The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region! This year’s conference will have THREE full days of content, and receptions and networking opportunities. You can register for the conference online to hold a spot.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Breakout - Tech Track [clear filter]
Wednesday, April 25

2:00pm PDT

An Industrial Immune System: Using Machine Learning for Next Generation ICS Security (Sponsored Session)
As IT and Operational Technology (OT) environments continue to converge, managers of ICS have been faced with the challenge of protecting these crucial systems and data, in spite of inherent security weaknesses and the continual risk of insider threat. In many industrial processes, reliability of an ICS has a direct and immediate impact on the safety of human lives. Existing, legacy approaches have proven inadequate on their own, especially against insiders who, by definition, have authorized access. 
There is an urgent need for a new approach to combat the next generation of cyber-threats, across both OT and IT environments. While total prevention of compromise is untenable, utilizing automated self-learning technologies to detect and respond to emerging threats within a network is an achievable cyber security goal, irrespective of whether the suspicious behavior originated on the corporate network or ICS. 
Some of the world’s leading energy and manufacturing companies are using these technologies to detect early indicators of cyber-attacks or vulnerabilities across IT and OT environments, without reliance on pre-identified threat feeds, rules, or signatures. These technologies represent an innovative and fundamental step-change in automated cyber-defense. 
In this session, learn: 
  • How new machine learning and mathematics are automating advanced threat detection
  • Why 100% network visibility allows you to preempt emerging situations, in real time, across both IT and OT environments 
  • How smart prioritization and visualization of threats allows for better resource allocation and lower risk 
  • Real-world examples of detected OT threats, from non-malicious insiders to sophisticated cyber-attackers
Sponsored by: Darktrace

avatar for Jeffrey Cornelius

Jeffrey Cornelius

EVP, Industrial Control and Critical Infrastructure Solutions, Darktrace
Jeff Cornelius joined Darktrace in February of 2014 as Executive Vice President. His background with large Enterprise Software organizations over the past 18 years lends itself to the needs of an, innovative, market-defining organization. Jeff oversees the strategic direction and... Read More →

Wednesday April 25, 2018 2:00pm - 2:45pm PDT

2:00pm PDT

Safeguarding Industrial Control Networks (Sponsored Session)
Last December, cyber attackers launched a new malware variant called TRITON, specifically designed to target industrial safety systems. It was used against a critical infrastructure facility in the Middle East, causing an operational outage. While this malware was not the first to impact operational networks, it illustrates that ICS networks are now directly in the crosshairs of attackers.

In this session, we will discuss the emergence of ICS-specific malware, how it’s being used to infiltrate industrial environments, and what operators can do to defend their ICS networks and critical assets to prevent disruptions.

Sponsored by: Indegy

avatar for Mille Gandelsman

Mille Gandelsman

CTO and Co-Founder, Indegy
Mille Gandelsman is the CTO and Co-Founder of Indegy, an industrial cybersecurity startup that provides situational awareness and real-time security for industrial control networks. He leads Indegy’s technology research and product management activities. Prior to Indegy, Gandelsman... Read More →

Wednesday April 25, 2018 2:00pm - 2:45pm PDT

2:45pm PDT

Functional Safety and Cybersecurity
Functional Safety at Your Plant Requires IT Security

The cyber security threat has expanded from its origins in the home and office PC environment into Industrial Control Systems. At the end of 2017, the world's first successful hacker attack on a safety instrumented system (SIS) was discovered. Malware in a programming station (PC) modified older Triconex safety instrumented systems manufactured by Schneider Electric during ongoing operation. To do this, the programming station was manipulated in such a way that the usual programming function was used to exchange a user program fragment in the Triconex SIS. This modification put the SIS into a safe state. We suspect that the aim of the attack was more than to simply stop the SIS. Rather, it can be assumed that this was supposed to result in a crash. This malware is known as "TRISIS" or "TRITON" (hereafter referred to as "TRISIS").

In this presentation, Sujith Panikkar of HIMA will explain that by looking at a wider solution, through a combination of functional safety and IT security, businesses ensure their overall safety.

The presentation will address three core questions:
  • Can the “insecurity” of integrated control systems influence the functional safety of a plant?
  • What needs to be protected?
  • Can the principles developed for functional safety be applied to security?
With reference to the international standards IEC 61508 for functional safety, IEC 61511 for Safety instrumented Systems and IEC 62443 for cyber security the session will deliver a unique perspective and thinking on this very real, very modern threat.

avatar for Sujith Panikkar

Sujith Panikkar

Director of Consulting in Functional Safety and Safety Instrumented Systems, HIMA Safety Systems

Wednesday April 25, 2018 2:45pm - 3:30pm PDT
  Breakout - Tech Track
  • about Sujith Panikkar has a Master’s Degree in Safety, Health and Environment Technology from National University of Singapore, Bachelors in Applied Electronics & Instrumentation Engineering from the University of Kerala, India and is a Certified Functional Safety Expert from TÜV Rheinland, TÜV SÜD and CFSE Board, USA.He has over 27 years of experience in the field of Industrial Automation Systems & products for Oil & Gas, Petroleum Refining, and LNG, downstream petrochemicals industry projects including Distributed Control Systems, Foundation Fieldbus and Safety Instrumented Systems (for ESD / BMS / F&G applications) and Intrinsically Safe hazardous area interfaces.

