Cyber-Security Seminar Programme

Seminar - Thursday 1st February 2018

08:00

Registration and refreshments

08:50

Welcome back from the Chair

09:00

Threat Landscape

Understanding evolving hacker trends and the implications for new and more sophisticated forms of cyber-attack on the SCADA infrastructure

  • Identifying trends in the type, volume and severity of utility cyber-attacks to determine the implications for next generation security policies and procedures
  • Investigating the implications of ransomware attacks on SCADA systems, the evolving grid and the utility business as a whole
  • Identifying efficient ways of uncovering DDoS attacks to limit remote damage to valuable parts of SCADA systems
  • Applying reverse engineering techniques to fully stress test security concepts and guard against the whole spectrum of future attacks
  • Appropriately accumulating and sharing knowledge of recent cyber-security incidents to develop new and more effective cyber defence strategies

09:30

SCADA System Vulnerabilities

Identifying the most critical points of vulnerability in high functionality SCADA systems and how these can be addressed with state of the art cyber-security approaches

  • Carrying out robust vulnerability analyses to pinpoint key system weaknesses across the SCADA infrastructure
  • Implementing SCADA security solutions that support high levels of system functionality
  • Identifying the threat level of sniffing software attack and implementing a range of solutions to combat this
  • Extending the security of SCADA into connected IT/OT systems to limit the external points of system entry
  • Striking the balance between functionality and security to ensure grid efficiency and development

10:00

Smart Meters to SCADA

Determining the extent to which smart meter infrastructure can pose a security threat to SCADA systems and identifying robust and cost-effective security measures to combat this

  • Examining the nature of recent cyber-attacks on smart meter AMI infrastructure and the impact on SCADA systems
  • Evaluating a range of prevention and detection approaches to effectively secure data exchange between smart meters and SCADA infrastructure
  • Identifying robust and cost-effective ways of securing wireless communication networks used to transfer data from smart meters to AMI and SCADA infrastructure
  • Determining cost effective measures for the continuous upgrading of smart meter security to minimise the risk of attack as the volumes of smart meter deployment go up
  • Quantifying the return on investment in cyber security taking into account detected and potential threats

10:30

Morning refreshments & exhibition

11:00

Technology Innovation Panel

During this session leading power grid cyber-security solution providers will present their advanced approaches to prevention, detection, response and post-event recovery, for both internal SCADA systems and SCADA in the Cloud solutions.

12:30

Lunch, networking & exhibition

14:00

Substations to SCADA Information Security

Evaluating how substation security can be compromised and adversely impact SCADA infrastructure, and identifying ways in which advanced cyber-security solutions can combat this

  • Identifying the key entry points for cyber-attacks as digital substation automation becomes prevalent in TSO and DSO environments
  • Effectively securing key end points such as RTUs for both legacy and new substation devices, components and systems
  • Mitigating the risk of cyber-attacks via IP/Ethernet based communication networks to enable secure data transfer
  • Implementing continuous monitoring systems to rapidly detect and mitigate perceived risks
  • Implementing the behavioural analytics and anomaly detection algorithms in remote and geographically distributed substations
  • Mitigating the cyber-security risks of a mobile maintenance workforce to enable more secure access to the system

14:30

Identification and Detection

Optimising the speed and accuracy of detection techniques to safeguard SCADA systems before unforeseen intrusions take root

  • Evaluating the state of the art intrusion detection systems and identifying optimal solutions to achieve advanced situational awareness
  • Balancing the need for intrusion detection with allocating SCADA system resources to support this
  • Ensuring effective configuration of detection tools both at the outset and ongoing as new threats arrive
  • Seamlessly interworking detection systems with prevention and response approaches
  • Improving the accuracy of detection interpretation and response and recovery techniques to create a robust feedback mechanism and continuously finetune your organisational strategy

15:00

Response & Recovery

Establishing and communicating a robust framework for responding to cyber-attacks to ensure effective incident containment and recovery

  • Creating operational response and recovery guidelines taking into account:
    • Internal cyber attacks
    • External cyber attacks
    • Regulatory guidelines
    • Changing threat landscape
    • Roles and responsibilities of internal departments
  • Using cyber threat intelligence to determine attacker motives, capabilities and likely actions to more easily disrupt and degrade their efforts
  • Conducting exercises and tests that address real-world recovery building, train organizational “muscle memory” and identify areas for improvement
  • Identifying improvements from lessons learned during actual cyber-attack recovery actions
  • Implementing effective measurement and monitoring techniques to calculate recovery performance over time
  • Mitigating the likelihood and impact of future incidents based on the lessons learned from the incident as well as from other organizations and industry practices

15:30

Afternoon refreshments & exhibition

16:00

SCADA Security & Regulatory Landscape

Discussing the core components of Operators of Essential Services and understanding the implications of the EU NIS directive for the European utilities

  • Breaking down the guidelines and rules set-out by NIS Directive, and its implications for SCADA system security
  • Analysing new requirements on data protection as outlined by the GDPR and assessing the extent to which they will affect utilities data protection procedures
  • Accurately interpreting and validating regulatory guidelines for ease of implementation and maintenance
  • Effectively interworking EU and national guidelines to ensure a robust regulatory compliance
  • Driving utility objectives within the context of regulatory demands

16:30

Training & Development

Developing a cyber security training programme to bring IT and OT staff onto the same knowledge platform and empower them to work together effectively in combatting cyber attacks

  • Managing cultural change by understanding the background, interests and drivers of IT and OT teams
  • Managing training by bringing IT and OT training programmes together under the umbrella of the ISO 27001 framework
  • Developing cyber security governance by assigning roles and responsibilities in a security organization to support collaboration and exchange of know-how
  • Raising awareness through introducing the human firewall campaign

17:00

Closing Remarks from the Chair and End of Conference