Loading…
This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2019 Singapore ICS Cyber Security Conference! (View the full conference website here)

Don’t miss the hottest ICS cyber security event in the APAC region -  Register Now
Tuesday, April 16
 

7:30am GMT+08

Breakfast and Registration
Please join us for a light breakfast and pick up your badge at the conference registration desk. Grab some coffee, network with other conference attendees and prepare for the exciting week ahead!


Tuesday April 16, 2019 7:30am - 8:45am GMT+08
Sponsor Foyer

8:45am GMT+08

Welcome to SecurityWeek's 2019 ICS Cyber Security Conference | Singapore
Welcome address and conference introduction for SecurityWeek's 2019 Singapore ICS Cyber Security Conference.


Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, Conference Chair, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the cyber threat landscape, and enterprise, critical infrastructure, and national security space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages... Read More →


Tuesday April 16, 2019 8:45am - 9:00am GMT+08
Stamford Ballroom

9:00am GMT+08

Getting Practical On Addressing Industrial Cyber Risk
Many talks outline important but theoretical activities useful to help minimize impacts from poor industrial cyber security. This is not one of those talks. It's time to get moving, get practical and begin to admit there are big problems with industrial cyber risk.

This talk will share practical lessons from dozens of large organizations as they embarked on this journey across people, process and technology. From getting executive support, establishing clear accountability, and understanding the true extent of the exposure, this session will discuss case studies, prioritization, measures, and how to expand into OT network from real world examples.

Learning Objectives:
  • Learn practical steps to take on how to address risks in OT networks
  • Learn what type of concrete measures have worked best for other large organizations
  • Learn how to translate technical risk into business impact and communicate better with boards and C-levels.



Speakers
avatar for Vijay Vaidyanathan

Vijay Vaidyanathan

Senior ICS Consultant with Claroty, Claroty
Vijay Vaidyanathan is on the front lines of customer cybersecurity risks and challenges within industrial and critical infrastructure organizations. He has extensive technical and consulting experience across the manufacturing spectrum. A chemical engineer by profession and a Singapore... Read More →


Tuesday April 16, 2019 9:00am - 9:45am GMT+08
Stamford Ballroom

9:45am GMT+08

ICS is Everywhere: Pervasive Risks – but Defense is Doable
This session will discuss the march of digitalization in industrial automation, why it is compelling, and how associated cyber risks are perceived and treated by industry and within companies.  The perspective will span a spectrum of people, process, and technology and include results from recent SANS market studies that analyzed the State of Industrial Control System (ICS) and Industrial IoT (IIoT) Cybersecurity. Details will be shared that represent the experiences of IT, OT, and IT/OT-hybrid cybersecurity practitioners responsible for operational technology (OT) systems.

Attendees of this session will gain insight into what organizations are doing to understand, communicate, and address security risks, and how their efforts compare with industry peers. It will help highlight some of today’s risk-management trends and where added investments are still needed. This information is intended to benefit owners-operators, service providers, suppliers, consultants, and researchers who hold responsibility for managing cyber risks to industrial systems.


Speakers
avatar for Doug Wylie

Doug Wylie

Director, Industry Practice, SANS Institute
With over 25 years of experience that spans industry, Doug is a seasoned business practitioner and certified security professional who helps companies meet their objectives for safe, secure and reliable operations while they address security risks that arise as Information Technology... Read More →


Tuesday April 16, 2019 9:45am - 10:30am GMT+08
Stamford Ballroom

10:30am GMT+08

Morning Break
Tuesday April 16, 2019 10:30am - 10:45am GMT+08
Sponsor Foyer

10:45am GMT+08

Securing the Field: a View from the Frontlines
This presentation will describe real-world, end-user experience of building a security program around the work processes, and the lessons learned. Such an approach has the considerable payoff of making the field operations more efficient as well. The IT needs of field personnel have long been neglected and, as this presentation discusses, the activities around securing the field operations has the potential to improve productivity in the field as well as ICS security.

Learning Objectives
  • What are field operations and why securing it is important?
  • What are three common weaknesses in field operations that can be exploited by an adversary?
  • What are the three main challenges in securing field operations?
  • How do you secure field operations without impacting work?

Speakers
avatar for Dr. Gowri Rajappan

Dr. Gowri Rajappan

Director of Technology and Cybersecurity, Doble Engineering Company
Dr. Gowri Rajappan is Director of Technology and Cybersecurity at Doble Engineering. He is an expert in cyber security and enterprise data technologies. He leads the cyber security activities at Doble, in which capacity he works closely with electric power utilities worldwide to help... Read More →


Tuesday April 16, 2019 10:45am - 11:20am GMT+08
Stamford Ballroom

11:20am GMT+08

Analyzing GreyEnergy Malware: From Maldoc to Backdoor
The APT group GreyEnergy has been targeting industrial networks in Ukraine and other Eastern European countries for the past several years. The advanced persistent threat (APT) group uses stealth attacks to access various elements of ICS. In this session, Andrea Carcano will tap into the latest research from Nozomi Labs to explain how GreyEnergy’s ability to avoid detection is linked to the way they program their malware. He will detail how GregyEnergy social engineers their way into ICS networks via phishing emails, how their malware is able to cause damage without detection and share a free tool designed to help facilitate further discovery and analysis within the ICS cyber security community.

Speakers
avatar for Diego Betancur

Diego Betancur

ICS Cyber Security Field Engineer, Nozomi Networks
Diego Betancur has over 12 years of experience in several aspects of cybersecurity. He has undertaken large projects including involving penetration testing, incident response and risk assessments for both IT and OT. He is particularly interested in understanding cybersecurity attacks... Read More →


Tuesday April 16, 2019 11:20am - 12:00pm GMT+08
Stamford Ballroom

12:00pm GMT+08

Discovering and Defending Against Vulnerabilities in Building Automation Systems
Forescout research recently uncovered several dangerous vulnerabilities in popular building automation devices. This is particularly alarming because these discovered vulnerabilities prove that various controllers and Building Automation Systems (BAS) used for physical access control in hospitals, schools and airports are open to coordinated attack. While malware targeting BAS has not been widely reported yet, the Forescout team strongly expects to see an uptick in attacks, and has used this research to drive our solution innovation.  In this session, Daniel will share the specifics of our research, cover the anatomy of a typical BAS cyber attack and detail what we’re doing at Forescout to ensure coordinated and scalable solutions that identify and thwart threats to BAS systems. 
 

Speakers
avatar for Daniel dos Santos

Daniel dos Santos

Researcher, ForeScout Technologies
Daniel dos Santos holds a PhD in Computer Science from the University of Trento and has more than 5 years of experience in security consulting and research.


Tuesday April 16, 2019 12:00pm - 12:30pm GMT+08
Stamford Ballroom

12:30pm GMT+08

Lunch - Clove Restaurant
Please join us for lunch at Clove Restaurant, where a multi-sensory dining journey around the world awaits to indulge your palate. Introducing a menu inspired with elements from Swissotel's global destinations that focuses on fresh daily produce; look forward to an amazing experience at Clove.



