The most trusted source for computer security training, certification and research.

select a course
Lake Buena Vista, FL - March 24 - April 1, 2010
Global Information Assurance Certification

This course has been a career changing event. I will be approaching the way I manage in a whole new mind set
-Steve Hoevernaar, Kroger

The 2010 SCADA and Process Control Summit


Dates:
Pre-Summit Courses: March 24 - 28, 2010
Summit: March 29 - 30, 2010
Post-Summit Courses: March 31, 2010

Summit Venue:
Walt Disney World Contemporary Hotel
4600 North World Drive
Lake Buena Vista, FL 32830
Phone: 407-824-1000
Fax: 407-824-3539
Website: http://disneyworld.disney.go.com/resorts/contemporary-resort

Table of Contents

Exclusive Webcast: Digging Deeper Into The Advanced Persistent Threat

March 19, 2010 | 1:30pm EDT

This webcast will provide a unique preview of one of the three key talks on the Advanced Persistent Threat that will be presented at the SCADA Security Summit. The keynote speaker is Kevin Mandia. Kevin leads the largest forensics and monitoring team supporting the military and commercial organizations that have awakened to the threat. This is an incredible opportunity to hear from one of the most knowledgeable people on this important dimension of cyber security. He won't tell you all the things he'll share at the Summit, but you'll still get an eye-opener.

Instructions for Attending this Reservation-Only Webcast

To attend this webcast, you must send an e-mail to Alan Paller and request a seat.

top^

Ten Questions for the Summit

  1. How has the threat to control systems changed? Who are the new attackers? What kind of damage have they already done? What can they do?
  2. Exactly how do attackers penetrate the defenses that have been established by most control system users? What are the principal vulnerabilities in control systems and how should they be prioritized for mitigation?
  3. What are some of the most valuable lessons learned by leading asset owners to improve security of control systems? How can utilities educate their Public Utility Commissions so that investments in cyber security may be included in the rate base.
  4. What techniques are the most advanced control systems users implementing to mitigate the threat? How are they training their people? How are they balancing information technology and control systems needs?
  5. How can utilities gain top management support for major security initiatives?
  6. Which SCADA security research projects have shown useful results? How can asset owners put those findings to work?
  7. Which control system vendors have made the most progress on implementing the new standards for secure configuration of their products?
  8. What tools have governments developed that make security of control systems more effective and efficient?
top^

The Organizing Committee

  • Michael Assante, NERC
  • Rita Wells, Gary Finco and Marty Edwards, Idaho National Laboratories
  • Sean Paul McGurk, US Department of Homeland Security
  • Sandra C., UK Center for the Protection of National Infrastructure (CPNI)
  • Ake Holmgren, Swedish Emergency Management Agency (SEMA)
  • Hank Kenchington, US Department of Energy
  • Will Pelgrin, New York State and the Multi-State ISAC
  • Mark Weatherford, State of California
  • Marcus Sachs, Verizon
  • Alan Paller, SANS Institute
top^

Who should attend

Plant Managers, Engineering and Operations Management, Project Managers, Automation and Control Managers, Process Control and SCADA Engineers, Plant Engineers

Learn the lessons discovered by leading process control user organizations throughout the world, and what your process control vendor may be doing to boost the defenses on systems already deployed, and on new systems.

Information Security and IT Professionals in Organizations That Deploy Industrial Control Systems

Learn why control systems are so difficult to protect and arm yourself with clear case studies showing what has been done and what can be done to protect SCADA and other control systems. Learn the language of control systems so you can be of more help to the engineers who plan and deploy such systems.

Control System Vendor Developers and Integrators

Understand the requirements and constraints faced by owners and operators of automation systems. Determine the state of the art in control system security as a benchmark for your own future planning.

Government Leaders Responsible for Policy and Regulation of Utilities and Other Process Control Users

Better understand what government can and cannot do by learning the requirements, constraints, and current capabilities available to secure critical control systems.

Academic and Research Laboratory Leaders

Determine the most challenging and important questions that will shape your process control security research agendas.

