Needs Might Look Like

Speaker

Mike St John Green

Independent Information Security Expert

Subject Matter Expert

14:20

Coffee and Networking

14:50

Roundtable Working Groups: Making sense of Standards, Supply Chain Risk and Understanding what is on your Network

Making Sense of Standards

Following on from our past Supply Chain panels, let’s take this opportunity to address Standards.

  • A look at IEC62443, IAE series, NIST, Usnrc 5.71
  • How will operators cope with the amount of responsibility?
  • Why are we not seeing more responsibilities passed onto suppliers or OEM’s?


Incident Response and Corporate Integration

  • How can we integrate the C-suite, IT, security, legal, communications, and incident response handling teams across the enterprise?
  • Do we have board members championing the IR programme?
  • Do we have the leadership required (and investment) to build effective teams and if not, how can we influence the C Suite that incident response is a business enabler?
  • Are we progressing in integrating operational risk management processes more systematically?
  • Is the impact on business better understood?
  • Is our prioritisation of of incidents more accurate today then in previous years?

Supply Chain and IOT Risk – What is on your Network?

  • Are we changing the way we are thinking about supply chain risk in the nuclear sector?
  • Are we improving situational awareness, do we have a comprehensive view of our asset base?
  • Can supply chain risk be more effectively addressed if it is redefined as a software risk management strategy?
  • Are the suppliers best placed to support, develop and define best practice and procedures? Are they doing their part?
  • Are we training facilities managers to understand cyber security vulnerabilities with devices?
  • If collaboration with suppliers and OEM’s is the solution, is this happening?

 

 

 

 

16:10

Moving Forward-Best Practice Outcomes

Roundtable Working Group table leaders will share the outcomes of their collaborative sessions

  • How we can overcome current challenges
  • How we can share information more effectively
  • How can we implement these action points in our organisations and our work moving forward
16:40

End of Day Two and Conference

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close

Newsletter Text

Stay Up To Date On Everything The Cyber Senate Is Doing. Click Here To Sign Up For Our Newsletter Today!