Cyber Security for Energy & Utilites Qatar 2012 schedule

Sunday 16th September 2012

• Critical infrastructure protection and industrial control

  • Identify and define the concepts behind the critical infrastructures protection and industrial control systems security
  • To discover and analyze the state- of- the- art at international level (USA, Canada, Latin America and Europe) of the critical infrastructures protection reviewing regulations, initiatives, standards, sectors, organizations, methodologies
  • To detect and analyze the current situation of security in the industrial sector and environments and the different threats, vulnerabilities and associated risks of industrial control systems
  • To discuss important organizational and management issues: IT Manager vs CSO/CISO vs Plant Manager vs Manufacturing Manager Design and propose a management framework appropriate to the critical infrastructures and industrial organizations
  • To identify, describe and adopt frameworks and standards applicable to this environments: BMIS, ISO 27001, BS 25999, ISA 99, NIST SP 800-82
  • To establish, implement and adopt Industrial Control Systems Security Program and design a critical infrastructure protection and security plan

  Mr. Samuel Linares
  Cyber Security Services Director
  Cluster TIC Asturias

  At 9:00am to 10:00am, Sunday 16th September

• Instilling change objectives and knowledge management to incorporate cyber security as a priority for critical infrastructure

  Improve control management by adopting new internal communication channels and organizational structures between IT, IS and engineering departments
  Optimize usability of security initiatives by building strong mediums between IT and control systems operators

  At 10:00am to 12:00pm, Sunday 16th September

• Developing necessary security measures to protect your networks from potentially fatal attacks such as Stuxnet

  Understand development methodologies and techniques for designing secure and resilient intelligent electronic devices against Stuxnet

  David Lacey
  Director of Research
  ISSA UK

  At 11:30am to 12:00pm, Sunday 16th September

  In Oryx Rotana Hotel

• Cyber security Policy: Maturity Frameworks and Metrics

  • Evolution of cyber security policy: maturity frameworks
  • Learn techniques to establish metrics for assessing your cyber security policy
  • Cyber security maturity strategies for organizations, industry and government

  Dr. Madanmohan Rao
  Former Communications Director
  United Nations Inter Press Service, New York

  At 1:00pm to 3:00pm, Sunday 16th September

• xecuting enterprise incident plans and scenario Evaluations: Developing institutional response initiatives through strategic org

  • How to implement standardized responses to security breaches
  • Exploring the roles and responsibilities of internal personnel
  • Establishing business continuity with multi-tiered approaches to cross functional internal training, security governance and successful contingency planning
  • Effectively balancing compliance activities and sustainable security control

  Subair Arkadan
  ICS Incharge
  KAHRAMAA

  At 2:30pm to 3:00pm, Sunday 16th September

  In Oryx Rotana Hotel

Monday 17th September 2012

• Upgrading legacy control systems & effective configuration management

  • Best-practices for protecting industrial control systems as information exchange functionality increases
  • Specific elements of a successful configuration management program, such as maintaining functional hardware and software code catalogues, developing schematic network maps, and conducting periodic monitoring activities
  • Creating a sustainable security base through managing your existing equipment while integrating network security processes through connection functionality assessments

  Nilanshu Dey
  Senior Instrument Engineer & Chairman Qatar Chapte
  Qatar Petroleum & ISA

  At 9:00am to 9:30am, Monday 17th September

• Evaluating cyber security risks involved in process control systems

  • Characterization of risks to process control systems and the translation of these risks to business and operational impacts
  • Learn how to mitigate your cyber risk to provide safe and reliable critical infrastructure services

  Yaser Hamza
  IT Security Manager
  QAPCO

  At 9:30am to 10:00am, Monday 17th September

  In Oryx Rotana Hotel

• Panel discussion

  Evaluating vulnerabilities and some potential solutions for industrial control networks

  Dana Al-Abdulla , Cyber Security Resilience Manager, Q-CERT
  Yaser Hamza , IT Security Manager, QAPCO
  Noor Zaman , Professor, ABET Accredited, King Faisal University

  At 10:00am to 10:30am, Monday 17th September

  In Oryx Rotana Hotel

• Highlighting the range of cyber security threats and how to identify future trends to minimize cyber attacks

  • Establish a complete emergency response as an action plan for system failures
  • Learn how to improve your resiliency and recovery to minimize your downtime during system failures
  • Discover the operational benefits of cyber security and system robustness maximizing productivity

  Dana Al-Abdulla
  Cyber Security Resilience Manager
  Q-CERT

  At 11:00am to 11:30am, Monday 17th September

  In Oryx Rotana Hotel

• The importance and discovery of the Duqu malware

  • Learn the consequences of Duqu and how it has changed the perception about critical infrastructure
  • Evaluating new technology that can protect against Duqu
  • Showcasing lessons learnt from Duqu case

  Noor Zaman
  Professor, ABET Accredited
  King Faisal University

  At 12:00pm to 12:30pm, Monday 17th September

  In Oryx Rotana Hotel

• Inside the cyber criminal’s mind: A live hacking demo

  The extent of the damage that can be done to your business, data, employees, customers and brand when an intruder has control of assets of your network

  At 1:30pm to 2:00pm, Monday 17th September

  In Oryx Rotana Hotel

• Strategizing your cyber security action plan

  • Assessment, procurement methodology and implementation measures
  • Security applications that minimize system downtime and supports maximum operability
  • Maximize cyber security investments by streamlined implementation strategies and optimal use of software and hardware to sustain operations and meet compliance standards
  • Ensure successful and secure upgrades to legacy systems with project management strategies that do not compromise real-time system availability

