SINET DOE IT & OT Collaboration Workshop

Thursday, December 10, 2020 1:00pm-5:00pm ET
#SINET

This conference is designed to engage stakeholders, provide education and bridge the divide and create a culture of “one” between the IT & OT entities. Our intentions are to share best practices, security training, map a strategy and structure towards the development of a more cohesive and collaborative convergence of people, processes and tools within the IT & OT ecosystem. Enhanced communication and collaboration will improve our security, reliability, operational resilience and risk postures.

Work towards a collaborative culture supported by senior industry and government executives. The workshop will provide education, training and thought leadership development to smaller, mid and large size utility and energy companies through threat briefings, share best practices and lessons learned through presentations from the Section 9 companies’ most experienced CEO, CISO, CIOs, CTOs.

Steering Committee
Sean Plankey, Former Principle Deputy Assistant, Cybersecurity, Energy, Security & Emergency Response, Dept. of Energy
Rob Pate, Senior Cybersecurity Strategist, Department of Energy
Tom Wilson, VP & CISO, Southern
Dennis Gilbert, VP & CISO, Duke
Keith Herndon, VP & CISO, Baker Hughes
Kurt John, CSO, Siemens Energy
Ed Goetz, CSO, Chemours
Simon Hodgkinson, CISO, BP
Robert Rodriguez, Chairman, SINET

Agenda Themes

  1. Keynote: The Honorable Mark Wesley Menezes, Deputy Secretary of Energy on his efforts to lead The White House Executive Order on Securing the United States Bulk-Power System.
  2. DOE’s objectives in leading and building a Collaborative OT & IT culture through a series of Public Private Partnership models.

Invited Audience
Government and Private Industry IT & OT Security Executives from the ecosystem of Suppliers, Operators, Contractors, Renewable Energy, Utilities, Nuclear, Transmission & Distribution.

Current Situation
For many years the IT & OT have been working in isolation with numerous attempts to integrate people, processes and tools within their respective environments. This lack of collaboration affects the national and economic security of our nation as well as our critical infrastructures and also applies to other industries that use and manage OT.

Opportunity
Work towards a collaborative culture supported by senior industry and Government executives. The workshop will provide education, training and thought leadership development to smaller, mid and large size utility and energy companies through threat briefings, opportunities to apply for security clearances, share best practices and lessons learned through presentations from the Section 9 companies most experienced CEO, CISO, CIOs, CTOs.

Objectives
This workshop is designed to engage stakeholders, provide education and bridge the divide and create a culture of “one” between the IT & OT entities. Our intentions are to share best practices, security training, map a strategy and structure towards the development of a more cohesive and collaborative convergence of people, processes and tools within the IT & OT ecosystem. Enhanced communication and collaboration will improve our security, reliability, operational resilience and risk postures.

Agenda

1:00pm – 1:20pm
General Session – Welcome Remarks
Introduction by Emcee Rick Geritz, Chief Executive Officer, LifeJourney
Opening Remarks by Robert Rodriguez, Chairman & Founder, SINET
Introduction of the Deputy Secretary by Sean Plankey, Former Principal Deputy Assistant Secretary for Cybersecurity, Energy Security, and Emergency Response, U.S. Department of Energy (DOE)

1:20pm – 1:40pm
Keynote Address
US Department of Energy Deputy Secretary Mark Wesley Menezes

Breakouts A & B

Breakout A
1:40pm – 2:25pm
OT Attack Case Studies

Moderator
Ed Goetz, Chief Security Officer, Chemours

Panelist
Tim Roxey, President, Eclectic Technology & Former Chief Security Officer and Senior Director ES-ISAC, NERC

Breakout B
1:40pm – 2:25pm
Applying Robust Measurements and Metrics to Appropriately Evaluate Your Risk Posture
Abstract The purpose of this panel is to have an open discussion on the challenges and achievements in protecting OT environments:
-How are you measuring risk in your Operational Technology/ICS environments
-How is risk communicated to Senior Management and the Board
-Building a robust cyber security response organization
-Preparing for a cyber security attack-efforts on Table-Top Exercises or Simulations

