Behavior, Detection,Applications and Devices

SMi proudly present their 3rd Annual Conference

11th - 12th March 2013Copthorne Tara Hotel, London,United Kingdom

Approaches to Network Monitoring and Situational Awareness in Critical InfrastructurePresented by Dr Damiano Bolzoni, University of Twente

KEY SPEAKERS INCLUDE:• European Network and Information SecurityAgency, Head of Resilience and CIIP Unit, Dr. Vangelis Ouzounis

• European SCADA and Control SystemsInformation Exchange, ChairEuropean Reference Network of CriticalInfrastructure Protection, Coordinator Annemarie Zielstra

• Iberdrola, IT Manager SIMOD, Miguel Escamilla Chavero

• E.ON, Information Security Manager,Gitte Bergknut

• Enel Distribuzione SpA, IT and SecuritySystems, Daniela Pestonesi

• Con Edison of New York, Smart Grid ProjectManager, Patricia Robison

• Vattenfall, Senior Research and DevelopmentEngineer, Daniel Zajd

• Alliander, Alliance Manager Privacy &Security, Johan Rambi

• Swissgrid, Senior Advisor Operations, TSC SCChairman, Rudolf Baumann

• CRISALIS, FP7 Project Co-ordinator, Corrado Leita

• DNV KEMA Energy & Sustainability, BusinessDirector Management and OperationsConsulting, Maurice Adriaensen

• FOX IT, Sales Director Europe CNI,Henk Pieper

• Infrastructure Security Labs, President, John McNabb

• Cylance, Senior Researcher, Justin Clarke• Zigbee Alliance, Principal Consultant, Robert Cragie

• Security Matters, COO, Damiano Bolzoni• CNA Insurance, European Underwriting

Director, Technology & Cyber Risks, Jacob Ingerslev

www.smartgridcybersecurity.co.ukRegister online and receive full information on all of SMi’s conferences

Alternatively fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711

Book by the xxth December and save £300 off the conference price

SPONSORED BY

European Smart Grid Cyber and SCADA Security

POST CONFERENCE WORKSHOP 13th MARCH 2013 8.30AM-1.00PM

New for 2013

New for 2013

Register online at: www.smartgridcybersecurity.co.uk • Alternatively fax your registration

8.30 REGISTRATION & COFFEE

9.00 CHAIRMAN'S OPENING REMARKSMark Ossel, ESNA Board Member and VP, EchelonEnergy and Utility

EUROPEAN RECOMMENDATIONS

9.10 ENHANCING THE SECURITY OF SMART GRIDS — ENISA'S CONTRIBUTION• Recommendations on Smart Grids Security • Minimum Security Measures• Risks Assessment and Management of

Smart Grids • Certification of Smart Grids products• EU US co-operation on Smart GridsEvangelos Ouzounis, Senior Expert, Network SecurityPolicy, ENISA - European Network and InformationSecurity Agency

9.50 DEPLOYING WORLDWIDE CYBERSECURITY ON THERMAL POWER GENERATION CONTROL SYSTEMS• Iberdrola overview• Iberdrola & Thermal Stations Strategy• Cyber Security’s Goal and Vision• AURA Project (Cybersecurity projects

examples)• ConclusionsMiguel Chavero, IT Manager SIMOD, Iberdrola

10.30 MORNING COFFEE

RISK MANAGEMENT ASSESSMENT

11.00 RISK MANAGEMENT FOR CRITICAL INFRASTRUCTURE• Making security a priority• Lack of standards and the effect on investment• Cyber Security and Electricity pricing-

cause and effect• Fostering a culture of awareness• Measuring resiliency• Incident response and countermeasures• Technical, cultural, and political cooperation forsuccessMaurice Adriaensen, Business Regional DirectorManagement and Operations Consulting,DNV KEMA Energy & Sustainability

11.40 LESSONS LEARNED FROM THE NEW SMART METER/GRID RISK ASSESSMENT METHODOLOGY IN THE NETHERLANDS• Introduction• Explanation IS1 Risk Assessment methodology on

Smart Meter/Grid in NL• Practice on case “sector Privacy & Security AMI

requirements v2.0”• Lessons learned• Status European standard on Smart Grid Cyber

