www.oilandgas-cybersecurity.com Register online or fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711

ACADEMIC & GROUP DISCOUNTS AVAILABLE

PLUS TWO HALF-DAY POST-CONFERENCE WORKSHOPS Wednesday 29th June 2016, Movenpick Hotel, Amsterdam, Netherlands

#SMiGroupEnergy

SMi Present the 6th Annual Conference on…

Oil and Gas Cyber SecurityMovenpick Hotel, Amsterdam, Netherlands

27 - 28

JUNE2016

Dissecting the signifi cance of the relationship between cyber and physical security in the critical infrastructure of the oil and gas industry

What’s New in 2016:• Regulation and policy, organising cyber security across

the oil and gas sector• How does trust improve cyber resilience?• Cyber security and digital data in IoT ecosystems• Cyber security in the cloud ecosystems

Chairs for 2016: Chris Hankin,

Director, Imperial College London

Siv Hilde Houmb, Associate Professor, NTNU

Featured Speakers: • Heli Tiirmaa-Klaar, Cyber Security Policy Advisor,

European External Action Service • Johan Rambi, Privacy and Security Advisor, Alliander• Lhoussain Lhassani, Senior Specialist Asset Management,

Stedin• Franco Tessarollo, Security Manager, Hera• Damiano Bolzoni, COO, Security Matters• Bethany Yates, Energy Sector Lead, CERT-UK• Ruud Denneman, Security Manger Production Domain,

Total E&P

BOOK BY 31ST MARCH AND SAVE £400 • BOOK BY 30TH APRIL AND SAVE £300 • BOOK BY 27TH MAY AND SAVE £200

A: Establishing an ICS cyber security programmefor the oil and gas sector and detect all kinds

of cyber incidentsWorkshop Leader: Damiano Bolzoni, COO, Security Matters

08.30 – 12.20

B: Applied cyber security in the oil and gas industry: Let’s play a serious game of cyber chess. From risk assessment

and vendor selection to continuous monitoring and optimisation

Workshop Leader: Arthur Van der Wees, Managing Director, Arthurs Legal13.30 – 17.20

Oil and Gas Cyber SecurityDay One | Monday 27th June 2016

Register online at: www.oilandgas-cybersecurity.com • Alternatively fax your registration to +44 (0)870 9090 712 or call +44 (0)870 9090 711

08.30 Registration & Coffee

09.00 Chairman’s Opening Remarks Chris Hankin, Director, Imperial College London

OPENING ADDRESS09.10 Regulation and policy: Organising cyber security across

the oil and gas sector • What governments need to do to help critical

infrastructure companies • Estonian national cyber security system as an example

of well-functioning public and private partnership • Different national cyber security models in Europe to

protect critical cyber assets • Interlinking cyber security issues across sectors Heli Tiirmaa-Klaar, Cyber Security Policy Advisor,

European External Action Service

09.50 How does trust improve cyber resilience? • Introduction of the EE-ISAC community and members • Information and sharing activities • Lessons learned and next steps Johan Rambi, Privacy and Security Advisor, Alliander

10.30 Morning Coffee

11.00 ICS security strategy and transformation – client and vendor perspective

• Building blocks of developing an ICS strategy and transformation program to execute the strategy

• DO’s and DONTs in executing the strategy • Security requirements from vendors perspective and

how to address the growing ICS security requirements from multiple clients

• A scalable approach Trajce Dimkov, Senior Manager, Deloitte

11.40 Brilliant failures in cyber security • Double-loop Learning in complex environments • How to deal with uncertainty and risk in a complex,

dynamic world? • Building knowledge to support a climate for innovation

and learning • Raising awareness from those who try, whether they

succeed or fail Paul Louis Iske, Professor, Maastricht University

12.20 Networking Lunch

13.30 PANEL DISCUSSION: What can governments do to help? • What are the best codes and conducts that

can be implemented across industry? • How can we enforce commitment and practice to

these guidelines? • Are universal guidelines necessary? Panelists: Chris Hankin, Director, Imperial College London Heli Tiirmaa-Klaar, Cyber Security Policy Advisor, European

