BIO: Nick Coles
After a successful academic period with a First Class Honours Degree and D Phil in Materials Science and culminating in the Engelhard Research Fellow working on the Dispersion Hardening of Composite Materials, Nick joined the British Hydromechanics Research Group to develop their international conference activities. Some 5 years later he started a technical conference series for IBC in London, at a time when no technical business conferences existed compared with the plethora of international conference activity today.

Nick spent 11 years managing several groups running global events in Energy, IT, Construction and HSE as well as acting as publisher of technical publications in these areas. Nick and his colleagues were successful in taking IBC to market and it is now listed on the UK Stock Exchange as INFORMA.

After a short USA sabbatical, Nick began his own activities including the organization of events for the then emerging Russian and CIS markets. He arrived in the UAE in 1994 at the request of a group of instrumentation companies and invited ADNOC to support a SCADA in Oil & Gas Conference. From this introduction he has gone on to develop a number of well-respected events in the GCC region focused on the Energy sector and continues to do so in assisting in creating and organizing events in a number of technical business management areas through his consulting company, PPT Consulting (where PPT signifies the crucial importance of the beneficial integration of People, Process and Technology).

One important activity is working with EXPROBIZ to develop specific events for the Upstream Oil & Gas and Mining sectors. Having observed the increase of Cyber Threats since the advent of STUXNET some years back, and having run events on cyber security in conjunction with head of IT security of the UK Metropolitan Police during IBC days, Nick created CySSIG with Ross Davidson of EXPROBIZ in early 2022 with plans to bring expert advice to all those interested in creating a more secure IT/OT environment.

SUMMARY:
Nick will welcome all delegates and introduce Andrew Dennant who will moderate the webinar.

Dismiss

BIO: Eric Byres
Eric Byres, Chief Technology Officer at aDolus Technology Inc., is one of the world’s leading experts in the field of Operational Technology (OT) cybersecurity.

He is the inventor of the Tofino Security technology – the most widely deployed OT-specific firewall in the world – licensed by industry leaders like Honeywell, Schneider Electric, and Caterpillar.

Eric now focuses on improving the security of the software supply chain for OT. He is member of the NTIA SBOM Awareness & Adoption Committee and has authored numerous articles of Software Bill of Materials.

Eric's many accomplishments include chairing the initial ISA SP-99 Security Technologies Working Group (now known as IEC-62443) and testifying to the US Congress. He has received numerous awards from international organizations and was made an ISA Fellow in 2009.

In 2013 he received ISA’s highest honor: Excellence in Leadership.

SUMMARY:
The late 2020 SolarWinds hack introduced the world to the extreme risk posed by supply chain attacks to critical systems. By penetrating the software development process of the SolarWinds company, the attackers managed to infiltrate multiple branches of the US government, the US military, and most of the Fortune 500 companies. A year later the Log4j crisis showed how even accidental security flaws can have a global impact on the Information Technology (IT) and Operational Technology (OT) supply chain.

This talk will dive into some of the technical details of the SolarWinds and Log4j incidents. We will compare these events with previous supply chain attacks and show why the high Return on Investment (RoI) for attackers means the OT supply chain will face many more attacks in the future. 

We’ll review research on the current exploitability of the OT software supply chain as well as specific recommendations from the Atlantic Council on how to guard against these kinds of attacks. We’ll outline why vulnerabilities like Log4j can be very challenging to find when deeply embedded in OT software. Then we’ll explore how Software Bill of Materials (SBOMs) can help both vendors and operators assess the validity and safety of all the components of any given software package. We’ll talk about why advanced AI techniques are essential to stay ahead of these well-funded, sophisticated attacks.  We’ll close with examples of vendors in the Oil & Gas sector that provide SBOMs and how their customers can use them to secure their software supply chain.

Dismiss

BIO: Andrew Dennant
Andrew Dennant is a Chemical Engineer who has spent more than 25 years in the Process Automation industry with focus on safety and understanding customers’ applications.

Originally from the UK, he attended the University of Bath and came to Abu Dhabi in 2001. Since then he has lived and worked in the Middle East and the USA with a mix of Consulting, Product Management, Industry and Leadership roles of increasing seniority.

He is married with two children.

SUMMARY:
Any organisation with an Operational Technology (OT) component knows that they need to review their cybersecurity stance and ensure that they have taken the right measures to protect themselves from attack now and into the future.

However, the vast majority of cybersecurity organisations come from an Information Technology (IT) background, and the needs of IT and OT when it comes to cybersecurity are related but not the same. HIMA has identified four key areas where understanding the difference between a potential consultant’s IT and OT cybersecurity expertise can have a dramatic impact on the effectiveness of the implementation.

The first is domain expertise in the OT space. Many legacy OT systems were seen as practically separate from the IT infrastructure and designed in a fundamentally different way from those in IT. Consequently, a review of an OT network by an IT expert is often more time-consuming than it should be. A deep understanding of OT allows the right consultant to ensure that the connections needed to maintain safe and reliable plant operations are hardened, and that boundaries are enforced where needed.

The second is standards compliance. The two foremost standards (ISA/IEC 62443 and NIST’s SP 800-82) are relatively new and complex, so it is important to choose an OT Cybersecurity Consultant who has deep understanding of these. A lack of understanding of the current standard and its future iterations can lead to over-engineering in some areas and a lack of attention in others; in the worst case the implementation is overly expensive, leaves gaps in the organisation’s security, and does not futureproof the next generation of systems to ensure that the investment yields the greatest return. Anyone can claim expertise, and HIMA will explore ways to validate how reliable these claims are.

Thirdly, the implementation of the system(s) means nothing if the plant’s personnel are not appropriately trained. Defining role-based competencies and certified training programs to ensure that staff do the right thing for the right reasons and keep constantly current throughout the life of the plant, is a critical component of the implementation of OT Cybersecurity. This presentation will present methodologies for addressing this key topic.

Finally, the real world is different from the theoretical world, and the better OT Cybersecurity organisations give End Users the opportunity to test their knowledge, skills and theories in an offline lab.

The presentation will close with an overview of some of the capabilities that should be available in these facilities.

Dismiss

BIO: Simon Heath
30+ years of Industrial Control Systems and Digital Networking experience including 25 years in the Middle East region. Spent 25 years with Emerson Automation in a variety of operational and commercial roles having started out as a Control Systems Engineer.

Significant experience of protecting critical infrastructure with OT CyberSecurity Vendors, Consultancies and Systems Integrators.

Simon currently leads the CyberSecurity & IoT team at 3W Networks, an El Sewedy Company, based in Dubai.

SUMMARY:
Simon will discuss how to go about understanding your current CyberSecurity Posture, how to identify and assess the risks you face and then how to mitigate those risks, through a 3 phase process, touching on the current threat landscape, attack surfaces and the key fundamentals of protecting Operational Technology.

Dismiss

BIO: David Brown
In addition to over 20 years of OT and cyber security experience, David is well-versed in rapidly advancing companies on a global scale. Originally a chemist designing the control systems for the same refineries Verve now protects, his experience also includes design and delivery of Cyber Security systems that protect Several Nation States as well as large manufacturing.

David is responsible for sales leadership and global operations of Verve Industrial.

SUMMARY:
IEC 62443 is growing in usage and provides comprehensive, risk-based security for industrial control systems with a well-structured approach.

However, practical realities (and the level of depth and complexity) make implementation difficult and time-consuming. You can make progress more rapidly through the application of technology as well as a walk-run approach to increasing security levels over time.

Findings from the experience of deploying systems for others to meet these challenges.

Dismiss