Program
Time | Main Track | Sessions |
---|---|---|
8:00 | Welcome to ISC-CPH: Registration and breakfastTHIS DAY OF THE CONFERENCE WILL BE MAINLY IN DANISH | |
9:00 | ||
9:05 | Welcome to the conference and introduction to today’s program
Peter Frøkjær
Senior Security Architect, Vestas, & President, ISACA Denmark
| |
9:10 | The threat assessment against DenmarkSøren Maigaard from SektorCERT presents their assessment of the threat to Danish critical infrastructure. The presentation will describe which threat actors SectorCERT is keeping an eye on and how we all best defend ourselves against them.
This presentation will be in Danish.
Søren Maigaard
Director, SektorCERT
| |
9:50 | Short Break | |
10:00 | Updating emergency response legislation in the energy sectorJesper Rode Tholstrup dives into the legislation in the emergency preparedness area with a special focus on OT. Jesper also discusses the changing threat landscape, handling and resilience of a changing energy sector and the implementation of the NIS2 and CER directives.
This presentation will be in Danish.
Jesper Rode Tholstrup
Head of Division, Centre for Risk Preparedness, Danish Energy Agency
| |
10:40 | Refreshments and networking | |
11:15 | Lessons Learned from a malware incident on a cruise ships control systemsTechnical Level: Beginner Real event: What happens when a cruise ship suffers a malware incident on its OT systems, causing massive disturbance of its essential systems? Human error, combined with multiple factors, can lead to the failure of the ship’s automation and navigation systems, limiting the ability to sail the ship and continue the cruise.This presentation will be in Danish.
Christopher Stein
Lead Engineer, Maritime Cybersecurity, Royal Caribbean Group
| |
11:55 | Lunch and networking | |
12:55 | Implementing NIS2 in the utilities industryMichael Leth will talk about how they work with implementation of NIS2. The goal is to achieve greater security and become ready for audits.
This presentation will be in Danish.
Michael Leth
Senior Consultant, SamAqua
| |
13:45 | NIS2 and CTI – a match made in heavenTechnical Level: Beginner How to utilize Cyber Threat Intelligence (CTI) to effectively communicate risk and ways to reduce them? Discussing risk with leadership can be a tedious task, but it will in this presentation be shown how to map Threat Actors' capabilities to NIS2 controls & visualize them to achieve the ultimate goal: To reduce risk.
Tibor Földesi
Security Analyst, Norlys
Martin Hansen
CISO, Elnetselskabet N1
| |
14:25 | Refreshments and networking | |
14:55 | Butterfly effects on critical infrastructureFocusing on the Industrial Critical Infrastructure, Helena Marqvertsen Frank will look at the main Cybersecurity challenges using practical examples and the presentation of a new paradigm.
This presentation will be in Danish.
Helena Marqvertsen Frank
OT Security Manager, Ørsted
| What do OT security professionals need to know about NIS2?This presentation will be in Danish.
Julie Bak-Larsen
Partner, Bird & Bird
|
15:35 | Short Break | |
15:45 | Supply chain security in the OT environment – how do we handle it?Morten Holm Gregersen will have a dual focus in his discussion on operational and management level compliance with NIS2 and CRA security regulations in an environment where large industry vendors do not support the regulatory requirements.
This presentation will be in Danish.
Morten Holm Gregersen
Founder & Director, Cybernordic
| Workshop – log management/monitoring in OTTechnical Level: Beginner The workshop starts with an introduction to log management/monitoring on OT. Everyone gets access to a SIEM system and is given a guide to find relevant information. Requirements: You must bring your own laptop.This presentation will be in Danish.
