Home
overview

Many major oil and gas companies are suffering increased amounts of cyber-attacks motivated by commercial and criminal intent. These attacks are posing a great risk to machinery, which can cost lives, stop production and cause environmental damage - a significant threat to oil and gas production companies worldwide. The risk of a cyber attack is growing and a challenge companies will continue to face, leaving them vulnerable if inadequately protected.

 

SMi's 2nd annual Oil and Gas Cyber Security conference will discuss the steps large companies are currently taking to reduce the risk of cyber attacks, lessons learnt from previous incidents and best practice for the future.

Further more you will not want to miss our incredibly successful, flagship European Smart Grid Cyber and SCADA security conference in London in March 2013, already booking. http://www.smartgridcybersecurity.co.uk  Please call Jamison Nesbitt at +44 (0)20 7827 6164 or jnesbitt@smi-online.co.uk

 

The rapid evolution of technology has had many positive effects for oil and gas industrial processes, improving delivery and speeding up efficiency. It has also opened the door to a whole new level of threat from those who wish the industry harm.
It is against this backdrop that cyber attacks are evolving in both frequency and effectiveness. Just in the last few months, it has been discovered that gas pipelines in the USA have been subjected to an ongoing coordinated cyber attack by unknown hackers. Utilities and entities in the Middle East and beyond are potentially just as vulnerable to these exploits and, if they were crippled by a sustained, co-ordinated cyber attack then the consequences for the region could be devastating, resulting in disrupted production, potential environmental damage and loss of life. 

 Testimonials from our successful 2011 event

'Good speakers and good content' - Aupec Ltd

 'Very interesting' - Dong Energy

 

Discuss how cyber threats are increasing in there frequency and ferocity
Learn how meticulously these attacks are planned
Understand the behavioural aspects, the determination and stamina shown by modern hackers and how there are more co-ordinated attacks
• Examine how to flight back against Advanced Presidents Threats
Develop ideas to decrease risks to ensure a safe future
Network with Oil and Gas companies who have experienced and successfully dealt with cyber espionage.

SMi's Oil and Gas Cyber Security Conference will build on the success of the last year’s conference, bringing together key industry leaders and experts from across the globe, last year’s event included senior representatives from the following companies:


• Shell International Petroleum
• Chevron
• National Oilwell Varco
• Tullow Oil
• McAfee international limited
• Waterfall Solutions Ltd
• Dolphin Energy
• EDF Energy
• Price Waterhouse Coopers
• Saudi Aramco
• BP Exploration & Production
• Dong Energy
• Petra Energia S.A.



 

This event is unmissable for professionals in job roles such as:

  • Chief Executive Officer
  • Chief Information Officer
  • EMEA Lead, Risk and Compliance Solutions
  • Global Data Steward & Technologist
  • Group IT Manager
  • Group Security Adviser
  • ICT infrastructure specialist
  • ICT Manager
  • Information & Cyber Security Consultant
  • IS Risk and Security Manager
  • Network Management Solutions
  • Technical Director

 

Prevous attendees

Armstrong Nildesperandum Tv; Avoncore Teleconnect Pvt Ltd; Boehringer Ingelheim; Cadila Pharmaceuticals; D E S M I; Department Of Foreign Affairs And International Trade; Department of Hepatobiliary Surgery; Dr. ReddyÆs Laboratories; G R S; G R S - Braunshweig; Geneva International Centre For Humanitarian Demining; Groundwater Imaging; Honeywell; Lloyds Banking Group; Masaryk university; MDL Informations Systems, Inc.; Moog Space And Defense Group; MRC Cancer Cell Unit; Oak Ridge-Huntsville Partnership Office; Optiver; Orion New Zealand; OVS Group ; Pearson Peacekeeping Centre; Quantum Research International; R S Enterprises; Radiance Technologies Inc; Radiation And Nuclear Safety Authority (S T U K); Red R Uk; Royal Thai Police; S 3 (System Studies & Simulation); S P Associates; Safoco Incorporated; Seabury Aviation & Aerospace; Space Science Solutions; Trade Canada;

Conference programme

8:30 Registration & Coffee

9:00 Chairman's Opening Remarks

David Alexander

David Alexander , Head of Vulnerability Research, Regency IT Consulting

9:10 Information Protection in Oil & Gas – Myths and reality

Serdar Cabuk

Serdar Cabuk, Managing Consultant, Deloitte

• Understanding the threat horizon for Oil & Gas
• What is at risk? Prevention and mitigation for the future
• Effective response to information leakage incidents
• Common IP pitfalls and applying the key lessons learnt

9:50 Information flows have a context

Oskar Wols

Oskar Wols, Solution Architect, Shell

• Introduction
• Key elements to have business in control
• Problem statement
• Constant factors
• What do we need
• Data flows – rules/criteria
• Examples and what next?

