Loading…
Attending this event?
The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region!

IMPORTANT: Our team is finalizing the conference agenda. Sessions will be finalized over the next few days. Please check back frequently. The conference will have THREE full days of content, and receptions and networking opportunities. You can register for the conference online to hold a spot.
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, April 24
 

7:30am

Registration & Breakfast
Tuesday April 24, 2018 7:30am - 9:00am
TBA

9:00am

The ICS Cybersecurity Journey for Operator-Owners
With the increasing speed OT Owners & Operators are being confronted with the ICS cybersecurity phenomenon. Being ignorant is no longer an excuse as specific legislation are being developed to enforce responsibilities of OT cyber security on OT Owners & Operators. As a multiple-stage journey with different activities, OT Owners & Operators are presented with difficulties and dilemmas in decisions making; How to begin, What to do First, What to do Next.
This lecture aims to provide insight in:
  • What OT cybersecurity mean as an end-user
  • The dilemmas; Cost, Resources, Risks, Liabilities
  • The available choices and decision markers;

Speakers
avatar for Jos Menting

Jos Menting

Chief Technologist, CyberSecurity, Engie Lab
Jos Menting graduated in Technical Physics and Industrial Automation at the Saxion University. After some excursions, Mr. Menting started working in I&C engineering for different types of thermal power plants. Both new build as brown field and optimization projects delivered a pr... Read More →


Tuesday April 24, 2018 9:00am - 9:45am
Morr + Morrisson (Atrium Ballroom)

9:00am

Protecting Critical Infrastructure from Emerging Cyber Threats [Full Day Workshop]
Cyber war is no more a depiction of a science fiction movie, it is a reality, and hence, protecting the industrial control systems that are at the heart of the critical industrial infrastructures is no more an option. The speaker will focus on covering the adoption of an actionable approach to enhancing cyber security within the existing industrial infrastructures and the design of new control systems “with effective implementable cybersecurity controls” during the EPC (Engineering, Procurement, and Construction) lifecycle. The speaker will also provide examples of previous experience in implementing industrial cybersecurity in brown oil fields, smart oil fields, power generation, transmission, distribution and other industrial infrastructures.

Why you should attend
• Understand the plant operation when designing cyber security models and solutions for control systems
• Learn how to embed industrial cyber security during the engineering project lifecycle
• Discuss the different types of critical infrastructures (energy, utilities, etc.) and how the type of operation is related to cyber security
• Develop ideas on how to move into cyber security by design for the new control systems.
• Understand how to enhance industrial cyber security within existing control systems
• What do you need to address before implementing cyber security solutions in the existing ICS systems

Main Takeaways
• Understanding the emerging cyber threats
• Discuss the latest ICS reports and incidents including the lessons that shall be learned
• Need for different industrial cyber security models for the different critical infrastructure
• Who are the stakeholders and what is the role of each?
• What are the important three Cs for effective industrial cyber security program?
• Why do we need to understand plant operation when planning to secure the plants from cyber threats?

Speakers
avatar for Ayman Al Issa

Ayman Al Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 24 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information tec... Read More →


Tuesday April 24, 2018 9:00am - 3:00pm
Hullet Room (Atrium Ballroom) 4th Floor

9:45am

Understanding the Vulnerabilities and Risks to Your ICS Environment
Industrial Control Systems have traditionally operated in splendid isolation, achieving a
measure of security simply due to this isolation. In recent times, these formerly isolated
systems have become increasingly integrated into business systems, and even the Internet,
exposing them to increased yet unknown risk.

Most operators of ICS environments have little to no visibility into the assets resident within
their ICS environments - making it difficult to understand risk exposure of these critical
devices.

ICS operators are faced with a dilemma, and must understand the answer to this question:
In these times of IT/ICS convergence, how do I ensure my ICS environment remains secure
when I am unsure of what’s in my environment, what the vulnerabilities are within my
environment, and what’s connecting to it?
This session will demonstrate a case where IT/ICS convergence resulted in a compromise or
potential compromise. We will then expand on the risk of converged IT/ICS infrastructure,
and how these risks may be measured and understood.

Speakers
avatar for Richard Bussiere

Richard Bussiere

Director, Product Management, Asia Pacific, Tenable
Mr. Dick Bussiere is Tenable Network Security’s Product Management Director for the Asia Pacific Region. In this multifaceted role, Mr. Bussiere is responsible for evangelizing the criticality of vulnerability assessment, vulnerability management, and comprehensive security mon... Read More →


Tuesday April 24, 2018 9:45am - 10:30am
Morr + Morrisson (Atrium Ballroom)

10:30am

Morning Break
Tuesday April 24, 2018 10:30am - 10:45am
Atrium Foyer

10:45am

Prioritizing Solutions: Balancing Protective, Detective and Corrective Controls in ICS Environments
Energy operators rely on an extensive network of business partners and suppliers to operate efficiently and safely. This network, while improving operations, can also contribute to increasing cyber security risks if best practices aren’t adopted and followed diligently.
The importance of resilience in a vendor’s supply chain is critical and should be evaluated near the same level as safety and integrity. Those operating industrial control environments should take a deeper look at security by reviewing key areas that can contribute to increased risk within the supply chain.

This presentation will address:
  • What previous compromises tell us about our future
  • The impact of regulations on supply chain security
  • The importance of a long-term partner when choosing security solutions
What shared responsibility looks like before, during and after commissioning
Looking beyond greenfield; shared responsibility with legacy devices
Expectations during a compromise
When and where the reduction of vendors equals a stronger security posture
How to effectively evaluate vendors, from both OT and IT perspectives

Tuesday April 24, 2018 10:45am - 11:30am
Morr + Morrisson (Atrium Ballroom)

11:30am

Preventing a Meltdown: Protecting Industrial Control Systems from Cyber Attacks
Summary: Industrial Control Systems (ICS) provide the backbone of our critical infrastructure and are increasingly under attack. These systems present unique security challenges connecting aging equipment that often predates modern security. This session will review today’s most serious ICS threats, and innovative approaches to protect critical applications at their core, rather than the perimeter.