Josef Gustafsson
Systems Engineer, Corelight
Morten Kromann
Head of Industrial Security, Siemens
Kenneth B. Jørgensen
Owner, KCERT
|
16:25 | Short Break | |
16:30 | How does Energistyrelsen/The Danish Energy Agency use scenarios as a method to ensure preparation of the sector?This is partly due to the changing geopolitical situation, but also the way we assess resilience at a company level in the energy sector based on scenarios and how next winter scenarios should be handled. You can also hear about the scenarios that the sector is working on that look into the future and try to make the sector resilient to what will happen in 5, 10, 20 years.
This presentation will be in Danish.
Malene Hein Nybroe
Long Term Energy Advisor – Ukraine, Ministry of Foreign Affairs of Denmark
| |
17:10 | The first day of the conference is rounded off by the chairman
Peter Frøkjær
Senior Security Architect, Vestas, & President, ISACA Denmark
| |
17:20 | Networking reception – Enjoy refreshments and network with our partnersAndrew Ginter will be signing free copies of his latest book "Engineering-Grade OT Security – A manager's guide", courtesy of Waterfall Security. The book addresses the question "How much is enough?" How much security? How much engineering? For which kinds of systems? And most importantly, why? |
Time | Main Track | Sessions |
---|---|---|
8:00 | Welcome to Day 2. Registration, networking and breakfast | |
9:00 | ||
9:05 | Welcome to the conference and introduction to today’s program
Peter Frøkjær
Senior Security Architect, Vestas, & President, ISACA Denmark
| |
9:10 | Managing Complexity by Engineering OT SecurityTechnical Level: Intermediate OT despite being ‘legacy’ compared to IT has not been static by any means. Developments at the Edge have continued (OPAF, increased use of Encryption & Virtualization) in parallel to those in the Cloud (even SCADA) and AI (LLMs). However, since the OT imperative is production (and safety), the security conversation becomes a forced fit after thought.
Vivek Ponnada
Technology Solutions Director, Nozomi Networks
| |
9:55 | Rough around the edges: the state of software supply chain in OT/IoT routersTechnical Level: Intermediate This talk will give a deep perspective on the state of software supply chains for edge devices, using popular IoT/OT routers as examples. These routers provide connectivity to critical infrastructure and have been targeted by cybercriminal botnets, APT groups, and hacktivists.
Daniel dos Santos
Head of Security Research, Forescout Technologies, Inc.
| |
10:30 | Refreshments and networking | |
11:00 | Securing OT: Lessons Learned from Global Automotive Leader Volvo and Orange CyberdefenseTechnical Level: Intermediate Join Cyolo for an insightful speaker session where we delve into the realm of Operational Technology (OT) security, drawing from the experiences of esteemed leaders at Volvo, a global automotive leader, and Orange Cyberdefense (OCD). This session will explore crucial topics essential for securing OT environments, including OT Visibility, Defensible Architecture, Secure Remote Access (SRA), and Incident Response Plans. Our expert speakers will share their firsthand experiences in running OT security assessments, highlighting the importance of visibility and the benefits derived from such evaluations. Additionally, we will delve into the critical aspects of implementing defensible architecture and modern SRA solutions tailored specifically for the automotive industry. Discover how Volvo and OCD have navigated these challenges and realize the tangible benefits of enhanced OT security.
Andreas Jacobsson
OT Security Consultant, Orange Cyberdefense
Martin Eenfeldt
Senior Network & Security Architect, Volvo Cars
| |
11:35 | Short Break | |
11:45 | Avoiding decision paralysis – in the face of uncertaintyThe transition into sustainable energy resources requires huge investments in new infrastructure and technologies. At the same time, the future critical infrastructure will also become increasingly exposed to cyber-attacks. This entails uncertainty, and given the magnitude for investments, and the physical and political impact on future societies, this uncertainty poses a potential barrier for transition into sustainable energy. To manage for this challenge of uncertainty, Vestas is currently developing a framework being able to navigate cyber risks. A framework that is targeted to provide a consistent, repeatable, and transparent analysis of quantified external and internal factors that influence cyber risk.
