The first brochure for SMi Group's 3rd annual Oil & Gas Cyber Security conference & exhibition is here. Don't miss the Early Bird deadline and contact Alia Malick if you want to get involved.
SMi Group's Oil & Gas Cyber Security conference & exhibition
1. EXHIBITOR
www.oilandgas-cybersecurity.com
Register online or alternatively fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711
KEY SPEAKERS INCLUDE:
By 2018 the oil and gas industry will be spending up to $1.87 billion annually on cyber security.
Edward Hamilton, Senior Manager, Global Information
Security Transformation Programmes, PWC
Iain Brownlie, Senior Consultant, ABB
Andrea Rigoni, Director General, GCSEC Global Cyber
Security Centre
Michela Menting, Cyber Security Senior Analyst, ABI
Research
⢠Fathiya Al Farsi, Head IM&T Risk Management, Petroleum
Development Oman
⢠Phil Jones, Security and Resilience Manager, GDF Suez
E&P UK Ltd
⢠Tim Harwood, Security Capability & Awareness Lead, BP*
⢠Auke Huistra, Lead Workforce Development PCD IT
Security, Shell Projects & Technology
⢠Annemarie Zielstra, Director, International Relations,
Cyber Resilience, Netherlands Organisation for Applied
Scientific Research TNO
⢠Dr Gal Luft, Co-Director, Institute for the Analysis of
Global Security, Senior Adviser, United States Energy
Security Council
⢠Geir Arild Engh-Hellesvik, Senior Manager, Technology
Risk Services, BDO Norway
⢠Andrea Rigoni, Director General, GCSEC Global Cyber
Security Centre
⢠Edward Hamilton, Head of Threat and Vulnerability
Management, PWC
⢠Michela Menting, Senior Analyst, Cyber Security Research
Service, ABI research
⢠David Spinks, Operational Risk Manager, CSIRS
⢠Samuel Linares, Director, CCI
⢠Iain Brownlie, Senior Consultant, Safety Solutions Group,
ABB
⢠Alan Calder, CEO, IT Governance
Collaboration in industrial cyber security: a key aspect of CIIP
Workshop Leader: Samuel Linares, Director, CCI
8.30am â 12.30pm
25th and 26th November 2013, Marriott Regents Park Hotel, London
Oil and Gas
Cyber Security
SMi present their 3rd annual conference onâŚ
PLUS AN INTERACTIVE HALF-DAY POST-CONFERENCE WORKSHOP
Wednesday 27th November 2013, Marriott Regents Park Hotel, London
Sponsored by
EARLY BIRD
DISCOUNTS
BOOK BY 19TH JULY
SAVE ÂŁ300
BOOK BY
30TH SEPTEMBER
SAVE ÂŁ100
ADVISORY BOARD:
*Subject to final confirmation
2. DAYONEIMONDAY25THNOVEMBER2013
Oil and Gas Cyber Security www.oilandgas-cybersecurity.com
Register online at www.oilandgas-cybersecurity.com ⢠Alternatively fax your registratio
ABB is a global leader in control, automation, electrical, safety, telecommunications and instrumentation in the Oil
and Gas industry. Full life cycle and consulting services help protect and optimise assets. ABB offer vulnerability
assessments, incident handling, remote access platforms and security client server management, such as security
event monitoring. www.abb.com/oilandgas
Waterfall Security is the leading provider of Unidirectional Security Gateways⢠for industrial control networks and
critical infrastructures. Waterfallâs Unidirectional Gateways reduce the cost and complexity of compliance with
regulations, as well as with cyber-security best practices. Waterfallâs products are deployed worldwide in utilities
and critical national infrastructures. Frost & Sullivan awarded Waterfall the 2012 Network Security Award for
Industrial Control Systems Entrepreneurial Company of the Year. Waterfallâs offerings include support for leading
industrial applications, including the OSIsoft PI⢠Historian, the GE Proficy⢠iHistorian, Siemens
SIMATICâ˘/Spectrum⢠solutions, as well as OPC, Modbus, DNP3, ICCP and other industrial protocols.