Moderator
Keith Herndon, Chief Information Security Officer, Baker Hughes

Panelists
Tony Souza
, Director, Cyber Architecture, IT/OT Integration, TVM at Duke Energy Corporation
David Boynton, Director, Information Security and Compliance, Arizona Public Service
Kenneth Carnes, Director TVA Cybersecurity, Tennessee Valley Authority

Breakout A
2:25pm – 3:10pm
How Do We Know If It Is A Cyber Attack or Common Event?
Abstract
 What do the Business and IT/OT Security leaders use as a checklist in order to evaluate whether an event/alert is an unanticipated technical glitch or an actual attack? When and how do they respond? When and what do they say to their state commissioners and federal regulators? This panel will explore the complexities and ambiguities of a potential OT cyber event, as compared to an incident in the IT environment.

Moderator
Dennis Gilbert, Vice President & Chief Information Security Officer, Duke Energy

Panelists
Jonathan Pollet, Founder & Executive Director, Red Tiger Security
Zachary Tudor, Associate Laboratory Director, Idaho National Laboratory

Breakout B
2:25pm – 3:10pm
Building Robust Intelligence, Security Operations Centers, and Response Capabilities to Prepare for the Unexpected
Abstract
 Obtaining indicators and threat intelligence as early as possible with regards to security threats, anomalies, and internal/external incidents is key to being able to identify, detect, prevent, and if needed, respond and recover from security threats. Integrating the operations and intelligence gathering across not only cyber and physical security but across both information and operational technology environments is paramount in helping to understand the overall strategic and tactical threat landscape facing the sector as well as helping to drive effective response.

Moderator
Jonathan Bransky, Senior Enterprise Security Advisor, Dominion Energy

Panelists
Rob Gurzeev
, Chief Executive Officer & Co-Founder, CyCognito
Brian Barrios, Executive Director, Threat Management and Intelligence Southern Company
Chris Leigh, Chief Information Security Officer, Eversource Energy
Mikhail Falkovich, Director of IT, Con Edison
Matt Anglin, Chief Information Security Officer, NYISO

Breakout A
3:10pm – 3:55pm
Managing Unintentional and Malicious Risk: Building an Insider Threat Program

Speaker
Tom Wilson, Vice President & Chief Information Security Officer, Southern Company Services, Inc.

Breakout B
3:10pm – 3:55pm
IT/OT Challenges, Convergence and Harmonization
Abstract Change management towards increasing awareness, education and buy in towards greater collaboration and communication.

Moderator
Kurt John, Chief Cybersecurity Officer, Siemens USA

Panelists
Tabice Ward, Director/Chief Information Security Officer, DTE Energy
Val Mukherjee, Managing Director, Americas Critical Infrastructure – Oil & Gas Security Leader, EY
Juan Torres, Associate Laboratory Director, Energy Systems Integration, National Renewable Energy Laboratory

3:55pm – 4:40pm
Cyber Grand Game
Abstract The linkage of cybersecurity risk to operational technology (OT) and the rising geopolitical risk from energy networks dependence on this poorly secured OT poses significant public-private coordination challenges. The cybersecurity of equipment used to extract, refine, process, ship, and consume fossil fuels impacts the ability for these systems to operate and communicate on a daily basis. Small or accidental disruptions may be amplified if the security of these systems remains inadequate. Large attacks or purposeful manipulation in the bulk power supply chain could start at an innocuous edge, a single vessel in the Persian Gulf, but quickly impact domestic production and energy consumption. One example of Cyber Grand Game would be to investigate and discuss how maritime actions items like port facilities and trans-shipment hubs, critical navigation and traffic management networks, and the global supply chain for maritime logistics, control, and operations systems – is a critical source of geopolitical and technical risk. The panel will help elevate the awareness and cyber effects that are possible when our adversaries are playing the “Cyber Grand Game”.