10:30 Morning Coffee

11:00 Stronger than Firewalls: A Novel Approach for Mitigating Cyber Threats and Risks Targeted at Oil & Gas Facilities

Colin Blou

Colin Blou, Vice President, Sales, North America and Europe , Waterfall Security Solutions

• IT Security Best Practices  - Myth vs. Reality
• Emerging Industrial Security Best Practices – modern approach in meeting  SCADA cyber threats
• Regulatory Industrial Security measures review – NERC-CIP CAN-24, The Unidirectional Gateway requirements
• Industrial cyber security reference architecture for SCADA applications
• Common Unidirectional Gateway deployment scenarios in industrial/utility facilities
 

11:40 Human Factors in Oil & Gas Cyber Security

  • Major human factor considerations in securing Oil & Gas assets
  • Situational awareness - Understanding and assessing vulnerability
  • Security incident handling and decision making
  • Recover from a disaster; safely, securely and efficiently
  • Olav Mo

    Olav Mo, Oil & Gas Cyber Security Manager, ABB Limited

    Iain Brownlie

    Iain Brownlie, Senior Consultant, CISSP, ABB Limited

    12:20 Networking Lunch

    14:00 Cyber Security assessment testing challenge

    Marc   Meulensteen

    Marc Meulensteen, Business Development Manager, Spirent Communications Plc

    14:40 Tsunami! Will you keep watching the wave?

    Samuel Linares

    Samuel Linares, Cyber Security Services Director, Intermark

    • Description of the current socio-economic situation and the impact of the Critical Infrastructures Protection and Industrial Control Systems Security (or its absence) in our life (personal and professional), in our organizations and in our countries.
    • Linking Critical Infrastructures Protection and Industrial Control Systems Security: Understanding the risk. Analysis of the link between the industrial and corporate environments and its impact in key organizations for the survival of a country
    • Current situation of the ICS Security. Study and analysis of the convergence between industrial and corporate systems (or traditional IT), the impact, threat evolution, etc. Analysis of the security in industrial systems.
    • Organizational and Management Aspects: IT Manager vs. CSO/CISO vs. Plant Manager vs. Manufacturing Manager. Human aspects of industrial environments security and critical infrastructures protection.
    • Key facts (earthquakes) in our environment: Stuxnet, Duqu, Project Basecamp, CIP regulation, Smart Grid, Cyber Security Reports, Horizon 2020, ISA 99, Flame…
    • Today’s ICS Security Landscape in depth analysis: Tsunami is arriving…

    15:10 Panel Discussion — Evaluating counter measures of cyber attacks

     

     

    • The use of effective PR
    • An active response
    • The legal framework 

     

     

    Tim Holman

    Tim Holman, UK President, ISSA (Information Systems Security Association)

    Samuel Linares

    Samuel Linares, Cyber Security Services Director, Intermark

    Stephen Daniels

    Stephen Daniels, Cyber Security Consultant, Independent Consultant

    15:40 Afternoon Tea

    16:10 Situational Awareness - Understanding the Threat Architecture

    Tom Fairfax

    Tom Fairfax, Director & Head of Advisory Services, SRM - Solutions

    • What is “threat” and who might be involved?
    • What Roles might different people be taking?
    • What does this mean for us?
    • What should we be looking for?

