Home
overview

It has been stated that by 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred on by the ever growing cyber threat across the globe. It is against this backdrop that SMi are launching their 3rd annual Oil and Gas Cyber Security 2013 conference.

Drawing on two years of successful events in the cyber security sector, SMi’s 3rd Annual Oil and Gas Cyber Security conference aims to provide attendees with a information-packed agenda with representatives from across the industry and the globe. The two day event and post conference workshop aim to cover emerging threats and technological advancements, regional focuses from the Middle East to North America, investments and board level by ins and cyber security development and the issues hindering growth.

The event is the perfect platform for hearing about lessons learnt in the field from oil and gas operators. SMi’s 3rd annual Oil and Gas Cyber Security Conference is an opportunity for companies within the industry to talk to leading experts who are currently working against cyber threats. This will be a unique opportunity to hear about the advances within the industry and one that you cannot afford to miss.

Hear about recent advancements in the industry
Discover the latest technology used in the fight against cyber threats
Evaluate current methods for penetration testing
Learn about cyber security investment and board level by-ins
Develop ideas to improve SCADA systems
 

  • Chief Executive Officer
  • Chief Information Officer
  • EMEA Lead, Risk and Compliance Solutions
  • Global Data Steward & Technologist
  • Group IT Manager
  • Group Security Adviser
  • ICT infrastructure specialist
  • ICT Manager
  • Information & Cyber Security Consultant
  • IS Risk and Security Manager
  • Network Management Solutions
  • Technical Director

A B I Research; ABB Limited; Alliander; Argus Media; Bae Systems Detica; BG Group; Bp International Limited; Conocophillips; CPNI Centre for the Protection of National Infrastructure; CrowdStrike Services ; Cyber Security Challenge UK; Deloitte; DMW Infosec Ltd; Dolphin Energy; Essar Oil; Finmeccanica; Fox IT; FRAZER-NASH CONSULTANCY; Freshfields Bruckhaus Deringer; GDF Suez E&P ; GDF SUEZ E&P UK Ltd; GE Oil + Gas; HP Enterprise Services; Independent Consultant ; Information Security Forum; Intermark; IOActive Europe Ltd; IPnett; IPnett As; ISSA (Information Systems Security Association); IT Governance Ltd; KPMG LLP; Laboratory of Cryptography and Systems Security ; Lumension Security Ltd.; Macom Consulting; Nafta A S; National Oilwell Varco M D T O T O C; National Oilwell Varco Rig Solutions; Norman; OMV AG, CIO Office; PA Consulting Group; Petroleum Development Oman; Petroleum Develpment Oman LLC; Qinetiq; Regency IT Consulting ; Satellite Communication Services; Security Matters; Security Risk Management Ltd.; SELEX Elsag; Senetas Europe Limited; Shell Int Reserch Maatschappij Bv; Siemens / Roke Manor Research; Siemens Cobtrol Systems; Sonatrach / CVG; Spirent Communications Plc; Technical University of Denmark; Tullow Oil; ViaSat UK Ltd; Waterfall Security Solutions;

Conference programme

8:30 Registration & Coffee

9:00 Chairman's Opening Remarks

Edward Hamilton

Edward Hamilton, Head of Threat and Vulnerability Management, Price Waterhouse Coopers

9:10 From traditional Information security to an IS multilayer management Model - PDO IS Journey

Fathiya  Al Farsi

Fathiya Al Farsi, Head, IM&T Risk Management, Petroleum Development Oman

• PDO transformation  journey in managing information security
• Our evolution and education from using the traditional model of securing infrastructure to where we are today
• Adopting a three dimensions model, based on a Risk oriented  approach anchoring  on ISO 27001 standard to identify various types of threats  and vulnerabilities and manage them commensurate with PDO business imperatives
• Insights and learning’s from PDO iSecure campaign

9:50 Drivers for security initiatives

Sinclair  Koelemij

Sinclair Koelemij , Technical lead EMEA , Honeywell Process Solutions

How do different companies in the process industry approach security initiatives and what are the advantages of the different approaches? The presentation will discuss the four main security project drivers:

·         Technology as a security project driver

·         Compliance to a standard as a security project driver

·         Security audit / assessment as a security driver

·         Security risk management as a security driver

 

The advantages, disadvantages and differences of these four approaches will be talked about and the audience will be offered an overview of the various pitfalls to be wary of for the different methods. We will discuss the circle of assess, remediate, manage / monitor security and how this circle can be established.

