This is the 2021 Agenda - The Full Agenda for 2022 Will Available Shortly. (See Available Training Options for 2022) - Register for 2022 Now

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Main Stage [clear filter]
Tuesday, October 26

10:00am EDT

Welcome Address
avatar for Mike Lennon

Mike Lennon

Managing Director, Conference Chair, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the cyber threat landscape, and enterprise, critical infrastructure, and national security space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages... Read More →

Tuesday October 26, 2021 10:00am - 10:05am EDT

10:00am EDT

Key Findings of the (CS)2AI-KPMG Control System Cyber Security Annual Report 2021
The Control Systems Cyber Security Association International (CS2AI), in collaboration with a team of ICS SMEs from the ICS cyber security practitioner community and its coalition of strategic alliance partners, conducts a yearly analysis on the current state of control system cyber security. Leveraging the participation of multiple stakeholders across roles and industry sectors, the survey is designed to help answer key questions about how we can best protect critical systems in the face of ever-growing and -evolving threats.
This session will reveal key findings from the not-yet-published Report, enabling defenders to improve their security posture through greater understanding of the diverse concerns and decision drivers that the industry faces.

avatar for Derek Harp

Derek Harp

Founder & Chairman, (CS)2AI
Derek Harp, Founder and Chairman of (CS)2AI, has relentlessly pursued new ideas that could change the world through founding, co-founding, advising and investing in new companies for more than twenty years, primarily focused on cyber security. A passionate professional speaker, Derek... Read More →

Tuesday October 26, 2021 10:00am - 10:35am EDT
Windsor Ballroom

10:35am EDT

CyOTE™: A Methodology for Cybersecurity in Operational Technology Environments
The Department of Energy’s Cybersecurity for the Operational Technology Environment (CyOTE) program provides a methodology for energy sector asset owner-operators to combine network-based sensor data with local context to recognize faint signals of malicious cyber activity before an adversary can cause higher-impact effects. By leveraging this methodology with existing commercial monitoring capabilities and manual data collection from broader but informative sources in operations and even in the business domain, asset owners can better understand relationships between multiple observables which could represent a faint signal of an attack requiring investigation. Visibility is necessary but the importance of visibility is in the understanding and decisions it drives – complicated by infrastructure changes, new technologies, and determined and sophisticated adversaries. Independently getting to the point of making a risk informed business decision on whether to respond to an incident or fix a reliability failure sooner and with more confidence is the promise of CyOTE.  

While CyOTE is an energy sector program, the insights and takeaways are broadly applicable to other industrial sectors. This presentation covers the history of CyOTE to explain how the key insights came about, and then walks through the methodology as a way to put those insights into practice, showing how it complements other high-priority investments and activities in energy sector OT cybersecurity.

avatar for Sam Chanoski

Sam Chanoski

Technical Relationship Manager | Cybercore Integration Center, Idaho National Laboratory
Sam Chanoski delivers technical leadership, expertise, and strategic insights to Cybercore’s portfolio of multi-million-dollar critical infrastructure security and resilience projects sponsored by the Department of Energy, Department of Homeland Security, and Department of Defense... Read More →

Tuesday October 26, 2021 10:35am - 11:15am EDT

11:15am EDT

Fireside Chat With Robert M. Lee, Founder and CEO, Dragos
avatar for Ryan


Editor-at-Large, SecurityWeek
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the Security Conversations podcast series. A journalist and cybersecurity strategist with more than 20 years experience covering IT security and technology trends, Ryan has built security engagement programs at major global... Read More →

avatar for Robert M. Lee

Robert M. Lee

CEO, Dragos, Inc.
Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus... Read More →

Tuesday October 26, 2021 11:15am - 12:00pm EDT

12:15pm EDT

Industrial Cybersecurity – Separating Fact From Fiction
In every critical infrastructure sector, security teams responsible for industrial operations are re-evaluating their security programs as targeted ransomware, supply chain breaches and cloud connectivity all emerged as top-of-mind concerns. However, when these teams look for resources, advice on many facets of cyber security programs is often confusing and even contradictory. There exists a significant challenge in today’s environment where opinions based on narrow experiences are oftentimes presented as fact. It becomes a high hurdle to separate the facts from the fictions.

This talk will highlight some of the greatest arenas of discussion that have emerged in the field of Industrial Cybersecurity over the past two plus decades including:
  • IT/OT Convergence – There is only T
  • The perimeter is dead
  • Encryption will protect us
  • It isn’t “if”, it’s “when” you’ll be hacked
  • CIA vs AIC
  • Regulations are necessary to drive security

We will also explore some of the classic blunders in security strategies that we must learn from, in order to avoid repeating our history.