Tuesday April 16, 2019 12:30pm - 1:30pm GMT+08
Clove Restaurant

12:45pm GMT+08

Lunch and Learn: Building the Foundation of IT/OT Convergence; See ICS Visibility and Detection in Action.
Sponsored by Nozomi Networks

OT visibility and cybersecurity are keys to IT/OT Convergence.  Learn how to gain complete OT asset visibility and establish real-time monitoring of your OT networks.  See how behavior-based anomaly detection and signature-based detection identifies the most advanced ICS attacks. This Lunch & Learn will identify the steps necessary to proactively identify and response to OT cyber risks, before the damage is done. See how the application of machine learning and artificial intelligence enables a new optimism in the fight against escalating attacks on industrial operations.

Speakers
avatar for Diego Betancur

Diego Betancur

ICS Cyber Security Field Engineer, Nozomi Networks
Diego Betancur has over 12 years of experience in several aspects of cybersecurity. He has undertaken large projects including involving penetration testing, incident response and risk assessments for both IT and OT. He is particularly interested in understanding cybersecurity attacks... Read More →


Tuesday April 16, 2019 12:45pm - 1:30pm GMT+08

1:30pm GMT+08

Cybersecurity for Safe, Reliable, and Secure IT and OT
The Impact of Visibility, Control and Analytics in an Era of Convergence

In today’s connected world, the convergence of IT and OT continues to impact an organizations security strategy. The merging of the cyber and physical worlds requires an enterprise to work faster and smarter while keeping legacy and modern systems secure. During this session, we’ll explore an approach to securing your environment that leverages legacy technology and plans for future technology advancements.  As IT and OT convergence is a given, we’ll examine three key ingredients needed in your cybersecurity strategy - visibility, control, and behavioral analytics – and their impact on the future of your business.

Speakers
avatar for Chin Beng Yue

Chin Beng Yue

Global & Regional Accounts Leader, Operational Technology Business, Fortinet
Chin Beng brings more than 37 years of experience as an Information Technology professional in the areas of design including R&D, construction, operations and maintenance of Computer Network Operations (CNO).  His expertise includes consulting and implementation on technology solutions... Read More →


Tuesday April 16, 2019 1:30pm - 2:00pm GMT+08
Sophia Sophia (Stamford Ballroom)

1:30pm GMT+08

How Can Organizations Gain Situational Awareness of All Devices in Their Environments?
The convergence of IT and OT are putting new demands on CIOs and CISOs as they're being tasked with protecting the entire business ecosystem, well beyond enterprise IT systems. Over the last decade, we have seen malware begin to target non-enterprise devices and industrial control systems (ICS) at an alarming pace.  However, most critical infrastructure and ICS asset owners are ill-equipped for this changing cyber threat landscape. Plus, the number of connected ICS assets continues to grow. This new reality of inter-connected cities, industries and transportation systems has elevated the topic of OT cybersecurity to the executive level of most companies, organizations and governments. Today’s average enterprise requires more visibility and richer integrations between conventional IT systems and new OT security requirements.

Join us at this informative session to learn how Forescout can help organizations gain complete situational awareness of all devices in their interconnected environment.

Speakers
avatar for Steven Hunter

Steven Hunter

Senior Director, System Engineering APJ, Forescout Technologies
Steven joined ForeScout in June 2016 as Director, System Engineering Asia Pacific & Japan. He is responsible for developing and managing a team of experienced systems engineers within the region to work with organizations as they adopt and implement the ForeScout security solution... Read More →


Tuesday April 16, 2019 1:30pm - 2:00pm GMT+08
Olivia Olivia (Stamford Ballroom)

2:00pm GMT+08

Reducing Industrial Cybersecurity Risk via a Comprehensive Governance Program
ICS and OT Cybersecurity is no longer a topic in its infancy.  Over the last decade, much of the focus has been around the awareness and technology, and less on people, processes and frameworks.  In this conference, undoubtedly we will again be presented with some great technology and their use cases.  However, organizations also need a holistic view on when, where and how to position these cybersecurity investments.  They also need to be able to articulate the risk reduction, justify cybersecurity investments to C-levels and boards.  In this session, we will analyze the feedback provided by  ICS Cybersecurity professionals  interviewed, on real-world advice they would give to their C-levels in making their OT organization more secure and leveraging frameworks in building their programs.

Learning objectives:
To elevate the cybersecurity maturity of the attendees in understanding and articulating the importance of building a comprehensive ICS Cybersecurity governance program for their organizations, rather than individual stand-alone technical solutions or processes. To learn from real-world advice and experience of ICS Cybersecurity experts.

Speakers
avatar for Justin Nga

Justin Nga

ICS Cybersecurity Manager APAC, PAS Global
Justin brings over 20 years experience, and has been privileged to be part of the rapid IT/OT convergence that has taken place over the last decade.  Starting his career as an Industrial Automation engineer, progressing into the domains of Industrial Networking and Industrial Cybersecurity... Read More →


Tuesday April 16, 2019 2:00pm - 2:30pm GMT+08
Sophia Sophia (Stamford Ballroom)

2:00pm GMT+08

RF Exploitation: Demystifying IoT/OT hacks with SDR
Recent years have seen a flood of novel wireless exploits, from vulnerable medical devices to hacked OT devices, with exploitation moving beyond 802.11 and into more obscure standard and proprietary protocols.

This session will introduce audiences to the world of RF analysis. As we introduce each new attack, we will draw parallels to similar wired exploits, and highlight attack primitives that are unique to RF. During the session, we'll walk through wireless sniffing, spoofing, cloning, replay, and DoS attacks. These offensive exercises will give one brief idea of how to analyze the devices' security, and the best practices guidelines will help to design them properly.

There will be a demo on "How to reverse engineer RF signals", "Simulation of Dallas Siren Hack", "Silent gigs, quiet clubs or rave parties are a relatively emerging trend which widely works in 33Mhz/863MHz/915Mhz ISM Band, practical demonstration of exploiting such devices".
                                   
