This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2021 APAC ICS Cyber Security Conference! (View the full conference website and register for the conference here)   -- LOGIN TO VIRTUAL EVENT HERE

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, June 22

9:00am GMT+08

Fireside Chat With Robert M. Lee, Founder and CEO, Dragos
In this exclusive fireside chat, Robert M. Lee, Founder and CEO of Dragos, joins SecurityWeek Editor-at-Large Ryan Naraine for a frank discussion on the explosion of ransomware attacks and downstream effects on industrial control systems. Topics covered in this session include ransomware attacks on ICS, the ethics and legalities over ransom payments to criminals, the U.S. government Executive Order on cybersecurity, the coming SBOM requirements and some practical advice on building a modern, mature security program.


avatar for Robert M. Lee

Robert M. Lee

Founder and CEO, Dragos, Inc.
Robert M. Lee is the founder and CEO at Dragos Inc. an industrial (ICS/OT/IIoT) cybersecurity company on a mission to safeguard civilization. He  is a recognized pioneer in the industrial security incident response and threat intelligence community. He gained his start in security... Read More →
avatar for Ryan Naraine

Ryan Naraine

Editor-at-Large, SecurityWeek
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the Security Conversations podcast series. A journalist and cybersecurity strategist with more than 20 years experience covering IT security and technology trends, Ryan has built security engagement programs at major global... Read More →

Tuesday June 22, 2021 9:00am - 9:45am GMT+08

9:45am GMT+08

Inside the Pfizer OT/ICS Cyber Journey
The goal of this session is to inspire other industry and Life Science firms undertaking OT/ICS global cyber security at a global scale with insight into the Pfizer global Manufacturing Cybersecurity program journey.  

The Pfizer global OT cyber program is focused squarely on adding additional manufacturing floor cyber technology protections and adding an additional network layer to our existing defense-in-depth network structure at our manufacturing sites. This global deployment program is now in its third year of a four year across 42 of Pfizer key Biopharma manufacturing sites. The presentation offered will cover the situation, the challenge, the program objectives, the high level plan, the program timeline and program organizational model as well as relay key lessons learned all the while with numerous deployments occurring in parallel across the globe during a pandemic!


avatar for Jim LaBonty

Jim LaBonty

Director, Global Head of Automation Engineering (Interim) PGS Control System OT Cybersecurity Lead, Pfizer
Jim LaBonty is Director and Head of Global Automation Engineering for Pfizer Global Engineering & Technology which globally serves all Pfizer Life Science manufacturing sites, and is responsible for  Control System, OT Cybersecurity and Control System Infrastructure architect for... Read More →

Tuesday June 22, 2021 9:45am - 10:30am GMT+08

10:30am GMT+08

Mapping Security Frameworks to Critical Assets - Focus on South East Asia Guidelines
There are a plethora of different security frameworks available that help organisations manage and reduce cybersecurity risk to critical infrastructure and industrial control systems. Judiciously applying the correct framework will make your journey towards a secure CII environment more effective and less costly and streamlined.

Securing critical infrastructure really boils down to:
a) discovering and maintaining an accurate asset inventory
b) establishing baseline communications activities between assets, and
c) detecting deviations from these baselines along with potentially malicious activities.

This session will guide you in the use of key frameworks by leveraging recommendations from the National Institute of Standards and Technology Framework (NIST) Framework for OT, the Singapore CSA OT Masterplan and key elements from the Singapore Cybersecurity Code of Practice for CII.

avatar for Richard Bussiere

Richard Bussiere

Director, Product Management, Asia Pacific, Tenable
Mr. Dick Bussiere is Tenable Network Security’s Product Management Director for the Asia Pacific Region. In this multifaceted role, Mr. Bussiere is responsible for evangelizing the criticality of vulnerability assessment, vulnerability management, and comprehensive security monitoring... Read More →

Tuesday June 22, 2021 10:30am - 11:00am GMT+08

11:00am GMT+08

Approaching Risk: Defending Against the Rapid Rise of OT-Focused Ransomware Attacks
As routinely defending OT/ICS networks from ransomware attacks becomes the new normal, modern ransomware has changed in many aspects: bigger targets, more advanced extortion techniques, and consequences that can reach far beyond the targeted organizations themselves. Proper preparation is a sobering topic that requires a practical methodology to mitigate risk.

