Operational Technology (OT) and specifically Industrial Control Systems (ICS) and associated equipment and devices, have mostly been ignored by industry leadership.
Safeguarding this critical area requires a unique mix of technical and operating insight into how threat actors (hostile nation-states, terrorist organizations and hacktivist organizations) can compromise industrial controls that operate and manage industrial processes – at the process level, the control component level, the human-machine interface level and the SCADA system level.
This talk will raise the level of awareness in the C-suite and Boardroom to this perilous operating risk that we think needs to be elevated well above the current limited focus on compliance with regulatory regimes that have not kept pace with the executional characteristics of industrial cyber risk. Power and utility companies need to address these risks head on, and likewise CFO and CISOs need to understand their true insurance coverage, and possible gaps, to assess whether their stature meets their company’s acceptable risk profile. Creating awareness at high levels and driving appropriate action is required.
Attendees will learn how companies should map their at-risk industrial component configurations, provide analysis and synthesis of the critical interfaces between operating OT and IT, perform risk and asset downtime impact assessments as part of their failure mode and effects analysis, and develop practical policy recommendations - so that cybersecurity experts and operating engineers can begin to correlate conventional information security anomalies with process controls events that may impact how effectively – and how safely – industrial processes operate. We believe effective security includes developing a documented understanding of the downtime impact of addressable system equipment across the entire process, or system, with specific focus on ICS interconnection and interdependency considerations.