Session Details:

Recent attacks on power plants have raised significant concerns over the security of our aging critical infrastructure. Modern Industrial Control Systems (ICS) provide the backbone for everything from nuclear power plants to advanced manufacturing, but they also present unique security challenges.
ICS systems often connect a long “iron tail” of aging equipment that predates modern cyberattacks. Security for these legacy systems often depends on air gaps from the outside world – while this easy in the 70’s, it’s less practical now. Today’s air-gapped systems can’t be automatically patched or receive virus signature updates, and even the most isolated system is usually only a desktop away from a connected, and potentially malicious insider.

On top of this, many of these systems are difficult or impossible to patch, and require 100% uptime. Simply rebooting an app is problematic, especially if it’s connected to a nuclear power plant, or electrical grid. Installing, validating, and testing system updates for unpredictable periods of time can be a non-starter. Legacy apps often were created by staff no longer there, using tools no longer supported.

This session will be led by the chief security architect of a global leader in industrial controls. It will review the unique challenges for ICS security with specific examples of recent attacks including fileless and memory-based threats that fly under the radar of conventional security tools.
Also discussed will be the need for a fundamental shift in how we approach security. Most security today is based at the perimeter, looking for known, previously identified threats. But perimeter security is almost always porous, and once inside, hackers can cause considerable damage or disruption to critical infrastructure, often without being noticed.

Finally, a new application-centric security model will be discussed that focuses on the integrity and runtime flow of applications, looking for anomalies at the core, rather than the perimeter. This model can be applied to existing, legacy applications running on older platforms, and provides better accuracy, and real-time pin-pointing of attacks in progress.

Session Objectives
  • Highlight the unique challenges of protecting Industrial Control Systems
  • Conventional security, patching and air gaps are inadequate for today's threats
  • Security needs to focus on the integrity of applications, not the perimeter.

This topic has recently been brought to the attention of the ICS Security community due to the TRITON attack against an Industrial Safety System.

Speakers
avatar for Paul Forney

Paul Forney

Chief Security Architect, Schneider Electric
In supplement to being the Chief Security Architect at Schneider Electric Product Security Office, Mr. Forney is a founding board member of the ISA Security Compliance Institute (ISCI) which develops the conformance specifications to the ISA 99/IEC 62443 ICS cyber security standa... Read More →
avatar for Satya Gupta

Satya Gupta

Chief Technology Officer, Virsec
Satya V. Gupta is an entrepreneur with deep hardware and software domain expertize and multiple successful exits in several startups in USA and India. Currently, he is the Founder and Chief Technology Officer at Virsec, a cyber security startup based in San Jose, CA. He has over... Read More →


Tuesday April 24, 2018 11:30am - 12:15pm
Morr + Morrisson (Atrium Ballroom)

12:30pm

Lunch - Café Swiss
Please join us for lunch at Café Swiss, dining restaurant that is designed in a stylish modern architecture. Illuminated by an overhead of natural skylight, Café Swiss emanates an inviting aura of warmth and elegance for a tranquil respite. The sumptuous buffet lunch and dinner, offering a variety of European fare, are immensely popular.




Tuesday April 24, 2018 12:30pm - 1:45pm
Café Swiss

1:30pm

Digitalization: New Challenges for Industrial Cybersecurity
Market research indicates that most industrial companies have implemented cybersecurity programs to protect their control systems and facilities, and that these efforts have significantly reduced the risks of cyber attacks on critical infrastructure. However, with the digitalization trend, which is fast gaining traction across industrial sectors, the cybersecurity challenges for organizations increasingly span the IT-OT-IIoT spectrum. This means more needs to be done to ensure adequate cybersecurity protection.  This ARC presentation will include a discussion of the new digital-era challenges, the gaps that need to be filled, and the steps that industrial end-users should take in order to stay protected.

Speakers
avatar for Bob Gill

Bob Gill

General Manager, Southeast Asia, ARC Advisory Group
Bob is responsible for managing ARC's operations in Southeast Asia. He joined ARC Advisory Group after a decade-long career in industrial technology media, most recently as Editor-in-Chief at Singapore's Contineo Media, where he had editorial management responsibility for Contro... Read More →


Tuesday April 24, 2018 1:30pm - 2:15pm
Morr + Morrisson (Atrium Ballroom)

2:15pm

Cybersecurity Good Practice: Not Just NERC CIP Compliance
This presentation discusses a selection of practical cybersecurity guidelines
from NIST’s Special Publication 800-82 “Guide to Industrial Control
Systems (ICS) Security” that may be adopted by electric utilities to
improve the cybersecurity posture of a control system. Whether or
not you are required to comply with NERC’s rules, the NIST
guidelines provide prompts for considering how to make a grid
control system more secure, not just compliant.

Beyond the standard regulatory requirements that bring a long list of
security-related actions, critical infrastructure providers should act
now on targeted security efforts to improve their defenses. While
these recommendations are mostly part of a U.S. utility measures
requirements, they are in fact applicable to any utility that seeks to
mitigate the risk of service disruptions due to security events.

