Delivering next-level cybersecurity and cyber-resilience to the power grid to enable the acceleration of the energy transition

Date: 15th-19th May 2023

Format: In-Person

Venue: Park Plaza, Amsterdam

Very Early Bird – Save up to 800 on Delegate places and 2,000 on Exhibitor spaces by booking before Friday 27th January 2023

IT-OT Cybersecurity Conference & Exhibition

Tuesday 16th - Thursday 18th May 2023

The main conference is comprised of morning plenary sessions where all participants are in one room, addressing macro issues such as regulation, workforce development and data management, and afternoon technical tracks focused on the specific implementation issues impacting IT cybersecurity and OT cybersecurity teams. A combined programme of facilitated networking activities enable IT and OT colleagues to come together and share experiences, expertise, and gain insights into each other’s priorities. Running alongside the conference is an Exhibition area with a focused display of IT and OT cybersecurity solutions proven in the power grid environment.

Big Audience Shot-3

3-Day Conference Programme

Tuesday 16th May 2023 - IT-OT Cybersecurity Conference Day One

08:00

Registration and Refreshments

08:20

Welcome from the Chair

08:30

Outcome Focused Regulation - Taking a proportionate and balanced approach to risk, governance, and compliance to ensure cybersecurity maturity across the connected grid

  • Gaining a holistic perspective of how the regulatory landscape is adapting to meet the challenges of IT/OT convergence, supply chain dependencies and evolving threats to grid security
  • Moving beyond a compliance-based approach towards an integrated outcome-focused model to increase capability, maturity and resilience
  • Raising awareness throughout the supply chain to drive economies of scale and ensure an adequate level of collective grid security

Janne Hagen

Special Adviser Contingency Planning

NVE

Phil Litherland

Cyber Security - OT Security Product Manager

National Grid

Hanne Hansen

CISO

Energinet

09:15

Regulatory Compliance - Developing an integrated view of data privacy and information security regulations to support a holistic approach to compliance

  • Obtaining oversight of European and domestic regulation and operational need to strike the correct balance between effective information flow and regulatory requirements around the sharing of information
  • Overcoming the complexity of meeting physical security, safety, data privacy and cybersecurity requirements to develop an efficient approach to compliance in line with operational need
  • Employing a holistic approach beyond the requirements of individual authorities to reduce the risk of being impacted by cyber attacks

Janne Hagen

Special Adviser Contingency Planning

NVE

10:00

Morning Refreshments

10:30

Information Sharing - Creating robust and trusted information sharing mechanisms to support responsible disclosure and real-time threat intelligence across the entire grid ecosystem

  • Proactively leading your organisation’s information sharing regionally and globally to create aligned, and responsive threat intelligence and disclosure program
  • Striking the correct balance between managing risk, and compliance to data privacy regulations with the benefits of improved and expanded information sharing across the grid supply chain
  • Establishing trusted and effective information sharing mechanisms to help drive end-to-end grid security and become more responsive to active threats

Massimo Rocca

Board Member

EE-ISAC

11:15

Network Code on Cybersecurity - Preparing to implement the Network Code on Cybersecurity as part of a consolidated approach with critical infrastructure regulations to achieving sector-wide operational resilience

  • Understanding the overlap between the requirements for information sharing in NIS 2 and the NCCS to take a coherent approach to compliance
  • Improving the flow of information between Utilities, National CSIRTs and European institutions to create active feedback and responsiveness across all entities
  • Raising the level of maturity across all European utilities to develop a more resilient grid ecosystem that is responsive to evolving threats

Anjos Nijk

Managing Director

ENCS

Barry Coatesworth

Cybersecurity Adviser

Scottish Power

 

Olivier Clement

Head of Cyber Security Anticipation & External Affairs

Enedis

12:00

Lunch, Exhibition and Networking

IT Track - Vulnerabilities

OT Track - Vulnerabilities

13:30

Detection - Conducting unannounced penetration testing to understand how hackers can bypass your detection systems

  • Demonstrating system vulnerabilities and the limitations of compliance to raise awareness of threat actors’ methodologies and capabilities
  • Developing scripts to bypass detection systems, conducting reconnaissance, and looking for credentials to show practical paths that can be used to exploit vulnerabilities
  • Understanding how risk assessment, compliance and configuration need to be improved, and detection algorithms hardened to mitigate threat

