The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region! This year’s conference will have THREE full days of content, and receptions and networking opportunities. You can register for the conference online to hold a spot.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Main Track [clear filter]
Tuesday, April 24

9:00am PDT

The ICS Cybersecurity Journey for Operator-Owners
With the increasing speed OT Owners & Operators are being confronted with the ICS cybersecurity phenomenon. Being ignorant is no longer an excuse as specific legislation are being developed to enforce responsibilities of OT cyber security on OT Owners & Operators. As a multiple-stage journey with different activities, OT Owners & Operators are presented with difficulties and dilemmas in decisions making; How to begin, What to do First, What to do Next.
This lecture aims to provide insight in:
  • What OT cybersecurity mean as an end-user
  • The dilemmas; Cost, Resources, Risks, Liabilities
  • The available choices and decision markers;

avatar for Jos Menting

Jos Menting

Chief Technologist, CyberSecurity, Engie Lab
Jos Menting graduated in Technical Physics and Industrial Automation at the Saxion University. After some excursions, Mr. Menting started working in I&C engineering for different types of thermal power plants. Both new build as brown field and optimization projects delivered a profound... Read More →

Tuesday April 24, 2018 9:00am - 9:45am PDT
Morr + Morrisson (Atrium Ballroom)

9:45am PDT

Understanding the Vulnerabilities and Risks to Your ICS Environment
Industrial Control Systems have traditionally operated in splendid isolation, achieving a
measure of security simply due to this isolation. In recent times, these formerly isolated
systems have become increasingly integrated into business systems, and even the Internet,
exposing them to increased yet unknown risk.

Most operators of ICS environments have little to no visibility into the assets resident within
their ICS environments - making it difficult to understand risk exposure of these critical

ICS operators are faced with a dilemma, and must understand the answer to this question:
In these times of IT/ICS convergence, how do I ensure my ICS environment remains secure
when I am unsure of what’s in my environment, what the vulnerabilities are within my
environment, and what’s connecting to it?
This session will demonstrate a case where IT/ICS convergence resulted in a compromise or
potential compromise. We will then expand on the risk of converged IT/ICS infrastructure,
and how these risks may be measured and understood.

avatar for Richard Bussiere

Richard Bussiere

Director, Product Management, Asia Pacific, Tenable
Mr. Dick Bussiere is Tenable Network Security’s Product Management Director for the Asia Pacific Region. In this multifaceted role, Mr. Bussiere is responsible for evangelizing the criticality of vulnerability assessment, vulnerability management, and comprehensive security monitoring... Read More →

Tuesday April 24, 2018 9:45am - 10:30am PDT
Morr + Morrisson (Atrium Ballroom)

10:45am PDT

Prioritizing Solutions: Balancing Protective, Detective and Corrective Controls in ICS Environments
Energy operators rely on an extensive network of business partners and suppliers to operate efficiently and safely. This network, while improving operations, can also contribute to increasing cyber security risks if best practices aren’t adopted and followed diligently.
The importance of resilience in a vendor’s supply chain is critical and should be evaluated near the same level as safety and integrity. Those operating industrial control environments should take a deeper look at security by reviewing key areas that can contribute to increased risk within the supply chain.

This presentation will address:
  • What previous compromises tell us about our future
  • The impact of regulations on supply chain security
  • The importance of a long-term partner when choosing security solutions
What shared responsibility looks like before, during and after commissioning
Looking beyond greenfield; shared responsibility with legacy devices
Expectations during a compromise
When and where the reduction of vendors equals a stronger security posture
How to effectively evaluate vendors, from both OT and IT perspectives

avatar for Will Nanse

Will Nanse

Field Services Engineer, Baker Hughes, a GE company
Will Nanse is a field services engineer for Baker Hughes, a GE company. With more than 15 years’ experience in field services and engineering, Will implements cyber security solutions based on real world security challenges that face critical infrastructure. His experience includes... Read More →

Tuesday April 24, 2018 10:45am - 11:30am PDT
Morr + Morrisson (Atrium Ballroom)

11:30am PDT

Preventing a Meltdown: Protecting Industrial Control Systems from Cyber Attacks
Summary: Industrial Control Systems (ICS) provide the backbone of our critical infrastructure and are increasingly under attack. These systems present unique security challenges connecting aging equipment that often predates modern security. This session will review today’s most serious ICS threats, and innovative approaches to protect critical applications at their core, rather than the perimeter.