Session Objectives
  • Become familiar with common security concerns and attack surfaces in a wireless communication system
  • Understand the ease and prevalence of wireless exploitation, with sophisticated examples
  • Encourage the audience to view IoT devices, security, and privacy collectively.
                                                           

Speakers
avatar for Harshit Agrawal

Harshit Agrawal

Security Researcher, Security Researcher
Harshit Agrawal is a Security Enthusiast working as a UG Intern at BMC Software on Blockchain Technology as well as  volunteering for NULL and OWASP Pune chapter. He is a part of All Day DevOps Community, and Speaker at HAKON and various Universities. He is President for CSI chapter... Read More →
avatar for Himanshu Mehta

Himanshu Mehta

Senior Threat Analysis Engineer, Symantec
Himanshu Mehta is passionate about Computer Security and due to this reason he actively and responsibly discloses security vulnerabilities to vendors. He is also involved in several bug bounty and Capture the Flag programs. He is the board member of EC-Council Licensed Penetration... Read More →


Tuesday April 16, 2019 2:00pm - 2:30pm GMT+08
Olivia Olivia (Stamford Ballroom)

2:30pm GMT+08

Cyber Security and Seaport Automation
A seaport is vital Critical National Infrastructure (CNI) required to maintain competitiveness in a global, supply-chain driven marketplace.  Seaport automation can increase productivity and reduce operating costs but also increases an organizations's cyber risk.  Seaports choosing to automate must adopt inherently insecure industrial control technology while greatly expanding its technology footprint and attack surface.   Business and technology choices made early-on in the automation planning process, such as OT governance and network design, are crucial to the successful and secure delivery of automation.

Speakers
avatar for Stephen Kraemer

Stephen Kraemer

CISO, Ports of Auckland


Tuesday April 16, 2019 2:30pm - 3:00pm GMT+08
Sophia Sophia (Stamford Ballroom)

2:30pm GMT+08

ICS/SCADA – 0Day & Fileless Malware Hunting
Fileless attack techniques are being bypassed and even ignored by the defenders or so-called "Blue Teams" under their radar who just rely on their million-dollar arsenals and stay reactive until the average dwell time of 256-days lapses.

This presentation aims to enlighten not only the experienced incident responders but also the experts in digital forensics to a practical methodologies of dissecting phishing attacks to hunt Fileless attack and even discover zero-day malware on their targeted ICS/SCADA environment that mitigate the breach or lessen the dwell time using Free and Open Source Software (FOSS).

Key Takeaways:
  • Demystify Zero-day and Fileless malware hunting.
  • Share the seven Zero-Day Malware found by the speaker.
  • Empower audiences and encourage to share findings in the community for awareness and prevention.
  • Show the fun in Digital Forensics and Incident Response (DFIR) within the ICS/SCADA environment.
  • Leverage Open Source tool for practical analysis.

Speakers
avatar for Mike Rebultan

Mike Rebultan

SecInt Head, Equinix
Mike Rebultan, aka “Art” has more than 16 years of experience combined as an IT and OT professional with a background in PCI-DSS audit management, Unix/Linux server lockdown, and systems administration, R&D, VAPT, and currently a DFIR/SecOps in an ICS/OT company. Holding a master's... Read More →


Tuesday April 16, 2019 2:30pm - 3:00pm GMT+08
Olivia Olivia (Stamford Ballroom)

3:00pm GMT+08

Afternoon Break
Tuesday April 16, 2019 3:00pm - 3:15pm GMT+08
Sponsor Foyer

3:15pm GMT+08

Lessons Learned From Securing Critical Infrastructure Operators by Converging IT and OT:
In this presentation, Ayman AL-Issa, Chief Technologist for Industrial Cyber Security in the Middle East & North Africa for Booz Allen Hamilton, will highlight lessons learned, challenges and solutions that benefit critical infrastructure operators through converging IT and OT efforts including enabling cybersecurity mandate, organization structure, governance, risk management and cybersecurity architecture design.

Speakers
avatar for Ayman Al Issa

Ayman Al Issa

Chief Technologist | Industrial Cyber Security, Booz Allen Hamilton
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →


Tuesday April 16, 2019 3:15pm - 3:45pm GMT+08
Sophia Sophia (Stamford Ballroom)

3:15pm GMT+08

Fast-Tracking Defense-in-Depth in a New Zealand Industrial Facility
After being approached by an industrial organization wanting to capitalize on a full-plant turn-around and implement defense-in-depth best-practice security controls for their ICS network infrastructure.
Through a tight-timeline, we coordinated two vulnerability assessments (parent-company and
vendor-provided), determined target controls, designed and procured equipment and
implemented zone and conduit controls.

This presentation will outline the process followed to maximize return-on-investment and
minimize impact to plant operations, both during the shutdown and post-start-up. Although the
time-frame was restricted, subsequent plant-wide changes would not be possible for many years
until the next plant-wide shutdown so implementing best-practice design and flexibility was key.
Results and observations from before, during and after the process will be discussed as well as
post-project lessons-learned.

Learning Objectives:
  •  Lessons learnt from a fast-track ICS Cyber security project
  • Key decisions required in design, implementation, operate/maintain and close-out phases

Speakers
avatar for Peter Jackson

Peter Jackson

Director of Cyber Security & Senior Systems Engineer, ECL Cyber New Zealand
Peter Jackson is an experienced IACS Cyber Security professional. Peter leads a team of Cyber Security engineers in supporting the industrial sector in NZ. Peter’s background includes control and safety systems experience as a TÜV certified Function Safety Engineer. Peter has... Read More →


Tuesday April 16, 2019 3:15pm - 3:45pm GMT+08
Olivia Olivia (Stamford Ballroom)

3:45pm GMT+08

[Panel] Relevance of ISO/IEC 62443 Standards in Industry 4.0
The adoption of Industry 4.0 across various ICS sectors is gaining momentum over the years as organizations want to optimize Internet-of-Things to maximize productivity while reducing cost. In contrast, the development of ISO/IEC 62443 Standards is still evolving and is largely aimed at traditional non-Industrial 4.0 setup. The adoption of Industry 4.0, if unplanned with cyber security, could potentially bypass the concept of Defense-in-Depth, Zoning and Conduits in ISO/IEC 62443 Standards.

Speakers
avatar for Thomas Quek

Thomas Quek

Principle Security Advisor, REDCON
Thomas is the MD for REDCON Pte Ltd, which is a specialist team with hybrid skillsets and experiences in both the IT & OT (Operational Technology) worlds. Thomas started out as an IT and security engineer for 8 years before joining a major industrial automation vendor for another... Read More →
avatar for Andreas Hauser

Andreas Hauser

Director Digital Service, TÜV SÜD
Dr Hauser holds Engineering Degrees in Shipbuilding and Computer Engineering, and a PhD in Applied Mathematics. He started his career as Research Scientist at Corporate Research of Siemens in Germany and headed thereafter the Siemens central research unit in Singapore. He then joined... Read More →
avatar for Vishram Mishra

Vishram Mishra

Managing Director, Microsec
Dr Vishram Mishra is a certified information security professional with a PhD in Advanced Wireless Communication. He has more than 10 years of experience in cyber-security and in IoT. He has helped Governments and MNCs to solve cyber-security issues and help set up various policies... Read More →


Tuesday April 16, 2019 3:45pm - 4:30pm GMT+08
Sophia Sophia (Stamford Ballroom)

3:45pm GMT+08

Using OSINT Technology for Pen-testing Critical Infrastructure
NSHC Inc. has been building a system that crawls and parses every page on the deep/dark network. We put this system and OSINT up together for critical infrastructure security. specially, When you start an OT security investigation for critical infrastructure, the first phase you will face is the data reconnaissance and intel gathering about your target information to find bypass the air-gap. This talk will cover how important data is just on the web and how to put together for threat analysis and investigation of OT Area. Furthermore, how to apply machine learning to this intelligence service will be covered.