Tom Jøran Sønstebyseter Rønning

Team Leader of Operational Security

Statnett

Threats and Vulnerabilities - Highlighting threats to and vulnerabilities of cyberphysical systems to ensure reliability, security and privacy of the smart grid

  • Gaining an understanding of the overlapping demands of reliability, security and privacy in cyberphysical systems as a basis for a coherent strategy
  • Developing safety, security, and privacy systems that can resist machine learning attacks and optimize performance levels
  • Integrating advanced computing, networking, and communication techniques and capabilities into the smart grid to improve reliability and productivity

Leandros Maglaras

Professor of Cybersecurity

De Montfort University

14:15

Attack Paths - Modelling the path of attacks to understand vulnerabilities and become more resilient

  • Building a special Hardware in the Loop Digital Substation environment a spart of the CybWin power grid research project in order to test different offensive and defensive security actions
  • Implementing 14 different cyber-attacks against the target substation to cover the general steps of offensive actions against power substations, such as reconnaissance activities, operation failure attacks by spoofed commands or denial of service type of attacks
  • Raising awareness of IEC 60870-5-104 Scada protocol attacks against power grid substationsfor grid asset owners to better protect their infrastructures.  

Laszlo Erdodi

Associate Professor

NTNU

Asset Vulnerability Management - Understanding OT asset vulnerabilities to develop more effective asset management practices

  • Demonstrating examples of attacks affecting OT systems to raise awareness of vulnerabilities in SCADA systems and common attack vectors
  • Deepening knowledge of OT infrastructure to overcome the complexities of patching and updating
  • Increasing resilience to minimize the impact of attacks on business IT infrastructure on critical assets

Dmytro Cherkashyn

Head of Cybersecurity Development

UNISS

15:00

Afternoon Refreshments, Exhibition and Networking

Afternoon Refreshments, Exhibition and Networking

15:30

Secure Edge Solutions - Applying secure development life cycle and standards to adequately secure edge solutions

  • Securing the entire IoT ecosystem to manage the exponential increase in data generation and transfer
  • Overcoming organisational complexity to deploy an OT Edge security platform at a substation level
  • Developing a sustainable approach to edge security to support smart grid transformation

Phil Litherland

Cyber Security - OT Security Product Manager

National Grid

Proactive Defence - Learning from attacks to the Ukrainian power grid to implement low-cost measures to become more resilient to persistent threats

  • Uncovering the motivations and methods of patriotic hackers to manage a new type of threat
  • Understanding which ICS can be relatively easily exploited to prioritise your defence strategy
  • Deploying low or no cost measures to defend against an increased volume and persistence of attacks on critical infrastructure

Chris Kubecka

CEO

Hypasec

16:15

Risk-based Vulnerability Management - Overcoming complexity to quantify the probability and impact of specific attacks and inform your vulnerability management strategy

  • Gaining visibility of all of your assets to conduct thorough continuous vulnerability assessment across the entire attack surface
  • Providing success metrics to help overcome organisational and individual resistance to comprehensively tackling vulnerability management
  • Automating and simplifying the process of prioritising vulnerabilities based on threat intelligence, impact, likelihood and difficulty to inform a cohesive risk acceptance strategy

Deniz Tugcu

Lead Senior OT Cybersecurity Specialist

Vattenfall

Threat Modelling - Correlating vulnerabilities against threat to create an integrated continuous risk and vendor management process

  • Mapping the threat landscape and emulating OT attacks in a controlled substation environment to understand the full capabilities of threat actors
  • Understanding how vendor vulnerabilities from the enterprise network, lack of firmware updates, lack of updates on SCADA systems can be exploited by advanced, persistent threat actors to overcome the weaknesses and limitations of your systems
  • Modelling threat from the point of view of how an attacker may exploit your systems to identify, mitigate and proactively defend against attack

Siv Houmb

Senior Adviser

Statnett

17:00

Roundtable Discussions - during this session the audience breaks out into several smaller working groups, each focused on a specific theme that arose during the day’s presentations. Each working group will comprise of representatives of the entire smart grid cybersecurity community to ensure a well-rounded and holistic discussion

18:00

Roundtable Summaries - during this session each working group leader will provide a 5-min summary back to the wider group, highlighting the issues raised, the solutions discussed, and the recommendations made to take the matter to the next level

19:00

Networking Evening Reception - time to relax after an intensive day of presentations and discussions! All participants are invited to join this networking reception where you will have the opportunity to enjoy the company of colleagues from across the European power grid cybersecurity community, in a relaxed and informal setting