Henrik Thiesen
Vice President, Cyber Strategy & Commercialization, Enterprise Cyber Security, Vestas
| |
12:20 | Lunch and networking | |
13:20 | Create visibility on your produk2ons-network!Technical Level: Intermediate How do you set up secure logging? What are the right logs for security? What should we do when implementing a PKI structure in OT (how do we achieve visibility)? Do we need to resist all threats? What is the real threat? What are the biggest challenges? Why create visibility before the basic security measures are in place?
Kenneth B. Jørgensen
Owner, KCERT
| Practical management of cyber risks in sustainable energy systemsTechnical Level: Beginner Sustainable energy resources are connected, critical, and vulnerable. As such potential lucrative target for cyber threat-actors as high value – low protection target. Managing the risk of a cyber attacks to the sustainable energy resources requires an in-depth understanding of who attacks, how they attack, what they attack, and what happens as result. Simply put a cyber risk is potential event where an attacker exploits a weakness to achieve an impact. In this session Jens Christian Vedersø from Vestas will discuss a practical and pragmatic approach to consistent assess cyber risks to a sustainable energy asset.
Jens Christian Vedersø
Enterprise Cyber Security Strategist, Vestas
|
13:55 | Short break | |
14:05 | Strengthening energy supply and cyber resilience in Europe’s energy sectorTechnical Level: Intermediate The talk dives into the potential for more targeted cyberattacks aimed at disrupting Europe's energy stability and advocates for a proactive, resilience-based cybersecurity approach, emphasizing the importance of safeguarding critical energy infrastructure to maintain the integrity of Europe's energy supply.
Kenneth Titlestad
Director – Industrial IT/OT & Cybersecurity, Sopra Steria
| Workshop part 1: Applied Reverse Engineering in OT ProtocolsTechnical Level: Advanced This presentation deeps dive into the realm of reverse engineering applied to proprietary protocols within Operational Technology (OT) environments. Focusing on uncovering data concealed within hidden fields, our research explores the methodologies and tools employed to extract data from OT protocols. Requirement: Bring a laptop.
Ali Rıza Şahinkaya
Researcher, ICSFusion
|
14:40 | Refreshments and networking | |
15:10 | Why ISA/IEC 62443 Risk Assessment should be the first step in your OT Security programTechnical Level: Intermediate We will go through the process on where to start using ISA/IEC 62443-3-2 for securing your industrial control systems using real world examples, that could benefit the community to better understand the “complexity” of the standard. And we will touch upon how this specific part of the standard(s) is tied to other parts such as the 3-3, 4-2 and 2-1, and of course some use cases towards existing security technologies once you have the basics in place.
Tommy Evensen
Director, Omny AS
| Workshop part 2: Applied Reverse Engineering in OT ProtocolsTechnical Level: Advanced
Ali Rıza Şahinkaya
Researcher, ICSFusion
|
15:45 | Short break | |
15:55 | Hybrid warfare and ICS/OT SystemsHow is hybrid warfare redefining threats to Industrial Control Systems and Operational Technology?
Could our critical infrastructure be the next target of sophisticated cyber-attacks?
How does this fit into the strategy and tactics of modern warfare?
Ken Bonefeld Nielsen
Senior Cyber Security Advisor, Norlys
| Real Lessons and Considerations When Deploying Security to OT EnvironmentsTechnical Level: Beginner As part of the conference, Craig would like to provide the audience with some real-life lessons and considerations when starting a journey of deploying a security solution to an OT environment. These are lessons we have learnt on our journey, and even with over 16 years of experience in Information Security, it is important to note that deploying any security solution to an OT environment is extremely different to what one would expect, especially with a general Information Technology background in mind.
Craig Carolessen
Senior Manager, BDO UK
|
16:30 | Short break | |
16:35 | Securing Offshore Wind By DesignTechnical Level: Intermediate How can we securely engineer offshore wind to maintain reliability, even with few opportunities for physical maintenance? These systems need to weather the test of time. This is exactly what this talk will explore by first examining the risk characteristics and then demonstrating how approaches based on the US Department of Energy, Cyber Informed Engineering (CIE) framework can help to ensure security by design.
