Home
overview

Drawing on the 7 years of successful events in the cyber security sector SMi is proud to announce their Oil and Gas Cyber Security conference taking place in Oslo.

Join us for a special networking evening drinks reception convening at the historic British Ambassador’s Residence at the end of day one, in association with the UK Trade and Investment.

The event will provide attendees with a information packed agenda using Norway as the platform to attract international speakers from across the globe discussing security threats and landscapes, new technologies and techniques to counter advanced attacks, information management frame works, human behaviour plus more.

 

 

 

 

By 2018 the oil and gas industry will be spending up to $1.87 billion on cyber security. The hugely increased demand to protect a multi-billion dollar global industry is being spurred on by the ever growing cyber threat across the globe. It is against this backdrop that SMi are launching their Oil and Gas Cyber Security 2014 conference in Oslo, Norway.

The event is the perfect platform for hearing about leading industry case studies from oil and gas operators as well as understanding what there needs and requirements are. SMi’s 4th annual Oil and Gas Cyber Security Conference will also give delegates the opportunity to understand more about the latest technology and solutions that they can use to keep ahead of advancing threats!

 

 

  • Hear from Total, GDF Suez, Tullow Oil, Salalah Methanol Company, Cairn India and Saudi Aramco to understand operator requirements
  • Watch 2 LIVE DEMONSTRATIONS on cyber-attacks
  • Evaluate the necessity of security and understand the need to protect against attack
  • Discover the latest technology and techniques used from leading providers
  • Get inside the mind-set of a hacker to understand the motive behind recent attacks
  • Learn about regional issues from across the globe to give you a comprehensive understanding of the threats today
  • Take away ideas on how to best improve your security for safer operations
  • Chief Executive Officer
  • Chief Information Officer
  • EMEA Lead, Risk and Compliance Solutions
  • Global Data Steward & Technologist
  • Group IT Manager
  • Group Security Adviser
  • ICT infrastructure specialist
  • ICT Manager
  • Information & Cyber Security Consultant
  • IS Risk and Security Manager
  • Network Management Solutions
  • Technical Director

Conference programme

8:30 Registration & Coffee

9:00 Chairman's Opening Remarks

Siv Hilde Houmb

Siv Hilde Houmb, Associate Professor II, NISlab, Gjøvik University College

9:10 OPENING ADDRESS

H.M. Ambassador Jane Owen

H.M. Ambassador Jane Owen, , British Embassy, Norway

9:30 Gap between threats and preventive measures - Head findings in The Norwegian Business and Security Council's Information Security and Cybercrime survey 2012

Arne Røed Simonsen

Arne Røed Simonsen, Senior Advisor, Norwegian Business and Industry Security Council (NSR)

• Norway is facing similar trends as the rest of the world, cyber-attacks are increasing at an alarming rate.
• Most companies are unprepared to handle such attacks
• Companies are more and more dependent on IT

10:10 Live Attack Simulation - How to survive or avoid a DDoS attack

Andy Young

Andy Young, Senior Cyber Systems Engineer, Ixia Technologies

  • How to simulate different types of cyber attacks to test your network infrastructure.
  • Watch a live simulation of a DDoS attack – learn 
    • How a cyber attack works and effects your enterprise
    • How to avoid cyber attacks or survive them if you must

10:50 Morning Coffee

11:20 Innovation in Industrial Perimeter Security

Colin Blou

Colin Blou, Vice President, Sales, North America and Europe , Waterfall Security Solutions

•         Real-Time SCADA protection
•         Historian systems protection
•         NERC / CIP Compliance
•         Hardware based unidirectional Data Transfer
•         Secure remote monitoring and management

12:00 Strategies for Protecting and Handling Targeted Sophisticated Attacks (such as Stuxnet)

Siv Hilde Houmb

Siv Hilde Houmb, Associate Professor II, NISlab, Gjøvik University College

• What if the Macondo explosion was a deliberate cyber security attack?
• Targeted sophisticated attacks (such as Stuxnet) - their characteristics
• Strategies for detecting and handling targeted attacks
• Collaborative Incident Response on Oil and Gas installations
• Centre for Cyber and Information Security - Gjøvik University College

12:30 How cybersecurity is transforming security

Jacques Sibué

Jacques Sibué, Group CISO, GDF Suez

• new cybersecurity challenges
• gaps to fill with traditional IS/IT security approaches
• cybersecurity transformation examples : risks and incidents management

13:00 Networking Lunch

14:00 A Perspective on Cyber Security as Applied to Process Safety

Jalal Bouhdada

Jalal Bouhdada, Founder and Principal Security Consultant, Applied Risk

 

  • Relationship between Safety (SIL) and Security (SAL)
  • Trends and Emerging Cyber Threats Related to Process Safety
  • Potential Impact and Consequences
  • Proposed safeguards and control

14:40 Industrial Systems – Practical Security

Ewen MacDonald

Ewen MacDonald, Team Leader Instrument and Systems, Total E&P UK

• We have the Technology, but what else do we need to consider?
• Firewalls, DMZ, Password Protection, AntiVirus Protection etc. We have much in the way of technological solutions which help in protecting your IT infrastructure from the Cyber Opportunists. But is it enough?
• What are the other options that you have to consider if you are wanting to protect your Industrial IT infrastructure?