    16:40 Challenges of Ensuring a Secure Infrastructure

    Shawn Henry

    Shawn Henry, President, CrowdStrike Services & Former Executive Assistant Director, FBI,

    •     Responding to APT
    •     Developing cultures of awareness
    •     Understanding the environment (behavioural situational awareness)
    •     Managing information sharing
    •     Counter measures
     

    17:10 Systematic Risk Management and Insider Threats

    Christian Probst

    Christian Probst, Language-based Technology, Technical University of Denmark

  •  SCADA and Cyber-Physical Systems
  •  Systematic risk management in an industrial setting
  •  Identifying and mitigating insider threats
  • 17:40 Chairman’s Closing Remarks and Close of Day One

    David Alexander

    David Alexander , Head of Vulnerability Research, Regency IT Consulting

    8:30 Registration & Coffee

    9:00 Chairman's Opening Remarks

    David Alexander

    David Alexander , Head of Vulnerability Research, Regency IT Consulting

    9:10 Security; a new paradigm?

    Phil Jones

    Phil Jones, Information Security & Business Continuity, GDF SUEZ E&P UK Ltd

  • Foundations for discussions
  • How traditional security silos can  respond to the emerging threat landscape
  • 9:40 Are the Cyber risks seen in the past few years hype or reality?

    Simon  O'Gorman

    Simon O'Gorman, Head of Cyber Services Sales, Finmeccanica

    • The false myth: SCADA network are not open to public networks.
    • What needs to be dealt with at C level
    • Why is security often mistaken for safety
    • The "air gap" myth
    • Vulnerability Assessments vs 0 days
    • Penetration testing vs CIRT
    • Real security vs Policy and Awareness and why they must match
    • The ability to monitor and track behavioural statistics on the network
     

    10:20 Morning Coffee

    10:50 Welcome to the Age of Weaponized Malware

    Nick Squire

    Nick Squire, VP of Sales UK & EMEA, Lumension Security Ltd.

  • Numerous countries have now empowered their government agencies to carry out state-sponsored malware attacks.
  • How exactly did we get to this point and what are the factors and threats that you need to be aware of?
  • What are key risk vectors most commonly exploited by recent state sponsored attacks like Stuxnet and Flame?
  • What are most important pragmatic steps that every organization can take to reduce their risk without negatively impacting their productivity?
  • 11:30 Cyber Security Threats to critical National Infrastructure including SCADA and PLCs

    David Spinks

    David Spinks, Chairman , CSIRS

    • Insider threats
    • Advanced Persistent Threats  
    • Cyber Crime
     

    12:00 Panel Discussion – Risk Management Strategies

    • Evaluating the vulnerability of the industry to cyber attacks
    • What strategies are the most effective?
    • The roadmap – Policies and standards

    David Alexander

    David Alexander , Head of Vulnerability Research, Regency IT Consulting

    David Spinks

    David Spinks, Chairman , CSIRS

    Boldizsar Bencsath

    Boldizsar Bencsath, Assistant Professor, Laboratory of Cryptography and Systems Security

    Colin Blou

    Colin Blou, Vice President, Sales, North America and Europe , Waterfall Security Solutions

    12:30 Networking Lunch

    13:30 How to build a fully Automated Dynamic and Secure access control solution for offshore installations!

    Marius  Brekke

    Marius Brekke, Managing Director, IPnett As

    14:00 The challenges of Security Architectures for Industrial Control Systems

    David Alexander

    David Alexander , Head of Vulnerability Research, Regency IT Consulting

    • This presentation looks at the high-level technical issues in designing and implementing Security Architectures in Industrial Control Systems integrated into a corporate network.
     

    14:30 Holistic Defences against APTs

    Stephen Daniels

    Stephen Daniels, Cyber Security Consultant, Independent Consultant

    • Why the APT presents a significant challenge to Oil & Gas
    • Limitations and challenges of current defence offerings
    • Detecting them is fine but an effective response is better
    • It's time to collaborate, in the common interest, but to do so effectively
     

    15:00 The challenges and opportunities of the converging worlds of Information and Operations technologies

    Justin Lowe

    Justin Lowe, Managing Consultant, PA Consulting Group

    •  Why information and operation technologies are converging
    •  What are the challenges of this convergence
    •  What are the benefits of convergence
    •  The future role of the IT department in operations technology in energy companies

    15:30 Afternoon Tea

    16:00 Case Study: Enhancing network monitoring and situational awareness in critical infrastructure

    Damiano  Bolzoni

    Damiano Bolzoni, COO, Security Matters

  • Current approaches to network monitoring and situational awareness
  • Strengths and shortcomings of current approaches
  • Non-signature based approaches for improved monitoring and situational awareness
  • Discussion of 2 use cases
  • 16:30 Best practices in supply chain information risk management

    Adrian Davis

    Adrian Davis, Principal Research, Information Security Forum

  • Identifying and following information in a supply chain
  • Using maturity models to drive control selection, assessment and audit approaches
  • Integrating information risk into supply chain management processes
  • Aligning information risk to industry standards
  • 17:00 Lessons learnt after recent targeted attacks – how to protect against future attacks like Flame?

