Loading…
This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for the 2017 Singapore ICS Cyber Security Conference! (View the full Singapore Conference website here)  

Register now to grab a spot at the premier ICS cyber security event for key stakeholders in the APAC region.
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Main Track [clear filter]
Tuesday, April 25
 

08:30

Welcome to the 2017 Singapore ICS Cyber Security Conference

Welcome address and conference introduction for the 2017 ICS Cyber Security Conference.

 

Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, Chairman of ICS Cyber Security Conference Series, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends and and the threat landscape in the enterprise IT security and critical infrastructure space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages severa... Read More →
avatar for Thomas Quek

Thomas Quek

Conference Team, SecurityWeek


Tuesday April 25, 2017 08:30 - 08:40
Atrium Ballroom 4th Floor
 
Wednesday, April 26
 

08:30

Welcome to the 2017 Singapore ICS Cyber Security Conference

Welcome address and conference introduction for the 2017 ICS Cyber Security Conference.

 

Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, Chairman of ICS Cyber Security Conference Series, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends and and the threat landscape in the enterprise IT security and critical infrastructure space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages severa... Read More →
avatar for Thomas Quek

Thomas Quek

Conference Team, SecurityWeek


Wednesday April 26, 2017 08:30 - 08:40
Atrium Ballroom 4th Floor

08:40

Opening Keynote

Ayman Al Issa, Chief Technologist for Industrial Cyber Security in the Middle East & North Africa for Booz Allen Hamilton, will deliver an opening keynote for the 2017 Singapore ICS Cyber Security Conference. 

Internet of Things, Industrial Internet of Things, smart cities, smart grids, smart oil fields, and the advancement of technology in all aspects of our life is great things to have, however, we are "no doubt" getting interconnected and there are no super hooper borders between the adversaries.  Industrial control systems are at the core of our critical infrastructures that we all depend on in every moment of our life, name it as you like, from oil and gas to water and electricity to transport and emergency services, they are all controlled by tiny to major control systems.  Launching a missile could be effective against your adversaries, nevertheless, the whole world understands very well that the electronic war is going to be the norm-war.  

Ayman AL-Issa will brief delegates on the global  industrial cyber security status in a 20 minute nutshell talking about the ICS threats, and what we need to do today, next month and in the coming years.


Speakers
avatar for Ayman AL-Issa

Ayman AL-Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton Inc.
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology, and cyber security. Within these arenas, he counts industrial control systems and systems engineering, as well as cyber security strategy and model building amongst his areas of expertise. Illustrating his contribution to the latter, Mr. Al Issa has developed an ICS defense-in-depth industrial cyber security model that provides early detection of threats based on... Read More →


Wednesday April 26, 2017 08:40 - 09:10
Atrium Ballroom 4th Floor

09:10

Development through Industrial Control Systems’ (ICS) Changing Landscape
Singapore's Cyber Security Agency (CSA) will share an overview of their plan for Singapore's critical infrastructure protection in this opening session, along with recent case studies and current concernd facing critical infrastructure operators.

Speakers
avatar for Lim Thian Chin

Lim Thian Chin

Deputy Director, Head of CII Protection, Critical Information Infrastructure Division, Cyber Security Agency of Singapore
Lim Thian Chin is currently the Head of Critical Information Infrastructure (CII) Protection at the Cyber Security Agency of Singapore (CSA). He leads a team that is responsible for building the cyber resiliency of the Nation’'s essential services across 11 CII sectors covering government, utilities, transport and... Read More →



Wednesday April 26, 2017 09:10 - 09:40
Atrium Ballroom 4th Floor

09:40

Securing SWaT and Beyond

In this talk we describe the Secure Water Treatment (SWaT) testbed at the iTrust Centre for Research in Cybersecurity (Singapore University of Technology and Design). SWaT is a testbed built to design, implement and test advanced ICS security mechanisms on a realistic setting, operating since 2015. We will share ongoing research efforts to detect and mitigate attacks to SWaT. We will also introduce two new testbeds on water distribution (WADI) and electric power grid (EPIC).