External Action Service Bethany Yates, Energy Sector Lead, CERT-UK

14.10 Maximising the protection of our assets: Security or resilience?

• Cyber security: What to protect and at what cost? • Investing and optimising the cyber security of our

industrial control systems (ICS): Different roles • What security is necessary and where this must be

implemented? • New challenges: The most appropriate approaches to

the changing landscape of threats • Design and best practices to protect our ICS environment Lhoussain Lhassani, Senior Specialist Asset Management, Stedin 14.50 Afternoon Tea

15.20 Development and control of risk mitigation strategy • Introduction of the risk model of Bowstar, a recent

development that has been developed by PIMS International in close cooperation with Gasunie and Engie and is used for their vital infrastructure

• Systematic development of the risk model including all escalations and mitigations for all life cycles (example on cyber and physical sabotage)

• Development and management of the mitigation plan with the risk register of Bowstar

Rob Boss, CEO, Pims International and Risk Management Consultant, Engie and Gasunie

16.00 Embracing shadow IT in critical infrastructure • How I learned to stop worrying and love shadow IT • Bring your own device: Bring your own disaster? • Assessing, preventing, detecting and embracing

Shadow IT Pieter Jansen, Co-Founder/CEO, Cybersprint

16.40 The insider threat: CERT-UK • Understanding the human dimension • Measuring employees levels of awareness • ‘Insider threat’: What does this really mean to companies? Bethany Yates, Energy Sector, CERT-UK

17.20 Security culture: Learning from safety • People are often regarded as the weakest link in our

security defences and are key to good cyber security • Good safety behaviour all at all times by everyone

is essential to maintain a safe working environment - similarly maintaining security needs a good security behaviour for everyone

• How do we measure the security culture in an organisation and identify if our security programmes are making the difference?

Andrew Wadsworth, Managing Consultant, Global Energy and Utilities, PA Consulting Group

18.00 Chairman’s Closing Remarks and Close of Day One

Supported by

THE CHALLENGE OF CYBER SECURITY TO CRITICAL INFRASTRUCTURE

THE INSIDER THREAT

08.30 Registration & Coffee

09.00 Chairman’s Opening Remarks Chris Hankin, Director, Imperial College London

OPENING ADDRESS / KEYNOTE ADDRESS09.10 Cybersecurity and digital data in IOT ecosystems • Connecting value chains into durable IOT ecosystems • How to deal with complex value chains and data life

cycles • What does this mean for your organisation? Arthur Van der Wees, Managing Director, Arthurs Legal

09.50 How does the internet of things (IoT) change the cyber security risk posture for oil and gas installations?

• How does IoT relate to integrated operations and the increased use of remote connections and control on oil and gas installations?

• What is the main advantage of IoT for production/operation effi ciency and how does this affect the rate at which IoT will be introduced?

• What are the core cybersecurity challenges with IoT in general?

• What are the additional cybersecurity challenges with IoT for oil and gas installations?

Siv Hilde Houmb, Associate Professor, NTNU

10.30 Morning Coffee

11.00 Cyber security in the cloud • What is cloud computing? • Is it ‘safe’? • What cyber security threats are hiding inside the cloud? • How can we deal with them? Franco Tessarollo, Security Manager, Hera

11.40 Security and prevention challenges in oil and gas information and data management

• Why is data management is critical for the oil and gas industry?

• Data management security risks • Examining the security and integrity strategies • Defi ning security roles and responsibilities for data • An outlook on data integration and Its risks Gunay Faruk Ozer, Global Head of IT Department,

Genel Energy Plc (Subject to fi nal confi rmation)

12.20 Networking Lunch

13.30 Cyber risks, due diligence and regulatory compliance • Developing policies and procedures • Internal compliance audits • External compliance audits • The cost of non-compliance Robert Bond, Head of Data Protection and Cyber Security

Group, Charles Russell Speechlys

14.10 PANEL DISCUSSION: Emerging cyber threats in the oil and gas sector

• What is happening today and why? • Are advanced persistent threats a real risk or should

we rather spend our money and resources on cleaning viruses and malware from existing drilling assets?

