Attending this event?
The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region!

IMPORTANT: Our team is finalizing the conference agenda. Sessions will be finalized over the next few days. Please check back frequently. The conference will have THREE full days of content, and receptions and networking opportunities. You can register for the conference online to hold a spot.
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Main Track [clear filter]
Tuesday, April 24


The ICS Cybersecurity Journey for Operator-Owners
With the increasing speed OT Owners & Operators are being confronted with the ICS cybersecurity phenomenon. Being ignorant is no longer an excuse as specific legislation are being developed to enforce responsibilities of OT cyber security on OT Owners & Operators. As a multiple-stage journey with different activities, OT Owners & Operators are presented with difficulties and dilemmas in decisions making; How to begin, What to do First, What to do Next.
This lecture aims to provide insight in:
  • What OT cybersecurity mean as an end-user
  • The dilemmas; Cost, Resources, Risks, Liabilities
  • The available choices and decision markers;

avatar for Jos Menting

Jos Menting

Chief Technologist, CyberSecurity, Engie Lab
Jos Menting graduated in Technical Physics and Industrial Automation at the Saxion University. After some excursions, Mr. Menting started working in I&C engineering for different types of thermal power plants. Both new build as brown field and optimization projects delivered a pr... Read More →

Tuesday April 24, 2018 9:00am - 9:45am
Morr + Morrisson (Atrium Ballroom)


Understanding the Vulnerabilities and Risks to Your ICS Environment
Industrial Control Systems have traditionally operated in splendid isolation, achieving a
measure of security simply due to this isolation. In recent times, these formerly isolated
systems have become increasingly integrated into business systems, and even the Internet,
exposing them to increased yet unknown risk.

Most operators of ICS environments have little to no visibility into the assets resident within
their ICS environments - making it difficult to understand risk exposure of these critical

ICS operators are faced with a dilemma, and must understand the answer to this question:
In these times of IT/ICS convergence, how do I ensure my ICS environment remains secure
when I am unsure of what’s in my environment, what the vulnerabilities are within my
environment, and what’s connecting to it?
This session will demonstrate a case where IT/ICS convergence resulted in a compromise or
potential compromise. We will then expand on the risk of converged IT/ICS infrastructure,
and how these risks may be measured and understood.

avatar for Richard Bussiere

Richard Bussiere

Director, Product Management, Asia Pacific, Tenable
Mr. Dick Bussiere is Tenable Network Security’s Product Management Director for the Asia Pacific Region. In this multifaceted role, Mr. Bussiere is responsible for evangelizing the criticality of vulnerability assessment, vulnerability management, and comprehensive security mon... Read More →

Tuesday April 24, 2018 9:45am - 10:30am
Morr + Morrisson (Atrium Ballroom)


Prioritizing Solutions: Balancing Protective, Detective and Corrective Controls in ICS Environments
Energy operators rely on an extensive network of business partners and suppliers to operate efficiently and safely. This network, while improving operations, can also contribute to increasing cyber security risks if best practices aren’t adopted and followed diligently.
The importance of resilience in a vendor’s supply chain is critical and should be evaluated near the same level as safety and integrity. Those operating industrial control environments should take a deeper look at security by reviewing key areas that can contribute to increased risk within the supply chain.

This presentation will address:
  • What previous compromises tell us about our future
  • The impact of regulations on supply chain security
  • The importance of a long-term partner when choosing security solutions
What shared responsibility looks like before, during and after commissioning
Looking beyond greenfield; shared responsibility with legacy devices
Expectations during a compromise
When and where the reduction of vendors equals a stronger security posture
How to effectively evaluate vendors, from both OT and IT perspectives

Tuesday April 24, 2018 10:45am - 11:30am
Morr + Morrisson (Atrium Ballroom)


Preventing a Meltdown: Protecting Industrial Control Systems from Cyber Attacks
Summary: Industrial Control Systems (ICS) provide the backbone of our critical infrastructure and are increasingly under attack. These systems present unique security challenges connecting aging equipment that often predates modern security. This session will review today’s most serious ICS threats, and innovative approaches to protect critical applications at their core, rather than the perimeter.