In this session, you will learn:
  • How OT/ICS cyberattacks have transformed in the last decade
  • Security strategy recommendations based on the impact severity of real reference cases
  • Best practices for protecting ICS endpoints from ransomware attacks

avatar for Terence Liu

Terence Liu

CEO, TXOne Networks, Inc.
Terence is the CEO of TXOne Networks, a joint venture company by Trend Micro and Moxa. TXOne Networks brings pragmatic and practical OT cyber defense to industrial world by integrating Trend Micro’s security technology and Moxa’s ICS hardware and experience.As a Vice president... Read More →

Tuesday June 22, 2021 11:00am - 11:45am GMT+08

11:45am GMT+08

Break: Please Visit Virtual Expo Hall
Tuesday June 22, 2021 11:45am - 12:15pm GMT+08

12:15pm GMT+08

How to Stay Ahead of Cyber Breaches
Digital Transformation initiatives are increasingly driving integration of IT and OT environments. While the investment leads to greater productivity, the OT-IT convergence increases the attack surface, allowing attackers more targets to penetrate the organization. In light of recent attacks like SolarWinds and the pipeline breach, the impact to organizations can be significant and bad actors love to focus their efforts where/when defenders aren’t watching. Gaining greater visibility to network activity, while a great starting point, is only the first step for organizations converging legacy and modern environments.

Join this session to learn how a robust cybersecurity framework that includes broad visibility, integrated control and automated situational awareness can help thwart attacks and reduce cyber risks while sustaining safe and continuous operations.

avatar for Andrew Moey

Andrew Moey

Business Development, Fabric/SD-WAN, Fortinet
Andrew Moey is responsible for Fortinet's Fabric and SD-WAN Business in SEA & Hong Kong, specifically driving the AI-enabled Security Operations business in the region. As a seasoned Technologist, Andrew has broad experience across Vendors and Solution Providers to strategize, position... Read More →

Tuesday June 22, 2021 12:15pm - 1:00pm GMT+08

1:00pm GMT+08

Incorporating Cyber Risk into Industrial Risk Management Processes
Never have industrial plants been so highly networked as they are today. At the same time, the risk of cyberattacks is rising. A successful attacker can manipulate plants, control them remotely, and even cause physical harm to plant and personnel. Consequently, in order to protect people, the environment, and industrial facilities, a safety system must be designed with cybersecurity in mind. Are you prepared?

The session will cover:
  • Recent Attacks- Industrial cyber attacks
  • Cyber Community reaction: Government and Standards bodies
  • Designing secure safety systems
Sponsored by: HIMA

avatar for Daniel Sutherland

Daniel Sutherland

Functional Safety and Security Consultant, HIMA
Daniel Sutherland is a Functional Safety and Security Consultant, working in our HIMAConsulting group. He has a Bachelor of Engineering in Computer Systems Engineering, and has spent most of his career working on oil & gas and mining sites as a control systems engineer. He specialises... Read More →

Tuesday June 22, 2021 1:00pm - 1:30pm GMT+08

1:00pm GMT+08

Why Hasn’t SOAR Taken Off in ICS?
Besides the typical reluctance to embrace new technology in the ICS world, security orchestration, automation and response (SOAR) tools haven’t been as widely adopted as they probably should be because of the contextual data deficiency found in most security alerts. To create an appropriate automated response, you need to know exactly which devices are compromised and whether you can/should isolate them, which up until recently has been extremely difficult to do for industrial control systems.

Let’s say you’re alerted that an HMI has a banking Trojan. That’s not great, but not likely something you’d feel compelled to take offline. However, if there was a cryptolocker in an HMI, you have a serious problem. So, what should you do? Well, if you have 7 HMIs, it’s likely fine to just disconnect the infected one to stop the spread, but if that’s your only one, then it’s definitely not ok. This is a prime example of why having access to contextual data about both the threat AND the affected asset is so critical to informing automated security management.

avatar for Jeremy Morgan

Jeremy Morgan

Principal Risk and Solutions Consultant, Industrial Defender
In his role as Principal Risk and Solutions Consultant at Industrial Defender, Jeremy helps ICS asset owners build a strong foundation to apply security controls in OT environments. With a diverse career spanning compliance management at a utility to cybersecurity product management... Read More →

Tuesday June 22, 2021 1:00pm - 1:30pm GMT+08

1:30pm GMT+08

Targeted Ransomware requires New Approaches to OT Cyber Risk Management
Targeted ransomware has emerged as a major threat to industrial operations / OT systems. The Colonial Pipeline and JBS shutdowns are only the latest incident - in 2020, 53 industrial sites were shut down by targeted ransomware. The trend is likely to worsen - today's targeted attacks use tools and techniques comparable to those used exclusively by nation states only a half decade ago.
Operational Technology (OT) cyber risk manages cyber threats to physical operations. Some enterprise security mechanisms are very costly to apply in OT systems because of extended safety, equipment protection and other OT risk management programs. We see emergency risk avoidance mechanisms which are unique to the OT space, but are under-utilized by enterprise risk management and security practitioners.
This presentation highlights three such innovative cyber risk management approaches and examines their effectiveness against the pervasive threat of targeted ransomware with particular attention on the operations risk. The presentation will outline a simple and robust approach to managing OT cyber risks, including Security PHA Review (SPR), Consequence-Driven, Cyber-Informed Engineering (CCE), and Secure Operations Technology (SEC-OT). Secure sites in the industry are improving protection for their operations by cherry-picking techniques from these new methodologies. Join us for a whirlwind tour of trends in OT and industrial operations attacks and defenses.