www.waterfall-security.com
Sponsored by
*Subject to final confirmation
8.30 Registration & Coffee
9.00 Chairman's opening remarks
Edward Hamilton, Head of Threat and Vulnerability Management, PWC
OPENING ADDRESS
9.10 From traditional Information security to an IS multilayer
management Model - PDO IS Journey
⢠PDO transformation journey in managing information security
⢠Our evolution and education from using the traditional model of
securing infrastructure to where we are today
⢠Adopting a three dimensions model, based on a Risk oriented
approach anchoring on ISO 27001 standard to identify various
types of threats and vulnerabilities and manage them
commensurate with PDO business imperatives
⢠Insights and learningâs from PDO iSecure campaign
Fathiya Al Farsi, Head IM&T Risk Management, Petroleum
Development Oman
9.50 A Security Culture?
⢠The breaking down of the traditional silos
⢠Cyber â the little engineering
⢠The human perspective
Phil Jones, Security and Resilience Manager, GDF Suez E&P UK Ltd
10.30 Morning Coffee
11.00 Integrating Process Control and IT
Process manufacturers are tasked to manage open, control systems
platforms and use standard networks that are connected to external
systems and the enterprise network. Even systems that are not
connected to external systems or the enterprise network require
security measures to prevent them from becoming infected by
viruses or worms. New challenges in managing this critical
infrastructure arise every day and can include:
⢠Process systems that are becoming more integrated with business
systems and the reliability of this integration are absolutely critical
to production
⢠Cyber security now poses a real threat to operations and updating
patches and anti-viruses on the process control network is more
critical than ever before. In many plants the anti-virus product
supported by the process control vendor is not the same as the
anti-virus product supported by the corporate IT department
⢠The pace of change in process technologies is now keeping up
with technologies traditionally found in IT - creating a challenge to
keep these systems updated and reliable
⢠How to structure and staff an organization to support this rapidly
changing environment
⢠We will share best practices and provide end users scenarios that
illustrate how to balance the needs to integrate process control
with IT and ensure system availability and reliability while
mitigating the risks of an evolving cyber threat landscape
Mike Baldi, Global Cyber Architect, Honeywell Process Solutions
ICS and SCADA
11.40 ICS Critical Skills and the need for a Global Industrial Cyber
Security certification
Cyber security threats continue to increase in both frequency
and sophistication. The industry is getting more automated,
integrated and interconnected, creating a real challenge being
faced. To manage risk effectively in our industrial domains,
technology, standards, policies and practices are not enough,
people are crucial!
⢠A standardized foundational set of skills, knowledge and abilities
for Industrial Cyber Security across the industry is lacking
⢠There is a need for a standardized, vendor-neutral, certification
program that provides structure and demonstrated competence
⢠An ICS professional needs a hybrid set of experience and
competencies that can be roughly divided in 4 domains - IT, Cyber
Security, Engineering, and Corporate/Industry standards
⢠The approach to create this training and certification program is
an industry effort, where private-public organizations from
different backgrounds work together
Annemarie Zielstra, Director International Relations, Cyber
Resilience, Netherlands Organisation for Applied Scientific
Research TNO
Auke Huistra, Lead Workforce Development PCD IT Security, Shell
Projects & Technology
12.20 Networking lunch
1.30 Secure the Engineers- Building a security awareness
programme targeted for ICS staff
⢠Session details to be confirmed
Tim Harwood, Security Capability & Awareness Lead, BP*
2.10 The Power of Cyber Resilience â Managing Risk and
Recovering from Breaches
⢠There have been several attacks targeted at oil and gas firms in
the last two years
⢠Good risk-mitigation strategies can reduce cyber risk, but they
cannot eliminate cyber attacks
⢠Oil and gas companies need to assume a breach will happen and
prepare accordingly
⢠An organisationâs ability to respond to and recover from security
breaches â its cyber-resilience â is fundamental to its risk
management strategy
⢠Information security standards are an important element in
building a strong, resilient information and communication
infrastructure
⢠This session will examine cyber risk in the oil and gas sector, the
pervasiveness of cyber-incidents and the key steps in building a
cyber-resilience strategy
Alan Calder, CEO, IT Governance
2.50 Afternoon Tea
3.20 CCI: A success story on collaboration in Industrial Cyber
security
⢠Describing the setting of the industrial cyber security: current
situation, lacks and needs
⢠The Actors: description of main stakeholders and supposed roles
⢠The Screenplay: the good, the bad and the ugly. Who is who?
