Talk With an Expert

SANS 2025 Utilities Forum

  • Tue, Aug 26, 2025
  • 9:00AM - 4:15PM EDT
  • English
  • Dean Parsons
  • Solutions Forum
Webcast Hero

Thank You To Our Sponsors And Partners

Water and electric utilities form the backbone of our critical infrastructure, yet they are increasingly targeted by sophisticated cyber attacks aiming to disrupt essential services and threaten public safety. This free virtual event brings together cybersecurity professionals, utility operators, government stakeholders, and industry experts to explore the unique challenges and emerging threats facing the energy and water sectors. Participants will gain insights into recent attack trends, vulnerabilities in operational technology (OT) environments, and practical approaches to strengthening cyber resilience across interconnected systems.

Through expert-led sessions, case studies, and panel discussions, attendees will learn actionable strategies for securing both IT and OT networks, implementing threat detection and incident response plans, and aligning with regulatory frameworks such as NERC CIP and EPA cybersecurity guidance. Whether you're a utility executive, security analyst, or policymaker, this event provides a vital platform for collaboration, knowledge sharing, and advancing the defense of our nation’s most vital resources.

Why Register:

  • Learn from Industry Experts
  • Network with peers via dedicated Slack workspace
  • Earn CPE Credits
  • No Cost Flexible Viewing (Join live and/or watch on-demand)

Continue Your Learning Journey

Enhance your expertise in Industrial Control Systems (ICS) Security with these SANS opportunities and partner resources.

Related SANS Courses

Advance your skills with hands-on ICS security training:

***Special Offer: Receive ICS310: ICS Cybersecurity Foundations for free with purchase of any SANS ICS Security course.

Resources from Our Partners

Explore additional resources/tools from trusted organizations:

Why Sponsor

Schedule

Showing 17 of 17
Filter by:

Welcome & Opening Remarks

August 26, 202509:00AM - 09:10AM EDT

Virtual

Water & Electric: 2 ICS/OT IR Exercises To Run - Right Now

When a cyber incident strikes operational technology, the wrong response plan can cause more damage than the attack itself. Too often, organizations default to IT-centric incident response processes that fail in an ICS/OT environment—introducing delays, jeopardizing safety, and disrupting operations. In this session, Dean Parsons will break down why traditional IT controls and playbooks can be fatal for ICS/OT environments, and how to adapt IR processes to the unique realities of industrial networks. Drawing from real-world lessons learned, Dean will walk you through two high-impact ICS/OT Incident Response tabletop exercises you can run immediately to sharpen your team’s readiness. Attendees will leave with practical, sector-specific scenarios and clear action steps to strengthen their industrial cyber resilience—starting today.

August 26, 202509:10AM - 09:30AM EDT

Virtual

Engineering Resilience: Risk-Based Cybersecurity Strategies for Public Water ICS/OT Environments

It’s time for public water suppliers to take action in securing their ICS/OT environments from cyber threats. In the absence of comprehensive regulatory requirements, utilities must adopt a reasonable, risk-based strategy that is both prioritized and sustainable. This session outlines a practical approach grounded in the SANS Five ICS Cybersecurity Critical Controls and supported by engineering-based methods to reduce the most severe consequences of cyber incidents. Attendees will learn about some of the most reasonable approaches to address highest risk vulnerabilities and strengthen operational resilience — even with limited resources.

August 26, 202509:30AM - 10:00AM EDT

Virtual

ICS/OT Cybersecurity on Tap: Securing the Water Sector’s Digital Controls

As industrial cyber threats increasingly target critical infrastructure, the water sector must prioritize ICS/OT-specific defenses. This panel brings together experts to discuss real-world attacks, the limitations of traditional IT controls in water systems, and practical strategies for improving control system network visibility for proactive detection, industrial grade response and threat mitigations. Panelists will share insights on managing vulnerabilities with limited resources, engaging engineering teams, and aligning cybersecurity with operational and safety goals. From legacy SCADA to digital transformation, the discussion will focus on building resilient programs that protect the systems delivering our most essential resource — water.

August 26, 202510:00AM - 10:45AM EDT

Virtual

Break

August 26, 202510:45AM - 11:00AM EDT

Virtual

INL Cyber-Informed Engineering: Engineering Cyber Resilience

Discover how Idaho National Laboratory's integrated approach to cyber resilience is transforming the landscape of control system security. This session unveils an engineering mindset change. Cyber-Informed Engineering (CIE) provides engineers with principles to design systems with built-in cyber resilience from the ground up.

Join us to learn how to design robust, resilient control systems that can withstand evolving cyber threats. Whether you're an engineer, security professional, or control systems architect, you'll gain practical insights into changing the engineering mindset. 

August 26, 202511:00AM - 11:30AM EDT

Virtual

Presentation Three

Session Details Coming Soon!