• The current risk situation and what is likely to happen within the next fi ve years

Panelists: Siv Hilde Houmb, Associate Professor, NTNU Damiano Bolzoni, COO, Security Matters Arthur Van der Wees, Managing Director, Arthurs Legal

14.50 Afternoon Tea

15.20 Cyber security in the oil and gas production domain • What are the threats and risks? • Mitigating measures through standardising procedures,

establishing competences and understanding behaviour • Assess how latest technologies and enterprise

architectures could strengthen cyber security Ruud Denneman, Security Manger Production Domain,

Total E&P

16.00 Detecting all type of cyber incidents • Cyber-attacks and malware are not the only cyber

incidents happening within industrial networks • Network segmentation and asset inventory are just the

fi rst steps to secure industrial networks • An analysis of real-life examples of cyber incidents that

could have affected the business continuity of critical organisations

• Discussion of the best practices to detect such cyber incidents

Damiano Bolzoni, COO, Security Matters

16.40 CASE STUDY: The Defence Cyber Protection Partnership (DCPP): Working together to protect the defence sector from the cyber threat

• Why assurance of the supply chain’s level of cyber protection matters

• Why the DCPP was formed and the objectives it was set • How the cyber security model was developed and what

it will mean for defence suppliers • Next steps Daniel Selman, Cyber Industry and Information Security

Policy Deputy Head, Ministry of Defence

17.20 Chairman’s Closing Remarks and Close of Day Two

Register online at: www.oilandgas-cybersecurity.com • Alternatively fax your registration to +44 (0)870 9090 712 or call +44 (0)870 9090 711

Want to know how you can get involved? Interested in promoting your services

to this market?

Contact Anna Serazetdinova, SMi Marketing on +44 (0) 207 827 6180

or email: aserazetdinova@smi-online.co.uk

Supported by

Oil and Gas Cyber SecurityDay Two | Tuesday 28th June 2016

MANAGING THREAT INTELLIGENCE

RESPONDING TO A CYBER ATTACK

RAMIFICATIONS OF THE INTERNET OF THINGS IN THE OIL AND GAS SECTORS

A: Establishing an ICS cyber security programme for the Oil and Gas sector and detect all kinds of cyber incidents

Workshop Leader: Damiano Bolzoni, COO, Security Matters

HALF-DAY POST-CONFERENCE WORKSHOPWednesday 29th June 2016

08.30 – 12.20Movenpick Hotel, Amsterdam, Netherlands

Overview of Workshop

In this workshop we will fi rst discuss the key ingredients

of an ICS cybersecurity programme and the basic

steps organisations can take to establish one. We

will then discuss the different types of cyber incidents

(with real-life examples) that could take place in an

Oil & Gas sector, and those could affect business

continuity. We will not limit our discussion to malware

and cyber attacks, but other types of cyber incidents

as well. We will conclude discussing countermeasures

organisations can put in place to limit the impact or

likelihood of cyber incidents.

Programme

08.30 Registration

09.00 Opening remarks and introductions

09.10 Overview of an ICS cyber security programme

09.50 Session 2: Basic steps to take to start implementing an ICS cyber security programme

10.30 Morning Coffee

11.00 Session 3: Types of cyber incidents and real life examples

• Cyber attacks

• Misconfi guration

• Software bugs

• Misuse and operational errors

11.40 Countermeasures

12.20 Closing remarks

About the Workshop Leader:

Damiano Bolzoni received his PhD in 2009 from the

University of Twente (the Netherlands) with a thesis

entitled “Revisiting Anomaly-based Network Intrusion

Detection Systems”. Since 2008 he has been working

with several large international Critical Infrastructure

organizations to tackle the issues of cyber security in

the ICS/SCADA domain. He has spoken at a number

of top industry cybersecurity events, including Black

Hat and S4.