22:00

Close of Conference Day One

Wednesday 17th May 2023: IT-OT Cybersecurity Conference Day Two

08:00

Registration and Refreshments

08:20

Welcome from the Chair

08:30

Cybersecurity Culture - Developing a cybersecurity ambassadorship programme to embed sustainable cyber-awareness across the organisation

  • Identifying and training office leaders to embed cyber-awareness in every area of the business through an effective communication campaign
  • Maintaining the level of engagement among ambassadors needed to create a sustainable, reliable long-term program
  • A cost-effective approach to achieving demonstrable resilience to phishing and DDoS attacks and improving reaction times to active threats

Erki Guhse

CISO

Enefit

09:15

Security as an Enabler - Communicating security as an enabler of transformation and business objectives to optimise resource allocation

  • Assessing maturity and risk to determine a proactive communication strategy
  • Defining the appropriate scope and timing of engagement, and identifying people with the correct level of technical knowledge to get results
  • Achieving cultural alignment with the wider organisation to engrain security in decision making processes, improve efficiency and reduce cost

Catherine Buhler

CISO

Energy Australia

10:00

Morning Refreshments

10:30

Skills Development - Striking the optimal balance in bilateral training of IT and OT experts to develop the capability needed to achieve secure grid modernization and operational resilience

  • Overcoming resource scarcity to embed the level of capability needed to meet the increased need for managing virtualised applications in the OT environment
  • Establishing a dedicated OT security team within the IT business unit to provide focused expertise for OT specific requirements while maintaining continuity with enterprise IT functions
  • Creating a bridge between IT and OT to ensure security, availability and reliability of substation systems

Michael Knuchel

Head of Substation Automation

Swissgrid

11:15

Cybersecurity Awareness Training - Integrating security training into existing cultural frameworks to enable organisation-wide cyber-awareness

  • Preparing internal and public-facing teams to work collaboratively towards mitigating cyber-threat
  • Developing metrics to demonstrably measure the success of training
  • Fostering a culture of positive communication in combination with greater awareness of attack vectors and vulnerabilities to improve preparedness for and responsiveness to cyber incidents

Isabell Neise

Head of Business Development

UNISS

12:00

Lunch, Exhibition and Networking

IT Track - Solutions

OT Security Track - Solutions

13:30

Threat Management - Using automation for effective threat management

  • Automating threat indicator identification, validation and escalation to reduce time and improve confidence
  • Migrating OT data into SOC and SIEM to correlate threats across IT and OT environments and establishing confidence levels against each threat
  • Creating reliable and robust threat information sharing mechanisms between TSOs, DSOs, Generation, ISACs and Government bodies to drive sector wide security

Shawn McBurnie

Director IT/OT Cybersecurity and Compliance

Northland Power

Remote Management - Deploying an advanced remote management platform to enable remote, automated configuration, password management, and log management for OT devices in substations

  • Establishing a universal solution to overcome the scale and complexity of current management processes
  • Assessing implementation risks and project timeframes to develop fit-for-purpose specifications and procurement requirements for a solution that can effectively manage configuration and password automation across the majority of devices in the substation environment
  • Simplifying and accelerating backups, updates, and upgrades of switches, routers, relays and IEDs to drive operational efficiency

Indrek Kunapuu

CISO

Electrilevi

14:15

Systems Configuration - Automating virtualised substation configuration management to improve confidence and reduce complexity

  • Determining the optimal way of managing the complexity and volume of configuration requirements across your assets’ lifecycle
  • Overcoming difficulties with virtualised automation of backups across multi-vendor systems including legacy technology to improve systems availability
  • Reducing manual configuration and limiting the possibility of human error to improve confidence in system backups

Sampo Turunen

Secondary Systems Manager

Fingrid

Remote Control - Leveraging IEC 62443 to future-proof remote control of medium and low voltage substation automation

  • Using IEC 62443 principles to support secure data flows and remote access
  • Overcoming resource scarcity, legacy technology and the need to use public communication networks to ensure the secure communication between the control centre and LV/MV substations
  • Making the RTU in secondary substations a secure gateway to provide observable data in LV/MV substations in support of advanced analytical, predictive and IIoT applications, grid stability and flexibility for future upgrades

Luka Mocnik

ICT Infrastructure Architect

Elektro Gorenjska

 