avatar for Michael Firstenberg

Michael Firstenberg

Director of Industrial Security, Waterfall Security Solutions
Mike Firstenberg is the Director of Industrial Security for Waterfall Security. Mike brings two decades of experience in Process Control Security, specializing in Control System Cyber Security. The former chair of the American Water SCADA Council, Mike studied Computer Science, Chemical... Read More →

Tuesday June 22, 2021 1:30pm - 2:00pm GMT+08

1:30pm GMT+08

The Evolution of OT Systems Management (OTSM)
Organizations should embrace the concept of OT Systems Management (paralleling ITSM practices) within the unique environments of operating systems. Achieving a mature level of security is critical to improve overall ROI from increasingly connected industrial systems, and to ensure foundational elements are in place to protect critical infrastructure from targeted and non-targeted attacks.

Join Rick Kaun for a discussion around the natural progression of OTSM from basic asset inventory to comprehensive data for effective lifecycle management, risk reduction (from patching to compensating controls) and even contextual risk thresholds (such as calculated risk scores).

During this session you will learn:

  • What OT systems management really is and why it’s critical in OT security
  • How to establish a strong asset inventory as the foundation of your security program
  • How automation, aggregation of data and support for a central, specialized team is the most important consideration towards reducing risk and minimizing cost for OT security going forward

avatar for Rick Kaun

Rick Kaun

VP of Solutions, Verve Industrial Protection
Rick Kaun is the VP of Solutions for Verve Industrial Protection: An OT cyber security solution provider. For over 16 years he has worked with all manner of industries on all sizes of projects around the word from front end scoping to large scale design and deployment of end to end... Read More →

Tuesday June 22, 2021 1:30pm - 2:00pm GMT+08

2:00pm GMT+08

Applied Cyber Resiliency in ICS/OT
In the new era where undeniably and unconsciously that the IT and OT are merging, while the defenders are restlessly playing “whack-a-mole” games with the everyday emerging and advanced persistent threats in both IT and ICS/OT; the business leaders and stakeholders are paranoid and distrustful of their cybersecurity defense barriers. So, the result is spending their budget unwisely and ending with overlapping security solutions.

The main objective of this presentation is to help organizations strategize their defense in depth with a practical approach to achieve cyber resiliency instead of just cybersecurity where the organization could stop the “mouse-and-cat” chasing with the unprecedented and sophisticated attacks coming from different directions – both insider and external threats.

1. Re-align the overall ICS/OT cybersecurity strategy to the business.
2. Utilize the fundamental pillars of ICT – people, process, and free or inexpensive technology.
3. Achieve cyber resiliency efficiently with lesser expenditures.
4. Gain a deeper understanding of cyber resiliency versus cybersecurity.
5. Consume the people to more productive exercises instead of burning them out as “blind defenders” due to paranoia of getting breach.

avatar for Mike

Mike "Art" Rebultan

Principal Digital Forensics & Incident Response (AIoT-IIoT-ICS-OT-Edge-Cloud), Envision Digital
Mike "Art" Rebultan has more than 18 years of experience combined as an IT and OT professional with a background in PCI-DSS audit management, Unix/Linux security and systems administration, R&D, VAPT, TVM, Risk Management, Counterintelligence, and currently managing the global Digital... Read More →

Tuesday June 22, 2021 2:00pm - 2:30pm GMT+08

2:00pm GMT+08

Harmonizing ICS/SCADA with Cyber Defense: A Perspective on ATT&CK for ICS
In the past few years, with the emergence of new kinds of security incidents and the resultant vigorous development of the cyber security industry, the government, security vendors, and some Critical Infrastructure service providers have begun to attach higher importance to the security of ICS/SCADA in Critical Infrastructure. However, maintenance personnel in different critical industries have a large cognitive gap due to the high degree of diversity and uniqueness between their respective verticals, not to mention the professional gap between maintenance personnel and information security personnel. This talk will discuss the causes of this gap in mutual understanding, as well as use the MITRE ATT&CK for ICS framework as a basis to allow OT operators and security personnel to share a common language. In this way, we will develop an effective information security defense model adapted to the industrial control environment which can be used to achieve a true integration of industrial control systems and network security.

avatar for Mars Cheng

Mars Cheng

Threat Researcher, TXOne Networks
Mars Cheng is a threat researcher for TXOne Networks, blending background and experience in both ICS/SCADA and Enterprise cybersecurity systems. Mars has directly contributed to more than 10 CVE-IDs, and has had work published in three Science Citation Index (SCI) applied cryptography... Read More →

Tuesday June 22, 2021 2:00pm - 2:30pm GMT+08

2:30pm GMT+08

Break: Please Visit Sponsor Booths
Tuesday June 22, 2021 2:30pm - 2:45pm GMT+08

2:45pm GMT+08

Understanding ICS Vulnerabilities to Reduce Operational Risk
How often have we been asked, “What are we doing about Cybersecurity? Have we got anything to protect our operational technology(OT) assets from threats?” Measuring the current businesses operational technology risk and identifying the areas that need focus is not simple. Furthermore, to truly reduce risk across the OT business we need to consider not only the "What" but also the "How”.