Finally, we will reserve some time for direct Q&A, ensuring that attention is given to the latest developments and audience concerns.

avatar for Michael Firstenberg

Michael Firstenberg

Director of Industrial Security, Waterfall Security Solutions
Mike Firstenberg is the Director of Industrial Security for Waterfall Security. Mike brings two decades of experience in Process Control Security, specializing in Control System Cyber Security. The former chair of the American Water SCADA Council, Mike studied Computer Science, Chemical... Read More →

Tuesday October 26, 2021 12:15pm - 1:00pm EDT
Wednesday, October 27

10:00am EDT

Why the NVD Stinks: Using AI, NLP, and SBOMs to Discover Hidden Vulnerabilities
Most IT and OT practitioners assume that by searching the National Vulnerability Database (NVD), one will find all the vulnerabilities associated with a software product or device. Sadly this is not the case: the NVD is far from a complete set of vulnerabilities, with some sources claiming that 76% of all ICS vulnerabilities are missing from the NVD*. Furthermore, the NVD rarely maps vulnerabilities in software components back to the packages that contain those components, leaving ICS users no means of determining that the software they are deploying is at risk. Finally, mergers and acquisitions mean that the vendor name on the product in use often doesn't match the vendor name seen in the NVD disclosure details or the Common Platform Enumeration (CPE) listing.

This talk will discuss how a variety of Artificial Intelligence (AI) techniques can be used to discover vulnerability associations. Specifically, we will discuss how the combination of Natural Language Processing (NLP), extraction of Merger and Acquisition (M&A) product histories, and Software Bill of Materials (SBOM) analysis can alert both asset owners and suppliers to vulnerabilities hidden deep inside legacy products.

Learning Objectives
  • Understand the scope of the problem trying to associate component vulnerabilities with products and why AI is necessary.
  • Learn the different SBOM formats approved by NTIA and how they can be generated for both current and legacy software (when source code is unavailable).
  • Learn how to monitor your software supply chain for components and vendors that are problematic.

avatar for Eric Byres

Eric Byres

Chief Technology Officer, aDolus Technology
Eric Byres, the Chief Technology Officer at aDolus Technology Inc., is widely recognized as one of the world’s leading experts in the field of Operational Technology (OT) cybersecurity. He is the inventor of the Tofino Security technology – the most widely deployed OT-specific... Read More →

Wednesday October 27, 2021 10:00am - 10:30am EDT

10:30am EDT

Cyber Insurance Gets Real: How Cyber-Physical Events Will Push Insurance Companies to Find a Solution to the Cyber Risk Equation
Cyber is a risk equation. It takes into account the likelihood of successful attacks and the impacts and consequences those attacks can have. However, the variables in the cyber environment are what make it so unpredictable. The lack of historical data, the explosion in connectivity, the dependency on the digital world and a wildly changing operating environment make traditional risk models obsolete. This is why insurance has struggled so intensely with cybersecurity. As a result, many insurance companies do not offer cyber insurance, and if they do, it is often narrowly defined and filled with exclusions that the policies are non-competitive.
Cyber is no longer staying in the digital world. The rise of attacks on industrial operations and critical infrastructure are resulting in real-world impacts. No longer is cyber about stealing data; it now impacts the flow of oil, the functions of machinery, the navigation of vessels and the core operations of businesses. This translates into what now is called “cyber-physical”, the real-world operational and safety risk posed by industrial cyber attacks, and the latest buzzword around board rooms. 
This is a game-changer for insurance. The consequences of a cyber-physical event can be devastating and insurance can no longer ignore the issue. Insurance companies need to be able to tell whether an event was caused by a cyber attack, be able to assess damage and impact and develop the ability to underwrite an ever-changing risk environment. This will take rethinking risk and the tools used to assess, underwrite and manage risk. 
This presentation will address the emerging challenges of industrial cybersecurity for the insurance industry and the new tools, solutions and roles the industry must adopt to adapt to cyber risk.

avatar for Kyle Tobias

Kyle Tobias

Principal Sales Engineer – Industrial Cybersecurity, ABS Group
Kyle Tobias is a Principal Sales Engineer – Industrial Cybersecurity at ABS Group. With over 18 years of OT cybersecurity planning, operations, training and audit experience in the maritime, energy, banking, finance and telecommunications industries, he has assisted clients across... Read More →

Wednesday October 27, 2021 10:30am - 11:00am EDT
  • Timezone
  • Filter By Date 2021 ICS Cyber Security Conference Oct 26 -28, 2021
  • Filter By Venue Atlanta, GA, USA
  • Filter By Type
  • Break
  • Main Stage
  • Strategy Track
  • Tech Track
  • Training

Filter sessions
Apply filters to sessions.