15:00

Afternoon Refreshments, Exhibition and Networking

Afternoon Refreshments, Exhibition and Networking

15:30

Grid Modernization - Securing smart grid transformation to facilitate carbon emission reduction

  • Conducting six pilot projects to drive operational efficiency and customer energy use reduction
  • Managing standards, regulation and technical challenges brought about by the integration of new smart instruments, increased data flow and SCADA upgrades
  • Optimizing and securing customer facing and internal infrastructure to support the integration of EVs, ADMS and renewables assets

Venkatesh Gollapalli

Security Architect

EY

OT Security in Procurement Projects - Combining regulations and standards to develop effective product specifications and certification

  • Leveraging standards to strike the correct balance between operator and vendor requirements in accordance with changes to the European regulatory landscape and in line with national regulation
  • Overcoming uncertainty around specific security requirements of components to manage the complexity of large-scale procurement projects
  • Conducting technical testing and acceptance testing to define system security requirements of critical OT systems and meet the need for accelerated system design and project delivery

Stephan Beirer

ICS/OT Security

GAI Netconsult

16:15

IT-OT Communication - Developing a collaborative strategy for overcoming obstacles to critical data exchange between IT to OT

  • Achieving secure and effective two-way data exchange to gain complete visibility in business systems of IT and OT vulnerabilities and communicate updates and materials from SAP to the production environment
  • Developing a rock-solid DMZ to validate inputs from IT to OT and ensure confidentiality of critical data
  • Creating mutual trust between the business and operations to instil confidence and enable grid optimization

Janus Ahrensbach

ICS Security Architect

Energinet

AMI Security - Mitigating threats to advanced metering infrastructure to secure data flow in OT environments

  • Getting visibility of the key weaknesses of Advanced Metering Infrastructure and how threat actors may attempt to exploit them
  • Conducting penetration tests to verify the resistance of Advanced Metering Infrastructure to cyber threats
  • Identifying and eliminating weak points of AMI infrastructure and its elements to increase its cybersecurity resilience

Tomasz Wysztygiel

Cybersecurity Manager

EY OT/IOT Hub

17:00

Close of Conference Day Two

Close of Conference Day Two

Thursday 18th May 2023: IT-OT Cybersecurity Conference Day Three

08:00

Registration and Refreshments

08:20

Welcome from the Chair

08:30

Systems Resilience - Implementing a systemic security classification of assets to optimise confidentiality, integrity and availability of critical systems

  • Employing a mutual strategy across IT and OT to enable offline operation of the most critical systems in the event of a major attack or catastrophic failure
  • Overcoming resource scarcity in a remote island location and reliance on remote vendor access and expertise to ensure secure, reliable operation
  • Gaining in depth knowledge of systems and applications to efficiently communicate criticality and prioritise remediation plans

Annilisa Arge Klevang

CISO

SEV

09:15

Integrated IT/OT SOC - Developing an integrated IT and OT SOC capable of a holistic response to threats across converged environments

  • Overcoming cultural and technical barriers to deploying security monitoring solutions in the OT environment
  • Gaining full visibility of OT dependencies and vulnerabilities, and modelling use cases to effectively and automatically reduce logged events (false positives) without missing any real OT relevant security events
  • Preparing effective substation and supply chain security measures, incident response plans and playbooks to counter combined threats to your IT and OT systems

Ivo Maritz

Senior Adviser Cybersecurity

Maritz Consulting

10:00

Morning Refreshments

10:30

Cyber-informed Engineering - Establishing a national cyber-informed engineering strategy to embed security in clean energy system transformation

  • Harnessing expertise and insight from energy companies, energy systems and cybersecurity manufacturers, standards bodies, researchers, DOE National Laboratories, and Federal partners in the cybersecurity and engineering mission space to adopt a national strategy towards increasing the security, reliability, and resilience of the US’s energy sector
  • Leveraging CIA to address gaps in how we train engineers and technicians to provide them with the means to build in security from the ground up
  • Establishing the framework to embed cybersecurity into energy systems and avoid the need to retrospectively secure critical systems

Andy Bochman

Senior Grid Strategist

Idaho National Laboratory

11:15

Cyber Resilience - Using AI and computational intelligence to detect, prevent, respond, and recover from attacks on cyber-physical power systems