The importance of how our OT assets are being accessed is often underestimated and some times overlooked completely. Once we understand the breadth and depth of the problems that we have the more likely we are to implement effective control measures to address the risks. The journey of reducing cyber risk starts with understanding the underlying vulnerabilities that reside across multiple layers of the Operational Technology business.

Join this session to learn:
  • How to identify vulnerabilities within an ICS network
  • What impact could these vulnerabilities have on your business
  • How to effectively integrate remediation into existing process
  • How to measure risk reduction using compliance and existing tools 

avatar for Michael Lagana

Michael Lagana

Principle Solution Engineer, APJ, Claroty
Michael Lagana is an IT/OT professional with over 15 years of experience in IT and OT operations, infrastructure, cybersecurity, data networking and management. Michael’s extensive experience in design and implementation of cybersecurity controls for ICS networks has established... Read More →

Tuesday June 22, 2021 2:45pm - 3:15pm GMT+08

2:45pm GMT+08

Substation Security - What CoMMS around GOOSE around
Join this session  with Justyna Chromik Wagenaar to learn about:
  • Modern Substation architecture 
  • Protocols and weaknesses 
  • Pitfalls and typical gaps in existing deployment – Big 4 (Siemens, ABB, SE, GE) 
  • Secure substation – cyber & physical best practices 

avatar for Justyna Chromik Wagenaar

Justyna Chromik Wagenaar

Senior OT Security Consultant, Applied Risk
Justyna is a researcher at heart. She joined consultancy world after completion of her PhD thesis addressing challenges of detecting anomalous commands and measurements in SCADA network traffic. As a Senior OT Security Consultant at Applied Risk, she performs network architecture... Read More →

Tuesday June 22, 2021 2:45pm - 3:15pm GMT+08

3:15pm GMT+08

Hacking The Security Protection Mechanism of Siemens SIMATIC S7 PLCs
Siemens SIMATIC PLCs are widely used worldwide and are used in control scenarios for critical information infrastructure, such as energy, water, power, oil and gas, and manufacturing. To protect user's applications and to prevent unauthorized operation, Siemens has designed the PLC protection mechanism. This function effectively prevents attacks from the network, and also protects application programs designed for specific processes, critical equipment PID parameters, etc. but can it really protect your PLC perfectly from attacks or theft of intellectual property (algorithms, engineering designs)?

This session will focus on the SIMATIC S7 PLCs, starting from the S7-200 up to the S7-1200/1500, and disclose in detail design flaws in the protection mechanisms of each series PLCstake these flaws as a point of attack and look for methods to bypass the protection policies,Final capture of the protected PLC application programs - the core intellectual property. Of course, bypassing the protection mechanism also allows various sensitive operations to be performed, for example, an attacker can control the irregular start and stop of the device, causing a series of chain reactions and leading to safety incidents.

This presentation will cover:
  • How to bypass the S7-200 security mechanism by using hardware disassembling and soldering, modifying flash content, and creating rogue clients; 
  • Disclosing the S7-200 SMART PLC password protection encryption algorithm, and capturing key information from traffic to crack the protection mechanism.
  • How to find mysterious information in S7-300 project files and use the mysterious information to bypass security mechanisms.
  • Crafting a dump memory tool based on the Windows platform, Searching for password information from the memory in dump


Gao Jian

ICS Security Researcher, GEWU Lab at NSFCOUS

Tuesday June 22, 2021 3:15pm - 4:00pm GMT+08

4:00pm GMT+08

Networking and Expo
Tuesday June 22, 2021 4:00pm - 4:30pm GMT+08
Wednesday, June 23

9:00am GMT+08

Discovering RedEcho: Rooting a Chinese APT Out of the Indian Power Grid
In an unprecedented move against a neighboring country, China successfully infiltrated India's power grid and other critical infrastructure in 2020 as kinetic warfare escalated on the border. Did China use their foothold to cause power outages across India? What implications are there for other nations? Charity Wright, former NSA Analyst and current Threat Intelligence Expert at Recorded Future, will reveal how her team discovered the intrusions, methodology behind identifying and naming a new APT, what serious implications result from this campaign, and practical tips for defending against RedEcho.


