The 2022 ISA CSIC Conference will focus on the growing adoption of ISA/IEC Cyber Security Standards across various industries.
This program will identify the current themes and threat landscape unfolding in various industries including energy, manufacturing, building automation, and water handling. With this broader application comes increased alignment with safety concerns. These will be addressed through expert panels discussing the work-force development opportunities for cybersecurity education, end-user case studies will highlight real-world adoption of cybersecurity standards and best practice applications to streamline processes and reduce costs, while protecting people and property from increased cyber threats.
Captain Keith Donohue
Deputy Sector Commander, US Coast Guard Houston-Galveston
Jim Gilsinn
Technical Leader, Dragos
Organizations looking to utilize and/or build Industrial Internet of Things (IIoT) devices have to contend with numerous overlapping and interrelated standards and requirements from the information technology (IT), operational technology (OT), and industrial control system (ICS) environments. The Industry IoT Consortium (IoT) approached the International Society of Automation (ISA) to see how they could work together to understand these areas of overlap and relationship. The result is a mapping document that brings together the IIC’s IoT Security Maturity Model (SMM) and the ISA/IEC 62443 series for asset owners, product suppliers, and service providers.
Moderator: Scott Reynolds
Johns Manville
Jim Gilsinn
Dragos
Patrick O’Brien
Exida
Josh Carlson
Dragos
Greg Houser
Senior Cybersecurity Engineer, Exida
Nick Bartosh
Solutions Architect, Finite State
Sponsored by Finite State
Birol Dindorik
University of Houston
German Carmona
Global President of Applied Intelligence, Wood
Garrett Myler
Enclave Defense
Most know that threats and vulnerabilities are fundamental aspects of determining cyber risk. But some may be using an outdated "threat" model that conflates threats with attack tactics. For others, a lack of clarity between a threat source and a threat event may lead to a risk assessment that isn't appropriately tailored to their organization. Getting one variable wrong can corrupt your entire risk assessment. In this presentation, Garrett will use real-world mistakes to make sure you're not left dazed and confused about these aspects of a 63443 risk assessment
Rick Kaun
VP Solutions, Verve
Sponsored by Verve Industrial Protection
ISA/IEC 62443 has created a robust and effective ICS cybersecurity framework that provides a great roadmap for many organizations to establish a set of prioritized objectives. Verve’s been working with industrial control systems for 30 years and have been working with dozens of organizations over the past few years trying to adapt security to new guidelines such as 62443. One of the largest challenges we have seen and addressed is how to ensure you achieve and then maintain the targets. Over the past 15 years, we have helped dozens of clients efficiently, effectively, and safely achieve their SL-Ts as well as maintain them. We’ll describe some of these learnings and how you can practically improve and maintain your security levels.
Philippe Flichy
Fractional Chief Information Security Officer, Cykur
This presentation describes the steps taken by a company to deploy IoT devices to Oil & Gas fields. As the installation of the devices were to be conducted by third parties, the challenge was to make sure that a device would be properly identified and deployed where it was intended to be deployed and by the right installer. The reporting of the data had to clearly identify each IoT device paired with a specific tool on a specific pump. We will review how keys and geolocation was used to ensure the veracity of the data.
Bryan Singer
Industrial Cybersecurity Innovation Executive - OT Incident Response at Accenture
Overnight, 10 plants rapidly decelerated, and dozens more were shut down out of an abundance of caution. A threat actor is persistent in the environment and has deployed ransomware. Plants across multiple geographies are struggling to return to operations while simultaneously Incident Response (IR) teams work across both IT and OT to expel the threat actor and safely return to normal operations.
Recent public cyber events in OT show that companies often struggle
for many months to fully return to normal operations. These highly
public events create significant strain for companies as they deal with multiple priorities from dealing with regulatory obligations around data links to whether or not to pay ransoms, and returning safety to operations.
From real world examples of complex OT IR engagements and readiness exercises, this session will answer a basic question: How can we reduce these impacts through readiness and resilience? The goal? 6 months to 6 minutes...
We look forward to having you with us VIRTUALLY or IN-PERSON this October!