3:45pm PDT

Building Blocks for DNP3 Fuzzing
DNP3 (Distributed Network Protocol) is a set of communications protocols used between components in process automation systems. It was developed for communications between various types of data acquisition and control equipment and plays a crucial role in SCADA systems.

In this technical session, Ying Kiat Pang,  Director of Network and Software Security at Beyond Security Asia, will address the following topics:
  •  Fuzzing and CRT
  • A Glimpse of ISASecure EDSA evaluation elements
  • beSTORM Fuzzing Framework
  • Crafting the attack language - A Snippet
  • Fuzzing DNP3 Layers

avatar for YK Pang

YK Pang

Director, Network and Software Security, Beyond Security Asia
YK Pang is the technical lead for software and network security testing tools at Beyond Security Asia. He started his career as a software programmer, financial systems, at one of the largest computer software house in South East Asia. He has over 25 years of IT work experience having... Read More →

Wednesday April 25, 2018 3:45pm - 4:30pm PDT
Thursday, April 26

12:15pm PDT

Integrating and Updating Security Solutions With Industrial Control Systems
Today with topics like Digitalization, Smart Cities and Clouds etc. the ideas we know about Industrial Control Systems are rapidly changing. With all the new functionalities and ease of access and monitoring operational data using a cell phone, the threat landscape is increasing. This result in extreme needs for cyber security additional solutions not only from OT Vendors themselves but also from external security vendors. Questions like hat are the challenges facing End Users when deciding integrating a security solution? Who needs to decide and based on what decisions needs to be taken? What should be considered after the integration? And other will be briefly answered during this session. The topics cover the difficulties faced by security solution provider and end users during Integration Phase and after operation during security patches update and based on what to get these update.

avatar for Abdulrahman M Al Safh

Abdulrahman M Al Safh

Cyber Security OT Consultant and Trainer
Abdulrahman Al Safh is Cyber Security OT Consultant and Trainer at SIEMENS Energy Management, Digital Grid, Saudi Arabia. Abdulrahman is Certified Cyber Security Representative by SIEMENS. He has 5 years of experience in Industrial Control System since 2007 and Energy Automation System... Read More →

Thursday April 26, 2018 12:15pm - 1:00pm PDT
Stamford Ballroom

2:15pm PDT

Practical Cybersecurity Assessment of Smart Grids
This presentation will summarize the experience gained during cybersecurity assessments of various IT components of  electrical grids.

Modern Smart Grid implementations contain large numbers of system-wide and specific vulnerabilities both in individual components and in overall ICS systems and networks. Identifying and using these vulnerabilities requires an average level of expertise and a modest level of funds. The implications of such attacks may vary from local fraud to negative physical impact on power substation components to large-scale network accidents.

This research presents the findings of several SCADA StrangeLove projects aimed at assessing the security of different elements of electrical grid such as network communications, relay protection, SCADA, application software, small-scale power generation systems. Details of technical vulnerabilities and related cyber-physical attack scenarios will be discussed.

avatar for Sergei Gordeychik

Sergei Gordeychik

Deputy CTO, DarkMatter
Sergey Gordeychik is  Product Director for Cyber Defence at DarkMatter. Before moving to DarkMatter, Sergey gained a wealth of practical experience in the cybersecurity industry. In particular, being Deputy CTO at Kaspersky Lab he was responsible for establishing the vision and leading... Read More →

Thursday April 26, 2018 2:15pm - 3:00pm PDT

3:00pm PDT

An In-depth Understanding of IEC 62443 Standards for the IACS Environment
avatar for Suhas Laxman

Suhas Laxman

Suhas has more than 13 years of experience in Robotics and Automation field and currently responsible for advanced manufacturing (Industry 4.0) strategy in TUV SUD Digital service. He is instrumental in developing Singapore Smart Industry Readiness Index.He is also security working... Read More →

Thursday April 26, 2018 3:00pm - 3:45pm PDT

4:00pm PDT

Last Line of Defense Against NotPetya on Unpatched ICS Windows Systems
This is a live demonstration for the “Last Line of Defense” countermeasures, meant for IACS environments that simply cannot patch their Windows Systems. The purpose of these “Last Line of Defense” countermeasures is to help minimise of the destructive nature of the malware for IACS operators until the long-term countermeasures can be achieved.

avatar for Thomas Quek

Thomas Quek

REDCON Security Advisors

Thursday April 26, 2018 4:00pm - 4:45pm PDT