avatar for Charity Wright

Charity Wright

Threat Intelligence Expert, Recorded Future
Charity Wright is a Cyber Threat Intelligence Analyst with over 15 years of experience at the US Army and the National Security Agency, where she translated Mandarin Chinese. Charity now specializes in dark web cyber threat intelligence, counter-disinformation, and strategic intelligence... Read More →

Wednesday June 23, 2021 9:00am - 9:45am GMT+08

9:45am GMT+08

The Changing Landscape Of Software Supply Chain Security for ICS
The late 2020 SolarWinds hack introduced the world to the extreme risk posed by supply chain attacks to critical systems. By penetrating the software development process of the SolarWinds company, the attackers managed to infiltrate multiple branches of the US government, the US military, and most of the Fortune 500 companies. Known in the press as the SolarWinds or SUNBURST attack, over 18,000 companies were affected.

This talk will start by diving into the technical details of the SolarWinds incident. We will compare that attack with previous supply chain attacks against industrial control systems (ICS) and show why the high Return on Investment (RoI) for attackers means the ICS supply chain will face many more attacks in the future. We’ll review research on the current exploitability of the ICS software supply chain, as well as specific recommendations from the Atlantic Council on how to guard against these kinds of attacks. We’ll also discuss how Software Bill of Materials (SBOMs) are an essential, defensive tool for supply chain security and describe why advanced AI techniques are going to be essential to stay ahead of these well-funded, sophisticated attacks.

Learning Objectives
  • Understand the anatomy of the SolarWinds attack and the implications for ICS software supply chain security
  • Learn recommended best practices, including using SBOMs, to best prepare for and guard against these types of attacks
  • Learn how the Financial Industry is using SBOMs to manage risk sharing across parties.

avatar for Eric Byres

Eric Byres

Chief Technology Officer, aDolus Technology Inc.
Eric Byres is widely recognized as one of the world’s leading experts in the field of industrial control system (ICS) and Industrial Internet of Things (IIoT) cybersecurity. He is the inventor of the Tofino Security technology – the most widely deployed ICS-specific firewall in... Read More →

Wednesday June 23, 2021 9:45am - 10:15am GMT+08

10:15am GMT+08

Think Global but Act Local – A Practical Approach to Solving Common OT Security Maintenance Problems
The current OT security landscape is typified by common trends such as increased cyber risk, growing pressure from corporate and regulatory bodies to implement security programs and an influx of IT teams ‘muscling’ their way into OT in OT cyber security practice.  These trends continue to put pressure on OT practitioners to both accelerate their use of technology as well as find innovative and creative ways to scale those solutions across multiple assets and sites but managed by a scarce, often remote support team all while balancing the need to use IT tools but to apply OT safe practices and processes.

This combination of factors has led a number of operational entities to employ what we call a ‘Think Global but Act Local’ approach to security. In essence, a central team of skilled security people centrally monitor and identify all OT assets in scope across multiple operational facilities. Security actions or trends that require execution or remediation are identified. This team, in conjunction with OT specific representation at site, then plan, schedule and execute the tasks through automated technology with on site, OT oversight. This approach provides multiple benefits to the operating company such as:
a.            The importance of man and machine – combining people, process and technology
b.            Injection of and oversight by key OT staff to ensure safe operations
c.             Automation allows for granular insight PLUS granular control in the identification and application of compensating controls when patching not possible
d.            Bridges and leverages the best of both IT skills and OT insight
e. Provides operators with a way to take action as opposed to just alerting

avatar for Rick Kaun

Rick Kaun

VP of Solutions, Verve Industrial Protection
Rick Kaun is the VP of Solutions for Verve Industrial Protection: An OT cyber security solution provider. For over 16 years he has worked with all manner of industries on all sizes of projects around the word from front end scoping to large scale design and deployment of end to end... Read More →

Wednesday June 23, 2021 10:15am - 10:45am GMT+08

10:15am GMT+08

OT Cyber Security Best Practices Demo and Use cases
An effective security transformation needs to account for visibility to all users, devices and applications on the network, defining access controls to continuously monitor the level of trust given and leverage the data being collected for continuous analysis and situational awareness.  According to a report, 9 out of 10 organizations experienced at least one intrusion in the past year, with 72% experiencing three or more, indicating that organizations are facing ever more sophisticated cyber-attacks in recent years. Lack of visibility, control and unpatched legacy windows HMI, workstation and PLC/RTU firmware are major challenges faced by most organizations today.