⢠The Challenge: deal with objectives from different sources could
become barriers to the deployment of cyber security measures
⢠The Solution: Collaboration as a key aspect of Industrial cyber
security
⢠The Film: industrial cyber security centre as a successful case on
collaboration in industrial cyber security
Samuel Linares, Director, CCI
4.00 Cyber Security: A lawyer's perspective
⢠Why is Cyber Security a boardroom issue?
⢠Regulations: US and EU developments
⢠Crisis management
⢠Legal sanctions and legal recourse for victims
Jane Jenkins, Partner, Dispute Resolution, Freshfields Bruckhaus
Deringer
4.40 Chairman's closing remarks and close of day one
3. Oil and Gas Cyber Security www.oilandgas-cybersecurity.com
DAYTWOITUESDAY26THNOVEMBER2013
n to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711 ⢠GROUP DISCOUNTS AVAILABLE
Honeywell helps mitigate the risk of the evolving cyber threat landscape, delivering more reliable operations. Our portfolio
includes vulnerability assessments, network design, procedural policy development and tools to address areas such as
backup/restore, patch management, remote access security, antivirus, application whitelisting, host intrusion detection,
as well as change management services. www.HoneywellProcess.com
Sponsored by
Supported by
8.30 Registration & Coffee
9.00 Chairman's opening remarks
Edward Hamilton, Head of Threat and Vulnerability
Management, PWC
Crises Management and Threat Evasion
OPENING ADDRESS
9.10 Energy vulnerabilities of offshore oil and gas installations
⢠Powering offshore oil and gas facilities
⢠Risks to energy supply and their potential cost
⢠Cyber vulnerabilities in offshore installations
⢠Technologies for islanding and power disruption mitigation
Dr Gal Luft, Co-Director, Institute for the Analysis of Global
Security, Senior Adviser, United States Energy Security Council
9.50 Converging requirements for safety and security in this
cyber connected world
⢠Security requirements determined by IEC 61508
⢠Human factors - the weakest link
⢠A brief history of CHAZOP
⢠Security management : where your vendor can help
Iain Brownlie, Senior Consultant, Safety Solutions Group, ABB
Paul Gogarty, System Build and Support Team Lead, Oil and
Gas Projects, ABB
10.30 Morning Coffee
11.00 Identifying key security threats and how to focus on protecting
assets that really matter
The potential impact of a security incident within the oil and
gas industry is significant! Within this sector there are a
number of key business areas that have significant security
risks, these include:
⢠Security of the operational technology e.g. industrial control
systems on rigs
⢠Where a security incident could have a significant impact on
the environment or loss of revenue, sensitivity of core
business information around exploration of new oil and gas
fields
⢠Data loss leading to a loss of revenue, mergers and
acquisitions, securing the financial and operational due
diligence to ensure share price is appropriate
Oil and Gas organisations need to identify and protect their
assets appropriately in order to ensure they have greater
opportunities to maximise their business's potential from
emerging technologies and identity new business opportunities.
This presentation will outline some of the key security threats
and explore how organisations can focus on protecting those
assets that really matter, enabling them to combat threats to
their organisation.
Edward Hamilton, Head of Threat and Vulnerability
Management, PWC
11.40 Panel Discussion- the changing landscape of cyber security
Michela Menting, Cyber Security Senior Analyst, ABI research
Iain Brownlie, Senior Consultant, Safety Solutions Group, ABB
12.20 Networking lunch
1.30 Cyber security - the weaponization of malware and the
consequences
⢠Overview of the last decade of cyber weapons
⢠What are the specific challenges that cyber weapons pose to
the industryÂ
⢠How do we address these issues and reduce our exposure to
future attacks
⢠How should we strategise when planning our defences?