Session Details:

Recent attacks on power plants have raised significant concerns over the security of our aging critical infrastructure. Modern Industrial Control Systems (ICS) provide the backbone for everything from nuclear power plants to advanced manufacturing, but they also present unique security challenges.
ICS systems often connect a long “iron tail” of aging equipment that predates modern cyberattacks. Security for these legacy systems often depends on air gaps from the outside world – while this easy in the 70’s, it’s less practical now. Today’s air-gapped systems can’t be automatically patched or receive virus signature updates, and even the most isolated system is usually only a desktop away from a connected, and potentially malicious insider.

On top of this, many of these systems are difficult or impossible to patch, and require 100% uptime. Simply rebooting an app is problematic, especially if it’s connected to a nuclear power plant, or electrical grid. Installing, validating, and testing system updates for unpredictable periods of time can be a non-starter. Legacy apps often were created by staff no longer there, using tools no longer supported.

This session will be led by the chief security architect of a global leader in industrial controls. It will review the unique challenges for ICS security with specific examples of recent attacks including fileless and memory-based threats that fly under the radar of conventional security tools.
Also discussed will be the need for a fundamental shift in how we approach security. Most security today is based at the perimeter, looking for known, previously identified threats. But perimeter security is almost always porous, and once inside, hackers can cause considerable damage or disruption to critical infrastructure, often without being noticed.

Finally, a new application-centric security model will be discussed that focuses on the integrity and runtime flow of applications, looking for anomalies at the core, rather than the perimeter. This model can be applied to existing, legacy applications running on older platforms, and provides better accuracy, and real-time pin-pointing of attacks in progress.

Session Objectives
  • Highlight the unique challenges of protecting Industrial Control Systems
  • Conventional security, patching and air gaps are inadequate for today's threats
  • Security needs to focus on the integrity of applications, not the perimeter.

This topic has recently been brought to the attention of the ICS Security community due to the TRITON attack against an Industrial Safety System.

avatar for Paul Forney

Paul Forney

Chief Security Architect, Schneider Electric
In supplement to being the Chief Security Architect at Schneider Electric Product Security Office, Mr. Forney is a founding board member of the ISA Security Compliance Institute (ISCI) which develops the conformance specifications to the ISA 99/IEC 62443 ICS cyber security standa... Read More →
avatar for Satya Gupta

Satya Gupta

Chief Technology Officer, Virsec
Satya V. Gupta is an entrepreneur with deep hardware and software domain expertize and multiple successful exits in several startups in USA and India. Currently, he is the Founder and Chief Technology Officer at Virsec, a cyber security startup based in San Jose, CA. He has over... Read More →

Tuesday April 24, 2018 11:30am - 12:15pm
Morr + Morrisson (Atrium Ballroom)


Digitalization: New Challenges for Industrial Cybersecurity
Market research indicates that most industrial companies have implemented cybersecurity programs to protect their control systems and facilities, and that these efforts have significantly reduced the risks of cyber attacks on critical infrastructure. However, with the digitalization trend, which is fast gaining traction across industrial sectors, the cybersecurity challenges for organizations increasingly span the IT-OT-IIoT spectrum. This means more needs to be done to ensure adequate cybersecurity protection.  This ARC presentation will include a discussion of the new digital-era challenges, the gaps that need to be filled, and the steps that industrial end-users should take in order to stay protected.

avatar for Bob Gill

Bob Gill

General Manager, Southeast Asia, ARC Advisory Group
Bob is responsible for managing ARC's operations in Southeast Asia. He joined ARC Advisory Group after a decade-long career in industrial technology media, most recently as Editor-in-Chief at Singapore's Contineo Media, where he had editorial management responsibility for Contro... Read More →

Tuesday April 24, 2018 1:30pm - 2:15pm
Morr + Morrisson (Atrium Ballroom)


Cybersecurity Good Practice: Not Just NERC CIP Compliance
This presentation discusses a selection of practical cybersecurity guidelines
from NIST’s Special Publication 800-82 “Guide to Industrial Control
Systems (ICS) Security” that may be adopted by electric utilities to
improve the cybersecurity posture of a control system. Whether or
not you are required to comply with NERC’s rules, the NIST
guidelines provide prompts for considering how to make a grid
control system more secure, not just compliant.

