Upload
dale-butler
View
311
Download
1
Embed Size (px)
Citation preview
www.oilandgas-cybersecurity.com Register online or fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711
ACADEMIC & GROUP DISCOUNTS AVAILABLE
PLUS TWO HALF-DAY POST-CONFERENCE WORKSHOPS Wednesday 29th June 2016, Movenpick Hotel, Amsterdam, Netherlands
#SMiGroupEnergy
SMi Present the 6th Annual Conference on…
Oil and Gas Cyber SecurityMovenpick Hotel, Amsterdam, Netherlands
27 - 28
JUNE2016
Dissecting the signifi cance of the relationship between cyber and physical security in the critical infrastructure of the oil and gas industry
What’s New in 2016:• Regulation and policy, organising cyber security across
the oil and gas sector• How does trust improve cyber resilience?• Cyber security and digital data in IoT ecosystems• Cyber security in the cloud ecosystems
Chairs for 2016: Chris Hankin,
Director, Imperial College London
Siv Hilde Houmb, Associate Professor, NTNU
Featured Speakers: • Heli Tiirmaa-Klaar, Cyber Security Policy Advisor,
European External Action Service • Johan Rambi, Privacy and Security Advisor, Alliander• Lhoussain Lhassani, Senior Specialist Asset Management,
Stedin• Franco Tessarollo, Security Manager, Hera• Damiano Bolzoni, COO, Security Matters• Bethany Yates, Energy Sector Lead, CERT-UK• Ruud Denneman, Security Manger Production Domain,
Total E&P
BOOK BY 31ST MARCH AND SAVE £400 • BOOK BY 30TH APRIL AND SAVE £300 • BOOK BY 27TH MAY AND SAVE £200
A: Establishing an ICS cyber security programmefor the oil and gas sector and detect all kinds
of cyber incidentsWorkshop Leader: Damiano Bolzoni, COO, Security Matters
08.30 – 12.20
B: Applied cyber security in the oil and gas industry: Let’s play a serious game of cyber chess. From risk assessment
and vendor selection to continuous monitoring and optimisation
Workshop Leader: Arthur Van der Wees, Managing Director, Arthurs Legal13.30 – 17.20
Oil and Gas Cyber SecurityDay One | Monday 27th June 2016
Register online at: www.oilandgas-cybersecurity.com • Alternatively fax your registration to +44 (0)870 9090 712 or call +44 (0)870 9090 711
08.30 Registration & Coffee
09.00 Chairman’s Opening Remarks Chris Hankin, Director, Imperial College London
OPENING ADDRESS09.10 Regulation and policy: Organising cyber security across
the oil and gas sector • What governments need to do to help critical
infrastructure companies • Estonian national cyber security system as an example
of well-functioning public and private partnership • Different national cyber security models in Europe to
protect critical cyber assets • Interlinking cyber security issues across sectors Heli Tiirmaa-Klaar, Cyber Security Policy Advisor,
European External Action Service
09.50 How does trust improve cyber resilience? • Introduction of the EE-ISAC community and members • Information and sharing activities • Lessons learned and next steps Johan Rambi, Privacy and Security Advisor, Alliander
10.30 Morning Coffee
11.00 ICS security strategy and transformation – client and vendor perspective
• Building blocks of developing an ICS strategy and transformation program to execute the strategy
• DO’s and DONTs in executing the strategy • Security requirements from vendors perspective and
how to address the growing ICS security requirements from multiple clients
• A scalable approach Trajce Dimkov, Senior Manager, Deloitte
11.40 Brilliant failures in cyber security • Double-loop Learning in complex environments • How to deal with uncertainty and risk in a complex,
dynamic world? • Building knowledge to support a climate for innovation
and learning • Raising awareness from those who try, whether they
succeed or fail Paul Louis Iske, Professor, Maastricht University
12.20 Networking Lunch
13.30 PANEL DISCUSSION: What can governments do to help? • What are the best codes and conducts that
can be implemented across industry? • How can we enforce commitment and practice to
these guidelines? • Are universal guidelines necessary? Panelists: Chris Hankin, Director, Imperial College London Heli Tiirmaa-Klaar, Cyber Security Policy Advisor, European