Background

SWaT Architecture - SWaT consists of a modern six-stage process. The process begins by taking in raw water, adding necessary chemicals to it, filtering it via an Ultrafiltration (UF) system, de-chlorinating it using UV lamps, and then feeding it to a Reverse Osmosis (RO) system. A backwash process cleans the membranes in UF using the water produced by RO. The cyber portion of SWaT consists of a layered communications network, Programmable Logic Controllers (PLCs), Human Machine Interfaces (HMIs), Supervisory Control and Data Acquisition  (SCADA) workstation, and a Historian. Data from sensors is available to the SCADA system and recorded by the Historian for subsequent analysis.

Research

  • In the first phase of this research, models of SWaT will be created using advanced tools such as LabView and Simulink. Models so created will be used to conduct initial experiments aimed at understanding the response of SWaT to a variety of cyber attacks. Attacks by insiders and outsiders will be considered. This first round of experiments will lead to an understanding of the strengths and weaknesses of the existing defense mechanism in SWaT.
  • In the second stage, a small set of cyber attacks will be tried in the testbed using carefully designed experiments that ensure no damage to the physical system. Such experiments are aimed at verifying whether that what is learnt in simulation applies to the physical testbed. These experiments will lead to an understanding of the weaknesses of the defense mechanism of SWaT.
  • The third stage is expected to lead to enhancement of the defence mechanism using a redesign of the hardware and updated PLC and SCADA software. The redesigned defence mechanism will then be tested against a variety of attacks in the updated simulation model and the testbed.

Speakers
avatar for Martin Ochoa

Martin Ochoa

iTrust Centre for Research in Cybersecurity, Singapore University of Technology and Design
Martín studied Systems Engineering (San José, CR) and Mathematics (Rome). He continued his math studies in Munich (LMU, M.Sc.). Afterwards he completed a PhD in Computer Science (TU Dortmund). Before joining SUTD, he was a post-doc at the Chair for Software Engineering of the TU... Read More →



Wednesday April 26, 2017 09:40 - 10:15
Atrium Ballroom 4th Floor

10:15

Drone Wireless Attacks against Land and Maritime Industrial Sites

Summary: In this talk, Jeff Melrose will present the latest drone threat intelligence for plant land and maritime port industrial site networks. 

With new Drone technologies appearing in the consumer space daily Industrial Site operators are being forced to rethink their most fundamental assumptions about Industrial Sites and Cyber-Physical security. Both Land and Maritime Industrial targets are vulnerable to this new emerging threat. This presentation will cover Electronic Threats, Electronic Defensive measures, Recent Electronic jamming incidents, Latest Drone Threats and capabilities, recent port facility incidents, and Electronic Attack and surveillance with Drones as delivery platform. The presentation will include two drone attack scenarios with video [potentially live - if liability allows] demonstrations of drone attack capabilities on an industrial wireless flowmeter. 

Attendees will gain the following:

  • A new appreciation for the terrifying capabilities now available in hobby drones.
  • A better understanding how drones can now be the bridge that Hacktivists use to make attacks that were only possible in close proximity before.
  • Realization that large scale EW attacks to Industrial system that used to be possible with military grade equipment are now possible with hobby components.
  • An understanding of what a defensive security person must consider when risk evaluating the threats to industrial wireless systems.
  • A new appreciation for Maritime threats that Drones represent including information of actual incidents. 

Speakers
avatar for Jeff Melrose

Jeff Melrose

Principal Technology Strategist for Cybersecurity, Yokogawa US
Mr. Jeff Melrose is the Principal Cyber Security Manage for Cybersecurity at Yokogawa US. Prior to his assignment with Yokogawa, Mr. Melrose was a Principal Security Engineer at Lockheed Martin and Raytheon designing secure systems for the US Military and US Intelligence Communit... Read More →


Wednesday April 26, 2017 10:15 - 11:00
Atrium Ballroom 4th Floor

11:30

Analysis of Cyber Terrorism Against Korean Nuclear Power Plant

This topic examines the effect of cyber terrorism against nuclear power utilities & newly discovered vulnerabilities in nuclear power plant systems. Along with the cooperation of KOSPO (Korea Southern Power Co.,Ltd.) and Interpol researchers, we will also walk-though the investigation of 2014’s breach in one of South Korea’s largest nuclear power utility that is responsible for about 40% of the country's electric power supply.