Security• Next stepsJohan Rambi, Alliance Manager Privacy & Security,Alliander

12.20 NETWORKING LUNCH

DETECTION, AWARENESS, CHALLENGES

1.50 FP7 EARLY WARNING DETECTION PRESENTED BY

CRISALIS

FP7 project funded by DG Enterprise called CRISALIS,

Critical Infrastructure Security AnaLysIS

• Project focuses: Creation of practical, short-term

solutions for the protection of critical infrastructure

environment from targeted attacks- primarily power

grid

• Consortium members- Enel, Symantec, Security

Matters and Alliander

• First deliverables of the project: Requirement study, in

which we will study in depth the characteristics of the

power generation and smart metering environments

• Identify risks and possible threat scenarios

• Feedback on our activity

Corrado Leita, Project Coordinator, CRISALIS

2.30 ICS CYBER SECURITY IN POWER GENERATION

AND FUTURE SCENARIO

• Electric grid and power generation scenario in Italy

• Power Generation: Architecture and Frameworks

• Risk Analysis: Threats and impacts

• CI owner requirements for ICS protection

• Enel Cyber Security ICS Laboratory

• CRISALIS project participation

Daniela Pestonesi, Project Leader Research Technical

Area, Automation & Diagnostics, Enel Engineering and

Research Spa

3.10 AFTERNOON TEA

3.40 CHALLENGES IN POWER-NETWORK SECURITY

AND IT

• Updates and improvements in power-network and IT

• Common processes, systems and collaboration

procedures

• Integration of system planning, operations and IT

• Future developments and sharing knowledge

Rudolf Baumann, Chairman of the Transmission

Security Cooperation, Senior Advisor Operations,

swissgrid AG

4.20 ENHANCING NETWORK MONITORING AND

SITUATIONAL AWARENESS IN CRITICAL

INFRASTRUCTURE

• Current approaches to network monitoring and

situational awareness

• Strengths and shortcomings of current approaches

• Non-signature based approaches for improved

monitoring and situational awareness

• Discussion of 2 use cases

Damiano Bolzoni, COO, Security Matters

5.00 CHAIRMAN'S CLOSING REMARKS AND

CLOSE OF DAY ONE

New for 2013

DAY ONE 11th March 2013 www.smartgridcybersecurity.co.uk

WORKSHOP O

N THIS

TOPIC M

ARCH 13TH

New for 2013

New for 2013

to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711 • GROUP DISCOUNTS AVAILABLE •

DAY TWO 12th of March 2013 www.smartgridcybersecurity.co.uk

New for 2013

New for

2013

8.30 REGISTRATION & COFFEE

9.00 CHAIRMAN'S OPENING REMARKSAnnemarie Zielstra, Director CPNINL, Centre for theProtection of National Infrastructure (CPNI)

9.10 HOW THE BOARD SHOULD TAKE CARE OF CYBER RESILIENCE• Cyber incidents on the increase, now a risk for any

business• This leads to serious concerns on business process

continuity, privacy of consumers, identity theft or theprotection of intellectual property

• Cyber resilience needs to be part of strategic (bothrisk and reputation) management and leadership isrequired

• Creating concrete, visible boardroom recognition ofcyber resilience, as an enabler for cyber benefits

• Translating boardroom recognition into riskmanagement, communications, legal and operations

Annemarie Zielstra, Chair of the European SCADA andControl Systems Information Exchange (EuroSCSIE) Coordinator of European Reference Network ofCritical Infrastructure Protection (ERNCIP) ThematicGroup on ICS and Smart Grids

9.50 SCADA AND ICS SECURITY EXPERIENCES • Experiences of how to run a Cyber Security program• Business Awareness and Societal Responsibility

- Compliance & Review- Training

• Use of technical mitigations such as IDS in - Cogeneration - Hydro- Heating

• Results and lessons learnedGitte Bergknut, MU Nordic Information SecurityManager, EON Sverige AB

SYSTEMS, DEVICES, APPLICATIONS

10.30 MORNING COFFEE

11.00 SMART GRID INTEGRATES LEGACY AND NEW ICS (SCADA, DCS, PLC) SYSTEMS, DEVICES, AND APPLICATIONS • Smart Grid Cyber Security – Integrating legacy and

new ICS enhances the grid and simultaneouslyincreases complexity and vulnerability

• Cyber Security – needs to address ICS at all levels:field devices, the device systems, the applicationssupporting the devices and systems, thecommunications/network interfacing to the devicesand systems, etc.