Geir Arild Engh-Hellesvik, Senior Manager, Technology Risk
Services, BDO Norway
2.10 Advanced Persistent Threats (APT) â update from the front line
Focus of this presentation will be intelligence gathered from
forensic investigations of recent attacks to Critical National
Infrastructure. The presenter where possible will provide
details of:
⢠Insider threats
⢠Social engineering
⢠Malware
⢠Zero day attacks
⢠Losses
For each of these attack/threat vectors the presentation will
include recommended actions and strategies to detect and
defend against such threats. The implementation of methods
such as SIEM and use of Big Data are discussed as are sources
of threat intelligence and information.
David Spinks, Operational Risk Manager, CSIRS
3.00 Afternoon Tea
3.20 Changing policy and regulation for operators of oil & gas
infrastructure
⢠Current regulatory landscape in North America and Europe
⢠National cyber security strategies and the protection of
critical infrastructure
⢠What the changing policy environment means for operators of
oil & gas installations
⢠Adapting to new compliance mechanisms
Michela Menting, Cyber Security Senior Analyst, ABI research
4.00 Cyber security investment and board level buy ins
⢠Spending to improve cyber security
⢠What is the return on investment?
⢠Successful business cases
Andrea Rigoni, Director General, GCSEC Global Cyber Security
Centre
4.40 Chairmanâs closing remarks and close conference
4. Collaboration in industrial cyber
security: a key aspect of CIIP
8.30am â 12.30pm
Workshop overview:
This informative workshop will explain how the
collaboration in industrial cyber security improves the
overall security of critical information infrastructures. We
will look at descriptions of the industrial cyber security
landscape, the problems to be faced, and proposed
solutions. The workshop shall address cyber security
issues and how the end user should deal with them,
communicating with stakeholders, regulations, the
involvement of public bodies, and how objectives from
different departments and organisations could become
barriers to the deployment of cyber security measures.
Why you should attend:
⢠Internal and external collaboration on industrial
cyber security is a key challenge in our
organisations. Itâs needed to adequately protect our
infrastructures and to continue to increase our
knowledge surrounding the industry.
⢠Working together with different groups, contributing
and exchanging information about existing and
future collaboration will be valuable to every
professional involved in the cyber security arena.
⢠After this workshop delegates will have firsthand
knowledge about the more common issues of
industrial cyber security and how to deal with them.
Agenda:
8.30 Registration and coffee
9.00 Opening remarks
9.10 Keynotes on how collaboration in industrial
cyber security could improve the overall
security of Critical Information
Infrastructures:
⢠Description of the industrial cyber
security landscape
⢠Description of main stakeholders
⢠Problems to be faced
⢠Proposed solutions
10.30 Coffee break
11.00 Role play session
12.00 A real case of cross-sector collaboration
12.20 Closing remarks
12.30 End of workshop
About the workshop leaders:
Samuel Linares is the Director of the Industrial cyber
security Center, European Commission Independent
Evaluator and ENISA (European Network and
Information Security Agency) CIIP Expert. With +18
years of security, system integration and multinational
and multicultural projects management experience, he
has been the main promoter of the âIndustrial
Cybersecurityâ concept in Spanish, being recognized as
one of the key Spanish and Latin- American experts in
this area and participating as speaker, chairman and
teacher in different events all over the world (including
Spain, UK, Belgium, Qatar, Mexico, Argentina or Cuba
among others). He holds various cybersecurity