top^

Agenda

Monday, March 29

8:30 am - 9:30 am
Keynote: The CEO Briefing on The Advanced Persistent Threat
In a series of classified meetings with the chief executives and other top executives of America's utilities, top FBI officials from the Cyber Division have been sharing data from investigations that prove deep penetration across a broad swath of the critical infrastructure. In this session, you'll get an unclassified look at what the CEOs have been learning.
(Tom Winterhalter, FBI)
9:30 - 10:45
Keynote Panel: Digging Deeper Into The Advanced Persistent Threat: Ask the Experts
In this session you'll hear from the two people (outside the military and intelligence community) who most fully understand the advanced persistent threat, how it manifests itself, and what can be done about it. One leads the largest forensics and monitoring team supporting the military and commercial organizations that have awakened to the threat; the other has extensive experience at INL and beyond in security at utilities and the specific threat to utilities. Listening to them share their knowledge will give you an incredible opportunity to join the most knowledgeable people on this important dimension of cyber security. You'll have ample opportunity to get your questions answered,
(Kevin Mandia, Mandiant and Robert Huber, Critical intelligence)
10:45 - 11:00
Break
11:00 - 12:00
Harder Questions on CIP Compliance Update: Ask the Expert
This session, back by popular demand, provides an authoritative update on the current state of CIP standards development, compliance monitoring, and gives you a great opportunity to ask questions of the person most responsible for coordinating the current mandatory standards.
(Mike Assante, NERC)
12:00 pm - 1:15 pm
Lunch
1:15 - 1:45
A Tale of Two Departments - How Commerce and State Dealt With Chinese Intrusions: Lessons Learned and Next Steps
Topping off the discussion of the Advanced Persistent Threat, this session takes you inside two organizations that have had to deal with it - start to finish. It is rare to hear people tell the full truth about these damaging cyber attacks, but when security managers from two federal departments had to testify under oath about the sophisticated attacks their agencies suffered, State and Commerce provided an unequalled look into the aftermath of the similar attacks they experienced. The results were strikingly different and the reason why they were different was counterintuitive.
(Alan Paller, SANS)
1:45 - 3:00
Best Practices in Grid Security
Pioneering asset owners are experimenting with new technologies and learning lessons that can be valuable to others who may about to explore similar innovation. This panel brings together three asset owners who have great experiences to share on developing an effective security program that meets industry compliance requirements. These two practitioners have achieved real security, meeting the dynamic nature of cyber risk, with out sacrificing their compliance program.
(Tim Conway, NISOURCE; Other TBD
3:00 - 3:15
Break
3:15 - 4:00
Preview: Workshop on preparedness of utilities to detect, respond and limit the potential damage caused by cyber threat
In 2009, a NERC-sponsored cyber assessment program conducted qualitative, expert-based table top simulations focused on the preparedness to detect, respond and limit the potential damage caused by plausible and directed cyber threat scenarios. The feedback from the exercises was very positive. To give more organizations access to these workshops, NERC has worked with a partner to provide the audience with tools (technically grounded cyber threat scenarios, customization tools, simulation evaluation methods, etc.) for organizations to take home and run in part or in its entirety. The simulations help an organization to evaluate their procedures, practices and ability to coordinate, specifically identifying gaps in their cyber security posture. The "demonstration" session will be followed after the Summit by a day-long simulation walk through for qualified electric utilities. The kit that accompanies the workshop will provide a bulk power system entity with a process and experience to meet NERC CIP CIP-009-1/2 exercise requirements and provide them a framework for building a self-sustaining assessment capability for their cyber preparedness. Mike Assante, NERC; Mark Fabro, Lofty Perch; Tim Roxey, NERC
4:00 pm - 5:00 PM
The Most Valuable Federally Funded Security Research Initiatives
Although the US government has funded more than 30 control systems research projects, only a few show any promise of making significant improvements in the real world. In this panel session you'll hear from the researchers who are doing the most promising work.
5:00 pm-8:00 pm
Hospitality Suites

Tuesday, March 30

8:30 am - 9:30 am
Keynote: Important Government Initiatives To Reduce Cyber Risk in Control Systems Asset Owners
US and UK Government leaders have sponsored important initiatives that enable asset owners and control systems vendors to make the systems they deploy and develop (respectively). In this session you'll learn about the many of those initiatives
Sean McGurk, US DHS; Hank Kenchington, US Dept. of Energy
9:30 AM - 10:30 am
"Active Policy Enforcement": A Revolution in Security and Compliance in the Critical Infrastructure
Approximately 12% of companies in the electric power and chemical industries are meeting regulatory requirements using a new technique called "active policy enforcement". Because this advance can be nearly fully automated, and because it is nearly continuous, it has radically improved security while enabling compliance. In this session you'll hear from organizations that have used automated tools for active policy enforcement, get a head start on selecting the tool that best meets your organization's needs, and find out how you can begin implementing this hugely successful technology as soon as you return to your office. (Mike Assante, NERC)
10:30 - 10:45
Break
10:45 am - 11:45 am
Important Recent Developments in Smart Metering and Smart Grid
This session covers the establishment of the National Cyber Center for the Electric Grid, the current status of stimulus fund distribution for smart meters and which vendors are receiving the bulk of the funds, and the current state of those leading vendors' accomplishments in baking security into their current products. (Josh Wright, SANS; Ken Rhode, INL)
11:45 am - 12:15 pm
Measuring and Reducing Risk: How Leading Security Managers Are Becoming Security Heroes. Plus The CAG
The US Department of State has proven that (1) security risk can be measured numerically and that (2) when you do measure it and assign risk to the people who can fix it, that risk can be reduced by more than 90% in less than a year with only minor expenditures. From the White House to the Senate to the major consulting firms, the ground-breaking work of the State Department is earning kudos and it is being copied and extended across the government and in other enterprises around the world. Part of his work is an implementation of the Consensus Audit Guidelines (CAG) controls defined by a coalition of NSA, DoD, DoE and other organizations that know how the advanced persistent threat (APT) is targeting government and the critical infrastructure. (Alan Paller, SANS)
12:15 - 1:30
Lunch
1:30 PM - 2:30 PM
Hard Problems And Innovative Solutions
The Most Critical Vulnerabilities in Power Systems and Other Elements of the Critical Infrastructure and The Highest Priority Mitigation Techniques
This session provides a rare look into the notebooks of the top vulnerability researchers and penetration testers hired by the electric power industry and other elements of the critical infrastructure to protect their systems. Since late 2009, the top experts in the field have been working together to identify all currently effective attacks and the most probably effective attack techniques on the horizon. In this session you'll learn about the important mitigations that protect against the most dangerous attacks and how those mitigations can be enabled through judicious use of the Control Systems Procurement Standards.
(Rita Wells, INL; Mike Milvich, IOActive)
2:30 - 2:50
Break
2:50 pm - 3:50 pm
Lessons Learned: Users who have done innovative things in existing systems
Users share how they have applied Process Control Solutions to their existing systems. And their stories about those painful lessons learned and what works and doesn’t work and why.
(John Duronio, Emerson)
3:50 pm - 4:45 pm
SCADA Vendor Panel: What SCADA System Vendors Have Done This Year To Bake Security Into Their Systems
Siemens; Nitro Security
top^

