Industrial Automation Security Belgium 2016
IAS was established for companies that are involved in industrial- based process automation and control. Due to the constant evolution of control processes and automation systems, as well as their underlying platforms on which they operate, each day new possibilities are discovered that could pose serious security risks to those systems. IAS aims to inform them about the necessity to secure their systems, and to provide them with best practices and practical and actionable guidelines. The possibilities offered to manage the systems easier and better, by evolving into modern capabilities ,by equipping them with new functionalities or by having multiple systems interconnect and work together, poses new challenges in terms of security. Legacy systems , or underlying IT systems already no longer be maintained for a long period of time can be a major threat . Only fully insulated systems can probably continue to exist , but they also will be subjected to external administration or changes eventually. The further automation within the sector (smart factories, internet of things, industrial internet) has lead to an increase of targeted attacks on industrial systems. For the proper functioning of business it is important to evaluate the potential risks, assess them, and take proper counter measures.
Session Materials :
Materials are now available for download. Attending to the event was free, but we charge a minor fee for the materials in order to ensure some income for the organization. As a non-profit organization, due to tax reasons, a small charge is asked to cater for the incurred costs. You will be transferred to Payloadz.com and be asked to pay for 121 € (100 € excl, 21% VAT). You will be able to receive an invoice if you leave your company details and PO number. Once paid, you will receive a downloadlink to download the .zip with all materials.
LSEC continues to support creating awareness on information security, will try to lower the barrier for ict security professionals. With this mechanism, all attendees have evaluated the value of the presented materials and can easily contribute to the future activities.
IAS 2016 Topics:
Major Threats to Industrial Control Systems:
Adversaries are getting smarter, more efficient, and consequently more successful at penetrating industrial networks. Securing industrial networks is no trivial task. Primarily because most were built before cyber threats existed, and were not designed with built-in external security controls. Understanding today’s top threats to these networks is the first step in improving their security posture
Critical Systems, Major Disruptions:
Disruptions in the operation of critical infrastructures and systems - and their impact - can not be compared with data breaches in enterprise environments. Such disruptions may result from many kinds of hazards and physical and/or cyber-attacks on installations and systems. Recent events demonstrate the increased interconnection among the impact of hazards, of the two kinds of attacks and, conversely, the usefulness to combine cyber and physical security-solutions to protect installations of the critical infrastructure.
SMART Industry, SMART Security:
Smart sensors and networks, Industrie 4.0, Industrial Internet, Internet of Things, big data for Industry....The ‘fourth industrial revolution’ is taking place right now, and will bring massive disruptive changes to the way we do business. One clear challenge to the rollout of ‘smart industry’ is that represented by cybersecurity. The problem is that many of the technologies, concepts and protocols that collectively constitute the Industry 4.0 shift are old, with most never designed with omnipresent hyper-connectivity in mind. How can organizations benefit from the opportunities ahead, without jeoppardizing their security posture?
IT versus OT - The paradigm shift & Evolution of Approaches, Managed Services & Operating Centers
For quite a long time, IT departments have commonly addressed cyber security for enterprise IT Environments. Although interesting lessons can be learned from IT experiences, enterprise approaches and solutions are not designed to protect industrial networks. A paradigm shift is needed for designing and managing security for the Operational Technology/OT environment.
