UPCOMING EVENTS

[Conference]

Ignite Talks

October 27th-29th, 2020

Virtual

Ignite Talks is the only industrial digitalization event this season. Over the course of three days, it will put the virtual spotlight on the leaders and innovators behind the wheel, steering our industries and supply chains toward a better, data-driven, and sustainable industrial future.

Presentation by Ron Brash:

Industry Under Siege: A New Era of Industrial Cybersecurity

For years industrial equipment and systems were manually monitored and managed by people and had no connection to the outside world or network. There was little integration between OT and IT systems, and the only way to hack or sabotage OT systems was through gaining physical access.

The ever-accelerating pace of industrial digitalization is causing the worlds of IT and OT to converge. And as industrial equipment and systems connect to the network, they also expose themselves to attacks. Now, large enterprises and public utilities are attracting the attention of sophisticated cyber criminals because of the wealth of confidential information at their disposal – and their financial capacity to meet ransomware demands.

During this session we’ll discuss cybersecurity in the context of digitalized industry and the approach industrial companies should take to build resilience and minimize risk. We’ll also discuss the risk versus reward of digitalization and highlight how cybersecurity should play a significant role in ensuring that your investment in digitalization is a wise one.

[Conference]

ISA Automation & Expo

October 28th, 2020

Edmonton, Alberta / Virtual

AEC is one of North America’s largest automation events and happens every two years in Edmonton, Alberta, Canada. We welcome automation, instrumentation and control systems professionals from a diverse range of global industries including: oil & gas, petro-chemical, manufacturing, mining, power, water & wastewater, forestry, pulp & paper, agriculture and more…

Presentation by Rick Kaun:

Automated & Real-Time Vulnerability Management in OT Environments

The current OT cyber security landscape sees common trends such as increased cyber risk, growing pressure from corporate and regulatory bodies to implement security programs, and an influx of IT teams muscling their way into OT in OT cyber security practice. These trends put pressure on OT practitioners to accelerate their use of technology and find innovative ways to scale solutions across multiple assets and sites. Managed by a scarce, often remote, support team while balancing the use of IT tools in an OT-safe process, it’s time to find a better way.

This familiar scenario led a number of operational entities to employ a new approach to OT cyber security called “Think Globally, Act Locally.” It provides multiple benefits to the operating company such as:

  • Reducing redundancies of people, process and technology
  • Oversight by key OT staff to ensure safe operations
  • Granular insight and control in the identification and application of compensating controls when patching is not possible
  • Bridging and leveraging the best of both IT skills and OT insight
  • Providing operators with a way to take action as opposed to just alerting

Join Rick Kaun, VP Solutions of Verve Industrial, as he provides insight into what the “Think Globally, Act Locally” approach is, a real-world case study example, and suggestions for adopting the framework at your organization.

[Conference]

Industrial Control Cyber Security Europe

November 3rd – 4th, 2020

London / Virtual

Now in its 7th year, the Cyber Senate Industrial Control Cyber Security Europe conference returns as an online event to address the evolving threats to operational technology in the industrial sector. As business leaders redefine their threat intelligence and response strategies to maintain business continuity during these unprecedented times, we are pleased to continue to bring together world-class asset owners and subject matter experts to ensure our community are able to engage in the conversations we so desperately require to keep the lights on.

This year’s show will include topics ranging from IoT Security, supply chain and asset inventory, remote working challenges, assurance and design principles in OT, cloud for operational technology, defense in depth, cyber security for rail rolling stock, maritime ICS cyber security, adapting your threat intelligence strategy, a workshop on “The approach to designing a secure reference architecture to support plant operations and maintenance” and much more.

Presentation by Rick Kaun:

The Evolution of OT Systems Management

Organizations should embrace the concept of OT Systems Management (paralleling ITSM practices) within the unique environments of operating systems. Achieving a mature level of security is critical to improve overall ROI from increasingly connected industrial systems, and to ensure the foundational elements are in place to protect critical infrastructure from targeted and untargeted attacks.

Join Rick Kaun for a discussion around the natural progression of OTSM from basic asset inventory to comprehensive data for effective lifecycle management, risk reduction (from patching to compensating controls) and even contextual risk thresholds (such as calculated risk scores).

During this session you will learn:

  • What OT systems management really is and why it’s critical in OT security
  • How to establish a strong asset inventory as the foundation of your security program
  • How automation, aggregation of data and support for a central, specialized team is the most important consideration towards reducing risk and minimizing cost for OT security going forward
[Webinar]

Understanding Embedded Devices and Firmware in OT

November 5th, 2020 at 12pm CT

Virtual

URG11 and network stack flaws are not anything new. They are miscreants leftover from the 90’s and early 2000’s – a period where these types of software flaws were rampant.

For the most part, these flaws represent an era where devices lacked proper robustness testing and customers were obligated to trust the vendor’s security practices. While most of these were stranded in a land of security by obscurity or islanded (“air-gapped”), they were eventually retired or rotated out of deployment and into the hands of researchers with ubiquitous network-stack protocol “fuzzers” (a strategy/application where you test all permutations of a protocol to see if there unintended effects or erroneous logic).

Despite these vendors possibly having visibility or reports on these exact issues (or ones like them), stack-based vulnerabilities are commonly forgotten by vendor quality assurance and systems integration processes. Even if these systems are deployed in critical infrastructure, energy, oil & gas, manufacturing, building automation, or are consumer Internet of Things (IoT) products – the same issues are fundamentally present in all types of systems and represent a variable level of opportunity and susceptibility to exploitation by a malicious entity.

This webinar’s topic is a mile wide but will be a technical deep dive on a variety of components in embedded systems. It is intended for IT persons, asset owners, and those looking to understand the complexities of firmware (as they relate to managing vulnerabilities) at a level sufficient for coverage within a 45-minute webinar.

Attendees will learn:
• What is an embedded system as it relates to OT?
• What is firmware, what does it contain? What are the components?
• How does firmware fit into a product – whether for function or security?
• What are the challenges when identifying and assessing devices for vulnerabilities?
• How do I manage embedded system vulnerabilities? If I can’t manage them, what can I do?