Speakers
avatar for Louis Hur

Louis Hur

CEO, NSHC
Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four people in 2003 while... Read More →


Tuesday April 16, 2019 3:45pm - 4:30pm GMT+08
Olivia Olivia (Stamford Ballroom)

4:30pm GMT+08

Emerging Cyber Security Legislation – How New and Upcoming Requirements Impact Critical Infrastructure
Critical Infrastructure has seen an increase of Cyber Security legislation on a national and on an international level. In addition to this increase, stakeholders now pay more attention to compliance to external standards; and compliance has become a benchmark; even a competitive differentiator. But to organizations this may feel like more effort and attention is put on achieving compliance than actually improving cyber security. In this talk, we will discuss:
  • What new legislation, including Singapore's Cybersecurity Act,  means to Critical Infrastructure
  • How to manage additional and evolving compliance requirements
  • Why compliance for compliance sake isn’t the answer
  • How to use compliance to drive improvement
  • Case study: What does the journey to compliance look like for the example of the NIS Directive

Speakers
avatar for Martijn Jansen

Martijn Jansen

VP, Industrial Security, Risk & Compliance, Applied Risk
Drawing on 22 years of experience in the infrastructure cyber security field, Martijn is responsible for regulatory and security compliance at Applied Risk, both internally and for clients in the critical infrastructure sectors. In previous roles at Avanade, British Telecom and Volker... Read More →


Tuesday April 16, 2019 4:30pm - 5:00pm GMT+08
Sophia Sophia (Stamford Ballroom)

4:30pm GMT+08

Anatomy of an Attack: Two Real-World Industrial Control System Attack Vectors and How to Defend Against Them
What are your blind spots when it comes to protecting critical ICS from attacks that can impact production and safety? Compromising a Level 1 or 0 Industrial Control System (ICS) cyber asset is a not a difficult thing to do for someone with knowledge of industrial control systems.

Traditionally, industrial processing facilities have relied on security by obscurity, system complexity, air gapping, network segmentation, and perimeter-based security protection for process control networks (PCNs). Many organizations have put IT-centric security technologies in place that primarily focus on securing Level 3 and 2 systems within the PCN, such as operator systems and workstations.
This IT-centric approach fails to protect Level 1 and 0 production-centric assets sufficiently, thus leaving them vulnerable. This creates a huge blind spot, which leaves industrial processing facilities vulnerable to common ICS attack vectors.

This presentation provides an overview of two simple Level 1 and 0 attack vectors that challenge most industrial processing facilities to defend proactively against. It provides an in-depth examination of the thought processes used by an attacker, along with a detailed anatomy of each attack. It then discusses the required technical controls needed to defend against each type of attack.

Attendees will learn:
  • How an attacker approaches an ICS environment
  • How two real-world attack vectors can lead to process and safety disruption as well as how to defend against them
  • Security controls that protect against these two scenarios

Speakers
avatar for Anand Makhija

Anand Makhija

Technical Director APAC, PAS
Anand Makhija is the Technical Director at PAS with over 12 years of experience in the Oil and Gas and Energy industry. Anand is a subject matter expert in control systems, process safety, automaton integrity, cybersecurity, and IPL assurance. Over the years, he has conducted several... Read More →


Tuesday April 16, 2019 4:30pm - 5:00pm GMT+08
Olivia Olivia (Stamford Ballroom)

5:00pm GMT+08

Cocktail & Dinner Reception (5PM - 7PM)
Please join us in the sponsor area for an exclusive networking reception with cocktails and dinner with industry peers. At this reception we have prepared a fantastic menu and premium bar!


Tuesday April 16, 2019 5:00pm - 7:00pm GMT+08
Sponsor Foyer
 
Wednesday, April 17
 

7:00am GMT+08

Breakfast and Registration
Please join us for a light breakfast and pick up your badge at the conference registration desk. Grab some coffee, network with other conference attendees and prepare for the exciting day ahead!


Wednesday April 17, 2019 7:00am - 8:30am GMT+08
Sponsor Foyer

8:30am GMT+08

Opening Remarks - Day 2
Welcome remarks for Day 2 of SecurityWeek's 2019 Singapore ICS Cyber Security Conference.


Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, Conference Chair, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the cyber threat landscape, and enterprise, critical infrastructure, and national security space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages... Read More →


Wednesday April 17, 2019 8:30am - 8:45am GMT+08
Stamford Ballroom

8:45am GMT+08

Threat Detection and Response: What’s the Right Solution?
While many companies recognize the cybersecurity benefits of early OT threat detection, many struggle to select a suitable solution that matches their key concerns and their current industrial cybersecurity capabilities. This presentation by ARC describes the industrial threat detection and response landscape, how the solutions vary in focus, scope, and capabilities, and the importance of aligning with a company's overall cybersecurity management strategy. The information will be of benefit to owner-operators as well as to suppliers of cybersecurity solutions in the industrial sector.

Speakers
avatar for Bob Gill

Bob Gill

General Manager, Southeast Asia, ARC Advisory Group


Wednesday April 17, 2019 8:45am - 9:20am GMT+08
Stamford Ballroom

9:20am GMT+08

I Own Your Building (Management System)
Despite the rapidly growing deployment of IP-based technologies around us, the security of these deployments remains susceptible to basic cyber security attacks. What began as a small enumeration of the exposure of Security Access Control Platforms on several Internet-connected device search engines, grew into a research project covering several Building Management Systems (BMS) or Building Automation Systems (BAS) and its various sub-categories.

The execution of such attacks enables an unauthenticated attacker to access and manipulate doors, elevators, air-condition systems, windows blinds, cameras, boiler, PLCs, lights, alarm system in an entire building. In the case of this research, more than 10 million people could be affected by the findings presented.

This presentation discusses vulnerabilities found by Applied Risk research team across several BMS components and products from various vendors in the industry. Multiple vulnerabilities have been identified that could result in the total compromise of entire buildings and critical facilities (e.g. banks, hospitals, industrial facilities, government, residential…etc.).