certifications including CRISC (Certified in Risk and
Information Systems Control), CGEIT (Certified in
Governance of Enterprise IT), CISM (Certified
Information Security Manager), CISA (Certified
Information Security Auditor), CISSP (Certified
Information Systems Security Professional), GIAC
Assessing Wireless Networks (GAWN), Systems and
Network Auditor (GSNA), and Google Hacking &
Defense (SSP-GHD), BSI BS 25999 & BS 7799 Lead
Auditor (since 2002), and several additional vendor
specific technical certifications. He holds a B.S. in
Computer Science from the Univ. de Oviedo and is
University Specialist in Data Protection at the Colegio
Universitario Escorial Maria Cristina. Samuel can be
followed on his blog (http://blog.infosecman.com) and
on Twitter @infosecmanblog
HALF DAY POST-CONFERENCE WORKSHOP
Wednesday 27th November 2013
Marriott Regents Park Hotel, London
In association with
5. SMi Energy Planner
JUNE
Distributed Energy Storage
17th - 18th June 2013
Copthorne Tara Hotel
London, United Kingdom
Gas Storage
19th - 20th June 2013
Copthorne Tara Hotel
London, United Kingdom
SEPTEMBER
Telecoms for Smart Grids
23rd - 24th September 2013
Marriot Regents Park
London, United Kingdom
Energy from Waste
25th - 26th September 2013
Kensington Close
London, United Kingdom
OCTOBER
Distribution Automation Europe
14th - 15th October 2013
Marriot Regents Park
London, United Kingdom
Shale Gas Environmental Summit
22nd - 23rd October 2013
Holiday Inn Regents Park
London, United Kingdom
Gas to Liquids
29th - 30th October 2013
Marriot Regents Park,
London, United Kingdom
NOVEMBER
Oil & Gas Cyber Security
25th - 26th November 2013
Marriot Regents Park,
London, United Kingdom
FEBRUARY 2014
FLNG
17th - 18th February 2014
Marriot Regents Park
London, United Kingdom
M2M Telematics for Usage Based
Insurance
19th - 20th February 2014
Marriot Regents Park
London, United Kingdom
SPONSORSHIP AND EXHIBITION OPPORTUNITIES
SMi offer sponsorship, exhibition, advertising and
branding packages, uniquely tailored to
complement your company's marketing strategy.
Should you wish to join the increasing number of
companies benefiting from promoting their
business at our conferences please call:
Alia Malick, SMi Sponsorship on
+44 (0)20 7827 6168 or email:
amalick@smi-online.co.uk
Want to know how to get involved? Interested in
promoting your services to this market?
Contact Vinh Trinh on +44 (0)20 7827 6140 or
email: vtrinh@smi-online.co.uk
6. If you have any further queries please call the Events Team on tel +44 (0) 870 9090 711 or you can email them at events@smi-online.co.uk
OIL AND GAS CYBER SECURITY
Monday 25th and Tuesday 26th November 2013, Marriott Regents Park Hotel, London Workshop: Wednesday 27th November 2013
4 WAYS TO REGISTER
FAX your booking form to +44 (0) 870 9090 712
PHONE on +44 (0) 870 9090 711
Online at www.oilandgas-cybersecurity.com
n Bookby19thJuly2013andreceiveaÂŁ300discountoffconferenceprice
n Bookby30thSeptember2013andreceiveaÂŁ100discountoffconferenceprice
EARLYBIRD
DISCOUNT
Payment must be made to SMi Group Ltd, and received before the event, by one of the
following methods quoting reference E-036 and the delegateâs name. Bookings made within
7 days of the event require payment on booking, methods of payment are below. Please
indicate method of payment:
n UK BACS Sort Code 300009, Account 00936418
n Wire Transfer Lloyds TSB Bank Plc, 39 Threadneedle Street, London, EC2R 8AU
Swift (BIC): LOYDGB21013, Account 00936418
IBAN GB48 LOYD 3000 0900 9364 18
n Cheque We can only accept Sterling cheques drawn on a UK bank.
n Credit Card ⥠Visa ⥠MasterCard ⥠American Express
All credit card payments will be subject to standard credit card charges.
Card No: nnnn nnnn nnnn nnnn
Valid From nn/nn Expiry Date nn/nn
CVV Number nnn 3 digit security on reverse of card, 4 digits for AMEX card
Cardholderâs Name:
Signature: Date:
I agree to be bound by SMi's Terms and Conditions of Booking.