In short, the presentation is about “I am aware we need to improve our cyber security, but what are my options, what are my objectives, what is necessary to make progress building an effective cyber security for my plant?”

10:30 Morning Coffee

11:00 ICS Critical Skills and the need for a Global Industrial Cyber Security certification

Cyber security threats continue to increase in both frequency and sophistication. The industry is getting more automated, integrated and interconnected, creating a real challenge being faced.  To manage risk effectively in our industrial domains, technology, standards, policies and practices are not enough, people are crucial!


• A standardized foundational set of skills, knowledge and abilities for Industrial Cyber Security across the industry is lacking.
• There is a need for a standardized, vendor-neutral, certification program that provides structure and demonstrated competence.
• An ICS professional needs a hybrid set of experience and competencies that can be roughly divided in 4 domains - IT, Cyber Security, Engineering, and Corporate/Industry standards.
• The approach to create this training and certification program is an industry effort, where private-public organizations from different backgrounds work together

Annemarie Zielstra

Annemarie Zielstra, Director International Relations Cyber Resilience, TNO

Auke Huistra

Auke Huistra, Project manager National Roadmap to Secure Process Control Systems and Lead Workforce Development Thematic Group ICS and Smart Grids , ERNCIP

11:40 ICS Protection: Hollywood v. the Real World

Thomas Quinlan

Thomas Quinlan, Malware Researcher, Norman Shark

12:20 Networking Lunch

13:30 Empowering today’s Oil & Gas Worker in the Evolving Mobile Landscape

Dave Renwick

Dave Renwick, Director of Innovation, EMEA, Airwatch UK Ltd.

• Learn the benefits of empowering the employee through the use of mobility.
• Review the steps that businesses need to take to evaluate and implement mobility
• Analyse the rise of BYOD and how organisations can ensure device compliance through an advanced compliance engine.
• Identify the methods needed to create a customised corporate container to store and secure sensitive company documents.
• Maximise data loss prevention in mobility and avoid security breaches of corporate data.
• Determine the best practices for implementing a mobility management solution to minimize the challenges and risks that come with BYOD

14:10 Secure the Engineers- Building a security awareness programme targeted for ICS staff

Tim Harwood

Tim Harwood, Security Capability Lead, SANS Institute

14:50 The power of cyber resilience – managing risk and recovering from breaches

Alan Calder

Alan Calder, CEO, IT Governance Ltd

• There have been several attacks targeted at oil and gas firms in the last two years
• Good risk-mitigation strategies can reduce cyber risk, but they cannot eliminate cyber attacks
• Oil and gas companies need to assume a breach will happen and prepare accordingly
• An organisation’s ability to respond to and recover from security breaches – its cyber-resilience – is fundamental to its risk management strategy
• Information security standards are an important element in building a strong, resilient information and communication infrastructure
• This session will examine cyber risk in the oil and gas sector, the pervasiveness of cyber-incidents and the key steps in building a cyber-resilience strategy

15:30 Afternoon Tea

16:00 Cyber Security: A lawyer's perspective

Jane Jenkins

Jane Jenkins, Partner, Dispute Resolution, Freshfields Bruckhaus Deringer

• Why is Cyber Security a boardroom issue?
• Regulations: US and EU developments
• Crisis management
• Legal sanctions and legal recourse for victims
 