    Boldizsar Bencsath

    Boldizsar Bencsath, Assistant Professor, Laboratory of Cryptography and Systems Security

    • Insight into the investigations regarding Duqu and Flame
    • Targeted attacks on digital signature trust, cryptographic attacks, handling of incidents, collaboration with partners and information sharing.
    • Insight on why and how managing the kind of threat consumes more resources than the technical work
    • Countermeasure – company-tailored solutions into the network of the customer
     

    17:30 Chairman’s Closing Remarks and Close of Day Two

    David Alexander

    David Alexander , Head of Vulnerability Research, Regency IT Consulting

    +

    FEATURED SPEAKERS

    Oskar Wols

    Oskar Wols

    Solution Architect, Shell
    Phil Jones

    Phil Jones

    Information Security & Business Continuity, GDF SUEZ E&P UK Ltd
    Shawn Henry

    Shawn Henry

    President, CrowdStrike Services & Former Executive Assistant Director, FBI,

    Adrian Davis

    Principal Research, Information Security Forum
    Adrian Davis

    Boldizsar Bencsath

    Assistant Professor, Laboratory of Cryptography and Systems Security
    Boldizsar Bencsath

    Christian Probst

    Language-based Technology, Technical University of Denmark
    Christian Probst

    Colin Blou

    Vice President, Sales, North America and Europe , Waterfall Security Solutions
    Colin Blou

    Damiano Bolzoni

    COO, Security Matters
    Damiano  Bolzoni

    David Alexander

    Head of Vulnerability Research, Regency IT Consulting
    David Alexander

    David Spinks

    Chairman , CSIRS
    David Spinks

    Iain Brownlie

    Senior Consultant, CISSP, ABB Limited
    Iain Brownlie

    Justin Lowe

    Managing Consultant, PA Consulting Group
    Justin Lowe

    Marc Meulensteen

    Business Development Manager, Spirent Communications Plc
    Marc   Meulensteen

    Marius Brekke

    Managing Director, IPnett As
    Marius  Brekke

    Nick Squire

    VP of Sales UK & EMEA, Lumension Security Ltd.
    Nick Squire

    Olav Mo

    Oil & Gas Cyber Security Manager, ABB Limited
    Olav Mo

    Oskar Wols

    Solution Architect, Shell
    Oskar Wols

    Phil Jones

    Information Security & Business Continuity, GDF SUEZ E&P UK Ltd
    Phil Jones

    Samuel Linares

    Cyber Security Services Director, Intermark
    Samuel Linares

    Serdar Cabuk

    Managing Consultant, Deloitte
    Serdar Cabuk

    Shawn Henry

    President, CrowdStrike Services & Former Executive Assistant Director, FBI,
    Shawn Henry

    Simon O'Gorman

    Head of Cyber Services Sales, Finmeccanica
    Simon  O'Gorman

    Stephen Daniels

    Cyber Security Consultant, Independent Consultant
    Stephen Daniels

    Tim Holman

    UK President, ISSA (Information Systems Security Association)
    Tim Holman

    Tom Fairfax

    Director & Head of Advisory Services, SRM - Solutions
    Tom Fairfax

    Workshops

    Copthorne Tara Hotel

    Scarsdale Place
    Kensington
    London W8 5SR
    United Kingdom

    Copthorne Tara Hotel

    The Copthorne Tara Hotel London Kensington is an elegant contemporary four-star hotel in prestigious Kensington, located just a two minutes walk from High Street Kensington underground station, making exploring easy. The hotel offers well-appointed and comfortable guest rooms combining Standard, Superior and Club accommodation. Club rooms offer iconic views over the city and include Club Lounge access for complimentary breakfast and refreshments. Guests can sample the authentic Singaporean, Malaysian and Chinese cuisine at Bugis Street, traditional pub fare at the Brasserie Restaurant & Bar or relax with a delicious drink at West8 Cocktail Lounge & Bar.