External Action Service Bethany Yates, Energy Sector Lead, CERT-UK
14.10 Maximising the protection of our assets: Security or resilience?
• Cyber security: What to protect and at what cost? • Investing and optimising the cyber security of our
industrial control systems (ICS): Different roles • What security is necessary and where this must be
implemented? • New challenges: The most appropriate approaches to
the changing landscape of threats • Design and best practices to protect our ICS environment Lhoussain Lhassani, Senior Specialist Asset Management, Stedin 14.50 Afternoon Tea
15.20 Development and control of risk mitigation strategy • Introduction of the risk model of Bowstar, a recent
development that has been developed by PIMS International in close cooperation with Gasunie and Engie and is used for their vital infrastructure
• Systematic development of the risk model including all escalations and mitigations for all life cycles (example on cyber and physical sabotage)
• Development and management of the mitigation plan with the risk register of Bowstar
Rob Boss, CEO, Pims International and Risk Management Consultant, Engie and Gasunie
16.00 Embracing shadow IT in critical infrastructure • How I learned to stop worrying and love shadow IT • Bring your own device: Bring your own disaster? • Assessing, preventing, detecting and embracing
Shadow IT Pieter Jansen, Co-Founder/CEO, Cybersprint
16.40 The insider threat: CERT-UK • Understanding the human dimension • Measuring employees levels of awareness • ‘Insider threat’: What does this really mean to companies? Bethany Yates, Energy Sector, CERT-UK
17.20 Security culture: Learning from safety • People are often regarded as the weakest link in our
security defences and are key to good cyber security • Good safety behaviour all at all times by everyone
is essential to maintain a safe working environment - similarly maintaining security needs a good security behaviour for everyone
• How do we measure the security culture in an organisation and identify if our security programmes are making the difference?
Andrew Wadsworth, Managing Consultant, Global Energy and Utilities, PA Consulting Group
18.00 Chairman’s Closing Remarks and Close of Day One
Supported by
THE CHALLENGE OF CYBER SECURITY TO CRITICAL INFRASTRUCTURE
THE INSIDER THREAT
08.30 Registration & Coffee
09.00 Chairman’s Opening Remarks Chris Hankin, Director, Imperial College London
OPENING ADDRESS / KEYNOTE ADDRESS09.10 Cybersecurity and digital data in IOT ecosystems • Connecting value chains into durable IOT ecosystems • How to deal with complex value chains and data life
cycles • What does this mean for your organisation? Arthur Van der Wees, Managing Director, Arthurs Legal
09.50 How does the internet of things (IoT) change the cyber security risk posture for oil and gas installations?
• How does IoT relate to integrated operations and the increased use of remote connections and control on oil and gas installations?
• What is the main advantage of IoT for production/operation effi ciency and how does this affect the rate at which IoT will be introduced?
• What are the core cybersecurity challenges with IoT in general?
• What are the additional cybersecurity challenges with IoT for oil and gas installations?
Siv Hilde Houmb, Associate Professor, NTNU
10.30 Morning Coffee
11.00 Cyber security in the cloud • What is cloud computing? • Is it ‘safe’? • What cyber security threats are hiding inside the cloud? • How can we deal with them? Franco Tessarollo, Security Manager, Hera
11.40 Security and prevention challenges in oil and gas information and data management
• Why is data management is critical for the oil and gas industry?
• Data management security risks • Examining the security and integrity strategies • Defi ning security roles and responsibilities for data • An outlook on data integration and Its risks Gunay Faruk Ozer, Global Head of IT Department,
Genel Energy Plc (Subject to fi nal confi rmation)
12.20 Networking Lunch
13.30 Cyber risks, due diligence and regulatory compliance • Developing policies and procedures • Internal compliance audits • External compliance audits • The cost of non-compliance Robert Bond, Head of Data Protection and Cyber Security
Group, Charles Russell Speechlys
14.10 PANEL DISCUSSION: Emerging cyber threats in the oil and gas sector
• What is happening today and why? • Are advanced persistent threats a real risk or should
we rather spend our money and resources on cleaning viruses and malware from existing drilling assets?