• ICS Cyber Security Controls: Technical, Physical,Administrative Risk Management – Smart Grid Morechallenging with increased complexity and extendedsystems and communications

• Leverage existing ICS standards and frameworks:IEC, NIST, DOE, ISA, ISO, NERC

• Smart Grid Architecture and Frameworks with ICS• Threats and Vulnerabilities• Examples of ICS systems utilized for Smart Grid :

transformers, switches, inverters, DGPatricia Robison, Smart Grid Project Manager, ConEdison of New York

11.40 CREATING AN APP CONNECTED TO A BACKEND SYSTEM• Low awareness within the organisation about the

effects of a connected app• The least secure point in a network will be the target• An app will be an extension of the companyenvironment• Data stored on the mobile deviceDaniel Zajd, Senior R and D Engineer, Vattenfall A B

12.20 NETWORKING LUNCH

1.50 SECURING DEVICES FOR HOME AND CONTROL NETWORKS• Home and Control Networks• What is a Home network (HAN)?• What is a Control Network?• Topologies• Devices

- Types of devices on home and control networks- Distinguishing characteristics- Security challenges- Information Security Pillars- Cryptography - Public key cryptography- Symmetric key cryptography- Hybrid cryptography- Protocol stack security - Building blocks- Frame security- Authentication and key establishment- Credentials- ZigBee SEP 1.0 stack security description- ZigBee SEP 2.0 stack security description

Robert Cragie, Chair, Security Task Group, Zigbee Alliance

2.30 SECURITY ISSUES OF CONTROL SYSTEMS & WIRELESS METERS AT DRINKING WATER UTILITIES• How do they differ from Smart energy meters?• Communications infrastructure vulnerabilities of fixed

and wireless• Lack of encryption• Theft • Data collection privacy• BillingJohn McNabb, Principal, Infrastructure Security Labs

3.10 AFTERNOON TEA

EXPOSING VULNERABILITIES AND CYBER RISK AND INSURANCE

3.40 VULNERABILITIES IN CRITICAL INFRASTRUCTURE AND EMBEDDED DEVICES• Key roles of embedded devices in our every day lives• Vulnerabilities in embedded system• Findings and impact behind several recent SCADA

vulnerabilities that had worldwide impact• Moving towards a resolution of existing vulnerabilities

and avoidance of future vulnerabilities -Education ofmanufacturers, end users, academia, government,and the general public

• The process that occurs when end users or thegeneral public identify vulnerabilities in criticalinfrastructure- What to expect- How to reduce your risk- How to leverage existing agencies - Processes to minimize your required effort

Justin Clarke, Security Researcher, Cylance

4.20 CYBER RISKS & INSURANCE• Cyber Crime as an Industry• Legal environment• What is Cyber Insurance• Industry specific exposures Jacob Ingerslev, European Underwriting Director, CNA Europe

5.00 CHAIRMAN'S CLOSING REMARKS AND CLOSE OF DAY TWO

Approaches to Network Monitoring and SituationalAwareness in Critical Infrastructure8.30am – 1.00pm In Association with University Twente

Overview of workshop

This workshop will present solutionscurrently available for monitoring criticalnetworks and situational awareness. Wewill analyse what are the major strengthsand weaknesses of each approach, whenit can be used and what is the outputusers can expect.

We will wrap up the session withdemonstrations of the approachespresented using real-life examples.

Why you should attend:• Understand the importance of

situational awareness and behaviouralmonitoring

• Gain insight in to the benefits anddisadvantages of signature based, rulebased, behavioural and visualisationbased solutions

• Learn what threats can be detectedand what skills are required to operate

• Interact with industry and engage withour workshop leader who is activelyinvolved in two security projects withmajor energy companies at present.

Programme

8:30 Registration and Coffee

9.00 Current solutions for network monitoring and situational awareness of critical networks- Signature-based- Rule-based- Behavior-based- Visualization

10.30 Advantages and disadvantages of each approach- Where and when use what- Which threats can be detected?- Technical skills required to operate

11.30 Coffee Break

12.00 Demonstrations

1.00 Question and Answer session

About the workshop host Dr Damian° Bolzoni (1981) received his PhD in 2009 from theUniversity of Twente, where he performed research on anomaly-based intrusion detection. Since 2008 he has been involved insecuring computer networks of critical infrastructure. Before joiningthe University of Twente, he has been working for the Italian branchof KPMG, within the Information Risk Management division. Since2009 he holds the position of Chief Operations Officer withinSecurityMatters BV.