SANS Course Offerings

SCADA Security Advanced Training
Dates: Wednesday, March 24, 2010 - Sunday, March 28, 2010
Instructors: Joe Cummins, Red Tiger Security & Jonathan Pollet, CISSP CAP PCIP, Red Tiger Security

This 5-day course combines advanced topics from SCADA and IT Security into the first hands-on Ethical Hacking course for Industrial Control Systems. Both SCADA Administrators and IT Security Professionals will widen their knowledge through hands-on exercises with live SCADA systems and equipment.

Students will be provided with several, structured virtual machine environments to deploy on their own laptops. These will contain pre-configured software with a wide variety of security tools which will be used to guide students through hands-on techniques on how to compromise live ICS equipment, wireless devices, and SCADA Operator Consoles.

MGMT 405 :: Critical Infrastructure Protection
Dates: Saturday, March 27 - Saturday, March 28
Instructor: Marcus Sachs
This class is designed to give the student a full examination of the scope of critical infrastructure vulnerabilities, the dependence of critical infrastructures on the Internet, and Internet security problems. No laptop is required, but the subject material requires at least a working knowledge of computer networks and business decision making.
Note: Available only to citizens of the United States or Canada, and government employees of Australia, New Zealand, and the United Kingdom. Proof of eligibility will be required when checking in at the conference as well as when entering the course room.
The course provides information about looking into many areas dealing with critical infrastructure that I didn't know of. Highly recommended this course for anyone dealing with CIP
Mark Moore, DOI/OSM
Introduction to Cyber Security for Control Systems - Free Course
Dates: Wednesday, March 31
Instructor: DHS Staff
The Department of Homeland Security Control Systems Security Program is offering a one-day introductory training course covering control systems cybersecurity challenges facing the nation's critical infrastructures. The course discusses the importance of securing control systems from cyber attacks and concepts for implementing mitigation strategies. Participants will also gain an understanding of how to start improving the cybersecurity posture of their control system networks.
Intermediate SCADA Security: Department of Energy - National SCADA Test Bed Program - Free Course
Dates: Wednesday, March 31
Instructor: Department of Energy Staff

The United States Department of Energy National SCADA Test Bed Program in conjunction with the SANS SCADA Security Summit 2010 in Orlando, FL are offering a 1 day course titled, Intermediate SCADA Security. This technical hands-on course is instructed by experts and structured to help attendees analyze vulnerabilities in control system environments and apply contemporary security mitigation strategies and methods to control systems. Class seats are limited. The Intermediate SCADA course is limited to 35 students. These courses are free of charge to all attendees based upon available space. For space availability in the Intermediate Control Systems Security class, please contact Alan Paller at apaller@sans.org.

Workshop on preparedness of utilities to detect, respond and limit the potential damage caused by cyber threat
Dates: Thursday, April 1
Instructors: Mike Assante, NERC, Mark Fabro, Lofty Perch, and Tim Roxey
To help illustrate the success and process involved in creating viable cyber table-top exercises, this workshop will provide in-depth introduction to the NERC CRPA process. In this day-long workshop, attendees will get hand-on instruction on how to draft viable electric-sector exercise programs, create realistic scenarios, and leverage results. The workshop will be comprised of two phases: the first providing instruction on using the provided CRPA development kit to create an exercise, and the second will have students participating in a mini-exercise created using the kit from phase one. The session is provided to only to those qualified electric sector utilities that have attended a training session on the Wednesday prior. Each entity will be provided an exercise development kit that can be used to help them meet compliance for NERC CIP 009-1/2 R2 (exercise requirements) and provide them a framework for building a self-sustaining assessment capability for their cyber preparedness.
top^