• The current risk situation and what is likely to happen within the next fi ve years
Panelists: Siv Hilde Houmb, Associate Professor, NTNU Damiano Bolzoni, COO, Security Matters Arthur Van der Wees, Managing Director, Arthurs Legal
14.50 Afternoon Tea
15.20 Cyber security in the oil and gas production domain • What are the threats and risks? • Mitigating measures through standardising procedures,
establishing competences and understanding behaviour • Assess how latest technologies and enterprise
architectures could strengthen cyber security Ruud Denneman, Security Manger Production Domain,
Total E&P
16.00 Detecting all type of cyber incidents • Cyber-attacks and malware are not the only cyber
incidents happening within industrial networks • Network segmentation and asset inventory are just the
fi rst steps to secure industrial networks • An analysis of real-life examples of cyber incidents that
could have affected the business continuity of critical organisations
• Discussion of the best practices to detect such cyber incidents
Damiano Bolzoni, COO, Security Matters
16.40 CASE STUDY: The Defence Cyber Protection Partnership (DCPP): Working together to protect the defence sector from the cyber threat
• Why assurance of the supply chain’s level of cyber protection matters
• Why the DCPP was formed and the objectives it was set • How the cyber security model was developed and what
it will mean for defence suppliers • Next steps Daniel Selman, Cyber Industry and Information Security
Policy Deputy Head, Ministry of Defence
17.20 Chairman’s Closing Remarks and Close of Day Two
Register online at: www.oilandgas-cybersecurity.com • Alternatively fax your registration to +44 (0)870 9090 712 or call +44 (0)870 9090 711
Want to know how you can get involved? Interested in promoting your services
to this market?
Contact Anna Serazetdinova, SMi Marketing on +44 (0) 207 827 6180
or email: [email protected]
Supported by
Oil and Gas Cyber SecurityDay Two | Tuesday 28th June 2016
MANAGING THREAT INTELLIGENCE
RESPONDING TO A CYBER ATTACK
RAMIFICATIONS OF THE INTERNET OF THINGS IN THE OIL AND GAS SECTORS
A: Establishing an ICS cyber security programme for the Oil and Gas sector and detect all kinds of cyber incidents
Workshop Leader: Damiano Bolzoni, COO, Security Matters
HALF-DAY POST-CONFERENCE WORKSHOPWednesday 29th June 2016
08.30 – 12.20Movenpick Hotel, Amsterdam, Netherlands
Overview of Workshop
In this workshop we will fi rst discuss the key ingredients
of an ICS cybersecurity programme and the basic
steps organisations can take to establish one. We
will then discuss the different types of cyber incidents
(with real-life examples) that could take place in an
Oil & Gas sector, and those could affect business
continuity. We will not limit our discussion to malware
and cyber attacks, but other types of cyber incidents
as well. We will conclude discussing countermeasures
organisations can put in place to limit the impact or
likelihood of cyber incidents.
Programme
08.30 Registration
09.00 Opening remarks and introductions
09.10 Overview of an ICS cyber security programme
09.50 Session 2: Basic steps to take to start implementing an ICS cyber security programme
10.30 Morning Coffee
11.00 Session 3: Types of cyber incidents and real life examples
• Cyber attacks
• Misconfi guration
• Software bugs
• Misuse and operational errors
11.40 Countermeasures
12.20 Closing remarks
About the Workshop Leader:
Damiano Bolzoni received his PhD in 2009 from the
University of Twente (the Netherlands) with a thesis
entitled “Revisiting Anomaly-based Network Intrusion
Detection Systems”. Since 2008 he has been working
with several large international Critical Infrastructure
organizations to tackle the issues of cyber security in
the ICS/SCADA domain. He has spoken at a number
of top industry cybersecurity events, including Black
Hat and S4.
