SANS EUROPEAN ICS SECURITY SUMMIT

Munich Marriott Hotel

18th June, 2018

training@sans.org +44 (0)20 3384 3470 www.sans.org/ICS-Europe-2018

Sunday June 17th - 201818:30 – 22:00pm Pre-Reg, Networking, Welcome Reception & Speakers Dinner

Monday June 18th - 201808:00 – 09:00am Registration and Coffee

09:00 – 09:15am Welcome and Introduction by Chair

Kai Thomsen, Chair ICS Europe Summit

9:15 – 10:00am Lessons From Implementation Projects

Procuring and deploying a secure Industrial Control System. A case study of large-scale ICS implementations, focusing on some tangible examples that demonstrate how to minimise the cost of securing a new ICS system.

Michal Paulski, ICS Security Manager at Accenture Security

10:00 – 10:20am Networking Break

10:20 – 11:00am The Building Blocks of Good Detection and Response Services for the ICS Environment

This session focuses on what is needed to build an effective detection and response group in an organisation. It includes the team roles and individual skills that are required, effective leadership and the synergies and benefits that can be gained by combining in-house expertise and external consultants efficiently.

Søren Egede Knudsen, CTO at Ezenta

11:00am – 11:30am Building a successful ICS Cyber Security Programme

Markus presents the key steps to take and the main elements of a successful ICS Cyber Security Programme, ranging from risk assessment to talent management and communicating at board level. He explains how to work through the various challenges and pull them together to create a valuable programme.

Markus Braendle, SVP & Head of Cyber Security at Airbus

11:30am – 12:15pm Working with the EU Directive: High Common Level of Network and Information Security

Studies show that without the provision of essential goods and services our modern society would crumble within days. As a result, governments around the world are passing laws to protect the infrastructures they deem critical for their population.

In this talk, Martin sheds some light on the questions and issues raised as a result of such laws and presents Germany’s approach to handling them.

Martin Apel, Director of Critical Infrastructure at BSI

12:15 – 13:00pm Lunch

13:00 – 13:45pm The Human Factor in ICS – why is it important to create awareness?

Implementing cyber security within ICS environments is not possible without technical measures. But technology is only one part of a holistic security approach. It is equally important to implement organisational measures (e.g. security polices and processes). Special attention should be paid to the human factor because the weakest chain in cyber security is often the human being.

Daniel Buhmann, Business Unit Manager Security Solutions at Koramis GmbH

training@sans.org +44 (0)20 3384 3470 www.sans.org/ICS-Europe-2018

13:45 – 14:15pm A Real Cyber Physical Experience: Red Teaming on a Power Plant

Cyber threats continue to rise and cyber criminals are targeting critical infrastructures more than ever. The need for realistic risk assessments and penetration tests is apparent to help prevent potentially catastrophic attacks.

Can Demirel, ICS Cyber Security Services Team Lead at Biznet Bilisim

14:15 – 15:00pm When Standards and Regulations Are Not Enough - why industrial cyber security requires a different approach in the protection of critical infrastructuresFollowing existing standards, approaches and methodologies, implementing common solutions or complying with regulatory frameworks are not enough to protect critical infrastructures.

Samuel provides an analysis of why the protection of critical infrastructures requires specific and different approaches, methodologies and solutions.

Samuel Linares, Independent Evaluator at European Commission, CIIP Expert at ENISA and member of ISACA Global Cybersecurity Task Force

15:00 – 15:20pm Networking Break

15:20 – 16:05pm Future Challenges and Changes in Industrial CybersecurityChallenges that industrial companies and infrastructure organisations face span the full IoT spectrum. Broader deployment of automation products in smart cities and commercial operations also demands a broadening of the potential use cases. In this session, Thomas discusses these expanded challenges, the gaps that need to be filled and makes recommendations relating to the actual changes that are required.

Thomas Menze, Senior Consultant European Operations at ARC Advisory Group

16:05 – 16:35pm DIY insider Threat Detection/Prevention Within ICS EnvironmentsThis session is designed to help those setting up an internal “insider threat detection/prevention” programme without turning to the large, expensive products that are available. Dieter shows how (sometimes simple) methods and tricks can be used to tackle the insider threat within ICS environments.

Dieter Sarrazyn, ICS/SCADA/OT Security Consultant at Secudea.

16:35 – 17:00pm Critical Infrastructure Cybersecurity in a Turbulent Region

Andrew Bochman, Senior Grid Strategist, National & Homeland Security,Idaho National Laboratory

17:00 Closing Remarks by Chair followed by Networking Drinks

NB This agenda should be considered a draft and the organisers will continue to make amendments to content and line up.

training@sans.org +44 (0)20 3384 3470 www.sans.org/ICS-Europe-2018training@sans.org +44 (0)20 3384 3470 www.sans.org/ICS-Europe-2018