Delivering next-level cybersecurity and cyber-resilience to the power grid to enable the acceleration of the energy transition

Date: 15th-19th May 2023

Format: In-Person

Venue: Park Plaza Amsterdam Airport

Very Early Bird – Save up to 800 on Delegate places and 2,000 on Exhibitor spaces by booking before Friday 27th January 2023

Cybersecurity Governance Briefing

08:30 - 17:30, Monday 15th May 2023

The week begins with this insightful briefing on the Risk Management priorities of utility CISOs, with presentations shared on the current regulatory landscape, the implications of new standards, securing on-going cybersecurity budget, driving workforce development, and spearheading collaboration. Participants will come away with a clear understanding of what’s keeping the CISO awake at night, and how the entire cybersecurity team and ecosystem must align, to get the power grid ahead of the threat.

SGTech Europe 2019-Briefing Image-1

 Briefing Programme

08:00

Registration and Refreshments

08:20

Welcome from the Chair

08:30

European Cybersecurity Regulation - Developing a strategic view of the latest European regulations for power grid cybersecurity to implement an integrated governance, risk, and compliance strategy

  • Understanding how European CNI, and Energy Sector cybersecurity regulations interact with one another and with domestic regulation to develop an effective approach to compliance
  • Integrating NIS 2 and the NCCS into existing GRC frameworks to fully benefit from their intended effect
  • Reducing time and cost of compliance activities, minimizing risk and providing the foundation for an effective holistic approach to cybersecurity governance

Anjos Nijk

Managing Director

ENCS

09:15

Network Code on Cybersecurity - Understanding how the Network Code on Cyber Security will help utilities to become more resilient

  • Establishing a common maturity level for European utilities to address systemic risk across the connected grid
  • Overcoming challenges of transposing the legislation into domestic law and combining compliance activities with other European legislation such as NIS D to avoid unnecessary duplication of effort
  • Improving risk assessment mechanisms and omnidirectional information sharing between utilities, national CSIRTs, and EU institutions, to provide collective threat intelligence

Olivier Clement

Head of Cyber Security Anticipation & External Affairs

Enedis

10:00

Morning Refreshments and Networking

10:30

Supply Chain Risk - Gaining oversight of legal, procurement, privacy, and technical concerns to reduce exposure to supply chain risk

  • Taking a lifecycle approach to manage reputational, legal, technical, regulatory, and business risks from procurement to operation
  • Working with legal and procurement functions to ensure technical requirements are adequately represented in supplier contracts
  • Avoiding falling foul of regulations and proactively ensuring security and operability

Chris Kubecka

CEO

Hypasec

11:15

Gaining Board Commitment - Communicating continuously evolving security requirements to the board to drive awareness and budget alignment

  • This is a drill - Holding the board to ransom to simulate direct attacks on senior leadership
  • Creating awareness of attack vectors, likelihood, and impact to obtain support for risk acceptance
  • Preparing the board to lead an effective response to serious cyberattacks and mitigate organisational damage

Annilisa Arge Klevang

CISO

SEV

12:00

Lunch and Networking

13:00

Skillsets for a Converged Security Team - defining roles and responsibilities of the next generation of security experts to foster the development of an aligned technology organisation

  • Developing a full understanding of the skills that will be required to manage the security requirements of converged environments in the increasingly distributed grid ecosystem
  • Pre-empting organisational risks to help define workforce development opportunities
  • Developing training, skills development, and recruitment policies to fully support the changing requirements for security

Barry Coatesworth

Cybersecurity Adviser

Scottish Power

Hanne Hansen

CISO

Energinet

13:45

Influencing Down - Taking leadership to instil a cohesive security culture across IT and OT teams

  • Gaining a comprehensive oversight of your systems and applications to develop a strategy for optimising technology teams and managing external stakeholders
  • Overcoming resource scarcity to manage challenges around legacy infrastructure and increasingly converged IT and OT environments
  • Inspiring confidence from the top-down to support a unified, resilient, and sustainable security organisation

Annilisa Arge Klevang

CISO

SEV

Erki Guhse

CISO

Enefit

Shawn McBurnie

Director IT/OT Cybersecurity and Compliance

Northland Power

14:30

NIS 2 Supply Chain Cybersecurity - Understanding the applications of the NIS 2 directive towards addressing supply chain risk

  • Using guidance from cybersecurity frameworks such as CAF and NIST to implement the changes to governance needed to harden supply chain resilience
  • Managing increased enforcement risk, and a reduction of reporting time to improve incident detection, response, and recovery, and drive support for security projects that align and enable the business
  • Harnessing NIS 2 to improve demonstrable resilience through increased organisational security focus, executive accountability, and better preparedness

Ivo Maritz

Senior Adviser Cybersecurity

Maritz Consulting

Richard Piggin

Senior Manager

Accenture

15:15

Afternoon Refreshments and Networking

15:45

Risk Mitigation - Developing strategies to ensure the cybersecurity of the Control Room of the Future

  • Using the Control Room of the Future (CRoF) Technology Centre to manage disruption and support the development of an intelligent, resilient and cyber secure power grid needed to support the transition to clean energy
  • Understanding how utilities can use the CRoF Technology Centre to research, develop and demonstrate intelligent technologies for cyber security of the future power grids
  • Safely test cyber-attack / defence scenarios and jointly train system operators and CSIRT in real-time using an IT-OT cyber range and digital twin of the power grid to become resilient to threats to power system stability and mitigate the risk of cascading failures and a blackout

Alex Stefanov

Director

Control Room of the Future

16:30

Cybersecurity Standards to Support IT/OT Convergence - Consolidating cybersecurity standards to develop frameworks that will support your organisation’s transformation requirements

  • Gaining a comprehensive understanding of the role standards such as IEC 62443, ISO 27000 and IEC 62351 play in the development of a cybersecurity management system that meets your organisational requirements
  • Overcoming resistance to change to gain acceptance of the framework of standards most appropriate to the security needs of your organisation
  • Establishing a common language with external providers, integrators and your entire organisation to facilitate security by design in grid transformation

Siv Houmb

Senior Adviser

Statnett

17:15

Spearheading Collaboration - Improving information sharing with grid companies nationally and regionally to establish a culture of responsible disclosure across your security organisation and drive collective security

  • Understanding the necessity for the energy utilities to exchange information on cybersecurity in a trusted circle like the EE-ISAC to become more resilient to threats to grid security
  • Establishing the governance needed to overcome the complexities and challenges that come with increased volume of information exchange and regulatory compliance requirements
  • Reaping the benefits of information sharing and being part of the EE-ISAC

Aurelio Blanquet

Secretary General

EE-ISAC 

18:00

Close of Briefing