Tuesday April 24, 2018 11:30am - 12:15pm PDT
Morr + Morrisson (Atrium Ballroom)

1:30pm PDT

Digitalization: New Challenges for Industrial Cybersecurity
Market research indicates that most industrial companies have implemented cybersecurity programs to protect their control systems and facilities, and that these efforts have significantly reduced the risks of cyber attacks on critical infrastructure. However, with the digitalization trend, which is fast gaining traction across industrial sectors, the cybersecurity challenges for organizations increasingly span the IT-OT-IIoT spectrum. This means more needs to be done to ensure adequate cybersecurity protection.  This ARC presentation will include a discussion of the new digital-era challenges, the gaps that need to be filled, and the steps that industrial end-users should take in order to stay protected.

avatar for Bob Gill

Bob Gill

General Manager, Southeast Asia, ARC Advisory Group

Tuesday April 24, 2018 1:30pm - 2:15pm PDT
Morr + Morrisson (Atrium Ballroom)

2:15pm PDT

The Insecurity of Cyber Security in ICS
This a sharing session on the understanding of data diode solution from a neutral perspective. 

avatar for Thomas Quek

Thomas Quek

REDCON Security Advisors

Tuesday April 24, 2018 2:15pm - 3:00pm PDT
Morr + Morrisson (Atrium Ballroom)

3:15pm PDT

A Paranoia a Day Keeps the Hacker Away
The speaker will walk the audience through the cyber kill chain process of how, in theory, an attempt to breach a typical manufacturing plant from the process of reconnaissance, weaponization, delivery, exploitation, installation, C&C can be achieved. With this theoretical attack, the process of defending each kill chain will be explained. In closing, apart from all the implemented defense method, the weakest link would still be the human element and how this can be addressed with touch of care and paranoia.

avatar for Harris Zane

Harris Zane

Industrial Cyber Security Manager, Belden
Harris Zane is Industrial Cyber Security Manager for Belden Industrial Solutions APAC.

Tuesday April 24, 2018 3:15pm - 4:00pm PDT
Morr + Morrisson (Atrium Ballroom)

4:00pm PDT

Threat Hunting system for ICS/SCADA
This presentation covers cyber threat intelligence information of APT Groups who are targeting ICS/SCADA environments. Louis Hur Young-il will explain how Open-source intelligence (OSINT) can be used to gather the threat intelligence.

avatar for Louis Hur Young-il

Louis Hur Young-il

President and Chief Executive Officer, NSHC Corporation
Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four peoples in 2003 while st... Read More →

Tuesday April 24, 2018 4:00pm - 4:45pm PDT
Morr + Morrisson (Atrium Ballroom)

4:45pm PDT

How Secure is your Electronic Security System?
The transition of traditional security system from Analog to Digital, opens up a new paradox i.e. improved quality and ease of convergence vs increased attack vectors. The presentation aims to break down the various new "weakness" of a Digital Security System and offer options and opinions on how to enhance or mitigate such vulnerabilities.

avatar for Joseph Lee

Joseph Lee

Director & Chief Engineer, Eliteun Technology Group
Joseph started his career in the telecommunications industry and for the past decade mainly in the Electronic Physical Security Industry. He was instrument in the design, deployment of small to large scale security system for Government Agencies, Enterprises, homes, offices, etc.An... Read More →

Tuesday April 24, 2018 4:45pm - 5:15pm PDT
Morr + Morrisson (Atrium Ballroom)
Wednesday, April 25

8:30am PDT

Welcome to the 2018 Singapore ICS Cyber Security Conference
Welcome address and conference introduction for SecurityWeek's 2018 ICS Cyber Security Conference.