During this session, we will explore tools, techniques and procedures deployed by threat actors and how we can take measures to mitigate such attacks by providing better visibility, control through virtual patching and situation awareness.

avatar for Chew Poh Chang

Chew Poh Chang

Principal Industrial Cyber Security Strategist, Fortinet
Poh Chang is the Principal Consultant for Industrial Cyber Security/Critical Infrastructure & Global Alliances, APAC. With over 20 years of IT experience in Info Security, Virtualization & Cloud under his belt, he has been advocating best practices, governance and compliance with... Read More →

Wednesday June 23, 2021 10:15am - 10:45am GMT+08

10:45am GMT+08

Morning Break: Please Visit Sponsor Booths
Wednesday June 23, 2021 10:45am - 11:00am GMT+08

11:00am GMT+08

Securing Critical Infrastructure: Lessons Learned from the Colonial Pipeline Ransomware Attack
A recent cyber-attack on one company, Colonial Pipeline, shut down nearly half of the U.S. East Coast’s fuel supply for five days. This shutdown, initiated by the cybercriminal group DarkSide, has brought the reality of the fast-worsening ransomware situation back into the limelight. In this session you will learn:
  •  Background information on the DarkSide organization
  •   An overview of the current OT/ICS threat landscape
  •   Lessons from the Colonial Pipeline attack


Steven Hsu

Product Marketing Director, TXOne Networks
Steven Hsu has worked as a software development and quality management consultant in the cybersecurity industry for over 20 years, and previously directed global consumer business development for Trend Micro. His specialization is in researching, developing, and sharing cybersecurity... Read More →

Wednesday June 23, 2021 11:00am - 11:30am GMT+08

11:00am GMT+08

Undermined by Infrastructure – Industry 4.0 and Zero Trust Architecture
The current discussion points of Industry 4.0 and Zero Trust Architectures both have a common pain point, your existing infrastructure. Examples from real world OT architectures will be used as the basis of examining what is possible, what isn’t possible, and the concessions which may be necessary to achieve your interconnectivity, data flow, and security goals. Brownfield sites are challenging and by developing an understanding of the technical options available and the questions which need to be answered by the engineering teams, a path forward can be found.

avatar for Alan Raveling

Alan Raveling

OT Architect, Interstates
Alan Raveling is an OT Security Architect and leads the OT Cybersecurity Team within Interstates. Alan has been walking alongside companies in their journeys of digitization, IT/OT convergence, and cybersecurity enhancements for over 15 years.

Wednesday June 23, 2021 11:00am - 11:30am GMT+08

11:30am GMT+08

[Panel] Filtering Out the Noise and Silver Bullet Syndrome
Bringing some insights from the New Zealand industrial sector, this group of end users will discuss dealing with noise as it relates to ICS Cyber Security.  Noise as it relates to silver bullet syndrome, dealing with priorities and direction from senior leadership (C-suite, etc.), culture, threat intel, security operations (e.g. detection) and more. The panelists come with decades of experience in managing information security for industrial organisations. Insights will be shared on how that can relate to managing ICS security noise, not only for the industrial risks of today… but the industrial risks of tomorrow.


avatar for Peter Jackson

Peter Jackson

Engineering Manager – Cyber, Industrial – SGS ECL

avatar for James Blair

James Blair

Industrial CISO and Head of Digital, Todd Energy
James is an experienced senior IT executive with 12+ years of experience reporting to C-level for well-known medium to large global organisations.  James drives digital transformation and robust governance to support secure exponential growth in assets and footprint; improving Information... Read More →
avatar for Jonathan du Preez

Jonathan du Preez

CISO, Meridian Energy Group
Jonathan is the Group Information Security Manager with responsibilities for information security, holding the CISO title for Meridian Energy across Australia and New Zealand.  Coming from a consulting background, Jonathan knows how to be effective in identifying and implementing... Read More →
avatar for Matthew Lethbridge

Matthew Lethbridge

OT Security Officer, OMV NZ

Wednesday June 23, 2021 11:30am - 12:15pm GMT+08

12:15pm GMT+08

The Role of a Cross-Domain Solution in Modern OT Networks
In this session, Mostafa Al Amer, a cybersecurity project lead at Saudi Aramco, will discuss the role of a cross-domain solution (CDS) in modern OT networks, and cover:
  • What OT needs for protection when connected to external network
  • What a CDS is and its functions
  • The role / advantages of having a CDS for industrial networks
  • Implementation lessons learned

avatar for Mostafa Al Amer

Mostafa Al Amer

Cybersecurity Project Lead and Senior Expert, Saudi Aramco
Mostafa Al Amer is a cybersecurity Project Lead and Senior Expert with Saudi Aramco. He has more than 15 years' experience in Information Security having worked in both theoretical and practical field. His recent works include data center security, SCADA security and application security... Read More →

Wednesday June 23, 2021 12:15pm - 1:00pm GMT+08

1:00pm GMT+08

Break: Please Visit Sponsor Booths
Wednesday June 23, 2021 1:00pm - 1:15pm GMT+08

1:15pm GMT+08

Improving Transportation System Operational Visibility and Security
The number of assets used in Intelligent Transportation System (ITS) and logistics systems is growing rapidly, and they’re more connected than ever before. Unfortunately, this high level of digitization and network complexity has created an expanded attack surface with many vulnerabilities.