  • Hardware in the loop simulations with power grid digital twins, digital substations, Control Room of the Future (CRoF) and IT-OT cyber range to develop strategies for detection and mitigation of cyber attacks on OT systems and prevent cascading failures
  • Developing AI-based incident response and recovery strategies from cyber attacks on CRoF and digital substations
  • Allowing utilities to stress OT systems, technology and processes using a digital twin of the end-to-end power grid to ensure cyber resilience and support cyber security innovation

Alex Stefanov

Director

Control Room of the Future

12:00

Lunch, Exhibition, and Networking

IT Security Track - Implementation

OT Security Track - Implementation

13:30

Network Re-segmentation - Establishing trusted and semi-trusted zones to enable large-scale IT architecture transformation

  • Gaining full visibility of your assets to determine criticality and inform your risk acceptance and mitigation strategies
  • Developing the governance needed to enable technical solutions such us hybrid cloud to facilitate increased data exchange and reduce cost
  • Leveraging standards to ensure compliance and demonstrably manage risk while supporting the business’s smart grid transformation

Jeremi Gryka

Deputy CIO/IT Security

PSE

OT Standards - Using OT cybersecurity controls to ensure compliance

  • Implementing controls and standards such as ISO 27000 and IEC 62443 to feed effective compliance frameworks
  • Measuring success of controls, and managing exceptions and failure in a continuous lifecycle to demonstrate compliance
  • Developing a process of continuous improvement to support a collaborative approach with authorities towards system security

Greg Blezard

Head of Information Security

ENWL

14:15

ISO 27001 ­- Mapping new ISO 27000 requirements and normative changes to the ISMS of electricity grid providers

  • Understanding how regulatory and normative changes will be transposed into national law to obtain clear guidance on the impact to your management systems
  • Mapping and applying new requirements to inform your change management strategy
  • Reorganizing your ISMS in line with new norms to reduce complexity

Michael Ring

Adviser Information Security

TenneT

Incident Response - Establishing an incident response and recovery playbook for OT engineers to ensure ongoing operability and resilience of OT networks in the event of a cyber incident

  • Equipping OT engineers with tools and training to enable speedy first response to the incident
  • Creating an incident and recovery playbook which is understood and respected by OT engineers
  • Maintaining availability while responding to suspicious activity

Lukasz Kisielewski

Manager OT/ICS

Accenture

15:00

Afternoon Refreshments, Exhibition and Networking

Afternoon Refreshments, Exhibition and Networking

15:30

Risk Management - Implementing a risk management strategy under an ISO 27000 certified ISMS

  • Using section 5 of ISO 27001 to determine and prevent risk in a cycle of continual improvement
  • Developing documentation for identification, assessment, and treatment of risk on an ongoing basis to demonstrate risk tolerance, termination or transfer and to deploy effective controls
  • Establishing processes to demonstrate compliance to cybersecurity regulations and become more resilient to cyberattacks

Joana Abreu

Cybersecurity Manager

E-REDES

OT Modernization - Opening the OT mindset towards IT agility and innovation to enable transformation, achieve cost savings, and drive efficiency

  • Prioritising education to align people, process and technology across all levels of the organisation
  • Establishing and developing an integrated framework to map governance, risk, compliance, technical security controls and audit and establish a common language
  • Defining effective KPIs for management, budget holders, engineers, and IT to support tangible security

Deniz Tugcu,

Lead Senior OT Cybersecurity Specialist

Vattenfall

16:15

Cloud Implementation - Implementing trusted cloud architecture to optimise storage and processing of data

  • Accelerating cloud adoption to reach the maturity needed to support energy system and utility business model change
  • Tackling technical limitations of legacy OT and achieving the mindset shift needed to support the necessary shift to cloud-based systems
  • Reducing cost of traditional on-prem solutions and facilitating the management of the volumes of data needed to operate increasingly distributed grid infrastructure

 

Kristian Alsing

Cybersecurity Executive

Independent

 

OT Supplier Security Assessment - Taking a criticality-based assessment approach to establish a secure and resilient OT-Supplier pool

  • Implementing standards and procedures to provide transparent requirements for OT-suppliers
  • Collaborating with suppliers on a continuous basis to develop trust and collectively ensure control of risk
  • Applying best practice for grid operators to proactively optimize cyber security resilience, and ensure a reliable level of trust in components of OT systems and services

Salim Bouramman

Expert OT Cyber Resilience and Cyber Range

E.ON

17:00

Close of Conference Day Three

Close of Conference Day Three