Day 1 - 12 July
Programme Outline
Time | Agenda |
---|---|
09:00- 09:05 |
Welcome Remarks Mr David Koh, Commissioner of Cybersecurity & Chief Executive, Cyber Security Agency of Singapore |
09:05- 09:20 |
Keynote Address Mrs Josephine Teo, Minister for Communications and Information and Second Minister for Home Affairs Minister-in-charge of Smart Nation And Cybersecurity |
09:20- 10:45 |
Presentation and Panel Discussion - The Latest Industrial Control System Malware Robert M. Lee, CEO & Founder, Dragos, Inc Synopsis: Pipedream emerges as the latest ICS Malware that is tailored to target specific Programmable Logic Controller (PLC) commonly found in Industrial Control System (ICS) that could be expanded to other similar targets in the Operational Technology (OT) sectors. Though this threat (seem to target U.S. Liquid Natural Gas and Key Electric Power Site) have not employed their capability for its intended disruptive in nature, there is still potential of the capabilities being deployed in Singapore. |
10:45- 11:15 |
Break |
11:15- 12:45 |
Presentation and Panel Discussion - Security Truth or Consequences Dale Peterson, Founder & Program Chair, S4 Events Founder & Chief Executive Officer, Digital Bond Inc Synopsis: Security professionals tend to address only the likelihood half of the risk equation. While reducing likelihood is important, it cannot be reduced to zero given human error and technology fails. In this session, Dale focuses on reducing the consequence side of the risk equation. Consequence reduction, unlike deploying more security controls, is a game you can win. |
12:45- 14:00 |
Lunch |
14:00- 15:30 |
Presentation and Panel Discussion – Introducing Incident Response Framework for Embedded System Joel Thomas Langill, Founder & Managing Member, Industrial Control System Cyber Security Institute (ICSCSI) LLC Founder, SCADAhacker Synopsis: Cybersecurity Incident responding is commonly unheard in the OT environment, and the main responders to issues are typically OT engineers/operators or vendors, often resetting the devices or process to restore operations which may deny a discovery of a cyber breach. These may be caused by user interaction with Real-Time Operating System (RTOS) or software is not always simple and are limited in scope, and caused a lack of visibility or centralised data aggregation. Therefore, it is important to combine Engineering "Forensics" with Digital Forensics in such instances. |
15:30- 16:00 |
Break |
16:00- 17:30 |
Presentation and Panel Discussion – Securing PLC Code Practices Sarah Fluchs, CTO, admeritia GmbH Synopsis: For many years, Programmable Logic Controllers (PLCs) have been insecure by design. Several years into customising and applying best practices from IT gave rise to secure protocols, encrypted communications, network segmentation etc. However, to date, there has not been a focus on using the characteristic features in PLCs (or SCADA/DCS) for security, or how to program PLCs with security in mind. In 2021, the Top 20 Secure PLC Coding Practices were published as the result of a community project. One year later, this session will give an update on the project, clarify what “the Top 20” are (and what they are not!), and what’s important to know when implementing them. |
*Programme and timings are subjected to changes