Conference Programme

Conference Day One: Tuesday 29th November 2016

08:30
Registration and refreshments


09:00
Chairman's welcome address
Bas Kruimer, Senior Manager, Smart Grid Services - Accenture


09:15
Strategic Drivers Panel - assessing the emerging IoT landscape, its implications for smart utilities, and how cyber-resilience can be achieved
  • Defining IoT in the context of the smart utility and determining how it will impact future cyber-security policies and procedures
  • Creating a vision of resilience in terms of preparedness, risk management, security, protection, and crisis management
  • Identifying the factors driving large-scale investment in end-to-end cyber-security among the leading European smart utilities
  • Bridging the gap between IT and OT skill sets in an increasingly connected smart utility environment
Aurélio Blanquet, Director, Division of Automation and Telecommunications & Chair EE-ISAC - EDP Distribuição
Walter van Boven, Digital Grid Department Manager & Acting CIO - Alliander
Kimmo Juntunen, ICT Infrastructure Manager and CISO - Caruna


10:00
Ecosystem Collaboration - establishing a framework for the seamless interworking of all stakeholders of the power market to speed up the implementation of next generation cyber-security within the smart utility
  • Determining the drivers for setting up more formal collaboration of utilities with suppliers, system integrators, and other parties in the supply chain
  • Evaluating the benefits of sharing information in terms of incident data, technology requirements, standards developments, and regulatory guidance
  • Working effectively with the supplier community to translate evolving utility requirements into robust and cost-effective cyber-security solutions
  • Driving the end-to-end deployment of multi-vendor cyber-security solutions
Johan Rambi , Corporate Privacy & Security Advisor - Alliander


10:30
Emerging Threats - implementing a cyber-security strategy that guards against the increasingly organised and sophisticated nature of utility cyber-attackers
  • Reviewing lessons learnt from recent utility cyber-attacks such as the Ukraine attacks
  • Examining the changing mind-sets, tools, and tactics being used by organised cyber-attackers and how this translates into future threats
  • Determining how utility policies, procedures, and people must evolve to better guard against more organised attacks
  • Applying advanced monitoring techniques to continuously survey vulnerable sections of the grid
  • Developing a response and recovery plan that provides preparedness for sophisticated multi-layered attacks
Paul Smith, Senior Scientist - Austrian Institute of Technology


11:00
Morning refreshments and exhibits


11:30
TSO Cyber-Security - achieving end-to-end cyber-security in a complex transmission system environment
  • Identifying the key points of system vulnerability to prioritise investment in new cyber-security solutions in order to guard against modern attacks
  • Cost-effectively securing legacy infrastructure whilst maintaining functionality and maximising the value gained across the infrastructure's lifecycle
  • Defining an IT security architecture that leverages multi-layered Defence-in-Depth structures that combat known and unknown threats
  • Determining the potential of innovative bolt-on solutions that are on the market and in development
  • Proactively collaborating with partners such as DSOs and power generators to share incident data and gain a more comprehensive view of the grid, its vulnerabilities, and new opportunities for security enhancement
  • Leveraging evolving standards to ease the implementation of TSO specific security solutions
David Willacy, Global Head Digital Risk and External UK\EU Engagement - National Grid


12:00
DSO Cyber-Security - achieving end-to-end cyber-security in an increasingly automated and connected distribution system environment
  • Determining how DSO cyber-security requirements are intensifying with accelerated rates of distribution automation
  • Overcoming the challenges of effectively securing high volumes of equipment in the distribution grid
  • Managing the security of many more grid connections to LV and MV substations, smart meters, renewable energy sources, and EV charging points
  • Safeguarding customer data privacy while ensuring operational security is not compromised
  • Optimising the IT security architecture whilst taking into account the rapidly changing distribution system environment
Carlos Montes Portela, OT Security Officer - Enexis


12:30
Legacy SCADA Security - effectively upgrading legacy SCADA systems with bolt-on security solutions to ensure robust security against modern threats
  • Identifying the security pressures placed on legacy SCADA systems as interconnectivity increases
  • Striking the balance between enforcing adequate security whilst maintaining high levels of system functionality
  • Overcoming the challenges of securing legacy systems characterized by limited system resources
  • Comparing the pros and cons of proprietary and off-the-shelf security solutions for legacy SCADA systems in terms of system functionality, efficiency, and cost-effectiveness
  • Seamlessly integrating IT solutions in a traditionally OT-oriented environment
  • Determining the level of monitoring required for legacy SCADA systems and applying a cost-effective solution
Marcin Kowalczyk, Infrastructure Manager, - innogy
Michal Maciejewski, Utilities & Grid Solutions Manager - innogy