In addition to the discovered vulnerabilities, the process we followed during our research will be discussed. Examples will be given for topics like:
  • Firmware analysis  
  • Device assessment

Speakers
avatar for Gjoko Krstic

Gjoko Krstic

Senior ICS Security Researcher, Applied Risk
Gjoko is a Senior ICS/IIoT Security Researcher at Applied Risk in Amsterdam, The Netherlands. Gjoko has been active in the “security industry” for almost 15 years, holding experience in many fields in cybersecurity including: penetration testing, malware analysis, vulnerability... Read More →


Wednesday April 17, 2019 9:20am - 9:55am GMT+08
Stamford Ballroom

9:55am GMT+08

Demystifying Machine Learning Analytics for Situational Awareness & Threat Monitoring in ICS
The ICS cybersecurity market is swirling with hot buzzwords. More than 20 startups have emerged in the ICS market in response, offering products that attempt to meet this demand. But what do  terms like “anomaly detection” and “machine learning” actually mean in the context of ICS threat monitoring? What does machine learning do and how does it work? Is it providing real value or is it yet again clever marketing? Is machine learning really even being used? If so, how can anomaly detection and machine learning enhance ICS threat monitoring? Is it really needed? What strategies, tools, and techniques can really help you with your ICS environment situational awareness and threat monitoring? Are there options for budget-constrained organizations? This session will explore how anomaly detection and machine learning work, and how they can be deployed for effective ICS situational awareness. The audience will be armed with what they need to cut through the buzzwords and confusion. Attendees will be introduced to several open source tools available that will help them learn more about passive asset identification, anomaly detection, and threat monitoring, and potentially even deploy their own “DIY” situational awareness solution.

Speakers
avatar for Clint Bodungen

Clint Bodungen

President & CEO, ThreatGEN
Clint is a recognized industrial cybersecurity expert, public speaker, and lead author of the book “Hacking Exposed: Industrial Control Systems”. He is a United States Air Force veteran, has been an INFOSEC (now called “cybersecurity”) professional for more than 20 years... Read More →


Wednesday April 17, 2019 9:55am - 10:30am GMT+08
Stamford Ballroom

10:30am GMT+08

Morning Break
Wednesday April 17, 2019 10:30am - 10:45am GMT+08
Sponsor Foyer

10:45am GMT+08

TRITON Attribution: Russian Government-Owned Research Institute Built Custom Tools for Attackers
FireEye Intelligence arrived at a high confidence assessment that the TRITON attack was sponsored by a Russian Government-owned research laboratory. This talk will share  analysis to illustrate the process  followed to connect the dots. It highlights some creative research techniques and pivot points used in this analysis and will share how other organizations can use FireEye's public reporting to hunt for evidence of the same attacker.


Speakers
avatar for Yihao Lim

Yihao Lim

Senior Threat Intelligence Analyst, FireEye
Yihao Lim is a Senior Cyber Threat Intelligence Analyst at FireEye. He focuses on identifying and proactively dealing with cyber security threats for his clients in Asia Pacific. Yihao is well-versed in monitoring intelligence sources for actionable indicators/information, including... Read More →


Wednesday April 17, 2019 10:45am - 11:30am GMT+08
Stamford Ballroom

11:30am GMT+08

[Panel] ICS Incident Response or Incident Handling: A Dilemmatic Predicament
The development of an incident response strategy is often a top-down driven development process, resulting in a response strategy that is often not quickly enough to disrupt a cyber attack as much as the it would like to disrupt or destroy the ICS operations.

This panel aims to gain unbiased expertise views on the development of a pragmatic ICS incident response strategy at ground-zero; the ICS Control Room

Moderators
avatar for Thomas Quek

Thomas Quek

Principle Security Advisor, REDCON
Thomas is the MD for REDCON Pte Ltd, which is a specialist team with hybrid skillsets and experiences in both the IT & OT (Operational Technology) worlds. Thomas started out as an IT and security engineer for 8 years before joining a major industrial automation vendor for another... Read More →

Speakers
avatar for Ayman Al Issa

Ayman Al Issa

Chief Technologist | Industrial Cyber Security, Booz Allen Hamilton
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →
avatar for Doug Wylie

Doug Wylie

Director, Industry Practice, SANS Institute
With over 25 years of experience that spans industry, Doug is a seasoned business practitioner and certified security professional who helps companies meet their objectives for safe, secure and reliable operations while they address security risks that arise as Information Technology... Read More →
avatar for Sujith Panikkar

Sujith Panikkar

Director- Consulting (Asia Pacific), HIMA Asia Pacific
avatar for Ken Soh

Ken Soh

CIO at BH Global / CEO at Athena Dynamics, Athena Dynamics
Mr Soh has more than 28 years of working experience in the ICT industry. Prior to joining BH Global, Mr Soh held various senior positions in public and private sectors at CxO and business leader levels with Master Planning and P&L responsibilities. In BH Global, he has spearheaded... Read More →


Wednesday April 17, 2019 11:30am - 12:15pm GMT+08
Stamford Ballroom

12:15pm GMT+08

Lunch - Clove Restaurant
Please join us for lunch at Clove Restaurant, where a multi-sensory dining journey around the world awaits to indulge your palate. Introducing a menu inspired with elements from Swissotel's global destinations that focuses on fresh daily produce; look forward to an amazing experience at Clove.


Wednesday April 17, 2019 12:15pm - 1:25pm GMT+08
Clove Restaurant

1:30pm GMT+08

Lessons for Successful Industrial Cyber Security
This session will share key take aways and best practices from years of field experiences at leading utilities, energy, manufacturing, and other industrial companies to help organizations pave the way for successful OT visibility and cyber security on a local or global scale.  ICS Cyber security deployments are accelerating at a rapid pace. In this session Michael Dugent will take a deep dive with those on the front lines of innovation and implementations.  You’ll hear the lessons learned and understand the critical success factors for asset owners looking to secure their OT environments.

Speakers
avatar for Malcolm Bailie

Malcolm Bailie

Delivery Manager, APJ, Nozomi Networks
Malcolm Bailie (GICSP) has over 21 years’ practical experience in the ICS/SCADA industry operating in the field helping asset owners maximize value from technology solutions. Over his career, Malcolm has gained a broad SME knowledge and skill set gained in managing operational critical... Read More →


Wednesday April 17, 2019 1:30pm - 2:00pm GMT+08
Sophia Sophia (Stamford Ballroom)

1:30pm GMT+08

Securing Critical Infrastructure With Active OT Protection
Today’s manufacturing, oil & gas and utilities for the most part involve standardized, layered systems with in-depth production rules, guidelines, and regulatory oversight. While connecting processes, networks, and applications promises to drive significant economic benefits for manufacturers, this interconnection also creates new cyber threat attack surfaces, including the possibility of safety concerns, operational disruptions and downtime, and costly physical damage to equipment and products. However, majority of operational systems cannot support best practices from IT security.  They can’t be patched routinely, they run outdated versions of operating systems, and their host networks enable unfettered movement for malware and human attackers.  In some cases connections to the corporate network provide a pathway to OT via lateral movement.   Different protocols and systems use enterprise networks and the plant’s operational technology, making them difficult to secure. In 2019 we will face a new set of sophisticated attacks on critical infrastructure.  The elite hackers emerge: well-funded and highly skilled, making it almost impossible for all manufacturing companies to protect themselves.  Hoping you are not targeted is not a proactive security measure.
In this session the attendees will learn from Andres Andreu, CISSP-ISSAP and CTO of Bayshore Networks, what can we do to better protect critical infrastructure with active OT protection, security beyond viability. Adding security to a production environment, while not violating the bounded latency constraints the environment needs to adhere to, is not easy. Modern day ethernet networks operate within boundaries where the traffic flow of data is indeterminate. This means that intervening devices (i.e. security devices) can delay stream data and generally speaking the delays are acceptable. IIoT/OT networks have no such luxury yet need security functionality in order to properly protect their resources and productivity. There is a great and unique challenge in finding that middle ground.

