It can be quite an eye opener for an IT security professional stepping into the fray of control system technology for the first time. Finding the right balance for implementing IT security concepts within the industrial control systems takes as much art as it does science. There is no doubt awareness of the control operations is an essential ingredient to a successful ICS security program. This workshop will explore the basic components of control systems and how they are used in day to day control system operations. Participants should expect to come away with a greater knowledge of ICS devices such as PLCs and RTUs, a sense of how important each component is to the reliability of the system and a general understanding of the differences between control system security and IT security.

This workshop will explore a number of techniques that can be employed during Factory Acceptance Testing (FAT), Site Acceptance Testing (SAT) and other areas of utility operations. Methods and techniques will be covered to identify common, existing vulnerabilities in control systems. Additionally, the workshop will explore techniques that are currently being used to exploit these vulnerabilities in the wild. Participants should expect to take away a better understanding of how to approach these topics with current and future vendors prior to deployment, as well as identify opportunities to perform validation testing in-house once systems have been deployed.

A Red Team is a group of penetration testers who asses the security of an organization. The organization is often unaware of the exact goals of the team and most employees are unaware that they have been hired. This workshop will introduce the basic concepts of a Red Team exercise, discuss the benefits of this activity and review various case studies. Participants should expect to have a better understanding of the security advantages of performing a Red Team exercise, increased knowledge of the techniques and equipment used by red team testers and general idea of how to implement a Red Team program in their organization.

The effectiveness of the activities vendors, utilities, and stakeholders in general partake in as we work towards securing the Smart Grid are difficult to gauge without metrics. What is particularly challenging today is trying to determine what to measure, and against what baseline. Join this session for an open discussion about establishing and auditing Smart Grid security metrics, and what value we hope to derive from them.

The effectiveness of the programs, solutions and processes implemented by vendors, enterprises and supply chain partners are difficult to quantify without an adequate structure and system for measurement. What is particularly challenging today is to determine what to measure, and against what baseline. This session offers discussion about establishing and auditing security metrics, and what value we hope to derive from them.

This first of several Case Studies details the challenges, internal decision-making process and outcomes from a recent cyber security strategic plan. Understand where this company met with success and where it did not, and use their lessons in formulating your enterprise security plan.

These are brief, powerpoint free presentations from individuals espousing a specific slant on the topic at hand, with key points and concepts to differentiate from other perspectives.

This roundtable discussion features leading CISOs from various sectors of the energy and power industry as they offer insight and experience on the current threats to the energy sector and the suite of solutions and operational changes to mitigate risk.

This first of several Case Studies details the challenges, internal decision-making process and outcomes from a recent cyber security strategic plan. Understand where this company met with success and where it did not, and use their lessons in formulating your enterprise security plan.

A coordinated public-private response to an advanced cyber attack through next generation methods and technologies encapsulated in a new notion of Security Operation Centers for the Smart Grid. Asset owners, vendors, and government are continuously working to develop and improve the cybersecurity of smart grid systems. Our diligent efforts are necessary to proactively reduce, mitigate or even thwart cyber attacks against the smart grid resulting in minimal disruptions to consumers, businesses, federal agencies, and the Nation. A key element to addressing a cyber attack is our ability to detect and respond to an event in a timely manner. Join this session where representatives from the public and private sectors will walk us through a simulated and an intelligent coordinated response to an advanced cyber attack

These are brief, powerpoint free presentations from individuals espousing a specific slant on the topic at hand, with key points and concepts to differentiate from other perspectives.