Speakers
avatar for Simon Rodriguez

Simon Rodriguez

Regional Technical Director, SUBNET Solutions
Simon Rodriguez is Vice President of Business Development and Product Management at SUBNET Solutions. Hi is an Electrical Engineer, MBA and SCADA Specialist with more than twelve (12) years of progressive working experience in Business Development , Sales and Project Management... Read More →


Tuesday April 24, 2018 2:15pm - 3:00pm
Morr + Morrisson (Atrium Ballroom)

3:00pm

Afternoon Break
Tuesday April 24, 2018 3:00pm - 3:15pm
Atrium Foyer

3:15pm

A Paranoia a Day Keeps the Hacker Away
The speaker will walk the audience through the cyber kill chain process of how, in theory attempt to breach a typical manufacturing plant. From the process of reconnaissance, weaponization, delivery, exploitation, installation, C&C and goal achieved. With this theoretical attack, the process of defending each kill chain will be explained. In closing, apart from all the implemented defense method, the weakest link would still be the human element and how this can be addressed with touch of care and paranoia.

Speakers
avatar for Harris Zane

Harris Zane

Industrial Cyber Security Manager, Belden
Harris Zane is Industrial Cyber Security Manager for Belden Industrial Solutions APAC.


Tuesday April 24, 2018 3:15pm - 4:00pm
Morr + Morrisson (Atrium Ballroom)

4:00pm

Threat Hunting system for ICS/SCADA
This presentation covers cyber threat intelligence information of APT Groups who are targeting ICS/SCADA environments. Louis Hur Young-il will explain how Open-source intelligence (OSINT) can be used to gather the threat intelligence.

Speakers
avatar for Louis Hur Young-il

Louis Hur Young-il

President and Chief Executive Officer, NSHC Corporation
Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four peoples in 2003 while... Read More →


Tuesday April 24, 2018 4:00pm - 4:45pm
Morr + Morrisson (Atrium Ballroom)

4:45pm

How Secure is your Electronic Security System?
The transition of traditional security system from Analog to Digital, opens up a new paradox i.e. improved quality and ease of convergence vs increased attack vectors. The presentation aims to break down the various new "weakness" of a Digital Security System and offer options and opinions on how to enhance or mitigate such vulnerabilities.

Speakers
avatar for Joseph Lee

Joseph Lee

Director & Chief Engineer, Eliteun Technology Group
Joseph started his career in the telecommunications industry and for the past decade mainly in the Electronic Physical Security Industry. He was instrument in the design, deployment of small to large scale security system for Government Agencies, Enterprises, homes, offices, etc... Read More →


Tuesday April 24, 2018 4:45pm - 5:15pm
Morr + Morrisson (Atrium Ballroom)

5:15pm

Poolside Welcome Reception
Please join us at the Alligator Pear poolside bar on Level 8 at the Fairmont Singapore for a welcome reception. Open bar serving Wine, Beer and Soft Drinks & Juices.

Sponsored by: Belden


Tuesday April 24, 2018 5:15pm - 7:15pm
Alligator Pear Poolside Bat Level 8 at the Fairmont Singapore
 
Wednesday, April 25
 

7:30am

Registration & Breakfast
Wednesday April 25, 2018 7:30am - 8:30am
Sponsor Foyer

8:30am

Welcome to the 2018 Singapore ICS Cyber Security Conference
Welcome address and conference introduction for SecurityWeek's 2018 ICS Cyber Security Conference.



Speakers
ML

Mike Lennon

Managing Director, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the cyber threat landscape, and enterprise, critical infrastructure, and national security space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages... Read More →
TQ

Thomas Quek

REDCON Security Advisors


Wednesday April 25, 2018 8:30am - 8:45am
Stamford Ballroom

8:45am

Towards a Cyber Resilient Industry
Industrial Control Systems (ICS) have become increasingly attractive targets for cyber-attacks, as successful attacks can have disastrous consequences in the physical world. Unlike attacks on traditional Information Technology (IT) systems, attacks on ICS can disrupt essential services and even result in loss in lives. In response to the new threat of cyber, ICS operators need to augment operational resiliency with cyber resiliency. Furthermore, when planning for cyber resilience, operators need to do it holistically and not limit the scope to just the crown jewels, the ICS. The speaker will also give a flavour on Singapore’s efforts in building a cyber-resilient nation.

Speakers
avatar for Lim Thian Chin

Lim Thian Chin

Deputy Director, Head of CII Protection, Critical Information Infrastructure Division, Cyber Security Agency of Singapore (CSA)
Lim Thian Chin is currently the Head of Critical Information Infrastructure (CII) Protection at the Cyber Security Agency of Singapore (CSA). He leads a team that is responsible for building the cyber resiliency of the Nation’'s essential services across 11 CII sectors covering... Read More →


Wednesday April 25, 2018 8:45am - 9:15am
Stamford Ballroom

8:45am

ICS Capture-the-Flag Game
Backed by popular demand, the ICS CTF Challenge by NSHC Corporation is back in SecurityWeek's ICS Cyber Security Conference 2018 | Singapore! With realistic-looking ICS/SCADA scaled model landscape and using real PLCs, players can immersed themselves in multiple levels of quizzes and hands-on to score as many points as possible! As part of the CTF can be played online, hence players can enjoy both conference and the CTF at the same time!

Registration
The ICS/SCADA CTF competition is open to all conference ticketholders to play, enjoy and compete.
Participants simply have to register at the NSHC booth located in the Exhibition Area.

Gameplay
There are altogether 6 scenarios, each with its own set of challenges and scores.
The scenarios and challenges are based on real ICS/SCADA simulation using real ICS/SCADA components.
There are more than 50 challenges — Providing an enjoyable and unforgettable experience for both Beginners and Experts.
  • Scenerio#1 : Focuses on malware analysis
  • Scenerio#2 : Focuses on wireless hacking
  • Scenerio#3 : Focuses on breaching an air-gapped Windows-based system
  • Scenerio#4 : Focuses on breaching a Windows-based Engineering Station running a well-known HMI program
  • Scenerio#5 : Focuses on breaching a PLC software/firmware
  • Scenerio#6 : Focuses on creating “real-life” consequences on a railway model based on the flags captured in the above scenarios

Duration
The ICS CTF Challenge will be conducted over 2 days starting on the 24th Oct to 25th Oct, from 10am – 5pm on each day.
 