13:00
Lunch and exhibits


14:00
Advanced SCADA Security - optimising the security by design of new SCADA implementations to ensure a flexible and future-proofed SCADA environment
  • Determining the functional and design priorities for new SCADA systems based on the evolving grid and changing market dynamics
  • Defining the extent of SCADA interconnectivity required with other IT and OT systems such as EMS, OMS, GIS, and the security implications to consider
  • Designing with future loopholes in mind to ensure a flexible and easily upgradeable SCADA system
  • Effectively collaborating with vendors to ensure the optimal level of security by design, enabling a secure patching process, and working towards developing multi-vendor solutions
  • Interworking IT and OT teams in the implementation and maintenance of new SCADA systems
  • Monitoring systems can further enhance new SCADA systems
François Chevalier, Head of Control Centre and Telecommunication - Sibelga


14:30
Testing & Validation - establishing a framework for the effective testing and validation of critical infrastructure cyber-security
  • Determining how the threat landscape is shifting and the implications for testing and validation priorities and procedures
  • Establishing a robust methodology for assessing security levels for critical infrastructure and benchmarking vendor solutions
  • Identifying the cyber security maturity levels that are appropriate to the energy sector and determining how these will evolve over time
  • Building up the internal skills required to accurately judge validation results
Michael John, Director - ENCS


15:00
Protecting Your ICS/SCADA Assets with Cyber Shield - applying lessons learned from live projects to develop a complete cyber security solution for smart grids.
  • Insights from a utilities survey on industry preparedness for packet transition and rising cyber threats
  • Mapping vulnerabilities to internal and external attacks on SCADA and management traffic
  • IEC 27000 recommendations for ICS/SCADA cyber security
  • How to ensure the Operational Transport network remains reliable and protected at all times with Cyber Shield
Mickey Schmuel, Business Development Manager, RAD


15:30
Afternoon refreshments and exhibits


16:00
Integrated Substation Security - developing a combined cyber and physical security strategy to protect geographically dispersed substations
  • Defining the all-digital substation and identifying the new points of security vulnerability
  • Determining how physical and cyber security are complementary
  • Establishing an in-depth cyber-security process to supplement physical security measures
  • Forming a disaster recovery strategy that considers physical and cyber-security breaches in tandem
  • Effectively integrating IT and OT processes to ensure combined physical and cyber-security
  • Leveraging monitoring techniques to survey data traffic between the substation and control centre
Lhoussain Lhassani, Senior Specialist Asset Management - Stedin


16:30
AMI Security - defining the scale of potential cyber-attacks through the metering infrastructure and implementing measures to achieve comprehensive resilience
  • Ascertaining the range and scale of cyber-attacks possible through the smart meter and its implications for the wider power grid
  • Balancing smart meter functionality and security, and working effectively with vendors to ensure cost-effective security by design and regular updating
  • Establishing the potential for monitoring data concentrators to further bolster the security of the smart meter infrastructure
  • Evaluating emerging IoT based security solutions and effectively interworking them with established OT procedures
  • Ensuring that smart meter deployment pressures do not undermine the quality of the cyber-security measures and putting in place a programme of continuous updating to ensure future loopholes are effectively dealt with
  • Employing robust testing procedures to ensure the longevity of smart meter security solutions
Nuno Medeiros, ICT and Smart Grids Security Officer - EDP Distribuição


17:00
Roundtable Discussions - during this 90 minute session the audience splits into several smaller working groups, each focused on a specific theme arising from the day's presentations. This is the ideal opportunity to bring your specific cyber-security challenges to the table and brainstorm and problem solve solutions with the entire utility cyber-security ecosystem. At the end of the session each working group will feed back a summary of their discussions and recommendations to the wider audience.


18:30
Networking Evening Reception - take this opportunity to relax and unwind with colleagues from across the European cyber-security ecosystem. The perfect way to round of an intensive day of presentations and discussions.


21:00
End of conference day one




Conference Day Two: Wednesday 30th November 2016

08:30
Registration and refreshments


09:00
Chairman's welcome back
Bas Kruimer, Senior Manager, Smart Grid Services - Accenture



09:15
Regulatory Developments Panel - determining how European level regulation must evolve to better support smart utility cyber-security investments, priorities, and implementation plans
  • Understanding the current state of EU legislation, such as the NIS Directive, and its implications on the utilities
  • Translating EU cyber-security regulations into tangible guidance for utilities and their vendors
  • Leveraging appropriate elements of US regulations and translating them into effective European wide guidance
  • Developing a common set of standards for Europe that unite individual country regulations
  • Improving the clarity of regulatory guidance so it can be easily implemented and maintained
  • Providing concrete guidance on thorny issues such as customer data protection
  • Ensuring regulatory guidance does not conflict with utility business objectives
Aurélio Blanquet, Director, Division of Automation and Telecommunications & Chair EE-ISAC - EDP Distribuição
Michael John, Director - ENCS
Maurice Snoeren, Head of Section, Cyber-Security - DNV GL


10:00
Standards Developments - evaluating a range of standards being developed to support the cost-effective implementation of smart utility cyber-security
  • Updating on the latest developments with leading utility cyber-security standards: ISO 27000 family, IEEE, IEC 62443, IEC 62351
  • Evaluating the potential of US based standards such as NERC and NIST for European utilities
  • Determining the implications of establishing a diverse set of standards, as opposed to a common standard, from a security perspective
  • Facilitating the adoption of standards by vendors to support ease of system integration and pave the way towards multi-vendor solutions
  • Determining how regulatory bodies can better direct the take-up of standards whilst allowing room for flexibility