Panelists
Sean Plankey, Former Principal Deputy Assistant Secretary for Cybersecurity, Energy Security, and Emergency Response, U.S. Department of Energy
Rob Mauck, Chief Technology Officer, GRIMM
Paul Kolbe, Director of the Intelligence Project at the Belfer Center, Harvard
Rob Strayer, Executive Vice President, Policy at Information Technology Industry Council (ITI)
Rob Knake, Senior Fellow, Council on Foreign Relations
Marty Edwards, VP of Operational Technology, Tenable


4:40pm
Closing Remarks
Robert Rodriguez, Chairman & Founder, SINET

Speakers

Moderator
Rodriguez, Robert_153

Robert Rodriguez
Chairman & Founder, SINET

Panelist
Mark-Menezes-Energy-240x300 new

Mark Wesley Menezes
Deputy Secretary of Energy
United States Department of Energy

Panelist
PDAS Plankey DOE Headshot_Smaller

Sean Plankey
Former Principal Deputy Assistant Secretary for Cybersecurity, Energy Security, and Emergency Response, U.S. Department of Energy (DOE)

Panelist
goetz-ed

Ed Goetz
Chief Security Officer
Chemours

Panelist
Keith Herndon

Keith Herndon
Chief Information Security Officer,
Baker Hughes

Panelist
Tony Souza

Tony Souza
Director, Cyber Architecture, IT/OT Integration, TVM
Duke Energy Corporation

Panelist
Gilbert, Dennis

Dennis Gilbert
Vice President & Chief Information Security Officer
Duke Energy

Panelist
Headshot_JonathanBransky web

Jonathan Bransky
Senior Enterprise Security Advisor
Dominion Energy

Panelist
Wilson_Thomas_(Tom)_WCK_5683_5x7 new

Tom Wilson
Vice President & Chief Information Security Officer
Southern Company Services, Inc

Panelist
John, Kurt Photo

Kurt John
Chief Cybersecurity Officer
Siemens USA

Panelist
Tim Roxey

Tim Roxey
President, Eclectic Technology & Former Chief Security Officer and Senior Director ES-ISAC
NERC

Panelist
David Boynton

David Boynton
Director, Information Security and Compliance
Arizona Public Service

Panelist
Rob Gurzeev

Rob Gurzeev
Chief Executive Officer & Co-Founder
CyCognito

Panelist
Tabice_Ward_Headshot

Tabice Ward
Director/Chief Information Security Officer
DTE Energy

Panelist
Barrios, Brian Photo

Brian Barrios
Executive Director, Threat Management and Intelligence
Southern Company

Panelist
Chris Leigh

Chris Leigh
Chief Information Security Officer
Eversource Energy

Panelist
Pollet, Jonathan

Jonathan Pollet
Founder & Executive Director
Red Tiger Security

Panelist
Mukherjee, Val

Val Mukherjee
Managing Director, Americas Critical Infrastructure – Oil & Gas Security Leader EY

Panelist
Falkovich, Mikhail

Mikhail Falkovich
Director of IT
Con Edison

Panelist
Mauck, Robert

Rob Mauck
Chief Technology Officer
GRIMM

Panelist
Paul Kolbe Square

Paul Kolbe
Director of the Intelligence Project at the Belfer Center
Harvard

Panelist
Strayer, Robert

Rob Strayer
Executive Vice President, Policy
Information Technology Industry Council (ITI)

Panelist
Knake, Rob

Rob Knake
Senior Fellow
Council on Foreign Relations

Panelist
Carnes, Kenneth

Kenneth Carnes
Director TVA Cybersecurity
Tennessee Valley Authority

Panelist
Zachary Tudor

Zachary Tudor
Associate Laboratory Director
Idaho National Laboratory

Panelist
Juan Torres

Juan Torres
Associate Laboratory Director, Energy Systems Integration
National Renewable Energy Laboratory

Panelist
Anglin, Matt

Matt Anglin
Chief Information Security Officer
NYISO

Panelist
Edwards, Marty

Marty Edwards
VP of Operational Technology
Tenable

Platinum Sponsors

Gold Sponsors