POST CONFERENCE WORKSHOP Wednesday 13th March 2013, Copthorne Tara Hotel, London, UK

New for 2013. SMi's Event CommunitiesSMi Group is a global events business specialising in business to business conferences, workshopsand masterclasses. We successfully create and run 250 events every year across 6 sectorsincluding Defence and Security, Energy and Utilities, Finance and Pharmaceutical. We believe inbringing together the most knowledgeable experts from across the globe in each sector to learn,engage, share and network be it in London, Paris or Singapore.

To further enhance the SMi experience, we have launched our very own SMi Event Communities.These will be exclusive, private and secure communities in which our clients will learn, share,engage and network.

The SMi Event Communities will build and expand your experience beyond the conference,workshop or Masterclass you attend. Not just another "social network”, SMi’s Event Communitieshave been specifically designed around the needs of our delegates, speakers and sponsors,allowing all of our clients to foster longer term relationships with all of the other attendees beyondthe two day event for year round engagement.

To take part all you need to do is register for this event. SMi Group CommunitiesLearn Engage Share Network

DNV KEMA Energy & Sustainability, with more than 2,300 experts inover 30 countries around the world, is committed to driving the globaltransition toward a safe, reliable, efficient, and clean energy future. Witha heritage of nearly 150 years, we specialize in providing world-class,innovative solutions in the fields of business & technical consultancy,testing, inspections & certification, risk management, and verification.As an objective and impartial knowledge-based company, we advise andsupport organizations along the energy value chain: producers, suppliers& end-users of energy, equipment manufacturers, as well as governmentbodies, corporations and non-governmental organizations. DNV KEMAEnergy & Sustainability is part of DNV, a global provider of services formanaging risk with more than 10,000 employees in over 100 countries.For more information on DNV KEMA Energy & Sustainability, visitwww.dnvkema.com

Fox-IT prevents, solves and mitigates the most serious cyber threatswith innovative solutions for government, defense, law enforcement,critical infrastructure, banking, and commercial enterprise clientsworldwide. Our approach combines human intelligence and technologyinto innovative solutions that ensure a more secure society. We developcustom and packaged solutions that maintain the security of sensitivegovernment systems, protect industrial control networks, defend onlinebanking systems, and secure highly confidential data and networks.www.fox-it.com

SPONSORS

www.smartgridcybersecurity.co.uk

For Sponsorship or SpeakingOpportunities please contact

Jamison NesbittBusiness Development DirectorP: +44 (0) 20 7827 6164M: +44 (0) 7710 780 576Email: jnesbitt@smi-online.co.uk

Don’t miss out on socialmedia networking! Follow us on Twitter @UtilitiesSMi and join us on Linkedinhttp://uk.linkedin.com/in/smigroup

Supported by

EUROPEAN SMART GRID CYBER AND SCADA SECURITYConference: 11th & 12th March 2013, Copthorne Tara Hotel, London Workshops: 13th March 2013

4 WAYS TO REGISTER

FAX your booking form to +44 (0) 870 9090 712

PHONE on +44 (0) 870 9090 711

ONLINE at www.smartgridcybersecurity.co.uk

If you have any further queries please call the Events Team on tel +44 (0) 870 9090 711 or you can email them at events@smi-online.co.uk

POST your booking form to: Events Team, SMi Group Ltd, 2nd FloorSouth, Harling House, 47-51 Great Suffolk Street, London, SE1 0BS

Payment: If payment is not made at the time of booking, then an invoice will be issued andmust be paid immediately and prior to the start of the event. If payment has not been receivedthen credit card details will be requested and payment taken before entry to the event.Bookings within 7 days of event require payment on booking. Access to the Document Portalwill not be given until payment has been received.

Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, anotherdelegate to take your place at any time prior to the start of the event. Two or more delegatesmay not ‘share’ a place at an event. Please make separate bookings for each delegate.

Cancellation: If you wish to cancel your attendance at an event and you are unable to senda substitute, then we will refund/credit 50% of the due fee less a £50 administration charge,providing that cancellation is made in writing and received at least 28 days prior to the startof the event. Regretfully cancellation after this time cannot be accepted. We will howeverprovide the conferences documentation via the Document Portal to any delegate who haspaid but is unable to attend for any reason. Due to the interactive nature of the Briefings weare not normally able to provide documentation in these circumstances. We cannot acceptcancellations of orders placed for Documentation or the Document Portal as these arereproduced specifically to order. If we have to cancel the event for any reason, then we willmake a full refund immediately, but disclaim any further liability.