Beyond the standard regulatory requirements that bring a long list of
security-related actions, critical infrastructure providers should act
now on targeted security efforts to improve their defenses. While
these recommendations are mostly part of a U.S. utility measures
requirements, they are in fact applicable to any utility that seeks to
mitigate the risk of service disruptions due to security events.

avatar for Simon Rodriguez

Simon Rodriguez

Regional Technical Director, SUBNET Solutions
Simon Rodriguez is Vice President of Business Development and Product Management at SUBNET Solutions. Hi is an Electrical Engineer, MBA and SCADA Specialist with more than twelve (12) years of progressive working experience in Business Development , Sales and Project Management... Read More →

Tuesday April 24, 2018 2:15pm - 3:00pm
Morr + Morrisson (Atrium Ballroom)


A Paranoia a Day Keeps the Hacker Away
The speaker will walk the audience through the cyber kill chain process of how, in theory attempt to breach a typical manufacturing plant. From the process of reconnaissance, weaponization, delivery, exploitation, installation, C&C and goal achieved. With this theoretical attack, the process of defending each kill chain will be explained. In closing, apart from all the implemented defense method, the weakest link would still be the human element and how this can be addressed with touch of care and paranoia.

avatar for Harris Zane

Harris Zane

Industrial Cyber Security Manager, Belden
Harris Zane is Industrial Cyber Security Manager for Belden Industrial Solutions APAC.

Tuesday April 24, 2018 3:15pm - 4:00pm
Morr + Morrisson (Atrium Ballroom)


Threat Hunting system for ICS/SCADA
This presentation covers cyber threat intelligence information of APT Groups who are targeting ICS/SCADA environments. Louis Hur Young-il will explain how Open-source intelligence (OSINT) can be used to gather the threat intelligence.

avatar for Louis Hur Young-il

Louis Hur Young-il

President and Chief Executive Officer, NSHC Corporation
Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He is responsible for NSHC’s day-to-day-operations, as well as leading the company’s security product development and technology strategy. He co-founded NSHC with four peoples in 2003 while... Read More →

Tuesday April 24, 2018 4:00pm - 4:45pm
Morr + Morrisson (Atrium Ballroom)


How Secure is your Electronic Security System?
The transition of traditional security system from Analog to Digital, opens up a new paradox i.e. improved quality and ease of convergence vs increased attack vectors. The presentation aims to break down the various new "weakness" of a Digital Security System and offer options and opinions on how to enhance or mitigate such vulnerabilities.

avatar for Joseph Lee

Joseph Lee

Director & Chief Engineer, Eliteun Technology Group
Joseph started his career in the telecommunications industry and for the past decade mainly in the Electronic Physical Security Industry. He was instrument in the design, deployment of small to large scale security system for Government Agencies, Enterprises, homes, offices, etc... Read More →

Tuesday April 24, 2018 4:45pm - 5:15pm
Morr + Morrisson (Atrium Ballroom)
Wednesday, April 25


Welcome to the 2018 Singapore ICS Cyber Security Conference
Welcome address and conference introduction for SecurityWeek's 2018 ICS Cyber Security Conference.