Mike Lennon

Managing Director, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the cyber threat landscape, and enterprise, critical infrastructure, and national security space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages... Read More →
avatar for Thomas Quek

Thomas Quek

REDCON Security Advisors

Wednesday April 25, 2018 8:30am - 8:45am PDT
Stamford Ballroom

8:45am PDT

Towards a Cyber Resilient Industry
Industrial Control Systems (ICS) have become increasingly attractive targets for cyber-attacks, as successful attacks can have disastrous consequences in the physical world. Unlike attacks on traditional Information Technology (IT) systems, attacks on ICS can disrupt essential services and even result in loss in lives. In response to the new threat of cyber, ICS operators need to augment operational resiliency with cyber resiliency. Furthermore, when planning for cyber resilience, operators need to do it holistically and not limit the scope to just the crown jewels, the ICS. The speaker will also give a flavour on Singapore’s efforts in building a cyber-resilient nation.

avatar for Lim Thian Chin

Lim Thian Chin

Deputy Director, Head of CII Protection, Critical Information Infrastructure Division, Cyber Security Agency of Singapore (CSA)
Lim Thian Chin is currently the Head of Critical Information Infrastructure (CII) Protection at the Cyber Security Agency of Singapore (CSA). He leads a team that is responsible for building the cyber resiliency of the Nation’'s essential services across 11 CII sectors covering government, utilities, transport and services.  His team works closely with sectoral regulators to strengthen the cyber resilience of CIIs, promotes confidence building measures and to deepen the public-private partnership between... Read More →

Wednesday April 25, 2018 8:45am - 9:15am PDT
Stamford Ballroom

9:15am PDT

Hacking Safety Controllers for Fun and Profit
Safety Controllers (Safety Instrumented Systems) have always been considered immune to attacks as last barrier of plant safety, and claimed to be designed to ensure safe and reliable operation for Industrial Control Systems (ICS) and Supervisory Control and DataAcquisition (SCADA) environments. Unfortunately, the recent research and in-the-field experience indicate misplaced confidence (based on SIL) and overall weak security practices since these devices themselves form another attack surface for the determined adversaries.

This presentation discusses vulnerabilities found by Applied Risk research team across various state of the art safety controllers, which are commonly used in industrial environments. Advanced attack vectors will be discussed where attackers could exploit the discovered vulnerabilities to gain control over the device, including connected industrial assets.In addition to the discovered vulnerabilities, the process we followed during our research will be discussed.
Examples will be given for topics including: 
  • From research to exploitation (a la basecamp)
  • Manipulate the safety logic
  • Live Demo

avatar for Gjoko Krstic

Gjoko Krstic

Senior ICS/IIoT Security Researcher, Applied Risk
Gjoko is a Senior ICS/IIoT Security Researcher at Applied Risk in Amsterdam, The Netherlands. He has been active in the “security industry” for almost 14 years. He has experience in many fields in cybersecurity including: penetration testing, malware analysis, vulnerability and... Read More →

Wednesday April 25, 2018 9:15am - 10:00am PDT
Stamford Ballroom

10:00am PDT

Overcoming the "Evil Twins" Attack: Lessons Learned from Triton/TRISIS
Inside look at TRITON ICS Malware
Can you imagine what happens when the industrial safety controllers (SIS) at the one of the world’s largest oil company are being hacked? What if hackers could penetrate, take control and/or disable all nuclear plants and other critical infrastructure systems? Damage from the 2017 Triton attack could have reached epic proportions as the first malware of its kind to specifically target industrial safety controllers. Yet, as recent discoveries indicate, the world experienced the first-ever "evil twin" attack on both SIS and Industrial Control Systems (ICS) simultaneously. Learn what steps Schneider is taking to avoid escalation to grave consequences from these types of attacks.

Session Detail

If this was just a PLC then maybe we would not have been quite so enthralled.  In this case it was a triply redundant safety controller whose entire purpose is to protect people, equipment and the environment from disaster.  There is only one reason anyone would want to compromise such a device – to enable serious harm.  Yes, you could imagine that a plant shutdown would cause an economic outcome, but if that was the intent, this could have been accomplished with only a few lines of Python script and the elaborate manipulation of processor memory would have been a total waste of time.  No, the intent was much more than that.  It was a grave one.  
This session will discuss the issues and practical solutions to these three intriguing questions:
  1. What & Why do we need to know about the "Evil Twins" TRITON/TRISIS attack?
  2. Why do we need to change?
  3. Lessons Learned & Solutions

