Get unparalleled cyber security training from real-world practitioners in Boston. Save $200 thru 6/26.

Oil & Gas Cybersecurity Summit 2019

Houston, TX | Mon, Sep 16 - Sun, Sep 22, 2019
Event starts in 84 Days

Oil & Gas Cybersecurity Summit Agenda

September 16 | Houston, TX

Summit Speakers

The Oil & Gas Cybersecurity Summit Call for Presentations has closed and the advisory board is busy reviewing submissions. The advisory board carefully evaluates proposals to ensure the Summit agenda delivers actionable content that meets the needs of the community.

Monday, September 16
9:00-9:15 am
Welcome & Opening Remarks

Jason Dely (@jasonjdely), Practice Director – Industrial Control Systems, Cylance; Instructor & Summit Co-Chair, SANS Institute
Mike Pilkington (@mikepilkington), Researcher, Certified Instructor, Summit Co-Chair, SANS Institute

9:15-10:00 am

Risk-Based Approach to Protecting Industrial Control Systems

Steve Slawson, Director – IT Security & Compliance, Occidental Petroleum

We are faced with a sprawling, heterogeneous industrial control system landscape into which we have little visibility. So what do we do? In this presentation, we’ll lay out the steps we took to get our arms around what we have, and to prioritize both the lines of business and the preventative and mitigation controls needed to lower the risk of a catastrophic breach of our control systems. We’ll describe how we framed risk, how we prioritized the deployment of controls, how we communicated with executive management, and how we leveraged internal audit and executive support to change the organization. You’ll come away with ideas on how to apply these steps within your own organization.

10:00-10:30 am

Networking Break

10:30-11:10 am

Securing the Technology Supply Chain

Keith Turpin, CISO, Universal Weather and Aviation

This presentation covers best practices and considerations when operating a supply chain security program. It is based on more than a decade working in all aspects of supply chain security, from building the supply chain security program for a Fortune 50 company to helping draft the first ISO standard on supply chain security and being involved in every aspect of the process from risk assessments to contract negotiations. We’ll discuss some of the impacts of supply chain failures, including walking through a few pertinent examples. The presentation will also cover the various reasons supply chains may be targeted. The issue of supply chain visibility and the challenges of controlling risks when you only have limited knowledge of your exposure will be covered, as will be the steps to improve awareness, assess supplier risk, identify critical factors, and evaluate impacts. We’ll then turn to contractual considerations for supply chain security in both your upstream and downstream business relationships. Contracts have limitations, especially when they cross international boundaries, and this will be covered in detail. Finally, we’ll discuss what it takes to build an effective program and look at what you should be doing to avoid supply-chain-related fraud.

11:10-11:45 am

Five Steps to Secure Your Industrial Control System/SCADA Network

Pedro Serrano @InfoSecPedro, Security Architect, Cimarex Energy

This presentation will provide a quick look at the most important steps that need to be taken to secure industrial control systems. We’ll examine measures that are realistically obtainable and that can make a difference in your environment. The emphasis will be on what you CAN do.

11:45 am - 12:20 pm

ICS, SCADA, and Mitre ATT&CK: How It Helps and Where It Hurts

Neal Humphrey, Director, Threat Intelligence Engineers, ThreatQuotient

The Mitre ATT&CK framework has many potential uses within SCADA and industrial control system environments. This presentation will dive deep into the process of using the framework to describe specific attack patterns and courses of action around the Triton/Trisis/HatMan attacks. The aim is to support the identification and ultimate resolution of vulnerabilities. In addition, we’ll cover the use of the Mitre ATT&CK framework as well as mitigating and compensating controls that can be used in both business and production networks. Expected takeaways include data and analysis on the Triton/Trisis/Hatman attacks and guidance on how to use Mitre ATT&CK as a communication and validation tool across teams within an organization.

12:20-1:30 pm Lunch
1:30-2:05 pm

Breaching the IT/OT Boundary – Wedge Points and How to Secure Them

Jackson Evans-Davies, Penetration Tester, Honeywell
Conner Leach, Penetration Tester, Honeywell

The IT/OT boundary is one of the most important security controls to protect OT networks. OT security personnel are becoming more proficient at patching and protecting OT services accessible from IT networks. This increase in maturity is forcing attackers to move from traditional technical exploits to soft vulnerabilities (“it’s a feature, not a bug”) to breach the IT/OT boundary. This talk will explore common techniques and tactics attackers (and Pentesters) employ to footprint and breach OT networks. We’ll provide examples that show why network segmentation alone is no longer adequate and should be extended to domains, applications, and platforms, including a demonstration of improper application segmentation by leveraging Windows Server Update Services to target OT systems. We will also discuss common sources of OT information on the IT network and various ways OT users are identified and leveraged to gain access to OT networks. We’ll demonstrate various credential theft techniques and look at how attackers can hijack established IT/OT sessions. We’ll also cover why a properly configured multi-factor authentication solution can be extremely potent at the IT/OT boundary. In summary, this talk will explore the IT/OT boundary from an offensive standpoint and examine how that boundary, when properly secured, can be one of the most important security controls to protect OT networks.

2:05-2:40 pm

A Roadmap to Help Enterprise Security Operations Centers Expand Duties to OT Environments

Vernon L. McCandlish @malanalysis, Principal Security Analyst, Dragos Inc.

This presentation will use a case study of the Xenotime activity group to demonstrate why having the ability to monitor, detect, and respond in an Operational Technology (OT) environment is vital to human safety and continuous operations. Attendees will learn what adversaries are targeting in the OT space, with an emphasis on safety-instrumented systems. We’ll also look at what needs to be taken into consideration when adding or expanding monitoring, detection, and response capabilities for OT environments to an existing enterprise Security Operations Center. Finally, we’ll present a high-level workflow to get started with OT monitoring, detection, and response in your organization.

2:40-3:10 pm Networking Break
3:10-3:45 pm

Improving Pipeline Operational Visibility to Avoid Costly Downtime

Paul Smith @paul_timothy, Director of Product Research and Strategy, Nozomi Networks

The main priority for midstream oil and gas operators is to keep their product flowing through pipelines in a secure and safe manner. It is also critical that they have visibility to mitigate any cybersecurity issues and to detect any potential outages that could impact services. When visibility into what is really happening is reduced, significant problems and costs can arise. This is unfortunately what happened with a major pipeline organization when a PLC went down and caused the company $1.9 million in lost revenue and downtime. In this session, Paul Smith will take a deep dive into this case and other real-world use cases to share lessons learned and best practices from years of field experience helping oil and gas organizations pave the way for successful OT visibility and cybersecurity on a local or global scale.

3:45-4:20 pm
Talk to be announced
4:20-4:55 pm
Talk to be announced
4:45-5:00 pm
Closing Remarks & Action Items

Jason Dely (@jasonjdely), Practice Director – Industrial Control Systems, Cylance; Instructor & Summit Co-Chair, SANS Institute
Mike Pilkington (@mikepilkington), Researcher, Certified Instructor, Summit Co-Chair, SANS Institute