In this session Andres will dive into the impact of active protective action and what happens or the lack thereof is rapidly growing. The session will cover ICS/SCADA mitigation measures and vulnerability assessments and how active enforcement will need to take place to actually secure resources in manufacturing (and most other IIoT environments for that matter) and why Critical infrastructure protection requires active OT security to all endpoints.



Speakers
avatar for Andres Andreu

Andres Andreu

CTO, Bayshore Networks
Andres has over 20 years of hands-on dynamic security architecture and engineering experience, including extensive backgrounds in SCADA/ICS, web services security/integration, and federated ID technology. He is also the author of a number of open source projects, including yextend... Read More →


Wednesday April 17, 2019 1:30pm - 2:00pm GMT+08
Olivia Olivia (Stamford Ballroom)

2:00pm GMT+08

OT Security: Examples of IACS Security Vulnerabilities in Practice
While in theory, security architectures for IACS (Industrial Automation & Control Systems) are expected to be implemented in accordance with guidance from industry standards and good practice, this can pose challenges when it comes to brownfield or expansion projects. This presentation examines the security vulnerabilities when working with existing installations and legacy systems.


Speakers
avatar for Sujith Panikkar

Sujith Panikkar

Director- Consulting (Asia Pacific), HIMA Asia Pacific


Wednesday April 17, 2019 2:00pm - 2:30pm GMT+08
Sophia Sophia (Stamford Ballroom)

2:00pm GMT+08

Technical Reference on Autonomous Vehicles – (Part 2 : Safety - TR 68 – 2 : 2019)
This session touches on the safety aspect on autonomous vehicle that is based on Part 2 : Safety - TR 68 – 2 : 2019

https://newatlas.com/volvo-first-electric-driverless-bus-singapore/58743/

https://www.straitstimes.com/singapore/transport/ntu-and-volvo-launch-worlds-first-full-sized-autonomous-electric-bus-for-trial

Speakers
avatar for Niels de Boer

Niels de Boer

CETRAN Program Director, Nanyang Technological University
Niels de Boer is the program director for CETRAN, which is tasked by the Singapore Land Transport Authority to develop technical standards and regulations to enable trial testing and deployment of Autonomous Vehicles on public roads. CETRAN is also supporting ESG, SMF-SDO and the... Read More →


Wednesday April 17, 2019 2:00pm - 2:30pm GMT+08
Olivia Olivia (Stamford Ballroom)

2:30pm GMT+08

Industrial Insecurity by Design
Join this technical session as we review existing examples of industrial control systems that were designed with insufficient consideration to the cybersecurity risk factors while used for safety.

Speakers
avatar for Ayman Al Issa

Ayman Al Issa

Chief Technologist | Industrial Cyber Security, Booz Allen Hamilton
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →


Wednesday April 17, 2019 2:30pm - 3:00pm GMT+08
Sophia Sophia (Stamford Ballroom)

2:30pm GMT+08

Technical Reference on Autonomous Vehicles – (Part 3 : Cybersecurity Principles and Assessment Framework - TR 68 – 3 : 2019)
This session touches on the cyber security aspect on autonomous vehicle that is based on Part 3 : Cybersecurity Principles and Assessment Framework - TR 68 – 3 : 2019

Speakers
avatar for Soon Chia Lim

Soon Chia Lim

Director (CSEC), Cyber Security Agency of Singapore, Cyber Security Agency of Singapore (CSA)
Mr. Lim Soon Chia is Director (Technology) of Cyber Security Agency. In his current role, he is responsible for capability development, evaluation and certification, technology management, and R&D for cyber security. Mr Lim started his career with the Ministry of Defence and the Republic... Read More →


Wednesday April 17, 2019 2:30pm - 3:00pm GMT+08
Olivia Olivia (Stamford Ballroom)

3:00pm GMT+08

Incident Response in Your Control Room - Identifying Cyber-Kill Switches
It is known that a well-placed cyber attack on a critical infrastructure can be fast and furious. A poorly designed incident response plan will indirectly aid cyber attacks by hindering pragmatic direct responses through cumbersome escalation procedures, approvals and authorizations.

This session will touch on a pragmatic responses for the First-Responders in your control room; your ICS operators, shift leaders, and instrumentation & maintenance folks to help you keep your basic operations under duress with on-stage live demos.

Speakers
avatar for Thomas Quek

Thomas Quek

Principle Security Advisor, REDCON
Thomas is the MD for REDCON Pte Ltd, which is a specialist team with hybrid skillsets and experiences in both the IT & OT (Operational Technology) worlds. Thomas started out as an IT and security engineer for 8 years before joining a major industrial automation vendor for another... Read More →


Wednesday April 17, 2019 3:00pm - 3:30pm GMT+08
Sophia Sophia (Stamford Ballroom)

3:00pm GMT+08

IACS Security Audit - Why We Failed the Pentest
Having conducting several security assessment, penetration testing, and security audits, there is a time when we failed the security audits or penetration testing exercise. Worst, is when we failed year after year. Audit reports are written by auditors, penetration testing are conducted by pen-tester, and the person who manages the IACS are the OTs. Reports, results and action items may not address the root cause of the findings. The writer may not have the same experience as the OTs on site. They play different roles with different experiences. I have seen reports that are similar each year from the same organization. Even when governance have been enforced and tracked, yet sometimes things do recurs.

This presentation will discuss:
  • Recurring findings of penetration testing exercises
  • How to assist the auditors / pen-tester on corrective actions
  • Importance of  a Security Baseline
This presentation will help you prepare and defend yourself during audits and penetration testing exercises. Stop recurring findings by reviewing previous reports and implementing long term and short term actions. Making your action plans achievable and not over-promising.  Plus improving your process on developing security baselines and its implementation. With this, you will be able to explain and assist the senior management on the findings and to improve their organizations in coming audit and penetration testing exercise. This will benefit and create more value for the organization during audit and penetration testing exercise.