Session Objectives 
  • Bring clarity to the details of this attack
  • Highlight the way the much larger scope behind the Triton/Trisis Attack
  • Discuss how our industry should move forward from this state
There is much still to be said about the Triton attack and practitioners in our industry need to be fully aware of these details if they are to be effective in defending against this type of attack in the critical infrastructure.

avatar for Paul Forney

Paul Forney

Chief Security Architect, Schneider Electric
In supplement to being the Chief Security Architect at Schneider Electric Product Security Office, Mr. Forney is a founding board member of the ISA Security Compliance Institute (ISCI) which develops the conformance specifications to the ISA 99/IEC 62443 ICS cyber security standard... Read More →

Wednesday April 25, 2018 10:00am - 10:45am PDT
Stamford Ballroom

11:15am PDT

Incident Response in Industrial Control Systems - An End-User's Sharing
avatar for Koh Wan Ching

Koh Wan Ching

System Engineer, Shell

Wednesday April 25, 2018 11:15am - 12:00pm PDT
Stamford Ballroom

12:00pm PDT

Panel - Incident Response in the ICS Control Room
In late December 2016, at least 3 Ukrainian power utilities came under a sophisticated, multi-stage, cyber attack that brought down power transmission to at least 200,000 households for 6 hours. Shift operators on that fateful day were caught off guard as their control systems were hijacked and remotely controlled by the attackers. Due to the multi-stage attack, the operators were literally isolated from escalating the incident, and could only watched helplessly as the attackers opened the protective relays to each sub-station one at a time…ushering in the first ever power outages created by human hackers.

avatar for Jeffrey Cornelius

Jeffrey Cornelius

EVP, Industrial Control and Critical Infrastructure Solutions, Darktrace
Jeff Cornelius joined Darktrace in February of 2014 as Executive Vice President. His background with large Enterprise Software organizations over the past 18 years lends itself to the needs of an, innovative, market-defining organization. Jeff oversees the strategic direction and... Read More →
avatar for Paul Forney

Paul Forney

Chief Security Architect, Schneider Electric
In supplement to being the Chief Security Architect at Schneider Electric Product Security Office, Mr. Forney is a founding board member of the ISA Security Compliance Institute (ISCI) which develops the conformance specifications to the ISA 99/IEC 62443 ICS cyber security standard... Read More →
avatar for Ayman Al Issa

Ayman Al Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 24 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →
avatar for Dr John Lear

Dr John Lear

Principal, KAJE Cyber
Dr. John Lear has over 30 years’ experience in process plant and control systemdesign, operations, R&D and technology management. John co-developed theCHAZOP technique and has led over a hundred CHAZOPs, ranging from chemicalplant operation, through IT infrastructure to robot control... Read More →
avatar for Sujith Panikkar

Sujith Panikkar

Director of Consulting in Functional Safety and Safety Instrumented Systems, HIMA Safety Systems
avatar for Thomas Quek

Thomas Quek

REDCON Security Advisors

Wednesday April 25, 2018 12:00pm - 12:45pm PDT
Stamford Ballroom
Thursday, April 26

8:45am PDT

The Value of Applying Automation Engineering Mindset by the Industrial Cyber Security Experts
The speaker will share some highlights on his previous experiences on:
  • Applying automation engineering mindset in industrial cyber security in different energy sectors.
  • Adopting industrial cyber security designs that bring value to your organization.
  • Implementing innovative techniques to resolving cyber security concerns
  • Making industrial cyber security a value-driven approach

avatar for Ayman Al Issa

Ayman Al Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 24 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology... Read More →

Thursday April 26, 2018 8:45am - 9:30am PDT
Stamford Ballroom

9:30am PDT

Cybersecuring APR1400 Nuclear Power Reactors
Dr. Marlene Ladendorff will share insights on the cybersecurity initiatives under way to secure protect digital APR1400 nuclear power reactors in the United Arab Emirates. Ladendorff, who was responsible for building cybersecurity procedures, processes, and programs during the construction and start-up phases of the plants, will give an exclusive look inside the current program at Emirates Nuclear Energy Corporation.