Speakers
avatar for Louis Hur Young-il

Louis Hur Young-il

President and Chief Executive Officer, NSHC Corporation
Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four peoples in 2003 while studying at the University, and was the first CEO until now — growing the company to more than 80 employees and profitability... Read More →



Wednesday April 26, 2017 11:30 - 12:15
Atrium Ballroom 4th Floor

12:15

Panel: Safety & Security
Moderators
avatar for Thomas Quek

Thomas Quek

Conference Team, SecurityWeek

Speakers
avatar for Ayman AL-Issa

Ayman AL-Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton Inc.
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology, and cyber security. Within these arenas, he counts industrial control systems and systems engineering, as well as cyber security strategy and model building amongst his areas of expertise. Illustrating his contribution to the latter, Mr. Al Issa has developed an ICS defense-in-depth industrial cyber security model that provides early detection of threats based on... Read More →
avatar for Friedhelm Best

Friedhelm Best

Vice President Asia Pacific Region, HIMA Asia Pacific
Friedhelm Best is Vice President of the Asia Pacific Region at HIMA, a leading independent provider of solutions for safety-critical applications.  | Friedhelm previously worked as Director of Global Key Account Management Industry in the Electrical Sector of Eaton Corporation. F... Read More →
JW

Jerry Wells

Australian Oil & Gas Company


Wednesday April 26, 2017 12:15 - 13:00
Atrium Ballroom 4th Floor
 
Thursday, April 27
 

08:30

Welcome to the 2017 Singapore ICS Cyber Security Conference

2017 Singapore ICS Cyber Security Conference remarks and annoucements for day 3. 

 

Speakers
avatar for Mike Lennon

Mike Lennon

Managing Director, Chairman of ICS Cyber Security Conference Series, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends and and the threat landscape in the enterprise IT security and critical infrastructure space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages severa... Read More →
avatar for Thomas Quek

Thomas Quek

Conference Team, SecurityWeek


Thursday April 27, 2017 08:30 - 08:35
Atrium Ballroom 4th Floor

08:35

Shodan Analysis: Internet-Connected ICS in the APAC Region
Shodan creator John Matherly will share newly collected data and maps of industrial control systems that are connected to the Internet in the APAC region, along with regional and global trends. Data will also be presented on systems that are most likely ICS honeypots. 

Speakers
avatar for John Matherly

John Matherly

Founder & CEO, Shodan, LLC.
John Matherly is an Internet cartographer, speaker and founder of Shodan, the world’s first search engine for the Internet-connected devices. His work at Shodan has helped discover hundreds of thousands of industrial control systems, massive IoT botnets and empirically track the... Read More →


Thursday April 27, 2017 08:35 - 09:20
Atrium Ballroom 4th Floor

09:20

Securing Industrial Control Systems in the Age of IIoT
Join us in this session as we walk through the Digital Transformation journey in one of Malaysia's leading national oil companies. This transformation means adopting technology that can help increase Plant Utilization (PU), Improve Overall Equipment Effectiveness (OEE) and most importantly ZERO Health, Safety, Security and Environment  incidences.
 
With the Industrial Internet of Things and Big data Analytics making mainstream media headlines, we have seen more and more digital transformation initiatives being deployed in the refinery. The national refinery, which was first commissioned in 1992, was using a Distributed Control System (DCS) that relies on primarily analog 4-20mA sensors and final elements. Over the years with new process units being added, the current DCS is a mix of proprietary and open systems utilizing digital busses and analog signals.
 
The use of wireless sensors in the refinery has also been aggressively expanding since the last 10 years. These sensors have been deployed over the existing Process Control Equipment to provide additional monitoring of critical and non-critical equipment. The main driver for using these wireless sensors has been  being the ease and low cost of deployment. With this, the DCS architecture needed to be redrawn to allow for a secure yet reliable method to harness these wireless sensors data back to the end users. The end users of these sensors are now no longer restricted to the operation personnel, but include maintenance engineers for corrosion monitoring, condition based monitoring, instrumentation and control etc.
 
With all this additional connectivity, the refinery has developed numerous internal standards and has made reference to international standards such as  ISA/IEC 62443.  ISA/IEC 62443 is series of standards on the cyber security of industrial automation and control systems.