B: Applied cyber security in the oil and gas industry: Let’s play a
serious game of cyber chess. From risk assessment and vendor selection to
continuous monitoring and optimisation
Workshop Leader: Arthur Van der Wees, Managing Director,
Arthurs Legal
HALF-DAY POST-CONFERENCE WORKSHOPWednesday 29th June 2016
13.30 – 17.20Movenpick Hotel, Amsterdam, Netherlands
Overview of WorkshopCyber security is and will remain a trending topic. The European Commission, ENISA, NIST and other standardization development organisations and regulatory bodies are very active in developing and providing global cyber security frameworks, guidelines and standards. On the other hand, companies, governments and organisations around the world are looking for practical methods and best practices in order to apply to the real world.
This workshop will provide you with those practical insights, by means of the Three Phases Methodology, so you can put this into practice in a solid and durable way and so you can assess, select, procure, and continuously monitor and optimise IT, Cloud, IoT and the like.
Programme
13.30 Opening remarks
13.30 Setting the cyber scene with brilliant failiures
14.10 The talk: Update of the latest in global cyber security standardisation initiatives (EC, ENISA, NIST)
14.50 Coffee break
15.20 The three methodologies walk: How to landscape, assess, select, procure, deal out, monitor and optimise your current and new cyber security ecosystems and life cycle
16.10 Interactive continuous heat mapping
17.20 Closing remarks
About the Workshop Leader:Arthur Van der Wees is founder and Managing Partner of international law fi rm Arthur’s Legal, as well as strategist, technology standardisation expert, investor and frequent speaker worldwide, who has in-depth experience and is well-connected in the world of technology, data, innovation, standardisation and global business.
Sponsorship and Exhibition OpportunitiesSMi offer sponsorship, exhibition, advertising and branding packages, uniquely tailored to complement your company’s marketing strategy. Prime networking opportunities exist to entertain, enhance and expand your client base within the context of an independent discussion specifi c to your industry.
Should you wish to join the increasing number of companies benefi ting from sponsoring our conferences please call: Alia Malick on +44 (0) 20 7827 6168 or email: [email protected]
Please complete fully and clearly in capital letters. Please photocopy for additional delegates.
Title: Forename:
Surname:
Job Title:
Department/Division:
Company/Organisation:
Email:
Company VAT Number:
Address:
Town/City:
Post/Zip Code: Country:
Direct Tel: Direct Fax:
Mobile:
Switchboard:
Signature: Date:I agree to be bound by SMi’s Terms and Conditions of Booking.
ACCOUNTS DEPT
Title: Forename:
Surname:
Email:
Address (if different from above):
Town/City:
Post/Zip Code: Country:
Direct Tel: Direct Fax:
Payment: If payment is not made at the time of booking, then an invoice will be issued and must be paid immediately and prior to the start of the event. If payment has not been received then credit card details will be requested and payment taken before entry to the event. Bookings within 7 days of event require payment on booking. Access to the Document Portal will not be given until payment has been received.Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, another delegate to take your place at any time prior to the start of the event. Two or more delegates may not ‘share’ a place at an event. Please make separate bookings for each delegate.Cancellation: If you wish to cancel your attendance at an event and you are unable to send a substitute, then we will refund/credit 50% of the due fee less a £50 administration charge, providing that cancellation is made in writing and received at least 28 days prior to the start of the event. Regretfully cancellation after this time cannot be accepted. We will however provide the conferences documentation via the Document Portal to any delegate who has paid but is unable to attend for any reason. Due to the interactive nature of the Briefi ngs we are not normally able to provide documentation in these circumstances. We cannot accept cancellations of orders placed for Documentation or the Document Portal as these are reproduced specifi cally to order. If we have to cancel the event for any reason, then we will make a full refund immediately, but disclaim any further liability.Alterations: It may become necessary for us to make alterations to the content, speakers, timing, venue or date of the event compared to the advertised programme.Data Protection: The SMi Group gathers personal data in accordance with the UK Data Protection Act 1998 and we may use this to contact you by telephone, fax, post or email to tell you about other products and services. Unless you tick here □ we may also share your data with third parties offering complementary products or services. If you have any queries or want to update any of the data that we hold then please contact our Database Manager [email protected] or visit our website www.smi-online.co.uk/updates quoting the URN as detailed above your address on the attached letter.
