[Webinar Series]

ICS Cyber Security Maturity Journey

Hosted by RMEL

July 15th, July 29th, August 12th

Learn how to make significant improvements in your overall cyber security maturity through a programmatic approach. This series will “begin at the beginning” and explain a step by step process over three hour-long sessions how to reduce your exposure to potential attacks. The series will be relevant for those members who have been working on NERC CIP compliance for years as well as those who are just beginning their overall cyber program.

Webinar #1: Defining the Threat Landscape and Roadmap

July 15th, 10:00 am MT

In this hour-long session, the presenters will walk through the latest threat landscape and why industrial control systems are at significant – and growing – risk from attackers. They will then discuss the real challenges to securing these critical infrastructure systems. They will then walk through a practical approach to building a comprehensive roadmap to accelerate your cyber security journey. This approach will leverage many case studies and examples from utilities who have succeeded in dramatically improving their maturity in rapid fashion. It will conclude with practical suggestions of how to begin – regardless of where you stand in your current maturity.

Webinar #2: Building the Foundation With Asset Inventory & Assessment

July 29th, 10:00 am MT

In the second part of the series, the Verve team will address the most critical foundational elements of a strong security program – detailed asset inventory and vulnerability assessment. It’s hard to build a map if you don’t know from where you are starting. Every cyber security framework, therefore, begins with an “identify” or “inventory” or “assessment” phase. The presenters will walk through the components of a robust inventory, the challenges of achieving it, as well as practical suggestions of how to gather and maintain the information you need efficiently. They will then explain how to use that data to prioritize the greatest vulnerabilities and risks in your environment.

Webinar #3: Defining and Executing the Roadmap

August 12th, 10:00 am MT

Once an organization has defined its prioritized risks and vulnerabilities, the time is right to build a comprehensive roadmap and execution plan. In this third session, our Verve colleagues will walk through the common components of a roadmap and how to prioritize the elements most critical based on different assessment results. This roadmap development approach is based on practical, successful experiences with many utilities. This session will also include a practical guide to how to then execute this roadmap most efficiently and effectively given all the moving parts and sensitive control systems elements.

[Virtual Event]

SANS Oil & Gas Cybersecurity Summit

October 2nd, 2020

The SANS Oil & Gas Cybersecurity Summit will bring leading experts together to discuss industry trends, challenges, and opportunities. They’ll address recent attacks and current threats, integrated IT/OT security operations, best practices, and lessons learned to benefit the community.

Presentation by Ron Brash:

Raiders of the lost RTUs, Meters, and Valves:

While IoT/IIoT is everywhere in product catalogs today, Oil & Gas is the original Joe for connected embedded things to fulfill specific purposes such as providing telemetry remotely or to monitor the health of a well or pipeline.  And like many aspects of industrial systems, it was and still is the Wild West of security, updates (or lack of), and deployments, where it makes little economic sense to upgrade, enforces the fact that producers need to reduce any disruption or security risk for these devices – new or legacy.

With thousands of existing deployments, these devices are often forgotten, and whether for cyber-security or for merely inventory management due to divestment, an effective resource-friendly method is absolutely required to manage these types of systems.

This session walks through several areas (agnostically) with more than  35 years of experience on:

  • Discovering technical vulnerabilities/weaknesses and horror-shows buried in these devices
  • One approach to successfully enumerate, research, and support candidate devices
  • A live demonstration of a hidden surprise with a device obtained from the grey-market
  • And how to bring these devices into the fold for inventory/asset management with considerations for cyber-PHAZOPs & vulnerabilities

ISA Automation & Expo

October 27th & 28th, 2020

Edmonton, Alberta, Canada

AEC is one of North America’s largest automation events and happens every two years in Edmonton, Alberta, Canada. We welcome automation, instrumentation and control systems professionals from a diverse range of global industries including: oil & gas, petro-chemical, manufacturing, mining, power, water & wastewater, forestry, pulp & paper, agriculture and more…

Presentation by Rick Kaun:

Automated & Real-Time Vulnerability Management in OT Environments

The current OT cyber security landscape sees common trends such as increased cyber risk, growing pressure from corporate and regulatory bodies to implement security programs, and an influx of IT teams muscling their way into OT in OT cyber security practice. These trends put pressure on OT practitioners to accelerate their use of technology and find innovative ways to scale solutions across multiple assets and sites. Managed by a scarce, often remote, support team while balancing the use of IT tools in an OT-safe process, it’s time to find a better way.

This familiar scenario led a number of operational entities to employ a new approach to OT cyber security called “Think Globally, Act Locally.” It provides multiple benefits to the operating company such as:

  • Reducing redundancies of people, process and technology
  • Oversight by key OT staff to ensure safe operations
  • Granular insight and control in the identification and application of compensating controls when patching is not possible
  • Bridging and leveraging the best of both IT skills and OT insight
  • Providing operators with a way to take action as opposed to just alerting

Join Rick Kaun, VP Solutions of Verve Industrial, as he provides insight into what the “Think Globally, Act Locally” approach is, a real-world case study example, and suggestions for adopting the framework at your organization.