Speakers
avatar for Jefferi Kamarudin

Jefferi Kamarudin

Staff Engineer, Machinery Control, Malaysia's Oil Company
Jefferi Kamarudin started as an instrument engineer, and had since held various positions in plant maintenance and technical services within the refinery company before assuming his current role of Staff Engineer (Machinery Control). He has vast experience in the design, maintenance and in reliability and performance improvement of plant instrumentation, DCS systems and security, ESD systems, fire and gas systems, plant telecommunication systems, and turbo-machinery control and monitoring systems... Read More →



Thursday April 27, 2017 09:20 - 10:05
Atrium Ballroom 4th Floor

10:40

Scythe - Ransomware for Industrial Control Systems (ICS)

As cybersecurity threats continually evolve, ransomware is on the rise as the most profitable attack used by threat actors. Unlike malware, where the primary goal is to steal data or information, a ransomware’s goal is to deny access to resources for a period until a ransom is paid. If the ransom is not paid, then access to resources will be lost or restricted. This type of behavior has serious implications for Industrial Control Systems (ICS) in which availability and integrity of operations should be maintained at all the time.

Thousands of mission critical control systems are directly connected to Internet and subject to new attack techniques. In this research, we will demonstrate a number of advanced (for the first time) methods that can be used in order to infect ICS/SCADA devices with a specific ransomware “Scythe”, bypassing all the controls present on devices as well as other protection and restore mechanisms that could put the device back to it’s safe state. 


Speakers
AA

Alexandru Ariciu

Senior ICS Security Researcher, Applied Risk
Senior Security Researcher, Applied Risk


Thursday April 27, 2017 10:40 - 11:15
Atrium Ballroom 4th Floor

11:15

Protecting Against Unauthorized PLC Modifications

Operations managers need to be 100% certain that their PLCs’ software is shielded from unauthorized modifications, to assure that operational processes go uninterrupted. 

This session will demonstrate how PLC software can be modified without operators being aware, and outline the potential impact on ongoing ICS processes. An attack demo will show how to simulate an engineering workstation operation to change the firmware of the PLC while keeping the communication with the SCADA system intact.

Various defense methods to protect PLCs against such attacks will be presented, including embedded end-point protection mechanisms, proxy application firewalls and periodic configuration validation. 

Attendees will learn best practices for both detection and prevention of unauthorized PLC modifications.


Speakers
avatar for Ilan Barda

Ilan Barda

CEO, RADiFlow
Ilan Barda, founder of Radiflow is a Security and Telecom executive with 20 years of experience in the industry. Mr. Barda’s last position was the CEO of Seabridge, a Siemens subsidiary, with world-wide responsibility for the Siemens/Nokia-Siemens Carrier-Switches portfolio. Ilan has deep experience in developing secure communication equipment from his service in the Information Security division of the IDF. He has a B.A... Read More →



Thursday April 27, 2017 11:15 - 11:50
Atrium Ballroom 4th Floor

11:50

Analysis of the Ukraine Grid Attacks

In December 2015, cyber attacks disrupted energy-grid operations in Ukraine, causing blackouts to more then 225,000 customers. 

This presentation will detail the step-by-step process that the threat actors took, and will highlight the opportunities for detection and prevention across the various steps of the attack.  

According to Booz Allen Hamilton, report, the 2015 cyberattacks were likely part of a two-year campaign that targeted several sectors in Ukraine. Researchers identified 11 attacks aimed at the electricity, railway, media, mining and government sectors.


Speakers
avatar for Ayman AL-Issa

Ayman AL-Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton Inc.
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 23 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information technology, and cyber security. Within these arenas, he counts industrial control systems and systems engineering, as well as cyber security strategy and model building amongst his areas of expertise. Illustrating his contribution to the latter, Mr. Al Issa has developed an ICS defense-in-depth industrial cyber security model that provides early detection of threats based on... Read More →


Thursday April 27, 2017 11:50 - 12:25
Atrium Ballroom 4th Floor

12:25

Bypassing Air Gaps to Access OT Environments (Research and Demo)

In this presentation, attendees will learn about real threats facing ICS and SCADA systems. This presentation will share about air-gap bypassing, and detailed incident cases of bypassing air gaps. The session will include a demonstration of real hacking using three different air-gap bypassing techniques.


Speakers
avatar for Louis Hur Young-il

Louis Hur Young-il

President and Chief Executive Officer, NSHC Corporation
Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four peoples in 2003 while studying at the University, and was the first CEO until now — growing the company to more than 80 employees and profitability... Read More →


Thursday April 27, 2017 12:25 - 13:00
Atrium Ballroom 4th Floor