APR1400 Digital Nuclear Reactor Cyber Security

As new builds of the APR1400 digital nuclear power reactors continue construction around the world, applying appropriate cyber security controls to protect them presents a new challenge for nuclear cyber security specialists.  Cyber attacks continue to grow more complex and are increasingly focusing on critical infrastructure equipment.  Additionally, the cyber security defense industry is seeing an upsurge in combined attacks that blend cyber and physical security, resulting in complex incidents that require new security techniques in order to mount an effective defense.  Further complicating the issue, nuclear cyber security may not have the same definition and requirements in different countries around the world.  An ideal situation would be to build cyber security in to the plants as they are being constructed rather than “bolting it on” at a later date. However cyber security is implemented, the goal remains the same: protection against cyber attacks for the plant, the community, and the environment.

avatar for Marlene Ladendorff

Marlene Ladendorff

Nuclear Cyber Security Consultant, Emirates Nuclear Energy Corporation
Marlene Ladendorff is a critical infrastructure cyber security professional specializing in industrial control system cyber security.  Marlene’s focus is electrical grid and nuclear cyber security.  She has implemented cyber programs at nuclear power plants in the United States... Read More →

Thursday April 26, 2018 9:30am - 10:15am PDT
Stamford Ballroom

10:45am PDT

Industrial Cybersecurity in Context of Industry 4.0.
This session covers key security essentials for embracing Industry 4.0:
  • Industry 4. 0 cyber security strategies for mitigating operational risks arising from connected smart factories and digital supply chains.
  • Maintaining trust in process, technology and organization.
  • Validating security, interoperability and reliability in operations   

avatar for Andreas Hauser

Andreas Hauser

Director Digital Service, TÜV SÜD Asia Pacific Pte. Ltd
Dr Hauser holds Engineering Degrees in Shipbuilding and Computer Engineering, and a PhD in Applied Mathematics. He started his career at Corporate Research of Siemens and joined the technical service provider TÜV SÜD in Singapore to build up new businesses.He is now leading the... Read More →

Thursday April 26, 2018 10:45am - 11:30am PDT
Stamford Ballroom

11:30am PDT

ICS Operational Technology Protection With Machine Learning
Most important for an ICS is to secure operational technology (OT). OT-failure can be caused by many reasons: equipment failure, cyber-attack or even physical attack. In modern connected world having just ESD (emergency shutdown system) and control-logic rules are simply not enough. These means can be compared to signature-based protection in cyber world, where also other advanced technics like heuristics, whitelisting and ML are used. ICS environment can rapidly change and personnel has no possibility to change rules so fast.

ML/DL technologies today are matured enough to deal with extreme amount of ICS telemetry. Different signals (sensors and actuators values) are correlated by physical laws and control logic. With ML, it is possible to learn these correlations under normal operational condition and establish something like white-listed behaviour. Any failure or attack that changes some signal will cause relevant changes in other signals. ML-model detects such situation as an anomaly.

In this presentation, we will show how this idea is implemented in the Machine Learning for Anomaly Detection (MLAD) system, and how it works with Secure Water Treatment (SWaT) realistic plant simulation that was made publicly available by Singapore University of Technology and Design (SUTD).  We will provide description of an important benefits of the MLAD – how it allows to find the cause of detected anomalous behavior, do that fast and effectively.

avatar for Andrey Lavrentyev

Andrey Lavrentyev

Head of Technology Research Department, Future Technologies, Kaspersky Lab
Andrey Lavrentyev is the Head of Technology Research Department, Future Technologies, Kaspersky Lab.  His current researches interests are connected with data-driven approach to the cyber-security of cyber-physical systems, machine learning, deep neural networks, spiking neural networks... Read More →

Thursday April 26, 2018 11:30am - 12:15pm PDT
Stamford Ballroom

4:45pm PDT

Closing Remarks and Open Mic Discussions
SecurityWeek's 2018 Singapore ICS Cyber Security Conference is winding down, but there is still time for some great discussions! Please join us for closing remarks and an open discussion where anyone can make comments, share insights, ask questions and engage in a lively discussion.

Thursday April 26, 2018 4:45pm - 5:15pm PDT
Stamford Ballroom