Join this session to learn about:
  • Security challenges faced by metro systems, maritime transportation and logistics
  • Gaining deeper operational visibility and preventing downtime
  • Identifying system vulnerabilities and detecting cyber threats

avatar for Malcolm Bailie

Malcolm Bailie

Delivery Manager, APJ, Nozomi Networks
Malcolm Bailie (GICSP) has over 21 years’ practical experience in the ICS/SCADA industry operating in the field helping asset owners maximize value from technology solutions. Over his career, Malcolm has gained a broad SME knowledge and skill set gained in managing operational critical... Read More →

Wednesday June 23, 2021 1:15pm - 1:45pm GMT+08

1:15pm GMT+08

Operational Integrity: Safeguarding Your OT Systems with Cyber AI
Join Hayley Turner, Darktrace’s Director of Industrial Security, as she uncovers the security challenges facing industrial environments and cyber-physical ecosystems.  

In addition to advances in attacker techniques, such as the rise of ICS ransomware, these include evolutions in the technological architecture of ICS, including digitized OT, exponential connections to Industrial IoT, and expanding internet-connected supply chains.

Here, self-learning AI provides the ideal solution to keep pace with rapid changes in the threat landscape and industrial technologies, with its ability to detect never-before-seen attacks and adapt to any changes in infrastructure.

In this session, Hayley will explore:
  • A new generation of threats facing the industrial sector 
  • Threat discovery: Advanced ICS attack at an international airport 
  • Threat discovery: Targeting sensitive data via an air-conditioning unit  

avatar for Hayley Turner

Hayley Turner

Director of Industrial Security, Darktrace
Hayley is Director of Industrial Security at Darktrace, a leading autonomous cyber security AI company and the creator of Autonomous Response technology. Hayley works with organizations across industries such as critical infrastructure, finance, healthcare and utilities, helping them... Read More →

Wednesday June 23, 2021 1:15pm - 1:45pm GMT+08

1:45pm GMT+08

Ransomware in ICS Environments: Initial Infection Vectors and Mitigation Techniques
Join this session as we review the accelerating attack trends of ransomware against ICS organizations, then delve into the most common initial infection vectors for ransomware attacks against ICS organizations, particularly vulnerability exploitation, stolen credentials, Remote Desktop protocol, and phishing. The session will use several case studies to illustrate how these infection vectors are employed by threat actors in practice, discussing some of the intricacies of attackers' techniques and methodologies. The presentation will end with an in-depth discussion of actions ICS organizations can implement now to defend against these techniques and decrease their risk exposure for ransomware attacks.

avatar for Camille Singleton

Camille Singleton

Senior Strategic Cyber Threat Lead, IBM
Camille Singleton brings fifteen years of professional experience to cybersecurity topics, both in the US government and as an analyst at IBM. While specializing in threats to operational technology, she is conversant on a range of topics affecting the cyber threat landscape, including... Read More →

Wednesday June 23, 2021 1:45pm - 2:15pm GMT+08

1:45pm GMT+08

Evaluation of Real-Time Automation Controller (RTAC) Resilience under Cyber Stress
Exclusive research from Oak Ridge National Laboratory

RTACs typically function as mid-level data aggregators or protocol translators in cyber-physical system applications. They collect data from multiple hardware components such as a Programmable Logic Controller (PLC) and sensors in order to transmit the aggregated data to an Human Machine Interface (HMI) or a Historian. Due to this central role in the data path, RTACs represent a valuable target for cyber-induced events. In this presentation we will describe results from an experimental study that we conducted to assess the resilience of an RTAC’s performance while subjecting it to varying degrees of cyber stress. Our findings indicate that, under moderate to heavy cyber stress rates, the RTAC function experiences degradation. Specifically, an input sine-wave signal to the RTAC suffers a notable distortion on the output (RMSE > 25%), and an input On-Off pulse train also suffers a significant distortion (RMSE > 50%). This study is among the first methodical approaches towards assessing the significance and mitigation approaches towards improving the resilience of Operational Technology components.


Lance Wetzel

Oak Ridge National Laboratory

Kalyan Perumalla

Oak Ridge National Laboratory

Dr. Juan Lopez Jr.