16:40 CCI: A success story on collaboration in Industrial Cyber security

Samuel Linares

Samuel Linares, Director, Industrial Cybersecurity Centre

• Describing the setting of the industrial cyber security: current situation, lacks and needs
• The Actors: description of main stakeholders and supposed roles. 
• The Screenplay: the good, the bad and the ugly. Who is who?
• The Challenge: making a good film (and make the actors happy and rich). How to deal with objectives from different sources could become barriers to the deployment of cyber security measures,
• The Solution: Collaboration as a key aspect of Industrial cyber security.
• The Film:  industrial cyber security centre as a successful case on collaboration in industrial cyber security

17:10 Chairman’s Closing Remarks and Close of Day One

Edward Hamilton

Edward Hamilton, Head of Threat and Vulnerability Management, Price Waterhouse Coopers

8:30 Registration & Coffee

9:00 Chairman's Opening Remarks

Edward Hamilton

Edward Hamilton, Head of Threat and Vulnerability Management, Price Waterhouse Coopers

9:10 How the O&G Industry is identifying and mitigating threat vectors

Claudio Lo Cicero

Claudio Lo Cicero, Head of Global Information Security, Maersk Oil

• Advanced Persistent Threats (APTs): What is old is new again
• The Front Lines: Employees ARE your first line of cyber defense
• Active Monitoring and Security Analytics: Pro-active or reactive
• Managed Security Services v2.0: Smart enterprise security or not
• Supply Chain Security: Risks and countermeasures

9:50 Converging requirements for safety and security in this cyber connected world

• Security requirements determined by IEC 61508
• Human factors - the weakest link
• A brief history of CHAZOP
• Security management : where your vendor can help

Iain Brownlie

Iain Brownlie, Senior Consultant, Safety Solutions Group, ABB Limited

Paul Gogarty

Paul Gogarty , System Build and Support Team Lead, Oil and Gas Projects, ABB Limited

10:30 Morning Coffee

11:00 Identifying key security threats and how to focus on protecting assets that really matter

Edward Hamilton

Edward Hamilton, Head of Threat and Vulnerability Management, Price Waterhouse Coopers

The potential impact of a security incident within the oil and gas industry is significant!  Within this sector there are a number of key business areas that have significant security risks.  These include: security of the operational technology e.g. industrial control systems on rigs - where a security incident could have a significant impact on the environment or loss of revenue, sensitivity of core business information around exploration of new oil and gas fields - data loss leading to a loss of revenue, mergers and acquisitions, securing the financial and operational due diligence to ensure share price is appropriate.  Oil and Gas organisations need to identify and protect their assets appropriately in order to ensure they have greater opportunities to maximise their business's potential from emerging technologies and identity new business opportunities. This presentation will outline some of the key security threats and explore how organisations can focus on protecting those assets that really matter, enabling them to combat threats to their organisation.

11:40 Panel Discussion- the changing landscape of cyber security

Michela Menting

Michela Menting, Senior Analyst, Cyber Security Research Service, A B I Research

Iain Brownlie

Iain Brownlie, Senior Consultant, Safety Solutions Group, ABB Limited

Martin Smith

Martin Smith, Chairman, The Security Awareness Special Interest Group

12:20 Networking Lunch

13:40 Advanced Persistent Threats (APT) – update from the front line

David Spinks

David Spinks, Operational Risk Management, CSIRS

Focus of this presentation will be intelligence gathered from forensic investigations of recent attacks to Critical National Infrastructure. The presenter where possible will provide details of:
• Insider threats
• Social engineering
• Malware
• Zero day attacks
• Losses
For each of these attack/threat vectors the presentation will include recommended actions and strategies to detect and defend against such threats. The implementation of methods such as SIEM and use of Big Data are discussed as are sources of threat intelligence and information

14:20 Cyber security - the weaponization of malware and the consequences

Geir Arild  Engh-Hellesvik

Geir Arild Engh-Hellesvik, Senior Manager, Technology Risk Services, BDO Norway

• Overview of the last decade of cyber weapons
• What are the specific challenges that cyber weapons pose to the industry
• How do we address these issues and reduce our exposure to future attacks
• How should we strategise when planning our defences?