15:10 A Strategic Approach Against an Increasingly Sophisticated Threat

Patrick  Grillo

Patrick Grillo, Senior Director, Solutions Marketing, Fortinet

The current generation of threats against enterprise networks are more targeted, more persistent and more sophisticated than ever.  A single product, or even a collection of point products, is ineffective against these new threats.  The presentation will focus on the framework necessary to bring together a range of complimentary technology to form a an effective, pro-active and reactive defence.  A defence that will evolve as the threat landscape continues to evolve.

15:50 Afternoon Tea

16:20 The cyber security indicator

Ammar Qatan

Ammar Qatan, IT Manager, Salalah Methanol

• SMC back ground & context
• Cyber-attacks, the digitized poor's weapon
• Why are these companies under attack?
• Alert level should be matched with a cyber-security indicator

16:50 Behind the meter: Securing the energy that powers oil & gas systems

Gal  Luft

Gal Luft, Director, Institute for the analysis of global security

• The neglected vulnerability: the that goes into oil & gas systems 
• Islanding and distributed energy applications for oil & gas systems
• Technological solutions to secure energy systems
• Risk reduction and recovery methods

17:20 Chairman’s Closing Remarks and Close of Day One

Siv Hilde Houmb

Siv Hilde Houmb, Associate Professor II, NISlab, Gjøvik University College

8:30 Registration & Coffee

9:00 Chairman's Opening Remarks

Phil Legg

Phil Legg, Research Associate, Cyber Security Centre, Department of Computer Science, University of Oxford

9:10 If you can spot it, you can stop it – defending against the new norm

Senior Representative

Senior Representative, , Tullow Oil

• CISO’s generally accept that by just doing the basics within recommended guidelines they can reduce risk.  So why is it so difficult to achieve?  We battle with budget and headcount restraints, incorrect perceptions of what security does, increasing and varying security frameworks, highly dynamic operating environments, and sometimes we just don’t talk the money making language enough, that’s a skill in itself and another story.
• Investing in better visibility and an understanding of what and how attacks seek to achieve their aim is one element of a security program that should carry weight.  After all – what do we mean by a breach?  A corporate machine breached with a first stage attack but which can be seen, means: it can be tracked; it can be investigated; it can be stopped; the vulnerability can be identified; and it can be concluded if and what type of data was lost.  So what are the barriers to being more transparent - share price?

9:50 Being (in)secure by choice, not by chance

Sinclair  Koelemij

Sinclair Koelemij , Technical Lead IITS EMEA, Honeywell Process Solutions

• How do you protect an Industrial Control System (ICS) in an effective manner?
• Cyber Security is not about adding firewalls and anti-virus software, it takes a lot more to be and to stay protected. But how do you determine what is appropriate for your plant? Different industries require different levels of security
• What is the difference and how can we express this in concrete security measures?
• Risk based security management provides you with a sustainable method to achieve a protected ICS in an effective manner that improves safety, security, reliability

10:30 Morning Coffee

11:00 Taking Security to next Level, Integrated Cyber Security approach in Energy Management and control systems to improve reliability

Sandeep  Pathania

Sandeep Pathania, Offer Creation Program/Project Manager - Energy Automation , Schneider Electric

• Cyber Security in OT world
• Integrated Cyber Security approach for Energy Management and control system

11:40 Industrial Control Systems Security

Bandar Mesned Al Saifi

Bandar Mesned Al Saifi, Data Network Engineer, Saudi Aramco

• Introduction- where are ICS attacks being targeted?
• ICS vs. IT World- Creating a comprehensive security framework
• Security Framework- How to improve protection levels against cyber
• Risk Tolerance Levels- 3 parts to identifying associated risks Threat vulnerability and consequence
• Conclusion- Achieving the desired security confidence level