Equipment
All players are required to bring along their own laptops with at least these features:
  • Any preferred hacking utilities of their choice (Kali Linux, ParrotOS, Backbox, Mimikatz etc).
  • Own Wi-Fi & Bluetooth (built-in or external) and USB ports.
  • A special hardware toolbox will be issued to each registered teams and registered individuals from the Umpire to accomplish certain tasks.

Prizes
Attractive prizes will be awarded to the top 3 winners at the end of the 2nd day closing ceremony
1st Place: Gold Medal + Apple earpods
2nd Place: Silver Medal + Wireless eye massager
3rd Place: Bronze Medal + Screw Driver Tool Kit

Skill Level
Basic IT knowledge will do. A keen-to-learn attitude is the key skill!

Wednesday April 25, 2018 8:45am - 5:00pm
TBA

9:15am

Hacking Safety Controllers for Fun and Profit
Safety Controllers (Safety Instrumented Systems) have always been considered immune to attacks as last barrier of plant safety, and claimed to be designed to ensure safe and reliable operation for Industrial Control Systems (ICS) and Supervisory Control and DataAcquisition (SCADA) environments. Unfortunately, the recent research and in-the-field experience indicate misplaced confidence (based on SIL) and overall weak security practices since these devices themselves form another attack surface for the determined adversaries.

This presentation discusses vulnerabilities found by Applied Risk research team across various state of the art safety controllers, which are commonly used in industrial environments. Advanced attack vectors will be discussed where attackers could exploit the discovered vulnerabilities to gain control over the device, including connected industrial assets.In addition to the discovered vulnerabilities, the process we followed during our research will be discussed.
Examples will be given for topics including: 
  • From research to exploitation (a la basecamp)
  • Manipulate the safety logic
  • Live Demo

Speakers
avatar for Jalal Bouhdada

Jalal Bouhdada

Founder, Principal ICS Security Consultant, Applied Risk
Jalal Bouhdada is Founder and Principal ICS Security Consultant for Applied Risk. He has over 15 years’ experience in Industrial Control Systems (ICS) security assessment, design and deployment with a focus on Process Control Domain and Industrial IT Security. Jalal has led several engagements for major clients, including many of the top utilities in the world and some of the largest global companies in industry verticals including power generators, electricity transmission providers, water utilities, petro chemical plants and oil refineries He holds a B.S degree in Security Assurance from Amsterdam University of Applied Sciences and is an active member of the Industrial Internet Consortium (IIC), ISA99, NEN, CIGRE and other professional societies. Jalal is also a... Read More →


Wednesday April 25, 2018 9:15am - 10:00am
Stamford Ballroom

10:00am

Overcoming the "Evil Twins" Attack: Lessons Learned from Triton/TRISIS
Inside look at TRITON ICS Malware
Can you imagine what happens when the industrial safety controllers (SIS) at the one of the world’s largest oil company are being hacked? What if hackers could penetrate, take control and/or disable all nuclear plants and other critical infrastructure systems? Damage from the 2017 Triton attack could have reached epic proportions as the first malware of its kind to specifically target industrial safety controllers. Yet, as recent discoveries indicate, the world experienced the first-ever "evil twin" attack on both SIS and Industrial Control Systems (ICS) simultaneously. Learn what steps Schneider is taking to avoid escalation to grave consequences from these types of attacks.

Session Detail

If this was just a PLC then maybe we would not have been quite so enthralled.  In this case it was a triply redundant safety controller whose entire purpose is to protect people, equipment and the environment from disaster.  There is only one reason anyone would want to compromise such a device – to enable serious harm.  Yes, you could imagine that a plant shutdown would cause an economic outcome, but if that was the intent, this could have been accomplished with only a few lines of Python script and the elaborate manipulation of processor memory would have been a total waste of time.  No, the intent was much more than that.  It was a grave one.  
This session will discuss the issues and practical solutions to these three intriguing questions:
  1. What & Why do we need to know about the "Evil Twins" TRITON/TRISIS attack?
  2. Why do we need to change?
  3. Lessons Learned & Solutions

Session Objectives 
  • Bring clarity to the details of this attack
  • Highlight the way the much larger scope behind the Triton/Trisis Attack
  • Discuss how our industry should move forward from this state
There is much still to be said about the Triton attack and practitioners in our industry need to be fully aware of these details if they are to be effective in defending against this type of attack in the critical infrastructure.

Speakers
avatar for Paul Forney

Paul Forney

Chief Security Architect, Schneider Electric
In supplement to being the Chief Security Architect at Schneider Electric Product Security Office, Mr. Forney is a founding board member of the ISA Security Compliance Institute (ISCI) which develops the conformance specifications to the ISA 99/IEC 62443 ICS cyber security standa... Read More →



Wednesday April 25, 2018 10:00am - 10:45am
Stamford Ballroom

10:45am

Morning Break
Wednesday April 25, 2018 10:45am - 11:15am
Sponsor Foyer

11:15am

12:00pm

12:45pm

Lunch - Café Swiss
Please join us for lunch at Café Swiss, dining restaurant that is designed in a stylish modern architecture. Illuminated by an overhead of natural skylight, Café Swiss emanates an inviting aura of warmth and elegance for a tranquil respite. The sumptuous buffet lunch and dinner, offering a variety of European fare, are immensely popular.




