Cybersecurity Governance Briefing

08:30 - 17:30, Monday 15th May 2023

The week begins with this insightful briefing on the Risk Management priorities of utility CISOs, with presentations shared on the current regulatory landscape, the implications of new standards, securing on-going cybersecurity budget, driving workforce development, and spearheading collaboration. Participants will come away with a clear understanding of what’s keeping the CISO awake at night, and how the entire cybersecurity team and ecosystem must align, to get the power grid ahead of the threat.

08:00	Registration and Refreshments
08:20	Welcome from the Chair
08:30	European Cybersecurity Regulation - Developing a strategic view of the latest European regulations for power grid cybersecurity to implement an integrated governance, risk, and compliance strategy Understanding how European CNI, and Energy Sector cybersecurity regulations interact with one another and with domestic regulation to develop an effective approach to compliance Integrating NIS 2 and the NCCS into existing GRC frameworks to fully benefit from their intended effect Reducing time and cost of compliance activities, minimizing risk and providing the foundation for an effective holistic approach to cybersecurity governance Anjos Nijk Managing Director ENCS
09:15	Network Code on Cybersecurity - Understanding how the Network Code on Cyber Security will help utilities to become more resilient Establishing a common maturity level for European utilities to address systemic risk across the connected grid Overcoming challenges of transposing the legislation into domestic law and combining compliance activities with other European legislation such as NIS D to avoid unnecessary duplication of effort Improving risk assessment mechanisms and omnidirectional information sharing between utilities, national CSIRTs, and EU institutions, to provide collective threat intelligence Olivier Clement Head of Cyber Security Anticipation & External Affairs Enedis
10:00	Morning Refreshments and Networking
10:30	Supply Chain Risk - Gaining oversight of legal, procurement, privacy, and technical concerns to reduce exposure to supply chain risk Taking a lifecycle approach to manage reputational, legal, technical, regulatory, and business risks from procurement to operation Working with legal and procurement functions to ensure technical requirements are adequately represented in supplier contracts Avoiding falling foul of regulations and proactively ensuring security and operability Chris Kubecka CEO Hypasec
11:15	Gaining Board Commitment - Communicating continuously evolving security requirements to the board to drive awareness and budget alignment This is a drill - Holding the board to ransom to simulate direct attacks on senior leadership Creating awareness of attack vectors, likelihood, and impact to obtain support for risk acceptance Preparing the board to lead an effective response to serious cyberattacks and mitigate organisational damage Annilisa Arge Klevang CISO SEV
12:00	Lunch and Networking
13:00	Skillsets for a Converged Security Team - defining roles and responsibilities of the next generation of security experts to foster the development of an aligned technology organisation Developing a full understanding of the skills that will be required to manage the security requirements of converged environments in the increasingly distributed grid ecosystem Pre-empting organisational risks to help define workforce development opportunities Developing training, skills development, and recruitment policies to fully support the changing requirements for security Barry Coatesworth Director and Cybersecurity Leader Guidehouse Hanne Hansen CISO Energinet
13:45	Influencing Down - Taking leadership to instil a cohesive security culture across IT and OT teams Gaining a comprehensive oversight of your systems and applications to develop a strategy for optimising technology teams and managing external stakeholders Overcoming resource scarcity to manage challenges around legacy infrastructure and increasingly converged IT and OT environments Inspiring confidence from the top-down to support a unified, resilient, and sustainable security organisation Annilisa Arge Klevang CISO SEV Erki Guhse CISO Enefit Shawn McBurnie Director IT/OT Cybersecurity and Compliance Northland Power
14:30	NIS 2 Supply Chain Cybersecurity - Understanding the applications of the NIS 2 directive towards addressing supply chain risk Using guidance from cybersecurity frameworks such as CAF and NIST to implement the changes to governance needed to harden supply chain resilience Managing increased enforcement risk, and a reduction of reporting time to improve incident detection, response, and recovery, and drive support for security projects that align and enable the business Harnessing NIS 2 to improve demonstrable resilience through increased organisational security focus, executive accountability, and better preparedness Ivo Maritz Senior Adviser Cybersecurity Maritz Consulting Suzanne Rijnbergen MBA Managing Director Cyber Resilience Gallia Accenture
15:15	Afternoon Refreshments and Networking
15:45	Risk Mitigation - Developing strategies to ensure the cybersecurity of the Control Room of the Future Using the Control Room of the Future (CRoF) Technology Centre to manage disruption and support the development of an intelligent, resilient and cyber secure power grid needed to support the transition to clean energy Understanding how utilities can use the CRoF Technology Centre to research, develop and demonstrate intelligent technologies for cyber security of the future power grids Safely test cyber-attack / defence scenarios and jointly train system operators and CSIRT in real-time using an IT-OT cyber range and digital twin of the power grid to become resilient to threats to power system stability and mitigate the risk of cascading failures and a blackout Alex Stefanov Director Control Room of the Future
16:30	Cybersecurity Standards to Support IT/OT Convergence - Consolidating cybersecurity standards to develop frameworks that will support your organisation’s transformation requirements Gaining a comprehensive understanding of the role standards such as IEC 62443, ISO 27000 and IEC 62351 play in the development of a cybersecurity management system that meets your organisational requirements Overcoming resistance to change to gain acceptance of the framework of standards most appropriate to the security needs of your organisation Establishing a common language with external providers, integrators and your entire organisation to facilitate security by design in grid transformation Siv Houmb Senior Adviser Statnett
17:15	Spearheading Collaboration - Improving information sharing with grid companies nationally and regionally to establish a culture of responsible disclosure across your security organisation and drive collective security Understanding the necessity for the energy utilities to exchange information on cybersecurity in a trusted circle like the EE-ISAC to become more resilient to threats to grid security Establishing the governance needed to overcome the complexities and challenges that come with increased volume of information exchange and regulatory compliance requirements Reaping the benefits of information sharing and being part of the EE-ISAC Aurelio Blanquet Secretary General EE-ISAC
18:00	Close of Briefing

Briefing Programme