Tony Turner
CEO, Opswright
| |
17:15 | Sightseeing + walk and talkChoose between 5 security topics and spend an hour walking in beautiful Copenhagen, while networking with your peers. | |
18:00 | Networking reception – Enjoy refreshments and network with your security colleagues | |
18:40 | Dinner & networking (Requires separate signup) |
Time | Main Track | Sessions |
---|---|---|
8:00 | Welcome to Day 3 at ISC-CPH | |
9:00 | Introduction to today’s program
Peter Frøkjær
Senior Security Architect, Vestas, & President, ISACA Denmark
| |
9:05 | Reaping process improvements from network leaks – Boost your OT security controlsTechnical Level: Intermediate Robert Valkama and Mikko Kenttälä will walk you through how focused testing of network segregation, a fundamental security control, can reap unexpected benefits on improving the overall OT security posture on other fronts as well.
Mikko Kenttälä
Founder & CEO, SensorFu
Robert Valkama
Senior Manager, OT Cyber Security, Fortum
| Toward to the Final Frontier – Principle to Secure Network Resilience of Your Cyber-Physical System against APT WarTechnical Level: Beginner With the cost-effectiveness of launch and space technology has improved, more than ever private and national sectors have highly introduced Low Earth orbit (LEO) networks. However, unlike the private illusion of using the LEO network, many companies and government believe that they can safely use satellites without threats. We observed multiple wild APT attack incidents, attackers can use cheap devices to disrupt the networks, and even take over the entire supply chain.
Yenting Lee
Senior Threat Researcher, TXOne Networks
|
9:40 | Short break | |
9:50 | Major Incident Response from the inside – The SolarWinds/Sunburst StoryTim Brown is the CISO for SolarWinds. He has been with the company for 8 years and has lived all aspects of a major incident. From preparedness to an incident to recovery. The Sunburst Incident was an inflection point in many areas especially supply chain security. Tim will take you through the incident, the lessons learned, the important role people played and how technology could have played a stronger role. He will provide insight into each stage of the incident and how early decisions can be critical to the impact and recovery.
Tim Brown
CISO, SolarWinds
| |
10:30 | Refreshments and networking | |
10:55 | Are we getting too ITgrationalized in OT?Technical Level: Intermediate The discussion will focus on the integration of IT information and systems into the OT environment and the potential problems this integration might cause, despite our best intentions. Topics to be discussed include phishing, operating systems, and embedded systems.
Søren Egede Knudsen
CEO & IT/OT Security Expert, Egede
| No VR Required: Simulating Attack Paths for Vulnerability ManagementTechnical Level: Intermediate Kylie McClanahan will present the culmination of 4 years of DOE-funded research on the feasibility of network attack simulations for vulnerability remediation and prioritization. She will discuss the methodology and approach to this problem, the results of the research, and how this could be adapted into the security decision process in both small and large organizations.
Kylie McClanahan
CTO, Bastazo
|
11:30 | Lunch and networking | |
12:30 | Prioritization & Decision Making in Critical Infrastructure DefenseTechnical Level: Intermediate Through this discussion we will arrive at unfortunate conclusions where many elements currently deemed “critical” simply cannot be treated as such to economize on available capabilities – but in doing so, we will also explore how national (and international) authorities and asset owners can best use limited resources to ensure such “sub-critical” infrastructure is not abandoned.