12:10 Adventures in cyber threat intelligence

James Chappell

James Chappell, CTO, Digital Shadows

  • The security technology community has been evolving threat intelligence capabilities in an attempt to understand more about the groups and organisations that pose a threat to businesses, with a particular focus on the tools, tactics, techniques and procedures employed by threat actors.
  • The monitoring of open and closed sources plays an important role in identifying these threats and providing current situational awareness to security departments. 
  • This session will explore how this industry is evolving new threat intelligence techniques to maintain a current picture that helps defend organisations.
  • 12:50 Networking Lunch

    13:50 Defending Networks through Simulation

    Nuri Fattah

    Nuri Fattah, Director, DefenceCorp

    • Do you know what a cyber-attack looks like?
    • Can you defend your networks against all types of attacks?
    • Do your vendor tools really protect you?
    • The best way to test your controls, staff, procedures and strategies

    14:30 Network Monitoring and Situational Awareness for Operational Technology in Oil & Gas

    Damiano  Bolzoni

    Damiano Bolzoni, COO, Security Matters

    • Brief overview of the current approaches, and their shortcomings
    • A new non-intrusive approach for detecting misuses, operational mistakes, erroneous configurations and  0-day cyber attacks
    • Use cases
    • Future advances we are currently working on
     

    15:10 Afternoon Tea

    15:40 Corporate Insider Threat Detection

    Phil Legg

    Phil Legg, Research Associate, Cyber Security Centre, Department of Computer Science, University of Oxford

    •         The insider-threat problem is one that can cause devastating impact to normal business operations, whether this be theft of intellectual property, sabotage of systems, or fraudulent use of company data.
    •         The CITD project combines the many facets of insider threat, including the human-behavioural aspects, the detection architecture required to identify insider threat, and the analytical approaches that support detection.
    •         In this talk, we shall examine the insider threat problem, discussing the types of threat that may occur, and how these threats could potentially be recognised through detection systems.
    •         We shall present our proposed approach that incorporates behavioural-based anomaly detection, machine learning, and visual analytics, to facilitate effective detection, and possible prevention, of dangerous insider threats.

    16:20 Incident handling – moving from preventive measures to resilience

    Geir Arild  Engh-Hellesvik

    Geir Arild Engh-Hellesvik, Senior Manager, Technology Risk Services, BDO Norway

    - Modern cyber threats (APTs) are undetectable to automated security solutions (antivirus, IDS, DLP etc.)
    - Frequently attacks are targeted against the human in the loop and thereby circumvent technology entirely
    - How do you prepare to handle incidents in this environment?
    - We take a look at procedural, technological and organizational measures

    17:00 Chairman’s Closing Remarks and Close of Day Two

    Phil Legg

    Phil Legg, Research Associate, Cyber Security Centre, Department of Computer Science, University of Oxford

    +

    FEATURED SPEAKERS

    Bandar Mesned Al Saifi

    Bandar Mesned Al Saifi

    Data Network Engineer, Saudi Aramco
    Ewen MacDonald

    Ewen MacDonald

    Team Leader Instrument and Systems, Total E&P UK
    Gal  Luft

    Gal Luft

    Director, Institute for the analysis of global security
    H.M. Ambassador Jane Owen

    H.M. Ambassador Jane Owen

    , British Embassy, Norway

    Ammar Qatan

    IT Manager, Salalah Methanol
    Ammar Qatan

    Andy Young

    Senior Cyber Systems Engineer, Ixia Technologies
    Andy Young

    Arne Røed Simonsen

    Senior Advisor, Norwegian Business and Industry Security Council (NSR)
    Arne Røed Simonsen

    Bandar Mesned Al Saifi

    Data Network Engineer, Saudi Aramco
    Bandar Mesned Al Saifi

    Colin Blou

    Vice President, Sales, North America and Europe , Waterfall Security Solutions
    Colin Blou

    Damiano Bolzoni

    COO, Security Matters
    Damiano  Bolzoni

    Ewen MacDonald

    Team Leader Instrument and Systems, Total E&P UK
    Ewen MacDonald

    Gal Luft

    Director, Institute for the analysis of global security
    Gal  Luft

    Geir Arild Engh-Hellesvik

    Senior Manager, Technology Risk Services, BDO Norway
    Geir Arild  Engh-Hellesvik

    H.M. Ambassador Jane Owen

    , British Embassy, Norway
    H.M. Ambassador Jane Owen

    Jacques Sibué

    Group CISO, GDF Suez
    Jacques Sibué

    Jalal Bouhdada

    Founder and Principal Security Consultant, Applied Risk
    Jalal Bouhdada

    James Chappell

    CTO, Digital Shadows
    James Chappell

    Nuri Fattah

    Director, DefenceCorp
    Nuri Fattah

    Patrick Grillo

    Senior Director, Solutions Marketing, Fortinet
    Patrick  Grillo

    Phil Legg

    Research Associate, Cyber Security Centre, Department of Computer Science, University of Oxford
    Phil Legg