Speakers
avatar for Muhammad Reza Shariff

Muhammad Reza Shariff

Industrial Cyber Security Practitioner
Reza is a highly motivated professional with 15 years of experience in IT and information security for Oil & Gas and healthcare industry which includes knowledge on Plant Control System (PCS), Data Control System (DCS) and SCADA systems. He first started off as a Lead Engineer at... Read More →


Wednesday April 17, 2019 3:00pm - 3:30pm GMT+08
Olivia Olivia (Stamford Ballroom)

3:30pm GMT+08

Afternoon Break
Wednesday April 17, 2019 3:30pm - 3:45pm GMT+08
Sponsor Foyer

3:45pm GMT+08

Establishing Best Practice in the Industrial Cybersecurity Domain in Singapore
Adoption of IEC 62443 in Singapore

The Industrial IoT or Industry 4.0, though just at the beginning of its transformative paradigm shift, will shake up the industrial sector fundamentally in the next years to come. One of the main hurdles for it to unfold its full potential is the protection of data and systems by cyber threats. Although many of cyber security solutions and respective methodologies are being offered already, Industry 4.0 or smart and connected systems, will be deployed on a large scale only, if they are based on best practice. This session will introduce the industrial cyber security standard IEC 62443, its basic concept and application, but also its introduction into Singapore.

Speakers
avatar for Andreas Hauser

Andreas Hauser

Director Digital Service, TÜV SÜD
Dr Hauser holds Engineering Degrees in Shipbuilding and Computer Engineering, and a PhD in Applied Mathematics. He started his career as Research Scientist at Corporate Research of Siemens in Germany and headed thereafter the Siemens central research unit in Singapore. He then joined... Read More →


Wednesday April 17, 2019 3:45pm - 4:15pm GMT+08
Sophia Sophia (Stamford Ballroom)

3:45pm GMT+08

Targeted Attacks and Security Testing ICS Devices Through Smart Fuzzing
The speaker will use a smart fuzzing tool, which is one of ISA Security Compliance Institute recognized CRT tool for Embedded Device Security Assurance (IEC62443 EDSA Certification), to demonstrate how targeted attacks can be generated and security testing done for ICS/SCADA devices. 

Speakers
avatar for YK Pang

YK Pang

Director, Network and Software Security, Beyond Security Asia
YK Pang is the technical lead for software and network security testing tools at Beyond Security Asia. He started his career as a software programmer, financial systems, at one of the largest computer software house in South East Asia. He has over 25 years of IT work experience having... Read More →


Wednesday April 17, 2019 3:45pm - 4:15pm GMT+08
Olivia Olivia (Stamford Ballroom)

4:15pm GMT+08

Protecting the Systems that Power Our Lives
Security is a journey, not a destination. Take others with you.

A growing number of industries are already integrating networking and digital communications into the OT space by deploying new Industrial IoT (IIoT) devices such as smart meters, automated asset distribution systems, and self-monitoring transformers. It follows, then, that the convergence of information technology (IT) and operational technology (OT) has become a business imperative.

As this technology advances and converges with networked tech the need for OT security grows exponentially. This session investigates how the OT environment can be safeguarded as the line separating OT/IT environments fades, what is the availability of skilled resources in OT security space, and what organizations need to do to close the security gaps.

Key Focus areas of the presentation
  • What security challenges has the IT-OT convergence brought to ICS security and what are the typical OT cybersecurity risks?
  • Given that cybersecurity is more IT-focused than OT, how do we bring cybersecurity into OT and begin to secure those systems?
  • Are regional enterprises well equipped to tackle OT security threats?
  • There are great disparities between IT and OT environments. So, do ‘OT Security Professionals’ need separate skill sets when compared to Cyber Security?
  • Are such skill sets available in the region for OT security professionals?
  • What further needs to be done to upgrade the skill sets of an organization’s workforce and tackle the issues of OT security?
  • Is it possible to secure industrial networks without disrupting operations or risking non-compliance?
                                                           
   
                                   
    

Speakers
avatar for Seán Paul McGurk

Seán Paul McGurk

Vice President, Cyber Services, DarkMatter
Seán McGurk serves as the Vice President for Cyber Services with a focus on Critical Infrastructure Protection and IT governance. Prior to joining DarkMatter Mr. McGurk was the Chief Security Officer (CSO) for Amazon Web Services Global Data Center Operations. In this role, he was... Read More →


Wednesday April 17, 2019 4:15pm - 4:50pm GMT+08
Sophia Sophia (Stamford Ballroom)

4:15pm GMT+08

The “Late Mover’s” Advantage in Maritime Cyber Security
Today, we are not short of headlines on sophisticated cyber-attacks in onshore IT and OT systems. The day would come when more attack vectors start to expand and focus on critical info infrastructures onboard ships and rigs. While IMO has stipulated cyber safety mandate by 1 Jan 2021, followed by various guidelines brought forth by shipping and classification bodies, the maritime cyber safety landscape is still in its infancy and is seriously lacking effective actionable insights. What exactly should ship owners cyber-protect their assets cost-effectively? We frequently hear of “First Mover” advantage and not the opposite. In this speaking session, Ken Soh will share his notion of “Late Mover” advantage in cyber safety landscapes, since the best of onshore practices could be fine-tuned for off-shore purposes. He  also cautions the adoption of mainstream traditional cyber protection paradigms which are no longer effective, hence resources should not be wasted by “porting” such approaches and technologies over.

Speakers
avatar for Ken Soh

Ken Soh

CIO at BH Global / CEO at Athena Dynamics, Athena Dynamics
Mr Soh has more than 28 years of working experience in the ICT industry. Prior to joining BH Global, Mr Soh held various senior positions in public and private sectors at CxO and business leader levels with Master Planning and P&L responsibilities. In BH Global, he has spearheaded... Read More →


Wednesday April 17, 2019 4:15pm - 4:50pm GMT+08
Olivia Olivia (Stamford Ballroom)

4:50pm GMT+08

Closing Remarks
SecurityWeek's 2019 Singapore ICS Cyber Security Conference is winding down, but be sure to register for advanced training sessions on Thursday (space permitting) - See the SecurityWeek event staff to register.

Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, Conference Chair, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the cyber threat landscape, and enterprise, critical infrastructure, and national security space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages... Read More →


Wednesday April 17, 2019 4:50pm - 5:00pm GMT+08
Olivia Olivia (Stamford Ballroom)

5:00pm GMT+08

Conference Party Overlooking Singapore
Join us for amazing networking with cocktails and food at Singapore's iconic nightlife spot and premier rooftop destination – Bar Rouge. Perched 71 floors above the buzzing city with an unobstructed view of Marina Bay area, Bar Rouge Singapore offers an experience aimed at evoking one’s visual, audio and aural senses. You don't want to miss this experience!



Wednesday April 17, 2019 5:00pm - 7:00pm GMT+08
Bar Rouge Level 71, Swissotel The Stamford
 
Thursday, April 18
 

7:30am GMT+08

ADVANCED TRAINING DAY (Registration Required)
Thursday April 18, 2019 7:30am - 5:00pm GMT+08
Atrium Ballroom

8:00am GMT+08

Advanced ICS/IIoT Security 1-Day Training (8AM-5PM) [$]
When: Thursday, April 18, 2019 – 8AM-5PM ($400 Fee – Limited to 40 Students – Register Now)

Industrial Control Systems (including DCS, HMI, PLC, SCADA, SIS) and Industrial IoT are often poorly understood, yet they are used in the most critical environments in the world. Although they generally remain unseen they are responsible for the smooth running of our daily routines from the moment we turn on a tap in the morning, to turning off the lights at night.