B: Applied cyber security in the oil and gas industry: Let’s play a

serious game of cyber chess. From risk assessment and vendor selection to

continuous monitoring and optimisation

Workshop Leader: Arthur Van der Wees, Managing Director,

Arthurs Legal

HALF-DAY POST-CONFERENCE WORKSHOPWednesday 29th June 2016

13.30 – 17.20Movenpick Hotel, Amsterdam, Netherlands

Overview of WorkshopCyber security is and will remain a trending topic. The European Commission, ENISA, NIST and other standardization development organisations and regulatory bodies are very active in developing and providing global cyber security frameworks, guidelines and standards. On the other hand, companies, governments and organisations around the world are looking for practical methods and best practices in order to apply to the real world.

This workshop will provide you with those practical insights, by means of the Three Phases Methodology, so you can put this into practice in a solid and durable way and so you can assess, select, procure, and continuously monitor and optimise IT, Cloud, IoT and the like.

Programme

13.30 Opening remarks

13.30 Setting the cyber scene with brilliant failiures

14.10 The talk: Update of the latest in global cyber security standardisation initiatives (EC, ENISA, NIST)

14.50 Coffee break

15.20 The three methodologies walk: How to landscape, assess, select, procure, deal out, monitor and optimise your current and new cyber security ecosystems and life cycle

16.10 Interactive continuous heat mapping

17.20 Closing remarks

About the Workshop Leader:Arthur Van der Wees is founder and Managing Partner of international law fi rm Arthur’s Legal, as well as strategist, technology standardisation expert, investor and frequent speaker worldwide, who has in-depth experience and is well-connected in the world of technology, data, innovation, standardisation and global business.

Sponsorship and Exhibition OpportunitiesSMi offer sponsorship, exhibition, advertising and branding packages, uniquely tailored to complement your company’s marketing strategy. Prime networking opportunities exist to entertain, enhance and expand your client base within the context of an independent discussion specifi c to your industry.

Should you wish to join the increasing number of companies benefi ting from sponsoring our conferences please call: Alia Malick on +44 (0) 20 7827 6168 or email: amalick@smi-online.co.uk

Please complete fully and clearly in capital letters. Please photocopy for additional delegates.

Title: Forename:

Surname:

Job Title:

Department/Division:

Company/Organisation:

Email:

Company VAT Number:

Address:

Town/City:

Post/Zip Code: Country:

Direct Tel: Direct Fax:

Mobile:

Switchboard:

Signature: Date:I agree to be bound by SMi’s Terms and Conditions of Booking.

ACCOUNTS DEPT

Title: Forename:

Surname:

Email:

Address (if different from above):

Town/City:

Post/Zip Code: Country:

Direct Tel: Direct Fax:

Payment: If payment is not made at the time of booking, then an invoice will be issued and must be paid immediately and prior to the start of the event. If payment has not been received then credit card details will be requested and payment taken before entry to the event. Bookings within 7 days of event require payment on booking. Access to the Document Portal will not be given until payment has been received.Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, another delegate to take your place at any time prior to the start of the event. Two or more delegates may not ‘share’ a place at an event. Please make separate bookings for each delegate.Cancellation: If you wish to cancel your attendance at an event and you are unable to send a substitute, then we will refund/credit 50% of the due fee less a £50 administration charge, providing that cancellation is made in writing and received at least 28 days prior to the start of the event. Regretfully cancellation after this time cannot be accepted. We will however provide the conferences documentation via the Document Portal to any delegate who has paid but is unable to attend for any reason. Due to the interactive nature of the Briefi ngs we are not normally able to provide documentation in these circumstances. We cannot accept cancellations of orders placed for Documentation or the Document Portal as these are reproduced specifi cally to order. If we have to cancel the event for any reason, then we will make a full refund immediately, but disclaim any further liability.Alterations: It may become necessary for us to make alterations to the content, speakers, timing, venue or date of the event compared to the advertised programme.Data Protection: The SMi Group gathers personal data in accordance with the UK Data Protection Act 1998 and we may use this to contact you by telephone, fax, post or email to tell you about other products and services. Unless you tick here □ we may also share your data with third parties offering complementary products or services. If you have any queries or want to update any of the data that we hold then please contact our Database Manager databasemanager@smi-online.co.uk or visit our website www.smi-online.co.uk/updates quoting the URN as detailed above your address on the attached letter.