Mike Lennon

Managing Director, SecurityWeek
For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the cyber threat landscape, and enterprise, critical infrastructure, and national security space. In his role at SecurityWeek he oversees the editorial direction of the publication and manages... Read More →

Thomas Quek

REDCON Security Advisors

Wednesday April 25, 2018 8:30am - 8:45am
Stamford Ballroom


Towards a Cyber Resilient Industry
Industrial Control Systems (ICS) have become increasingly attractive targets for cyber-attacks, as successful attacks can have disastrous consequences in the physical world. Unlike attacks on traditional Information Technology (IT) systems, attacks on ICS can disrupt essential services and even result in loss in lives. In response to the new threat of cyber, ICS operators need to augment operational resiliency with cyber resiliency. Furthermore, when planning for cyber resilience, operators need to do it holistically and not limit the scope to just the crown jewels, the ICS. The speaker will also give a flavour on Singapore’s efforts in building a cyber-resilient nation.

avatar for Lim Thian Chin

Lim Thian Chin

Deputy Director, Head of CII Protection, Critical Information Infrastructure Division, Cyber Security Agency of Singapore (CSA)
Lim Thian Chin is currently the Head of Critical Information Infrastructure (CII) Protection at the Cyber Security Agency of Singapore (CSA). He leads a team that is responsible for building the cyber resiliency of the Nation’'s essential services across 11 CII sectors covering... Read More →

Wednesday April 25, 2018 8:45am - 9:15am
Stamford Ballroom


Hacking Safety Controllers for Fun and Profit
Safety Controllers (Safety Instrumented Systems) have always been considered immune to attacks as last barrier of plant safety, and claimed to be designed to ensure safe and reliable operation for Industrial Control Systems (ICS) and Supervisory Control and DataAcquisition (SCADA) environments. Unfortunately, the recent research and in-the-field experience indicate misplaced confidence (based on SIL) and overall weak security practices since these devices themselves form another attack surface for the determined adversaries.

This presentation discusses vulnerabilities found by Applied Risk research team across various state of the art safety controllers, which are commonly used in industrial environments. Advanced attack vectors will be discussed where attackers could exploit the discovered vulnerabilities to gain control over the device, including connected industrial assets.In addition to the discovered vulnerabilities, the process we followed during our research will be discussed.
Examples will be given for topics including: 
  • From research to exploitation (a la basecamp)
  • Manipulate the safety logic
  • Live Demo

avatar for Jalal Bouhdada

Jalal Bouhdada

Founder, Principal ICS Security Consultant, Applied Risk
Jalal Bouhdada is Founder and Principal ICS Security Consultant for Applied Risk. He has over 15 years’ experience in Industrial Control Systems (ICS) security assessment, design and deployment with a focus on Process Control Domain and Industrial IT Security. Jalal has led several engagements for major clients, including many of the top utilities in the world and some of the largest global companies in industry verticals including power generators, electricity transmission providers, water utilities, petro chemical plants and oil refineries He holds a B.S degree in Security Assurance from Amsterdam University of Applied Sciences and is an active member of the Industrial Internet Consortium (IIC), ISA99, NEN, CIGRE and other professional societies. Jalal is also a... Read More →

Wednesday April 25, 2018 9:15am - 10:00am
Stamford Ballroom


Overcoming the "Evil Twins" Attack: Lessons Learned from Triton/TRISIS
Inside look at TRITON ICS Malware
Can you imagine what happens when the industrial safety controllers (SIS) at the one of the world’s largest oil company are being hacked? What if hackers could penetrate, take control and/or disable all nuclear plants and other critical infrastructure systems? Damage from the 2017 Triton attack could have reached epic proportions as the first malware of its kind to specifically target industrial safety controllers. Yet, as recent discoveries indicate, the world experienced the first-ever "evil twin" attack on both SIS and Industrial Control Systems (ICS) simultaneously. Learn what steps Schneider is taking to avoid escalation to grave consequences from these types of attacks.