Joe Slowik
Threat Intelligence & Critical Infrastructure Security Leader, MITRE
| Digital Doppelgangers: Deepfakes Impact on Social EngineeringTechnical Level: Beginner More and more in society, deepfake technology leverages artificial intelligence to create convincing fake audio and video clips and is evolving rapidly. These technologies not only pose significant threats to personal and organizational cybersecurity programs but also present unique challenges and opportunities in the realms of IT and cybersecurity. This presentation delves into the complexities of deepfakes, offering insights into their creation and detection. With a focus on informing IT professionals, cybersecurity practitioners, CIOs, and CISOs, we will explore the latest tools and techniques used to generate and identify deepfakes while providing practical guidance on mitigating associated risks.
James McQuiggan
Security Awareness Advocate, KnowBe4
|
13:05 | Refreshments and networking | |
13:35 | Securing a World of LegacyTechnical Level: Intermediate In the mid-1990s, Grundfos introduced electronically controlled pumps. These pumps still work fine, but the technology is becoming obsolete in the face of modern cyber threats. It would be too expensive to replace all the pumps worldwide. So how can we secure these systems? Is it possible to upgrade a small component to achieve high security on equipment from the 90s?
Daniel Rosenring
Senior Specialist, Safety & Cyber Security Control SW, Grundfos
| Detecting destructive malware in OT protocolsTechnical Level: Intermediate Malware written for OT protocols are often developed and executed with destructive intent. Lightwork and Industroyer2 represent a group of malwares designed to cause electric power disruption. During this talk we’ll share our experience in developing behavior-based detection mechanisms for both of these tools, and what techniques we use for doing this. We’ll briefly cover the tools, reverse engineering them and their traffic to better understand what patterns to look for, and we’ll explain what benefits our techniques have compared to alternatives like pure signature-based detection.
Rafael Lukas Maers
Reverse Engineering Team Lead, mnemonic
Odin Jenseg
Detection Engineer, mnemonic
|
14:10 | Short break | |
14:20 | 23andMe and 2TB – Your Supply Chain’s DNATechnical Level: Slightly Advanced This session is for organizations developing products that have deep complexity in their software supply chains — lots of assets, countless 3rd-party suppliers, multiple eras of technology, and frequent M&As. Facing a barrage of new supply chain legislation both in Europe and North America, these organizations need to know what is in their products — its inherited DNA. A risky entity or component could potentially block sales and even entire markets. To illustrate the value of transparency, we scraped the Download/Support portals of multiple critical infrastructure industry OEMS and analyzed over 2 terabytes (2TB) of raw data. Much like the genetic testing analysis of 23andMe, we discovered a complex portrait of their suppliers, ownership, and end-of-life products.
Ron Brash
VP of Technical Research & Integrations, aDolus Technology Inc.
| Uncovering Hidden Risks in ICS/OT Devices: Leveraging Firmware Analysis and SBOMs to Identify Device Security ThreatsTechnical Level: Intermediate In the realm of ICS and OT security, many critical devices harbor serious vulnerabilities, often due to outdated, unmaintained codebases or lack of developer's security knowledge. These systems, which underpin critical infrastructure, contain components built on unmaintained and often vulnerable software versions, introducing severe security risks, including both known and 0-day vulnerabilities. This session will delve into the hidden vulnerabilities within ICS/OT devices and demonstrate how firmware analysis combined with Software Bill of Materials (SBOMs) can be leveraged to identify these risks and mitigate security threats.
Zahra Khani
Principal Product Manager for IoT Security Assessment, Keysight Technologies
|
14:55 | An Approach to Disaster Recovery in OTTechnical Level: Intermediate / Advanced This talk will introduce a vendor-agnostic framework that aims to parallel well-defined practices in process safety engineering and apply them to disaster recovery, considering cyber events that trigger a process loss event. Instead of focusing on data and technical recovery alone, commonly the scope of DR plans, the ICS/OT disaster recovery framework will view restoration considering process and control & automation system dependencies and location.
Saltanat Mashirova
Advanced Cyber Security Architect/Engineer, Honeywell
| |
15:30 | Closing remarks by the Chairman
Peter Frøkjær
Senior Security Architect, Vestas, & President, ISACA Denmark
|