Alterations: It may become necessary for us to make alterations to the content, speakers,timing, venue or date of the event compared to the advertised programme.

Data Protection: The SMi Group gathers personal data in accordance with the UK DataProtection Act 1998 and we may use this to contact you by telephone, fax, post or email totell you about other products and services. Unless you tick here □ we may also share yourdata with third parties offering complementary products or services. If you have any queriesor want to update any of the data that we hold then please contact our Database Managerdatabasemanager@smi-online.co.uk or visit our website www.smi-online.co.uk/updates quotingthe URN as detailed above your address on the attached letter.

Unique Reference Number

Our Reference LV U-013

Terms and Conditions of Booking

DELEGATE DETAILSPlease complete fully and clearly in capital letters. Please photocopy for additional

delegates.

Title: Forename:

Surname:

Job Title:

Department/Division:

Company/Organisation:

Email:

Address:

Town/City:

Post/Zip Code: Country:

Direct Tel: Direct Fax:

Mobile:

Switchboard:

Signature: Date:I agree to be bound by SMi's Terms and Conditions of Booking.

ACCOUNTS DEPT

Title: Forename:

Surname:

Email:

Address (if different from above):

Town/City:

Post/Zip Code: Country:

Direct Tel: Direct Fax:

Payment must be made to SMi Group Ltd, and received before the event, by one ofthe following methods quoting reference D-018 and the delegate’s name. Bookingsmade within 7 days of the event require payment on booking, methods of payment arebelow. Please indicate method of payment:

□ UK BACS Sort Code 300009, Account 00936418□ Wire Transfer Lloyds TSB Bank Plc, 39 Threadneedle Street, London, EC2R 8AU

Swift (BIC): LOYDGB21013, Account 00936418IBAN GB48 LOYD 3000 0900 9364 18

□ Cheque We can only accept Sterling cheques drawn on a UK bank.□ Credit Card □ Visa □ MasterCard □ American Express

All credit card payments will be subject to standard credit card charges.

Card No: □□□□ □□□□ □□□□ □□□□Valid From □□/□□ Expiry Date □□/□□CVV Number □□□□ 3 digit security on reverse of card, 4 digits for AMEX card

Cardholder’s Name:

Signature: Date:I agree to be bound by SMi's Terms and Conditions of Booking.

Card Billing Address (If different from above):

DOCUMENTATION (Shipped 10-14 days after the event)

I would like to attend: (Please tick as appropriate) Fee Total

PUBLIC SECTOR, ACADEMICS & UTILITIES□ Conference & Workshop £1398.00 + VAT £1677.60

□ Conference only £899.00 +VAT £1078.80

□ Workshop A only £599.00 + VAT £718.80

COMMERCIAL ORGANISATIONS□ Conference & Workshop £2198.00 +VAT £2747.50

□ Conference only £1599.00 +VAT £1998

□ Workshop only £599.00 +VAT £748.75

PROMOTIONAL LITERATURE DISTRIBUTION □ Distribution of your company’s promotional

literature to all conference attendees £999.00 + VAT £1198.80

The conference fee includes refreshments, lunch, conference papers and access to the Document Portal containing all of the presentations.

I cannot attend but would like to purchase access to the following Document Portal/papercopy documentation: Price Total

□ Access to the conference documentation on the Document Portal £499.00 + VAT £598.80

□ The Conference Presentations - paper copy £499.00 - £499.00(or only £300 if ordered with the Document Portal)

VENUE Copthorne Tara Hotel, Scarsdale Place, Kensington, London, W8 5SR.

□ Please contact me to book my hotelAlternatively call us on +44 (0) 870 9090 711, email: hotels@smi-online.co.uk or fax +44 (0) 870 9090 712

VATVAT at 20% is charged on the attendance fees for all delegates. VAT is also charged onDocument Portal and Literature Distribution for all UK customers and for those EUcustomers not supplying a registration number for their own country here: ________________

PAYMENT

□ Register by December 16th and receive £300 off the conference price

EARLY BIRDDISCOUNT

CONFERENCE PRICES GROUP DISCOUNTS AVAILABLE