15:00 Afternoon Tea

15:30 Changing policy and regulation for operators of oil & gas infrastructure

Michela Menting

Michela Menting, Senior Analyst, Cyber Security Research Service, A B I Research

• Current regulatory landscape in North America and Europe
• National cyber security strategies and the protection of critical infrastructure
• What the changing policy environment means for operators of oil & gas installations
• Adapting to new compliance mechanisms

 

16:10 Cyber security governance: how to engage company top management

Andrea Rigoni

Andrea Rigoni, Director General, GCSEC Global Cyber Security Center

• Description of the typical approach to cyber security governance in oil and gas companies
• Events and lessons learned from the recent incidents in the sector
• How the governance model should evolve to engage the top management in cyber security decisions
• Examples of approaches adopted by oil & gas companies
• Future challenges
 

16:50 Chairman’s Closing Remarks and Close of Day Two

+

FEATURED SPEAKERS

Claudio Lo Cicero

Claudio Lo Cicero

Head of Global Information Security, Maersk Oil
Edward Hamilton

Edward Hamilton

Head of Threat and Vulnerability Management, Price Waterhouse Coopers
Fathiya  Al Farsi

Fathiya Al Farsi

Head, IM&T Risk Management, Petroleum Development Oman

Alan Calder

CEO, IT Governance Ltd
Alan Calder

Andrea Rigoni

Director General, GCSEC Global Cyber Security Center
Andrea Rigoni

Annemarie Zielstra

Director International Relations Cyber Resilience, TNO
Annemarie Zielstra

Auke Huistra

Project manager National Roadmap to Secure Process Control Systems and Lead Workforce Development Thematic Group ICS and Smart Grids , ERNCIP
Auke Huistra

Claudio Lo Cicero

Head of Global Information Security, Maersk Oil
Claudio Lo Cicero

Dave Renwick

Director of Innovation, EMEA, Airwatch UK Ltd.
Dave Renwick

David Spinks

Operational Risk Management, CSIRS
David Spinks

Edward Hamilton

Head of Threat and Vulnerability Management, Price Waterhouse Coopers
Edward Hamilton

Fathiya Al Farsi

Head, IM&T Risk Management, Petroleum Development Oman
Fathiya  Al Farsi

Geir Arild Engh-Hellesvik

Senior Manager, Technology Risk Services, BDO Norway
Geir Arild  Engh-Hellesvik

Iain Brownlie

Senior Consultant, Safety Solutions Group, ABB Limited
Iain Brownlie

Jane Jenkins

Partner, Dispute Resolution, Freshfields Bruckhaus Deringer
Jane Jenkins

Li Dawei

Manager of Global Petroleum Resources Evaluation and Management System, CNPC Subject to Confirmation
Li Dawei

Martin Smith

Chairman, The Security Awareness Special Interest Group
Martin Smith

Michela Menting

Senior Analyst, Cyber Security Research Service, A B I Research
Michela Menting

Mike Baldi

Global Cyber Architect, Honeywell Process Solutions
Mike Baldi

Paul Gogarty

System Build and Support Team Lead, Oil and Gas Projects, ABB Limited
Paul Gogarty

Samuel Linares

Director, Industrial Cybersecurity Centre
Samuel Linares

Sinclair Koelemij

Technical lead EMEA , Honeywell Process Solutions
Sinclair  Koelemij

Thomas Quinlan

Malware Researcher, Norman Shark
Thomas Quinlan

Tim Harwood

Security Capability Lead, SANS Institute
Tim Harwood

Workshops

Collaboration in Industrial Cybersecurity: a key aspect of CIIP
Workshop

Collaboration in Industrial Cybersecurity: a key aspect of CIIP

Marriott Regents Park
27th November 2013
London, United Kingdom

Marriott Regents Park

128 King Henry's Road
London NW3 3ST
United Kingdom

Marriott Regents Park

This 4 star north London hotel in zone 2 is the perfect destination for the astute business traveler as well as the leisure guest that knows how convenient north London hotels are, as a base from which to explore the city .Bond Street is just 3 stops from Swiss Cottage underground station on the Jubilee Line, so you can be shopping, exploring the sights and taking in one of London’s world-renowned West End shows in less than 15 minutes when you stay at this hotel near central London. At the same time, the hive of activity that is Camden Town, the chic shops, cafes and restaurants of Primrose Hill and ZSL’s London Zoo in Regents Park are all just a short walk from this hotel in north London.