Wednesday April 25, 2018 12:45pm - 2:00pm
Café Swiss

2:00pm

An Industrial Immune System: Using Machine Learning for Next Generation ICS Security (Sponsored Session)
As IT and Operational Technology (OT) environments continue to converge, managers of ICS have been faced with the challenge of protecting these crucial systems and data, in spite of inherent security weaknesses and the continual risk of insider threat. In many industrial processes, reliability of an ICS has a direct and immediate impact on the safety of human lives. Existing, legacy approaches have proven inadequate on their own, especially against insiders who, by definition, have authorized access. 
There is an urgent need for a new approach to combat the next generation of cyber-threats, across both OT and IT environments. While total prevention of compromise is untenable, utilizing automated self-learning technologies to detect and respond to emerging threats within a network is an achievable cyber security goal, irrespective of whether the suspicious behavior originated on the corporate network or ICS. 
Some of the world’s leading energy and manufacturing companies are using these technologies to detect early indicators of cyber-attacks or vulnerabilities across IT and OT environments, without reliance on pre-identified threat feeds, rules, or signatures. These technologies represent an innovative and fundamental step-change in automated cyber-defense. 
In this session, learn: 
  • How new machine learning and mathematics are automating advanced threat detection
  • Why 100% network visibility allows you to preempt emerging situations, in real time, across both IT and OT environments 
  • How smart prioritization and visualization of threats allows for better resource allocation and lower risk 
  • Real-world examples of detected OT threats, from non-malicious insiders to sophisticated cyber-attackers
Sponsored by: Darktrace

Speakers
avatar for Jeffrey Cornelius

Jeffrey Cornelius

EVP, Industrial Control and Critical Infrastructure Solutions, Darktrace
Jeff Cornelius joined Darktrace in February of 2014 as Executive Vice President. His background with large Enterprise Software organizations over the past 18 years lends itself to the needs of an, innovative, market-defining organization. Jeff oversees the strategic direction and... Read More →


Wednesday April 25, 2018 2:00pm - 2:45pm
Sophia

2:00pm

Safeguarding Industrial Control Networks (Sponsored Session)
Last December, cyber attackers launched a new malware variant called TRITON, specifically designed to target industrial safety systems. It was used against a critical infrastructure facility in the Middle East, causing an operational outage. While this malware was not the first to impact operational networks, it illustrates that ICS networks are now directly in the crosshairs of attackers.

In this session, we will discuss the emergence of ICS-specific malware, how it’s being used to infiltrate industrial environments, and what operators can do to defend their ICS networks and critical assets to prevent disruptions.

Sponsored by: Indegy

Speakers
avatar for Mille Gandelsman

Mille Gandelsman

CTO and Co-Founder, Indegy
Mille Gandelsman is the CTO and Co-Founder of Indegy, an industrial cybersecurity startup that provides situational awareness and real-time security for industrial control networks. He leads Indegy’s technology research and product management activities. Prior to Indegy, Gandel... Read More →


Wednesday April 25, 2018 2:00pm - 2:45pm
Olivia

2:45pm

The Inherent & Intertwined Risks in Industrial Control Systems and Enterprise IT Systems
Today, cyber threats have grown not just in its depth (i.e. more sophisticated), but also in its breadth (i.e. expanded scope). It has grown from threats in Enterprise IT systems (IT) to Operation Technologies (OT). Generally, OT refers to critical infra-structures such as nuclear, chemical, energy, water plants, trains, planes, ships etc. In certain context, it is addressed as Industrial Control Systems (ICS), or Supervisory Control And Data Acquisition (SCADA) systems.
In this sharing, the speaker would share the typical risks in both IT and OT, and why they could not be addressed in separated perspectives. The contents will be delivered in a highly practical approach with much of the sharing being the speaker’s first-hand experiences and encounters operationally.

Speakers
avatar for Ken Soh

Ken Soh

CEO, Athena Dynamics
Ken Soh holds concurrent appoints as Group CIO of mainboard listed BH Global Corporation Limited and as the founding CEO of the group subsidiary cyber security company Athena Dynamics Pte Ltd. Ken has more than 25 years of working experience in the ICT industry. Prior to joining... Read More →


Wednesday April 25, 2018 2:45pm - 3:30pm
Olivia

2:45pm

Functional Safety and Cybersecurity
Functional Safety at Your Plant Requires IT Security

The cyber security threat has expanded from its origins in the home and office PC environment into Industrial Control Systems. At the end of 2017, the world's first successful hacker attack on a safety instrumented system (SIS) was discovered. Malware in a programming station (PC) modified older Triconex safety instrumented systems manufactured by Schneider Electric during ongoing operation. To do this, the programming station was manipulated in such a way that the usual programming function was used to exchange a user program fragment in the Triconex SIS. This modification put the SIS into a safe state. We suspect that the aim of the attack was more than to simply stop the SIS. Rather, it can be assumed that this was supposed to result in a crash. This malware is known as "TRISIS" or "TRITON" (hereafter referred to as "TRISIS").

In this presentation, Sujith Panikkar of HIMA will explain that by looking at a wider solution, through a combination of functional safety and IT security, businesses ensure their overall safety.

The presentation will address three core questions:
  • Can the “insecurity” of integrated control systems influence the functional safety of a plant?
  • What needs to be protected?
  • Can the principles developed for functional safety be applied to security?
With reference to the international standards IEC 61508 for functional safety, IEC 61511 for Safety instrumented Systems and IEC 62443 for cyber security the session will deliver a unique perspective and thinking on this very real, very modern threat.


Speakers
avatar for Sujith Panikkar

Sujith Panikkar

Director of Consulting in Functional Safety and Safety Instrumented Systems, HIMA Safety Systems


Wednesday April 25, 2018 2:45pm - 3:30pm
Sophia
  • about Sujith Panikkar has a Master’s Degree in Safety, Health and Environment Technology from National University of Singapore, Bachelors in Applied Electronics & Instrumentation Engineering from the University of Kerala, India and is a Certified Functional Safety Expert from TÜV Rheinland, TÜV SÜD and CFSE Board, USA.He has over 27 years of experience in the field of Industrial Automation Systems & products for Oil & Gas, Petroleum Refining, and LNG, downstream petrochemicals industry projects including Distributed Control Systems, Foundation Fieldbus and Safety Instrumented Systems (for ESD / BMS / F&G applications) and Intrinsically Safe hazardous area interfaces.