  At 2:00pm to 2:30pm, Monday 17th September

  In Oryx Rotana Hotel

Tuesday 18th September 2012

• Cyber protection for critical infrastructure in the Middle East

  • Overview of Qatar’s SCADA Security Guidelines, the region’s first SCADA Security manual (In English and Arabic)
  • Understanding cyber security risks and the subsequent business and operational impacts to develop a path forward and securing operations
  • Role of technology, plans, policies, standards, and guidelines in cyber protection such as NERC-CIP, ISA/IEC62443, NIST 800-82

  Omar Sherin
  NICII Manager
  Q-CERT

  At 9:00am to 9:30am, Tuesday 18th September

  In Oryx Rotana Hotel

• Back to the Future: Welcome to the ICS Security:

  • Analyzing different characteristics of the ICS Security including process, technology and personnel
  • Identifying different cultures between the Plant vs IT people and ICS vulnerabilities

  Mr. Samuel Linares
  Cyber Security Services Director
  Cluster TIC Asturias

  At 9:30am to 10:00am, Tuesday 18th September

  In Oryx Rotana Hotel

• The ICS Cyber Security

  • Review of the modern challenges for ICS running plants and how to overcome them
  • The judgment of threat vs. countermeasure supported by a case study of ICS wireless technology

  Ibrahim Samir Hamad
  IT & ICS Security Professional
  ISO Dolphin Energy Ltd

  At 10:00am to 10:30am, Tuesday 18th September

  In Oryx Rotana Hotel

• Ensuring security is incorporated into your master plan and implemented in the design stages

  • Involving security early in the design process to guarantee resilience
  • The importance of implementing standards and regulations as a company wide initiative in order to reduce risks with new ICS systems as they are designed on open standards such as Windows and TCPl Systems

  Mr Ayman AL-Issa
  Digital Oil Fields Cyber Security Advisor, IT
  ADMA-OPCO

  At 11:30am to 12:00pm, Tuesday 18th September

  In Oryx Rotana Hotel

• Panel Discussion

  Managing virtualization security risk and leveraging best practices

  Mr Ayman AL-Issa , Digital Oil Fields Cyber Security Advisor, IT, ADMA-OPCO
  Mr. Audrey Zolotive , Senior DCS Engineer, Kuwait Oil Company
  Khalid Abdul Rehman , Eng. SCADA System Administrator, KAHRAMAA
  Omar Sherin , NICII Manager, Q-CERT

  At 12:00pm to 12:30pm, Tuesday 18th September

  In Oryx Rotana Hotel

• Process to define and quantify characteristics of threats, and to relate these to similar characteristics of vulnerabilities, in

  • Review of the modern challenges for ICS running plants and how to overcome them
  • The judgment of threat vs. countermeasure supported by a case study of ICS wireless technology

  Mr Seth Bromberger
  Executive Vice President
  Energy Sector Security Consortium

  At 1:30pm to 2:00pm, Tuesday 18th September

  In Oryx Rotana Hotel

• Achieving sustainable system security & compliant IT architectures

  • Creating flexible network architectures with continual, cross functional and collaborative planning between IT, IS, and engineering
  • Leveraging compliance software and establishing liability for self monitoring responsibilities to meet regulation and standards

  Mr. Audrey Zolotive
  Senior DCS Engineer
  Kuwait Oil Company

  At 2:00pm to 2:30pm, Tuesday 18th September

  In Oryx Rotana Hotel

• Building a complete and effective cyber security control strategy

  • Discover ways to monitor key corporate IT and control systems in order to detect cyber incidents
  • Learn from proven methods to manage who has authorization and access to maximize the protection of your system
  • Discover strategies to identify the individuals being granted access to your system to strengthen your defenses

  Khalid Abdul Rehman
  Eng. SCADA System Administrator
  KAHRAMAA

  At 2:30pm to 3:00pm, Tuesday 18th September

  In Oryx Rotana Hotel

Wednesday 19th September 2012

• Defining and quantifying characteristics of threats in Cyber Security

  This workshop will describe a process to define and quantify characteristics of threats, and to relate these characteristics to similar characteristics of vulnerabilities, in order to provide a total risk evaluation based on objective and comparable criteria. It will also provide results from real-world application of this methodology. The resultant enhancements to risk analysis have allowed one company to benefit from greater resource efficiencies and productivity increases by streamlining the effort needed to analyze, prioritize, and remediate risks to the organization.

  Objectives:
  Understand the benefits of objective measurement and reporting of threat actors and threat capabilities
  Learn how to develop a set of organization-specific capabilities to describe threat actors
  Realize the importance of correlating threat and vulnerability data using consistent, objective methods
  See the benefits of taking a deterministic approach to threat management and mitigation

  Attendees of the workshop will have an opportunity to apply the principles of the quantitative threat methodology to their organizations by creating and analyzing their own threat matrices

  Dr. Madanmohan Rao
  Former Communications Director
  United Nations Inter Press Service, New York

  At 10:00am to 10:00am, Wednesday 19th September

  In Oryx Rotana Hotel

• Cyber security maturity strategies for organizations, industries and governments

  • Evolution of cyber security policy: maturity frameworks
  • Learn how to establish metrics for assessing your cyber security policy

  Dr. Madanmohan Rao
  Former Communications Director
  United Nations Inter Press Service, New York

  At 11:00am to 11:30am, Wednesday 19th September

  In Oryx Rotana Hotel