HOTEL BOOKING FORM

Title

SubTitle
speaker image

Content


Title


Description

Download


WHAT IS CPD?

CPD stands for Continuing Professional Development’. It is essentially a philosophy, which maintains that in order to be effective, learning should be organised and structured. The most common definition is:

‘A commitment to structured skills and knowledge enhancement for Personal or Professional competence’

CPD is a common requirement of individual membership with professional bodies and Institutes. Increasingly, employers also expect their staff to undertake regular CPD activities.

Undertaken over a period of time, CPD ensures that educational qualifications do not become obsolete, and allows for best practice and professional standards to be upheld.

CPD can be undertaken through a variety of learning activities including instructor led training courses, seminars and conferences, e:learning modules or structured reading.

CPD AND PROFESSIONAL INSTITUTES

There are approximately 470 institutes in the UK across all industry sectors, with a collective membership of circa 4 million professionals, and they all expect their members to undertake CPD.

For some institutes undertaking CPD is mandatory e.g. accountancy and law, and linked to a licence to practice, for others it’s obligatory. By ensuring that their members undertake CPD, the professional bodies seek to ensure that professional standards, legislative awareness and ethical practices are maintained.

CPD Schemes often run over the period of a year and the institutes generally provide online tools for their members to record and reflect on their CPD activities.

TYPICAL CPD SCHEMES AND RECORDING OF CPD (CPD points and hours)

Professional bodies and Institutes CPD schemes are either structured as ‘Input’ or ‘Output’ based.

‘Input’ based schemes list a precise number of CPD hours that individuals must achieve within a given time period. These schemes can also use different ‘currencies’ such as points, merits, units or credits, where an individual must accumulate the number required. These currencies are usually based on time i.e. 1 CPD point = 1 hour of learning.

‘Output’ based schemes are learner centred. They require individuals to set learning goals that align to professional competencies, or personal development objectives. These schemes also list different ways to achieve the learning goals e.g. training courses, seminars or e:learning, which enables an individual to complete their CPD through their preferred mode of learning.

The majority of Input and Output based schemes actively encourage individuals to seek appropriate CPD activities independently.

As a formal provider of CPD certified activities, SMI Group can provide an indication of the learning benefit gained and the typical completion. However, it is ultimately the responsibility of the delegate to evaluate their learning, and record it correctly in line with their professional body’s or employers requirements.

GLOBAL CPD

Increasingly, international and emerging markets are ‘professionalising’ their workforces and looking to the UK to benchmark educational standards. The undertaking of CPD is now increasingly expected of any individual employed within today’s global marketplace.

CPD Certificates

We can provide a certificate for all our accredited events. To request a CPD certificate for a conference , workshop, master classes you have attended please email events@smi-online.co.uk

Event Title

Headline

Text
Read More

I would like to speak at an event

I would like to attend an event

I would like to sponsor/exhibit at an event

SIGN UP OR LOGIN

Sign up
Forgotten Password?

Contact SMi GROUP LTD

UK Office
Opening Hours: 9.00 - 17.30 (local time)
SMi Group Ltd, 1 Westminster Bridge Road, London, SE1 7XW, United Kingdom
Tel: +44 (0) 20 7827 6000 Fax: +44 (0) 20 7827 6001
Website: http://www.smi-online.co.uk Email: events@smi-online.co.uk
Registered in England No: 3779287 VAT No: GB 976 2951 71




Forgotten Password

Please enter the email address you registered with. We will email you a new password.