3:30pm

Afternoon Break
Wednesday April 25, 2018 3:30pm - 3:45pm
Sponsor Foyer

3:45pm

Evaluating the Human Factor (the Wetware) in Industrial Cybersecurity
How problematic can the human element be in Industrial Cybersecurity?

Wetware refers to the human brain as analogous to, or in contrast with electronic
hardware and software. Although the human element is paramount in Industrial
Cybersecurity, its importance is not adequately highlighted in relevant International
Standards. This has striking similarity to the way the human element is inadequately
treated in most Functional Safety Standards.
This talk will provide a comparative review of standards on Industrial Cybersecurity
from the human factor point of view. It will also highlight its relevance and importance
with illustrations and case studies from the industry. It concludes with the authors'
recommendations on methodologies to embrace Wetware in lifecycle activities with a
holistic view-point.

Speakers
avatar for Dr John Lear

Dr John Lear

Principal, KAJE Cyber
Dr. John Lear has over 30 years’ experience in process plant and control systemdesign, operations, R&D and technology management. John co-developed theCHAZOP technique and has led over a hundred CHAZOPs, ranging from chemicalplant operation, through IT infrastructure to robot c... Read More →


Wednesday April 25, 2018 3:45pm - 4:30pm
Olivia

3:45pm

Building Blocks for DNP3 Fuzzing
DNP3 (Distributed Network Protocol) is a set of communications protocols used between components in process automation systems. It was developed for communications between various types of data acquisition and control equipment and plays a crucial role in SCADA systems.

In this technical session, Ying Kiat Pang,  Director of Network and Software Security at Beyond Security Asia, will address the following topics:
  •  Fuzzing and CRT
  • A Glimpse of ISASecure EDSA evaluation elements
  • beSTORM Fuzzing Framework
  • Crafting the attack language - A Snippet
  • Fuzzing DNP3 Layers

Speakers
avatar for Ying Kiat Pang

Ying Kiat Pang

Director, Network and Software Security, Beyond Security Asia
YK Pang is the technical lead for software and network security testing tools at Beyond Security Asia. He started his career as a software programmer, financial systems, at one of the largest computer software house in South East Asia. He has over 25 years of IT work experience h... Read More →


Wednesday April 25, 2018 3:45pm - 4:30pm
Sophia

5:00pm

Cocktail Reception in Sponsor Hall
Please join us in the sponsor area for an exclusive with cocktails and appetizers and network with industry peers. At this reception we have prepared a fantastic menu and premium bar!



Wednesday April 25, 2018 5:00pm - 7:00pm
Sponsor Foyer
 
Thursday, April 26
 

7:30am

Registration & Breakfast
Thursday April 26, 2018 7:30am - 8:45am
Sponsor Foyer

8:45am

The Value of Applying Automation Engineering Mindset by the Industrial Cyber Security Experts
The speaker will share some highlights on his previous experiences on:
  • Applying automation engineering mindset in industrial cyber security in different energy sectors.
  • Adopting industrial cyber security designs that bring value to your organization.
  • Implementing innovative techniques to resolving cyber security concerns
  • Making industrial cyber security a value-driven approach

Speakers
avatar for Ayman Al Issa

Ayman Al Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 24 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information tec... Read More →


Thursday April 26, 2018 8:45am - 9:30am
Stamford Ballroom

8:45am

ICS Capture-the-Flag Game
Backed by popular demand, the ICS CTF Challenge by NSHC Corporation is back in SecurityWeek's ICS Cyber Security Conference 2018 | Singapore! With realistic-looking ICS/SCADA scaled model landscape and using real PLCs, players can immersed themselves in multiple levels of quizzes and hands-on to score as many points as possible! As part of the CTF can be played online, hence players can enjoy both conference and the CTF at the same time!

Registration
The ICS/SCADA CTF competition is open to all conference ticketholders to play, enjoy and compete.
Participants simply have to register at the NSHC booth located in the Exhibition Area.

Gameplay
There are altogether 6 scenarios, each with its own set of challenges and scores.
The scenarios and challenges are based on real ICS/SCADA simulation using real ICS/SCADA components.
There are more than 50 challenges — Providing an enjoyable and unforgettable experience for both Beginners and Experts.
  • Scenerio#1 : Focuses on malware analysis
  • Scenerio#2 : Focuses on wireless hacking
  • Scenerio#3 : Focuses on breaching an air-gapped Windows-based system
  • Scenerio#4 : Focuses on breaching a Windows-based Engineering Station running a well-known HMI program
  • Scenerio#5 : Focuses on breaching a PLC software/firmware
  • Scenerio#6 : Focuses on creating “real-life” consequences on a railway model based on the flags captured in the above scenarios

Duration
The ICS CTF Challenge will be conducted over 2 days starting on the 24th Oct to 25th Oct, from 10am – 5pm on each day.
 

Equipment
All players are required to bring along their own laptops with at least these features:
  • Any preferred hacking utilities of their choice (Kali Linux, ParrotOS, Backbox, Mimikatz etc).
  • Own Wi-Fi & Bluetooth (built-in or external) and USB ports.
  • A special hardware toolbox will be issued to each registered teams and registered individuals from the Umpire to accomplish certain tasks.

Prizes
Attractive prizes will be awarded to the top 3 winners at the end of the 2nd day closing ceremony
1st Place: Gold Medal + Apple earpods
2nd Place: Silver Medal + Wireless eye massager
3rd Place: Bronze Medal + Screw Driver Tool Kit

Skill Level
Basic IT knowledge will do. A keen-to-learn attitude is the key skill!