Keynote: Major Threats in Industrial Control Systems, 2016 & beyond - Erik de Jong, FOX-IT (Netherlands)
Modern multi-sExpertiseed attacks hop from one network to the next by any means, both by network and by storage device. Every connected system risks being compromised. At the same time, business requires increased levels of integration with industrial automation. Industrial Control Systems are targeted by well-funded adversaries that want to cripple society. Often, attacks remain active and undetected for months or even years, as the Stuxnet attack clearly illustrates. About Erik de Jong: Erik is a security professional with very diverse experience in the field. In his current position, Erik is responsible for FoxCERT. Previously, Erik has held positions as incident handler and security advisor for the Dutch National Cyber Security Center (previously Govcert.nl)
Scott Christensen, security leader at Wurldtech - a GE Company (Canada)
Scott joined Wurldtech in March 2012 specializing in the Oil and Gas market. Scott currently leads Wurldtech’s business development efforts for O&G, Utilities, Manufacturing and Healthcare verticals. He also focuses on expanding and educating Wurldtech’s partners and customers on the threat landscape facing OT. Over the last 20 years Scott has worked as a lead in the Cyber for OT businesses units with a focus on the Oil and Gas market and Utility spaces. Scott has previously worked for Dexa Systems, a former division of Schlumberger Technology Services as a Subject Matter Expert on Cyber in OT. He has also held positions at CSI Software, NETIQ, Bindview, and PSINet. Scott received his diploma from the University of Houston
Valentijn de Leeuw, Vice President at ARC Advisory Group - Cyber Security in Manufacturing
Valentijn has extensive experience in best management practices in process industries. These include chemical, polymer, metals, energy, utilities, food, pharmaceutical and petroleum manufacturing. Experience includes knowledge of unit processes, simulation and modeling and business practices utilizing application software designed for manufacturing operations. Experience in aligning organizations, strategy, business processes and technical architectures. At ARC, responsibilities include research and consulting in process industries. Technology focus is on manufacturing operations management, performance management, knowledge management and the role of the knowledge worker in manufacturing. Valentijn is focal point for the ARC Benchmarking Consortium in EMEA. Valentijn holds a PhD of technical sciences from Delft University of Technology (NL) in cooperation with Ecole Nationale Supérieure des Mines de Paris and IFP and also holds a Masters in Chemistry from Utrecht State University located in The Netherlands. Valentijn acts as independent expert-evaluator of research projects for the European Commission in the Information Technologies and Communication, and Social Sustainability in Manufacturing domains
Jan van der Sluis, Principal Consultant, Security of Hewlett Packard Enterprise (EU)
Jan has over 20 year experience in IT and business related Security affairs, and working within the Hewlett Enterprise Security Services Division or ESS. Having worked for large payment providers, government assignments and system integrators, he is now responsible for Government and Health in the Nordics, and by such, not only interested in the aspects that are of concern for ICS exploration (Governance, Risk and Compliance – Safety – Financial risk – Critical Infrastructure) but also in what it means for the society – think about consumer spending, market evolution and privacy. Jan will provide the latest insights in “The Security Point of View of ICS”, Time to Market drivers, pitfalls in security operations and some best practices that are current in the market. In the back of this, HPE will also announce their Cyber Security Framework, that incorporates ICS Blueprints and Artefacts.
SMART & SECURE INDUSTRY - Ulrich Seldeslachts, CEO of LSEC and Managing Director of 3IF (Belgium)
The introduction of new technologies has affected customer expectations in the area of time-to-market, performance of products and production, mass - customization and the evolution to co-creation. Also, the continuous automation of the industry has introduced new challenges with regards to industrial espionage, saboExpertisee, fraud, cyber security and even privacy. SMART & SECURE innovation opens new opportunities for Manufacturers, technology companies active in Industrial automation; and IT Security companies that are increasingly confronted with the challenges of protecting industrial control systems, production systems and production networks.
Panel Discussion: The evolution of Security Services - Security Operating Centers for Industrial Environments (Chair: Ulrich Seldeslachts, CEO LSEC)
-Scott Christensen, Security Leader at Wurldtech | Cyber Security for Operational Technology - a GE Company (Canada)
-Valentijn de Leeuw, ARC Web
-Jan van der Sluis, HPE
Venue: The Leuven Institute for Ireland in Europe
The Leuven Institute for Ireland in Europe is a non-governmental body that was established in Leuven, Belgium in 1984. Strategically based, The Leuven Institute draws on expertise from across Brussels, Benelux and the wider European Union to produce bespoke residential programmes and events, at its campus in the historic Irish College in Leuven, for higher education authorities, business organisations, commercial entities, the public sector and the voluntary community on the island of Ireland. Within the grounds of the Institute there is an expansive garden with overlooking terraces. The garden area of nearly 1000 square meters can be explored freely during the day.