Payment must be made to SMi Group Ltd, and received before the event, by one of the following methods quoting reference E-069 and the delegate’s name. Bookings made within 7 days of the event require payment on booking, methods of payment:□ UK BACS Sort Code 300009, Account 00936418□ Wire Transfer Lloyds TSB Bank plc, 39 Threadneedle Street, London, EC2R 8AU Swift (BIC): LOYDGB21013, Account 00936418 IBAN GB48 LOYD 3000 0900 9364 18□ Cheque We can only accept Sterling cheques drawn on a UK bank.□ Credit Card □ Visa □ MasterCard □ American Express All credit card payments will be subject to standard credit card charges.

Card No: □□□□ □□□□ □□□□ □□□□Valid From □□/□□ Expiry Date □□/□□CVV Number □□□□ 3 digit security on reverse of card, 4 digits for AMEX card

Cardholder’s Name:

Signature: Date:I agree to be bound by SMi’s Terms and Conditions of Booking.

Card Billing Address (If different from above):

VAT at 21% is charged to the attendance fees for all delegates, except taxable personsEstablished in the Netherlands – Reverse Charge – Article 194Vat at 20% is also charged on Document Portal and Literature distribution for all UK customers and for those EU Customers not supplying a registration number for their own country here

______________________________________________________________________________________

If you have any further queries please call the Events Team on tel +44 (0) 870 9090 711 or you can email events@smi-online.co.uk

□ Book by 31st March to receive £400 off the conference price□ Book by 30th April to receive £300 off the conference price□ Book by 27th May to receive £200 off the conference price

EARLY BIRD DISCOUNT

I would like to attend: (Please tick as appropriate) Fee Total□ Conference & 2 Workshops £2497.00 +VAT £3021.37□ Conference & 1 Workshop A □ B □ £1898.00 +VAT £2296.58□ Conference only £1299.00 +VAT £1571.79□ 2 Workshops £1198.00 +VAT £1449.58□ 1 Workshop only £599.00 +VAT £724.79Workshop A □ Workshop B □

Oil and Gas Companies, Public Sector□ Conference & 2 Workshops £2097.00 +VAT £2537.37□ Conference & 1 Workshop A □ B □ £1498.00 +VAT £1812.58□ Conference only £899.00 +VAT £1087.79□ 2 Workshops £1198.00 +VAT £1449.58□ 1 Workshop only £599.00 +VAT £724.79Workshop A □ Workshop B □

PROMOTIONAL LITERATURE DISTRIBUTION□ Distribution of your company’s promotional

literature to all conference attendees £999.00 + VAT £1198.80 The conference fee includes refreshments, lunch, conference papers, and access to the Document Portal. Presentations that are available for download will be subject to distribution rights by speakers. Please note that some presentations may not be available for download. Access information for the document portal will be sent to the e-mail address provided during registration. Details are sent within 24 hours post conference.

□ Please contact me to book my hotelAlternatively call us on +44 (0) 870 9090 711, email: events@smi-online.co.uk or fax +44 (0) 870 9090 712

I cannot attend but would like to purchase access to the following Document Portal/paper copy documentation Price Total□ Access to the conference documentation

on the Document Portal £499.00 + VAT £598.80□ The Conference Presentations – paper copy £499.00 - £499.00

(or only £300 if ordered with the Document Portal)

Unique Reference Number

Our Reference LVE-069

DELEGATE DETAILS

Terms and Conditions of Booking

PAYMENT

VAT

DOCUMENTATION

VENUE Movenpick Hotel, Piet Heinkade 11, 1019 BR Amsterdam, Netherlands

Oil and Gas Cyber SecurityConference: Monday 27th & Tuesday 28th June 2016, Movenpick Hotel, Amsterdam, Netherlands Workshops: Wednesday 29th June 2016, Netherlands

4 WAYS TO REGISTERwww.oilandgas-cybersecurity.com

FAX your booking form to +44 (0) 870 9090 712PHONE on +44 (0) 870 9090 711

POST your booking form to: Events Team, SMi Group Ltd, 2nd Floor South, Harling House, 47-51 Great Suffolk Street, London, SE1 0BS, UK

CONFERENCE PRICES