Thursday April 26, 2018 8:45am - 4:45pm
TBA

9:30am

Cybersecuring APR1400 Nuclear Power Reactors
Dr. Marlene Ladendorff will share insights on the cybersecurity initiatives under way to secure protect digital APR1400 nuclear power reactors in the United Arab Emirates. Ladendorff, who was responsible for building cybersecurity procedures, processes, and programs during the construction and start-up phases of the plants, will give an exclusive look inside the current program at Emirates Nuclear Energy Corporation.

APR1400 Digital Nuclear Reactor Cyber Security

As new builds of the APR1400 digital nuclear power reactors continue construction around the world, applying appropriate cyber security controls to protect them presents a new challenge for nuclear cyber security specialists.  Cyber attacks continue to grow more complex and are increasingly focusing on critical infrastructure equipment.  Additionally, the cyber security defense industry is seeing an upsurge in combined attacks that blend cyber and physical security, resulting in complex incidents that require new security techniques in order to mount an effective defense.  Further complicating the issue, nuclear cyber security may not have the same definition and requirements in different countries around the world.  An ideal situation would be to build cyber security in to the plants as they are being constructed rather than “bolting it on” at a later date. However cyber security is implemented, the goal remains the same: protection against cyber attacks for the plant, the community, and the environment.


Speakers
avatar for Marlene Ladendorff

Marlene Ladendorff

Nuclear Cyber Security Consultant, Emirates Nuclear Energy Corporation
Marlene Ladendorff is a critical infrastructure cyber security professional specializing in industrial control system cyber security.  Marlene’s focus is electrical grid and nuclear cyber security.  She has implemented cyber programs at nuclear power plants in the United Stat... Read More →


Thursday April 26, 2018 9:30am - 10:15am
Stamford Ballroom

10:15am

Morning Break
Thursday April 26, 2018 10:15am - 10:45am
Sponsor Foyer

10:45am

Industrial Cybersecurity in Context of Industry 4.0.
This session covers key security essentials for embracing Industry 4.0:
  • Industry 4. 0 cyber security strategies for mitigating operational risks arising from connected smart factories and digital supply chains.
  • Maintaining trust in process, technology and organization.
  • Validating security, interoperability and reliability in operations   

Speakers
avatar for Andreas Hauser

Andreas Hauser

Director Digital Service, TÜV SÜD Asia Pacific Pte. Ltd
Dr Hauser holds Engineering Degrees in Shipbuilding and Computer Engineering, and a PhD in Applied Mathematics. He started his career at Corporate Research of Siemens and joined the technical service provider TÜV SÜD in Singapore to build up new businesses.He is now leading the... Read More →



Thursday April 26, 2018 10:45am - 11:30am
Stamford Ballroom

11:30am

ICS Operational Technology Protection With Machine Learning
Most important for an ICS is to secure operational technology (OT). OT-failure can be caused by many reasons: equipment failure, cyber-attack or even physical attack. In modern connected world having just ESD (emergency shutdown system) and control-logic rules are simply not enough. These means can be compared to signature-based protection in cyber world, where also other advanced technics like heuristics, whitelisting and ML are used. ICS environment can rapidly change and personnel has no possibility to change rules so fast.

ML/DL technologies today are matured enough to deal with extreme amount of ICS telemetry. Different signals (sensors and actuators values) are correlated by physical laws and control logic. With ML, it is possible to learn these correlations under normal operational condition and establish something like white-listed behaviour. Any failure or attack that changes some signal will cause relevant changes in other signals. ML-model detects such situation as an anomaly.

In this presentation, we will show how this idea is implemented in the Machine Learning for Anomaly Detection (MLAD) system, and how it works with Secure Water Treatment (SWaT) realistic plant simulation that was made publicly available by Singapore University of Technology and Design (SUTD).  We will provide description of an important benefits of the MLAD – how it allows to find the cause of detected anomalous behavior, do that fast and effectively.
 

Speakers
avatar for Andrey Lavrentyev

Andrey Lavrentyev

Head of Technology Research Department, Future Technologies, Kaspersky Lab
Andrey Lavrentyev is the Head of Technology Research Department, Future Technologies, Kaspersky Lab.  His current researches interests are connected with data-driven approach to the cyber-security of cyber-physical systems, machine learning, deep neural networks, spiking neural... Read More →


Thursday April 26, 2018 11:30am - 12:15pm
Stamford Ballroom

12:15pm

ICS Cyber Security Pain Points - PETRONAS Experience
There are numerous makes and models of ICS systems currently in use at Petroliam Nasional Berhad (PETRONAS) diverse business units from upstream and downstream. Group Technical Solutions (GTS) performs routine Cyber Security assessment at ICS of all PETRONAS facilities against PETRONAS Technical Standards (PTS). We therefore have decent demographics information on the Cyber Security posture of our ICS systems as installed by many ICS vendors.

While many ICS vendors have good understanding of Cyber Security threats, some of them still have yet to demonstrate sufficient appreciation towards the risk and/or install sufficient defense-in-depth hardening within their ICS system.

This talk attempts to share our pain points, as end user, as we sight different ICS vendors have differing, sometimes inadequate, levels of understanding in managing CS risks.

Speakers
avatar for Azmi Hashim

Azmi Hashim

Principal Engineer, Instrument & Control, PETRONAS
Azmi is an Instrument and Control Principal Engineer in Group Technical Solutions, PETRONAS. He leads a team performing gap assessment against PETRONAS Technical Standards on Process Control System at PETRONAS operating facilities with regards to information security. Five years... Read More →


Thursday April 26, 2018 12:15pm - 1:00pm
Stamford Ballroom

1:00pm

Lunch - Café Swiss
Please join us for lunch at Café Swiss, dining restaurant that is designed in a stylish modern architecture. Illuminated by an overhead of natural skylight, Café Swiss emanates an inviting aura of warmth and elegance for a tranquil respite. The sumptuous buffet lunch and dinner, offering a variety of European fare, are immensely popular.