Bart de Wijs, Head of Cyber Security, Power Grids Division - ABB
Frederic Buchi, Consulting Cyber Security for Energy Automation Systems - Siemens


11:00
Risk Management - defining a comprehensive risk assessment strategy to effectively manage internal vulnerabilities and adjust to external threats
  • Integrating corporate objectives into the risk assessment process to ensure effective prioritising of actions and investments
  • Ensuring cooperation of IT and OT and the integration of their risk management strategies.
  • Examining how external market trends and changing hacker profiles are pressurising the risk management process
  • Determining how internal infrastructure developments and interconnectivity are rendering the risk environment more complex
  • Overcoming the challenges of investing in new technologies with ambiguous embedded security
  • Working around the inherent limitations of equipment which prevent straightforward and accurate vulnerability assessments
  • Prioritising which equipment should be secured based on the likelihood and scale of external threats and internal organisational objectives
  • Identifying techniques for validating the risk assessment such as attack simulations and external data sources
  • Reaching the optimal risk mitigation strategy without compromising functionality and operational efficiency
Maurice Snoeren, Head of Section, Cyber-Security - DNV GL


11:30
Morning refreshments and exhibits


12:00
Technology Innovation Panel - understanding how next generation cyber-security solutions are being developed to better meet smart utility requirements

During this session, key solution providers will present their latest thinking, product strategies, and innovation pipelines to promote security and resilience in the smart grid. Various solutions will be discussed handling encryption, detection, firewalls, and cloud computing. Each speaker will present for 15 minutes and there will be a 30 minutes for Q&A and panel debate.

Dr. Martin Gilje Jaatun, Senior Scientist - SINTEF
Adam Wolman, VP Sales EMEA & APAC - CyberX


13:00
Lunch and exhibits


14:00
IT & OT Integration - establishing a hierarchical security operations centre that seamlessly ties together IT & OT infrastructures
  • Understanding the drivers for implementing a hierarchical SOC
  • Overcoming the technical challenges of setting up a single SOC that collects events from IT and OT SOCs
  • Reviewing the results achieved and the ROI gained
Boaz Landsberger, Head of Cyber Security Department - - Israel Electric Corporation


14:30
EV Security - balancing privacy, security, and functionality in the integration of electric vehicles into the power system
  • Determining the key vulnerabilities of EV charging points and the potential impact of a security breach
  • Working with the limited system resources available in the charging points for improved security measures
  • Implementing open standard (OCPP) to create a common security profile and secure communication between charging points and deck offices
  • Defining a cost-effective patching procedure to keep charging points up to date
  • Evaluating the feasibility of monitoring charging points
  • Working with vendors to improve the security by design of future charging point technology
  • Protecting the privacy of drivers whilst preventing fraud and ensuring robust security
Harm van den Brink, IT Architect - ElaadNL & Enexis


15:00
Afternoon refreshments and exhibits


15:30
Anomaly-Based Intrusion Detection System - leveraging advanced detection and prevention techniques to more rapidly respond to new and unpredictable threats
  • Comparing the potential of self-learning anomaly-based monitoring systems with conventional certificate and rule-based monitoring
  • Defining how the ability to detect and adapt to new and unpredictable threats via pattern correlation and traffic behaviour will pave the way for new and innovative methods of securing the grid
  • Prioritising where in the grid self-learning monitoring systems should be integrated to gain maximum value and return on investment prior to larger-scale deployment
  • Refining the integration of self-learning monitoring systems into the broader security infrastructure and how it could complement existing layers of defence
  • Evaluating the potential scale of deployment and ascertaining the feasibility of end-to-end deployment
  • Effectively synchronising prevention mechanisms with detection and facilitating swift response capabilities
  • Benchmarking system on the market and in development vis-á-vis features, functionalities, robustness, scalability, and cost-efficiency
Henrik Kiertzner, Principal Business Solutions Manager - SAS


16:00
Post Quantum Security - understanding the potential of quantum computing as a tool for cyber-attackers. Determining the risks and counter-measures
  • Examining the feasibility of quantum computing and forecasting when it will likely reach the market
  • Determining how quantum computing can be leveraged to enact devastating attacks on critical infrastructures
  • Assessing the vulnerabilities of asymmetric / public key algorithms in a post-quantum environment as well as the challenges in transitioning towards quantum-safe cryptosystems
  • Ascertaining the state of symmetric / private key algorithms in a post-quantum environment and the opportunity costs in making them quantum-safe.
  • Evaluating the potential of post-quantum encryption and other security solutions to guard against quantum attacks
  • Predicting how quantum computing can be leveraged by smart utilities to bolster their cyber-security strategy
Andreas Huelsing, Post-Doctoral Researcher - TU Eindhoven for PQCrypto


16:30
Chairman's summary and close


16:45
End of conference