Session Detail

If this was just a PLC then maybe we would not have been quite so enthralled.  In this case it was a triply redundant safety controller whose entire purpose is to protect people, equipment and the environment from disaster.  There is only one reason anyone would want to compromise such a device – to enable serious harm.  Yes, you could imagine that a plant shutdown would cause an economic outcome, but if that was the intent, this could have been accomplished with only a few lines of Python script and the elaborate manipulation of processor memory would have been a total waste of time.  No, the intent was much more than that.  It was a grave one.  
This session will discuss the issues and practical solutions to these three intriguing questions:
  1. What & Why do we need to know about the "Evil Twins" TRITON/TRISIS attack?
  2. Why do we need to change?
  3. Lessons Learned & Solutions

Session Objectives 
  • Bring clarity to the details of this attack
  • Highlight the way the much larger scope behind the Triton/Trisis Attack
  • Discuss how our industry should move forward from this state
There is much still to be said about the Triton attack and practitioners in our industry need to be fully aware of these details if they are to be effective in defending against this type of attack in the critical infrastructure.

avatar for Paul Forney

Paul Forney

Chief Security Architect, Schneider Electric
In supplement to being the Chief Security Architect at Schneider Electric Product Security Office, Mr. Forney is a founding board member of the ISA Security Compliance Institute (ISCI) which develops the conformance specifications to the ISA 99/IEC 62443 ICS cyber security standa... Read More →

Wednesday April 25, 2018 10:00am - 10:45am
Stamford Ballroom



Thursday, April 26


The Value of Applying Automation Engineering Mindset by the Industrial Cyber Security Experts
The speaker will share some highlights on his previous experiences on:
  • Applying automation engineering mindset in industrial cyber security in different energy sectors.
  • Adopting industrial cyber security designs that bring value to your organization.
  • Implementing innovative techniques to resolving cyber security concerns
  • Making industrial cyber security a value-driven approach

avatar for Ayman Al Issa

Ayman Al Issa

Chief Technologist, Industrial Cyber Security, Booz Allen Hamilton
Ayman Al Issa is Chief Technologist for Booz Allen Hamilton’s Industrial Cyber Security practice in the Middle East and North Africa region. Over a career which spans more than 24 years to date, Mr. Al Issa has gained vast experience in the fields of automation, information tec... Read More →

Thursday April 26, 2018 8:45am - 9:30am
Stamford Ballroom


Cybersecuring APR1400 Nuclear Power Reactors
Dr. Marlene Ladendorff will share insights on the cybersecurity initiatives under way to secure protect digital APR1400 nuclear power reactors in the United Arab Emirates. Ladendorff, who was responsible for building cybersecurity procedures, processes, and programs during the construction and start-up phases of the plants, will give an exclusive look inside the current program at Emirates Nuclear Energy Corporation.

APR1400 Digital Nuclear Reactor Cyber Security

As new builds of the APR1400 digital nuclear power reactors continue construction around the world, applying appropriate cyber security controls to protect them presents a new challenge for nuclear cyber security specialists.  Cyber attacks continue to grow more complex and are increasingly focusing on critical infrastructure equipment.  Additionally, the cyber security defense industry is seeing an upsurge in combined attacks that blend cyber and physical security, resulting in complex incidents that require new security techniques in order to mount an effective defense.  Further complicating the issue, nuclear cyber security may not have the same definition and requirements in different countries around the world.  An ideal situation would be to build cyber security in to the plants as they are being constructed rather than “bolting it on” at a later date. However cyber security is implemented, the goal remains the same: protection against cyber attacks for the plant, the community, and the environment.

avatar for Marlene Ladendorff

Marlene Ladendorff

Nuclear Cyber Security Consultant, Emirates Nuclear Energy Corporation
Marlene Ladendorff is a critical infrastructure cyber security professional specializing in industrial control system cyber security.  Marlene’s focus is electrical grid and nuclear cyber security.  She has implemented cyber programs at nuclear power plants in the United Stat... Read More →