Card Billing Address (If different from above):
CONFERENCE PRICES
DOCUMENTATION (Shipped 10-14 days after the event)
I cannot attend but would like to purchase access to the following
Document Portal/paper copy documentation: Price Total
n Access to the conference documentation
on the Document Portal ÂŁ499.00 + VAT ÂŁ598.80
n The Conference Presentations - paper copy ÂŁ499.00 - ÂŁ499.00
(or only ÂŁ300 if ordered with the Document Portal)
VENUE The Marriott Regents Park, 128 King Henry's Road, London NW3 3ST
nPlease contact me to book my hotel
Alternatively call us on +44 (0) 870 9090 711,
email: hotels@smi-online.co.uk or fax +44 (0) 870 9090 712
VAT
VAT at 20% is charged on the attendance fees for all delegates. VAT is also charged on Document Portal and
Literature Distribution for all UK customers and for those EU customers not supplying a registration
number for their own country here: _______________________
PAYMENT
POST your booking form to: Events Team, SMi Group Ltd, 2nd Floor South,
Harling House, 47-51 Great Suffolk Street, London, SE1 0BS
Payment: If payment is not made at the time of booking, then an invoice will be issued and must
be paid immediately and prior to the start of the event. If payment has not been received then credit
card details will be requested and payment taken before entry to the event. Bookings within 7 days
of event require payment on booking. Access to the Document Portal will not be given until
payment has been received.
Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, another
delegate to take your place at any time prior to the start of the event. Two or more delegates may
not âshareâ a place at an event. Please make separate bookings for each delegate.
Cancellation: If you wish to cancel your attendance at an event and you are unable to send a
substitute, then we will refund/credit 50% of the due fee less a ÂŁ50 administration charge,
providing that cancellation is made in writing and received at least 28 days prior to the start of the
event. Regretfully cancellation after this time cannot be accepted. We will however provide the
conferences documentation via the Document Portal to any delegate who has paid but is unable to
attend for any reason. Due to the interactive nature of the Briefings we are not normally able to
provide documentation in these circumstances. We cannot accept cancellations of orders placed
for Documentation or the Document Portal as these are reproduced specifically to order. If we have
to cancel the event for any reason, then we will make a full refund immediately, but disclaim any
further liability.
Alterations: It may become necessary for us to make alterations to the content, speakers, timing,
venue or date of the event compared to the advertised programme.
Data Protection: The SMi Group gathers personal data in accordance with the UK Data Protection
Act 1998 and we may use this to contact you by telephone, fax, post or email to tell you about other
products and services. Unless you tick here ⥠we may also share your data with third parties
offering complementary products or services. If you have any queries or want to update any of the
data that we hold then please contact our Database Manager databasemanager@smi-online.co.uk
or visit our website www.smi-online.co.uk/updates quoting the URN as detailed above your
address on the attached letter.
Unique Reference Number
Our Reference LV E-036
Terms and Conditions of Booking
DELEGATE DETAILS
Please complete fully and clearly in capital letters. Please photocopy for additional delegates.
Title: Forename:
Surname:
Job Title:
Department/Division:
Company/Organisation:
Company VAT number:
Email:
Address:
Town/City:
Post/Zip Code: Country:
Direct Tel: Direct Fax:
Mobile:
Switchboard:
Signature: Date:
I agree to be bound by SMi's Terms and Conditions of Booking.
ACCOUNTS DEPT
Title: Forename:
Surname:
Email:
Address (if different from above):
Town/City:
Post/Zip Code: Country:
Direct Tel: Direct Fax:
I would like to attend: (Please tick as appropriate) Fee TOTAL
⥠Conference and Workshop £2298.00 + VAT £2757.60
⥠Conference Only £1699.00 + VAT £2038.80
⥠Workshop Only £599.00 + VAT £718.80
PROMOTIONAL LITERATURE DISTRIBUTION
⥠Distribution of your companyâs promotional
literature to all conference attendees ÂŁ999.00 +VAT ÂŁ1198.80
GROUP DISCOUNTS AVAILABLE
The conference fee includes refreshments, lunch, conference papers and access
to the Document Portal containing all of the presentations.