    The Copthorne Tara Hotel boasts 745 square meters of flexible meeting space, consisting of the Shannon Suite and the Liffey Suite, ideal for hosting conferences, weddings and social events. Facilities include access to the business centre 24 hours a day, fully equipped fitness room, gift shop, theatre desk and Bureau de Change. With ample onsite parking outside the London congestion charge zone and excellent transport links via Heathrow Airport, the hotel is the perfect location for business or leisure stays. The hotel is within close proximity to the shops of High Street Kensington, Knightsbridge and Westfield London, Olympia Conference Centre, Royal Albert Hall, Kensington Palace and Hyde Park.

     

    HOTEL BOOKING FORM

    Title

    SubTitle
    speaker image

    Content


    Title


    Description

    Download


    WHAT IS CPD?

    CPD stands for Continuing Professional Development’. It is essentially a philosophy, which maintains that in order to be effective, learning should be organised and structured. The most common definition is:

    ‘A commitment to structured skills and knowledge enhancement for Personal or Professional competence’

    CPD is a common requirement of individual membership with professional bodies and Institutes. Increasingly, employers also expect their staff to undertake regular CPD activities.

    Undertaken over a period of time, CPD ensures that educational qualifications do not become obsolete, and allows for best practice and professional standards to be upheld.

    CPD can be undertaken through a variety of learning activities including instructor led training courses, seminars and conferences, e:learning modules or structured reading.

    CPD AND PROFESSIONAL INSTITUTES

    There are approximately 470 institutes in the UK across all industry sectors, with a collective membership of circa 4 million professionals, and they all expect their members to undertake CPD.

    For some institutes undertaking CPD is mandatory e.g. accountancy and law, and linked to a licence to practice, for others it’s obligatory. By ensuring that their members undertake CPD, the professional bodies seek to ensure that professional standards, legislative awareness and ethical practices are maintained.

    CPD Schemes often run over the period of a year and the institutes generally provide online tools for their members to record and reflect on their CPD activities.

    TYPICAL CPD SCHEMES AND RECORDING OF CPD (CPD points and hours)

    Professional bodies and Institutes CPD schemes are either structured as ‘Input’ or ‘Output’ based.

    ‘Input’ based schemes list a precise number of CPD hours that individuals must achieve within a given time period. These schemes can also use different ‘currencies’ such as points, merits, units or credits, where an individual must accumulate the number required. These currencies are usually based on time i.e. 1 CPD point = 1 hour of learning.

    ‘Output’ based schemes are learner centred. They require individuals to set learning goals that align to professional competencies, or personal development objectives. These schemes also list different ways to achieve the learning goals e.g. training courses, seminars or e:learning, which enables an individual to complete their CPD through their preferred mode of learning.

    The majority of Input and Output based schemes actively encourage individuals to seek appropriate CPD activities independently.

    As a formal provider of CPD certified activities, SMI Group can provide an indication of the learning benefit gained and the typical completion. However, it is ultimately the responsibility of the delegate to evaluate their learning, and record it correctly in line with their professional body’s or employers requirements.

    GLOBAL CPD

    Increasingly, international and emerging markets are ‘professionalising’ their workforces and looking to the UK to benchmark educational standards. The undertaking of CPD is now increasingly expected of any individual employed within today’s global marketplace.

    CPD Certificates

    We can provide a certificate for all our accredited events. To request a CPD certificate for a conference , workshop, master classes you have attended please email events@smi-online.co.uk

    Event Title

    Headline

    Text
    Read More

    I would like to speak at an event

    I would like to attend an event

    I would like to sponsor/exhibit at an event

    SIGN UP OR LOGIN

    Sign up
    Forgotten Password?

    Contact SMi GROUP LTD

    UK Office
    Opening Hours: 9.00 - 17.30 (local time)
    SMi Group Ltd, 1 Westminster Bridge Road, London, SE1 7XW, United Kingdom
    Tel: +44 (0) 20 7827 6000 Fax: +44 (0) 20 7827 6001
    Website: http://www.smi-online.co.uk Email: events@smi-online.co.uk
    Registered in England No: 3779287 VAT No: GB 976 2951 71




    Forgotten Password

    Please enter the email address you registered with. We will email you a new password.