August 26, 202511:30AM - 12:00PM EDT

Building Water Sector Resilience through Trust and Mentorship

It is estimated that over 90% of the more than 50,000 community water systems and approximately 17,000 wastewater systems in the U.S. are rural or small municipal systems serving populations of less than 10,000. These rural utilities face ongoing challenges related to aging infrastructure, severely limited funding, and the need to comply with (non-cyber) regulations. These legacy issues result in cybersecurity rarely (if ever) making the to-do list. This panel will discuss these challenges and how trusted relationships and mentorship, especially with larger/cyber mature utilities are crucial for building sector resilience.

August 26, 202512:00PM - 12:45PM EDT

Virtual

Break

August 26, 202512:45PM - 01:00PM EDT

Virtual

Electric Sector Kickoff: Preparing Our Workforce to Defend an Ever Changing Critical Infrastructure

For over two decades critical infrastructure and key resource sectors have been working to implement cybersecurity preventative controls wrapped around the Industrial Control Systems and process environments to ensure safe, reliable, and resilient operations. As environments have moved to increasingly more interconnected and interdependent digital systems, industry has seen a corresponding growth in cybersecurity complexity demands. The impact of this complexity growth lands squarely on the dedicated teams of humans supporting and defending these environments daily who are often under resourced. As we look to current and future workforce demands we need to ask what are we doing to equip and enable the most critical part of critical infrastructure – the humans

August 26, 202501:00PM - 01:30PM EDT

Presented by

Tim Conway

Fellow

Tim Conway

ICS Security Without the Guesswork: A Risk-First Approach

In the electric sector, ICS security decisions must balance security, safety, and reliability. Yet many programs are shaped by urgency rather than understanding. A high-profile incident, a regulatory pressure point, or a vendor’s promise can set priorities without answering the most important question: what is at risk and how do we know. This often leads to investments that look solid on paper but leave critical assets vulnerable in ways that are not immediately obvious.

August 26, 202501:30PM - 02:00PM EDT

Virtual

Navigating Common Cybersecurity Challenges for Critical Infrastructure Sectors from an Information Sharing and Analysis Center Perspective

Critical infrastructure sectors face remarkably similar security challenges despite their operational differences. This panel brings together ISAC representatives to explore common challenges. By examining these cross-cutting challenges, we will uncover how different sectors have developed unique solutions to similar problems, identify transferable best practices, and discuss opportunities for collaborative approaches that strengthen security postures across critical infrastructure sectors.

August 26, 202502:00PM - 02:45PM EDT

Virtual

Break

August 26, 202502:45PM - 03:00PM EDT

Virtual

AI Safety & Security in Control Centers

As AI evolution continued its breakneck pace through the first half of 2025, ongoing interactions with grid management systems suppliers and their trade group representatives indicated that these companies are exploring the addition of generative forms of AI within their product lines. These include EMSs, DMSs, DERMS and SCADA, all of which play essential roles in the nation’s grid control centers. Their utility customers have concerns, the regulators have concerns, and every electric sector stakeholder has concerns. Well-founded concerns.

This talk will flesh out some of those concerns, and describe capabilities INL is attempting to develop to assure these systems for safety and security before they go live on the grid.

August 26, 202503:00PM - 03:30PM EDT

Virtual

Practical INSM: Deploying Custom On-Premise AI in Generation Facilities

Organizations face a natural tension between deploying advanced tools to protect critical assets and maintaining the segmentation required to secure them. This challenge is amplified in regulated operational environments such as generation plants, where compliance, reliability, and security must align.

In this session, Corbin Jarms will share a practical approach to building and deploying custom, on-premise AI threat detection capabilities guided by CIP-015 INSM principles. Drawing from real-world experience in electric generation facilities, he will walk attendees through key design patterns, architectural considerations, and lessons learned that enable AI-enabled detection without compromising segmentation or compliance.

August 26, 202503:30PM - 04:00PM EDT

Virtual

Evolving Threats & Growing Regulations: Managing Utility Cyber Risk

Over the past 10 years, electric utilities have seen an explosion in both cyber threats targeting IT and OT systems and the regulations impacting those systems. Utilities must defend against both the attack and the audit—but are these two goals aligned? Or are we focusing on differing controls and attack vectors?

Join our panelists as we discuss how utilities can improve both security and compliance, regardless of their size, location, or ownership structure.

August 26, 202504:00PM - 04:45PM EDT

Virtual

Event Recap & Closing Remarks

August 26, 202504:45PM - 04:50PM EDT

Virtual

Speaker

Dean Parsons
Dean Parsons

Dean Parsons

CEO and Principal Consultant

Dean Parsons, CEO of ICS Defense Force, has established comprehensive ICS security programs and leading industrial-grade incident responses across sectors like telecommunications and energy. He wrote the pivotal SANS ICS Cybersecurity Field Manuals.

Read more about Dean Parsons