This one-day training will take a deep-dive into advanced ICS security techniques and provide participants with the knowledge that they need to safely evaluate and protect these systems against emerging cyber threats.

The course will also provide methodologies through which security research may be performed against ICS devices in order to identify zero-day vulnerabilities; taking a deep dive into industrial protocols used within low-level ICS assets such as OPC, IEC 60870-5-104 and Modbus in addition to discussing DNP3, Ethernet/IP, Profinet, MMS, WirelessHART, ISA100.11a. During the course, participants will have the opportunity to engage in real-life attacks against key ICS/IIoT components and other Industrial Control Systems, by performing activities such as firmware reverse engineering of ICS assets, and ICS protocol fuzzing.

Course Outline
ICS Fundamentals & Attack Introduction (Morning)
1. Industrial Control Systems Overview
2. Securing Industrial Control Systems
3. Open Source Intelligence (OSINT)
4. Attacking ICS Devices
5. Hacking Windows Based Control Systems

Attacking ICS – real-life hacking (Afternoon)
6.Ransomware
7.Hacking SCADA Applications
8.OPC Configuration Vulnerabilities and Hardening
9.Fuzzing Industrial Protocols
10.Firmware Analysis & Reverse Engineering

Thursday April 18, 2019 8:00am - 5:00pm GMT+08
Atrium Ballroom

8:00am GMT+08

ICS Red Team/Blue Team Training (8AM-5PM) [$]

When: Thursday, April 18, 2019 – 8AM-5PM (US$400 Fee – Limited to 40 Students – Register Now)

What is red team/blue team training?
Security aware and knowledgeable users serve as the “front line” of your overall security posture. As such, training is one of the most essential components of your risk mitigation strategy and overall cybersecurity program. However, without learning cybersecurity from the “hacker’s” perspective and gaining a true understanding of how adversaries attack and compromise ICS networks and assets, you’re only getting half of the picture. Without that other half, you’re essentially blindly deploying generic security controls and “best practices”. In order to have an efficient and cost-effective risk mitigation strategy, you must understand not only where your vulnerabilities are, but also the tactics that attackers will use to exploit these vulnerabilities. Red Team/Blue Team Training provides the opportunity to learn these adversarial tactics in conjunction with the defensive methods; and then students get to apply the skills they learn as they face off in a head-to-head competition, Blue Team (the defenders) against Red Team (the attackers).
The Gamification Difference: It doesn’t take a hacker to play a hacker!
Traditionally, red team/blue (or red team vs. blue team) training has been a significant time commitment, often upwards of five days or more. This can be taxing on constrained schedules and budgets. This Red Team/Blue Team Training uses cutting edge computer gaming technology developed by authors of “Hacking Exposed: Industrial Control Systems”, to offer all the best aspects of red team/blue team training, but in a fraction of the time and without a technical learning curve. Students of all levels can even play the part of the red team, regardless of experience or skill level.
In the end, students discover that defending their ICS networks and assets is more than simply deploying “best practices” and “layered defense”. Students will learn to create targeted defensive strategies (despite having limited resources) against a live opponent who is strategizing against them.
What you will get out of this class:
  • Gain a comprehensive, “big picture” understanding of how all the cybersecurity pieces work together
  • Learn and apply practical industrial cybersecurity concepts in a one-day class
  • Learn vulnerabilities and attack vectors specific to industrial control systems
  • Learn about the methods and strategies hackers use to attack industrial control systems as well as traditional IT systems (NOTE: This is not a technical hands-on “hacking” class)
  • Learn how to deploy efficient and cost-effective mitigation strategies and security controls
  • Learn how to build a complete ICS cyber security program
  • Apply what you’ve learned against a live adversary using the cutting edge, turn-based computer training simulation/game, ThreatGEN™
  • Learn how to respond to, adapt, and defend against active attacks
  • Participate as the blue team and the red team, regardless of experience or technical skill level
  • Taught by industry-leading, world-class experts with years of real-world experience
Intended Audience:
  • Anyone interested in gaining beginner to intermediate knowledge of ICS cybersecurity
  • Anyone interested in gaining a better understanding over the overall cybersecurity “big picture”
  • Cybersecurity managers
  • Upper management concerned with IT/OT cybersecurity
  • Plant managers and asset owners
  • IT cybersecurity staff tasked with OT cybersecurity
  • Engineers tasked with OT cybersecurity
  • End users looking for a more effective (and entertaining) cybersecurity awareness training
Register Now to Get a Spot in this Class

Speakers
avatar for Clint Bodungen

Clint Bodungen

President & CEO, ThreatGEN
Clint is a recognized industrial cybersecurity expert, public speaker, and lead author of the book “Hacking Exposed: Industrial Control Systems”. He is a United States Air Force veteran, has been an INFOSEC (now called “cybersecurity”) professional for more than 20 years... Read More →


Thursday April 18, 2019 8:00am - 5:00pm GMT+08
Atrium Ballroom

8:00am GMT+08

Managing Industrial Cybersecurity from the Plant Floor to the Business Floor (8AM-5PM) [$]
When: Thursday, April 18, 2019 – 8AM-5PM ($400 Fee – Limited to 40 Students – Register Now)

The convergence of automation and technology within the industrial critical infrastructure businesses has become a necessity to move to smart and efficient operations. In this full day training, Ayman AL-Issa, Chief Technologist for Industrial Cyber Security in the Middle East & North Africa for Booz Allen Hamilton, will provide a detailed methodology for:
  • Building a cybersecurity strategy and program to support industrial cybersecurity by design and to help implement industrial cybersecurity defense-in-depth techniques
  • Taking a realistic approach to industrial control systems risk assessment
  • Best practices in industrial Control Systems infrastructure design
  • Conducting cybersecurity Integrated Factory Acceptance Testing for the industrial control systems 

Speakers
avatar for Ayman Al Issa

Ayman Al Issa

Chief Technologist | Industrial Cyber Security, Booz Allen Hamilton
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →


Thursday April 18, 2019 8:00am - 5:00pm GMT+08
Atrium Ballroom

12:15pm GMT+08

Lunch - Clove Restaurant
Please join us for lunch at Clove Restaurant, where a multi-sensory dining journey around the world awaits to indulge your palate. Introducing a menu inspired with elements from Swissotel's global destinations that focuses on fresh daily produce; look forward to an amazing experience at Clove.

Thursday April 18, 2019 12:15pm - 1:15pm GMT+08
Clove Restaurant
 
Filter sessions
Apply filters to sessions.