Program

Time Main Track Sessions
8:00

Welcome to ISC-CPH: Registration and breakfast

THIS DAY OF THE CONFERENCE WILL BE MAINLY IN DANISH
9:00
9:05

Welcome to the conference and introduction to today’s program

Peter Frøkjær
Senior Security Architect, Vestas, & President, ISACA Denmark
9:10

The threat assessment against Denmark

Søren Maigaard from SektorCERT presents their assessment of the threat to Danish critical infrastructure. The presentation will describe which threat actors SectorCERT is keeping an eye on and how we all best defend ourselves against them.

This presentation will be in Danish.

Søren Maigaard
Director, SektorCERT
9:50

Short Break

10:00

Updating emergency response legislation in the energy sector

Jesper Rode Tholstrup dives into the legislation in the emergency preparedness area with a special focus on OT. Jesper also discusses the changing threat landscape, handling and resilience of a changing energy sector and the implementation of the NIS2 and CER directives.

This presentation will be in Danish.

Jesper Rode Tholstrup
Head of Division, Centre for Risk Preparedness, Danish Energy Agency
10:40

Refreshments and networking

11:15

Lessons Learned from a malware incident on a cruise ships control systems

Technical Level: Beginner

Real event: What happens when a cruise ship suffers a malware incident on its OT systems, causing massive disturbance of its essential systems? Human error, combined with multiple factors, can lead to the failure of the ship’s automation and navigation systems, limiting the ability to sail the ship and continue the cruise.

This presentation will be in Danish.

Christopher Stein
Lead Engineer, Maritime Cybersecurity, Royal Caribbean Group
11:55

Lunch and networking

12:55

Implementing NIS2 in the utilities industry

Michael Leth will talk about how they work with implementation of NIS2. The goal is to achieve greater security and become ready for audits.

This presentation will be in Danish.

Michael Leth
Senior Consultant, SamAqua
13:45

NIS2 and CTI – a match made in heaven

Technical Level: Beginner

How to utilize Cyber Threat Intelligence (CTI) to effectively communicate risk and ways to reduce them? Discussing risk with leadership can be a tedious task, but it will in this presentation be shown how to map Threat Actors' capabilities to NIS2 controls & visualize them to achieve the ultimate goal: To reduce risk.
Tibor Földesi
Security Analyst, Norlys
Martin Hansen
CISO, Elnetselskabet N1
14:25

Refreshments and networking

14:55

Butterfly effects on critical infrastructure

Focusing on the Industrial Critical Infrastructure, Helena Marqvertsen Frank will look at the main Cybersecurity challenges using practical examples and the presentation of a new paradigm.

This presentation will be in Danish.

Helena Marqvertsen Frank
OT Security Manager, Ørsted

What do OT security professionals need to know about NIS2?

This presentation will be in Danish.

Julie Bak-Larsen
Partner, Bird & Bird
15:35

Short Break

15:45

Supply chain security in the OT environment – how do we handle it?

Morten Holm Gregersen will have a dual focus in his discussion on operational and management level compliance with NIS2 and CRA security regulations in an environment where large industry vendors do not support the regulatory requirements.

This presentation will be in Danish.

Morten Holm Gregersen
Founder & Director, Cybernordic

Workshop – log management/monitoring in OT

Technical Level: Beginner

The workshop starts with an introduction to log management/monitoring on OT. Everyone gets access to a SIEM system and is given a guide to find relevant information. Requirements: You must bring your own laptop.

This presentation will be in Danish.

Josef Gustafsson
Systems Engineer, Corelight
Morten Kromann
Head of Industrial Security, Siemens
Kenneth B. Jørgensen
Owner, KCERT
16:25

Short Break

16:30

How does Energistyrelsen/The Danish Energy Agency use scenarios as a method to ensure preparation of the sector?

This is partly due to the changing geopolitical situation, but also the way we assess resilience at a company level in the energy sector based on scenarios and how next winter scenarios should be handled. You can also hear about the scenarios that the sector is working on that look into the future and try to make the sector resilient to what will happen in 5, 10, 20 years.

This presentation will be in Danish.

Malene Hein Nybroe
Long Term Energy Advisor – Ukraine, Ministry of Foreign Affairs of Denmark
17:10

The first day of the conference is rounded off by the chairman

Peter Frøkjær
Senior Security Architect, Vestas, & President, ISACA Denmark
17:20

Networking reception – Enjoy refreshments and network with our partners

Andrew Ginter will be signing free copies of his latest book "Engineering-Grade OT Security – A manager's guide", courtesy of Waterfall Security. The book addresses the question "How much is enough?" How much security? How much engineering? For which kinds of systems? And most importantly, why?