Payment must be made to SMi Group Ltd, and received before the event, by one of the following methods quoting reference E-069 and the delegate’s name. Bookings made within 7 days of the event require payment on booking, methods of payment:□ UK BACS Sort Code 300009, Account 00936418□ Wire Transfer Lloyds TSB Bank plc, 39 Threadneedle Street, London, EC2R 8AU Swift (BIC): LOYDGB21013, Account 00936418 IBAN GB48 LOYD 3000 0900 9364 18□ Cheque We can only accept Sterling cheques drawn on a UK bank.□ Credit Card □ Visa □ MasterCard □ American Express All credit card payments will be subject to standard credit card charges.
Card No: □□□□ □□□□ □□□□ □□□□Valid From □□/□□ Expiry Date □□/□□CVV Number □□□□ 3 digit security on reverse of card, 4 digits for AMEX card
Cardholder’s Name:
Signature: Date:I agree to be bound by SMi’s Terms and Conditions of Booking.
Card Billing Address (If different from above):
VAT at 21% is charged to the attendance fees for all delegates, except taxable personsEstablished in the Netherlands – Reverse Charge – Article 194Vat at 20% is also charged on Document Portal and Literature distribution for all UK customers and for those EU Customers not supplying a registration number for their own country here
______________________________________________________________________________________
If you have any further queries please call the Events Team on tel +44 (0) 870 9090 711 or you can email [email protected]
□ Book by 31st March to receive £400 off the conference price□ Book by 30th April to receive £300 off the conference price□ Book by 27th May to receive £200 off the conference price
EARLY BIRD DISCOUNT
I would like to attend: (Please tick as appropriate) Fee Total□ Conference & 2 Workshops £2497.00 +VAT £3021.37□ Conference & 1 Workshop A □ B □ £1898.00 +VAT £2296.58□ Conference only £1299.00 +VAT £1571.79□ 2 Workshops £1198.00 +VAT £1449.58□ 1 Workshop only £599.00 +VAT £724.79Workshop A □ Workshop B □
Oil and Gas Companies, Public Sector□ Conference & 2 Workshops £2097.00 +VAT £2537.37□ Conference & 1 Workshop A □ B □ £1498.00 +VAT £1812.58□ Conference only £899.00 +VAT £1087.79□ 2 Workshops £1198.00 +VAT £1449.58□ 1 Workshop only £599.00 +VAT £724.79Workshop A □ Workshop B □
PROMOTIONAL LITERATURE DISTRIBUTION□ Distribution of your company’s promotional
literature to all conference attendees £999.00 + VAT £1198.80 The conference fee includes refreshments, lunch, conference papers, and access to the Document Portal. Presentations that are available for download will be subject to distribution rights by speakers. Please note that some presentations may not be available for download. Access information for the document portal will be sent to the e-mail address provided during registration. Details are sent within 24 hours post conference.
□ Please contact me to book my hotelAlternatively call us on +44 (0) 870 9090 711, email: [email protected] or fax +44 (0) 870 9090 712
I cannot attend but would like to purchase access to the following Document Portal/paper copy documentation Price Total□ Access to the conference documentation
on the Document Portal £499.00 + VAT £598.80□ The Conference Presentations – paper copy £499.00 - £499.00
(or only £300 if ordered with the Document Portal)
Unique Reference Number
Our Reference LVE-069
DELEGATE DETAILS
Terms and Conditions of Booking
PAYMENT
VAT
DOCUMENTATION
VENUE Movenpick Hotel, Piet Heinkade 11, 1019 BR Amsterdam, Netherlands
Oil and Gas Cyber SecurityConference: Monday 27th & Tuesday 28th June 2016, Movenpick Hotel, Amsterdam, Netherlands Workshops: Wednesday 29th June 2016, Netherlands
4 WAYS TO REGISTERwww.oilandgas-cybersecurity.com
FAX your booking form to +44 (0) 870 9090 712PHONE on +44 (0) 870 9090 711
POST your booking form to: Events Team, SMi Group Ltd, 2nd Floor South, Harling House, 47-51 Great Suffolk Street, London, SE1 0BS, UK
CONFERENCE PRICES