    Sandeep Pathania

    Offer Creation Program/Project Manager - Energy Automation , Schneider Electric
    Sandeep  Pathania

    Senior Representative

    , Tullow Oil
    Senior Representative

    Sinclair Koelemij

    Technical Lead IITS EMEA, Honeywell Process Solutions
    Sinclair  Koelemij

    Siv Hilde Houmb

    Associate Professor II, NISlab, Gjøvik University College
    Siv Hilde Houmb

    VENUE

    Quality Hotel 33

    Østre Aker Vei 33 , Oslo, Norway

    SAVE TO


    Outlook Calendar  OUTLOOK CALENDAR
    Google Calendar  GOOGLE CALENDAR
    ICal Calendar  ICAL CALENDAR
    Yahoo! Calendar  YAHOO! CALENDAR

    Quality Hotel 33

    Østre Aker Vei 33
    Oslo NO-0581
    Norway

    Quality Hotel 33

    HOTEL BOOKING FORM

    Title

    SubTitle
    speaker image

    Content


    Title


    Description

    Download


    WHAT IS CPD?

    CPD stands for Continuing Professional Development’. It is essentially a philosophy, which maintains that in order to be effective, learning should be organised and structured. The most common definition is:

    ‘A commitment to structured skills and knowledge enhancement for Personal or Professional competence’

    CPD is a common requirement of individual membership with professional bodies and Institutes. Increasingly, employers also expect their staff to undertake regular CPD activities.

    Undertaken over a period of time, CPD ensures that educational qualifications do not become obsolete, and allows for best practice and professional standards to be upheld.

    CPD can be undertaken through a variety of learning activities including instructor led training courses, seminars and conferences, e:learning modules or structured reading.

    CPD AND PROFESSIONAL INSTITUTES

    There are approximately 470 institutes in the UK across all industry sectors, with a collective membership of circa 4 million professionals, and they all expect their members to undertake CPD.

    For some institutes undertaking CPD is mandatory e.g. accountancy and law, and linked to a licence to practice, for others it’s obligatory. By ensuring that their members undertake CPD, the professional bodies seek to ensure that professional standards, legislative awareness and ethical practices are maintained.

    CPD Schemes often run over the period of a year and the institutes generally provide online tools for their members to record and reflect on their CPD activities.

    TYPICAL CPD SCHEMES AND RECORDING OF CPD (CPD points and hours)

    Professional bodies and Institutes CPD schemes are either structured as ‘Input’ or ‘Output’ based.

    ‘Input’ based schemes list a precise number of CPD hours that individuals must achieve within a given time period. These schemes can also use different ‘currencies’ such as points, merits, units or credits, where an individual must accumulate the number required. These currencies are usually based on time i.e. 1 CPD point = 1 hour of learning.

    ‘Output’ based schemes are learner centred. They require individuals to set learning goals that align to professional competencies, or personal development objectives. These schemes also list different ways to achieve the learning goals e.g. training courses, seminars or e:learning, which enables an individual to complete their CPD through their preferred mode of learning.

    The majority of Input and Output based schemes actively encourage individuals to seek appropriate CPD activities independently.

    As a formal provider of CPD certified activities, SMI Group can provide an indication of the learning benefit gained and the typical completion. However, it is ultimately the responsibility of the delegate to evaluate their learning, and record it correctly in line with their professional body’s or employers requirements.

    GLOBAL CPD

    Increasingly, international and emerging markets are ‘professionalising’ their workforces and looking to the UK to benchmark educational standards. The undertaking of CPD is now increasingly expected of any individual employed within today’s global marketplace.

    CPD Certificates

    We can provide a certificate for all our accredited events. To request a CPD certificate for a conference , workshop, master classes you have attended please email events@smi-online.co.uk

    Event Title

    Headline

    Text
    Read More

    I would like to speak at an event

    I would like to attend an event

    I would like to sponsor/exhibit at an event

    SIGN UP OR LOGIN

    Sign up
    Forgotten Password?

    Contact SMi GROUP LTD

    UK Office
    Opening Hours: 9.00 - 17.30 (local time)
    SMi Group Ltd, 1 Westminster Bridge Road, London, SE1 7XW, United Kingdom
    Tel: +44 (0) 20 7827 6000 Fax: +44 (0) 20 7827 6001
    Website: http://www.smi-online.co.uk Email: events@smi-online.co.uk
    Registered in England No: 3779287 VAT No: GB 976 2951 71




    Forgotten Password

    Please enter the email address you registered with. We will email you a new password.