Thursday April 26, 2018 1:00pm - 2:15pm
Café Swiss

2:15pm

Holistic Approach for a Secure Last Line of Defense (Sponsored Session)
For the first time, a safety system (Triconex) from the company Schneider Electric is compromised. The plant shut down. HIMA takes the incident very seriously and deeply analyzes the information available. HIMA reviews its own processes and products based on the security agencies' recommendations. The diversity between the Schneider and HIMA systems, the results of the security analysis carried out by Dragos as well as their different design philosophy suggest that the TRITON attack is not directly deployable among other vendors systems.

Speakers
avatar for Friedhelm Best

Friedhelm Best

Vice President Asia Pacific Region, HIMA Asia Pacific
Friedhelm Best is Vice President of the Asia Pacific Region at HIMA, a leading independent provider of solutions for safety-critical applications.  Friedhelm previously worked as Director of Global Key Account Management Industry in the Electrical Sector of Eaton Corporation. Fr... Read More →


Thursday April 26, 2018 2:15pm - 3:00pm
Olivia

2:15pm

Practical Cybersecurity Assessment of Smart Grids
This presentation will summarize the experience gained during cybersecurity assessments of various IT components of  electrical grids.

Modern Smart Grid implementations contain large numbers of system-wide and specific vulnerabilities both in individual components and in overall ICS systems and networks. Identifying and using these vulnerabilities requires an average level of expertise and a modest level of funds. The implications of such attacks may vary from local fraud to negative physical impact on power substation components to large-scale network accidents.

This research presents the findings of several SCADA StrangeLove projects aimed at assessing the security of different elements of electrical grid such as network communications, relay protection, SCADA, application software, small-scale power generation systems. Details of technical vulnerabilities and related cyber-physical attack scenarios will be discussed.


Speakers
avatar for Sergei Gordeychik

Sergei Gordeychik

Deputy CTO, DarkMatter
Sergey Gordeychik is  Product Director for Cyber Defence at DarkMatter. Before moving to DarkMatter, Sergey gained a wealth of practical experience in the cybersecurity industry. In particular, being Deputy CTO at Kaspersky Lab he was responsible for establishing the vision and... Read More →


Thursday April 26, 2018 2:15pm - 3:00pm
Sophia

3:00pm

Changing Threats: Gear up for the Internet of City Things
The world is gearing up for a revolution that will likely be as game-changing as the invention of the automobile 120 years ago. Automation has the potential to fundamentally change our transportation systems, the way we build cities and the way we work and live our lives. The potential benefits are enormous, but there will likely be painful side effects that we need to anticipate and be prepared to address.

Speakers
avatar for Jonathan Lee

Jonathan Lee

TSE – APAC, Pelco by Schneider Electric.


Thursday April 26, 2018 3:00pm - 3:45pm
Olivia

3:00pm

3:45pm

Afternoon Break
Thursday April 26, 2018 3:45pm - 4:00pm
Sponsor Foyer

4:00pm

IACS Security Assessment; Things that We might Overlook
Almost all organizations conduct security assessment or security audits for their IACS setup, either internally of from third party consultants. This paper will cover these critical information that may be missed out by IT security specialist and IACS engineers. This paper will also provide the experience of conducting a security assessment for IACS, and to emphasize the critical scopes that might be missed out by the assessor.

Speakers
avatar for Muhammad Reza Shariff

Muhammad Reza Shariff

Cyber Security Practitioner
Rezza is a highly motivated professional with 14 years of experience in IT and information security for Oil & Gas and healthcare industry which includes knowledge on Plant Control System (PCS), Data Control System (DCS) and Supervisory Control and Data Acquisition (SCADA).He firs... Read More →


Thursday April 26, 2018 4:00pm - 4:45pm
Olivia

4:00pm

Understanding the Difficulties of Integrating and Updating Security Solution with Industrial Control System
Today with topic like Digitalization, Smart Cities and Clouds etc. the ideas we know about Industrial Control System are rapidly changing. With all the new functionalities and ease of access and monitoring operational data using a cell phone, the threat land scape is for sure increasing. This result in extreme needs for cyber security additional solutions not only from OT Vendors themselves but also from external security vendors. Questions like hat are the challenges facing End Users when deciding integrating a security solution? Who needs to decide and based on what decisions needs to be taken? What should be considered after the integration? And other will be briefly answered during this session. The topics cover the difficulties faced by security solution provider and end users during Integration Phase and after operation during security patches update and based on what to get these update.

Speakers
avatar for Abdulrahman M Al Safh

Abdulrahman M Al Safh

Cyber Security OT Consultant and Trainer, SIEMENS Energy Management
Abdulrahman Al Safh is Cyber Security OT Consultant and Trainer at SIEMENS Energy Management, Digital Grid, Saudi Arabia. Abdulrahman is Certified Cyber Security Representative by SIEMENS. He has 5 years of experience in Industrial Control System since 2007 and Energy Automation... Read More →


Thursday April 26, 2018 4:00pm - 4:45pm
Sophia

4:45pm

Closing Remarks and Open Mic Discussions
SecurityWeek's 2018 Singapore ICS Cyber Security Conference is winding down, but there is still time for some great discussions! Please join us for closing remarks and an open discussion where anyone can make comments, share insights, ask questions and engage in a lively discussion.



Thursday April 26, 2018 4:45pm - 5:15pm
Stamford Ballroom

5:00pm

End of 2018 Singapore ICS Cyber Security Conference
Conclusion of SecurityWeek's 2018 ICS Cyber Security Conference. Thank You!

Thursday April 26, 2018 5:00pm - 5:00pm
Stamford Ballroom