Thursday April 26, 2018 9:30am - 10:15am
Stamford Ballroom


Industrial Cybersecurity in Context of Industry 4.0.
This session covers key security essentials for embracing Industry 4.0:
  • Industry 4. 0 cyber security strategies for mitigating operational risks arising from connected smart factories and digital supply chains.
  • Maintaining trust in process, technology and organization.
  • Validating security, interoperability and reliability in operations   

avatar for Andreas Hauser

Andreas Hauser

Director Digital Service, TÜV SÜD Asia Pacific Pte. Ltd
Dr Hauser holds Engineering Degrees in Shipbuilding and Computer Engineering, and a PhD in Applied Mathematics. He started his career at Corporate Research of Siemens and joined the technical service provider TÜV SÜD in Singapore to build up new businesses.He is now leading the... Read More →

Thursday April 26, 2018 10:45am - 11:30am
Stamford Ballroom


ICS Operational Technology Protection With Machine Learning
Most important for an ICS is to secure operational technology (OT). OT-failure can be caused by many reasons: equipment failure, cyber-attack or even physical attack. In modern connected world having just ESD (emergency shutdown system) and control-logic rules are simply not enough. These means can be compared to signature-based protection in cyber world, where also other advanced technics like heuristics, whitelisting and ML are used. ICS environment can rapidly change and personnel has no possibility to change rules so fast.

ML/DL technologies today are matured enough to deal with extreme amount of ICS telemetry. Different signals (sensors and actuators values) are correlated by physical laws and control logic. With ML, it is possible to learn these correlations under normal operational condition and establish something like white-listed behaviour. Any failure or attack that changes some signal will cause relevant changes in other signals. ML-model detects such situation as an anomaly.

In this presentation, we will show how this idea is implemented in the Machine Learning for Anomaly Detection (MLAD) system, and how it works with Secure Water Treatment (SWaT) realistic plant simulation that was made publicly available by Singapore University of Technology and Design (SUTD).  We will provide description of an important benefits of the MLAD – how it allows to find the cause of detected anomalous behavior, do that fast and effectively.

avatar for Andrey Lavrentyev

Andrey Lavrentyev

Head of Technology Research Department, Future Technologies, Kaspersky Lab
Andrey Lavrentyev is the Head of Technology Research Department, Future Technologies, Kaspersky Lab.  His current researches interests are connected with data-driven approach to the cyber-security of cyber-physical systems, machine learning, deep neural networks, spiking neural... Read More →

Thursday April 26, 2018 11:30am - 12:15pm
Stamford Ballroom


ICS Cyber Security Pain Points - PETRONAS Experience
There are numerous makes and models of ICS systems currently in use at Petroliam Nasional Berhad (PETRONAS) diverse business units from upstream and downstream. Group Technical Solutions (GTS) performs routine Cyber Security assessment at ICS of all PETRONAS facilities against PETRONAS Technical Standards (PTS). We therefore have decent demographics information on the Cyber Security posture of our ICS systems as installed by many ICS vendors.

While many ICS vendors have good understanding of Cyber Security threats, some of them still have yet to demonstrate sufficient appreciation towards the risk and/or install sufficient defense-in-depth hardening within their ICS system.

This talk attempts to share our pain points, as end user, as we sight different ICS vendors have differing, sometimes inadequate, levels of understanding in managing CS risks.

avatar for Azmi Hashim

Azmi Hashim

Principal Engineer, Instrument & Control, PETRONAS
Azmi is an Instrument and Control Principal Engineer in Group Technical Solutions, PETRONAS. He leads a team performing gap assessment against PETRONAS Technical Standards on Process Control System at PETRONAS operating facilities with regards to information security. Five years... Read More →

Thursday April 26, 2018 12:15pm - 1:00pm
Stamford Ballroom


Closing Remarks and Open Mic Discussions
SecurityWeek's 2018 Singapore ICS Cyber Security Conference is winding down, but there is still time for some great discussions! Please join us for closing remarks and an open discussion where anyone can make comments, share insights, ask questions and engage in a lively discussion.

Thursday April 26, 2018 4:45pm - 5:15pm
Stamford Ballroom