Oak Ridge National Laboratory

Wednesday June 23, 2021 1:45pm - 2:15pm GMT+08

2:15pm GMT+08

Breaking Entrypoint: An In-depth Data Breaches Analysis to the Critical Infrastructure of the Asia Pacific
Recently, many enterprises globally have suffered from leaks of sensitive customer or employee information due to APT attacks, malware attacks, insider leaks, or mis-configured settings. Data breaches have a considerable impact: harming corporate reputations, causing business to be lost, and causing risk for customers. If bad actors acquire leaked data , we can easily imagine the harmful consequences. The critical infrastructures of Asia Pacific countries such as Taiwan, Japan, and Singapore are equally affected by these risks. If sensitive information about employees or external services leaks, hackers can easily apply it to social engineering or advanced continuous penetration attacks. Furthermore, a critical infrastructure security incident can cause more than financial loss – it can also create a threat to the safety of physical equipment or to people’s lives and property.

This is a series of research including data gathered from the USA, Asia Pacific, and global ICS vendors. This part will collect publicly leaked data and share some of the traps and fun that we found during the analysis and focus on Asia Pacific. We will also share how we have used our unique automatic analytical process for building on the cloud to conduct big data analysis on more than 10 billion pieces of data from 200 plus datasets, with a particular focus on the analysis of data leakage, password habits, follow-up effect, and cross-country analysis of Asia’s critical infrastructure service providers. Based on the in-depth analysis of our data, we will try to provide predictions and warnings to high-risk CI sectors that may be invaded due to information leakage. Finally, we will advise how to perform prevention and mitigation measures.

avatar for Mars Cheng

Mars Cheng

Threat Researcher, TXOne Networks
Mars Cheng is a threat researcher for TXOne Networks, blending background and experience in both ICS/SCADA and Enterprise cybersecurity systems. Mars has directly contributed to more than 10 CVE-IDs, and has had work published in three Science Citation Index (SCI) applied cryptography... Read More →
avatar for YenTing Lee

YenTing Lee

Cyber Threat Researcher, TXOne Networks
YenTing Lee is a Cyber Threat Researcher at the TXOne Networks IoT/ICS Security Research Labs. Before joining TXOne, YenTing was a Section Head at the Taiwan National Center for Cyber Security Technology (NCCST). He has experience in both ICS/SCADA and Cyber Offensive and Defensive... Read More →

Wednesday June 23, 2021 2:15pm - 3:00pm GMT+08

3:00pm GMT+08

Reducing Attack Surface Using Integrity MAC Security Kernel for PLCs
Security for cyber systems built without a trustworthy operating system (OS) is simply a scientific impossibility. Industrial Control Systems are just that - systems - that require a systematic approach to securing their operations, beginning with a trustworthy Class A1 OS. Our research has demonstrated how ICS can effectively leverage Class A1 OSes to dramatically reduce the attack surface of even hostile Programmable Logic Controller applications, making them more secure, more resilient, and improving control system availability. Join this session to see how.

avatar for Ed Reed

Ed Reed

Sr. Director, Development Services, Aesec Corporation

Wednesday June 23, 2021 3:00pm - 3:30pm GMT+08

3:30pm GMT+08

Networking and Expo
Wednesday June 23, 2021 3:30pm - 4:00pm GMT+08
Thursday, June 24

11:00am GMT+08

Workshop: Architecture Design, Remote Access, Controlling Identities and Managing OT/IIoT/IoT security
Login to Workshop Using This Link

Architecture Design, Remote Access, Controlling Identities and Managing OT/IIoT/IoT security
During the time of sophisticated cyber-attacks like the SolarWinds hack, critical infrastructure asset owners realize that securing their infrastructure requires a pragmatic approach that enables them to continue on their digital transformation journeys. At the same time, provide them with the most efficient cybersecurity capabilities that help them with protecting their critical assets from emerging cyber-attacks.

In this 4-hour workshop, Ayman Al Issa, Industrial Cybersecurity Lead at McKinsey & Company, will focus and dive deep into four topics during the workshop:
  • An approach to designing a secure reference architecture for the integration of the industrial floor with the business. Ayman will cover the step-by-step design principles and the best practices to develop a “defense-in-depth and zero-trust” based secure reference architecture.
  • How to design secure remote access services that apply out-of-the-box methods and techniques to help enhanced plant maintenance and operations? 
  • How to control identities and identity access? Does IT/OT convergence mean that we converge the IT and OT environments and domains? Is it safe to integrated the identity services between IT and OT and to use federated identities?
  • Why is it important to understand the difference between IoT, IIoT, and OT environments when considering securing such systems from cyber threats? What are the most significant concerns that we need to realize when we think about utilizing public clouds for such environments?

avatar for Ayman Al Issa

Ayman Al Issa

Industrial Cybersecurity Lead and Senior Expert, McKinsey & Company
Ayman Al Issa is the McKinsey Industrial Cybersecurity Lead and Senior Expert. prior to joining McKinsey, he was the Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the international market and he was the Cybersecurity Business Development Lead... Read More →

Thursday June 24, 2021 11:00am - 3:00pm GMT+08