OTCEP 2022 Panel Members
Robert is a recognized pioneer in the industrial cybersecurity community. He is CEO and founder of Dragos, a global technology leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments.
In addition, Robert serves on the Department of Energy's Electricity Advisory Committee as the Vice Chair of the Department of Energy's Grid Resilience for National Security Subcommittee and is a member of the World Economic Forum's subcommittees on Cyber Resilience for the Oil & Gas and Electricity communities.
Robert is routinely sought after for advice and input on cybersecurity for industrial infrastructure and is regularly asked to brief national leaders. He testified to the U.S. House of Representatives Committee on Energy and Commerce--Subcommittee on Oversight and Investigations, and to the U.S. Senate Energy and Natural Resources Committee, to advise on policy issues related to critical infrastructure cyber threats. He has also presented at the World Economic Forum Annual Meeting in Davos, and industry leading conferences such as RSA, SANS, BlackHat, and DefCon on the topic of industrial cybersecurity and threats.
Robert gained his start in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency, where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community's first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).
Forbes named Robert to its 30 under 30 (2016) list as one of the "brightest entrepreneurs, breakout talents, and change agents" in enterprise technology. A business leader but also technical practitioner, he helped lead the investigation into the 2015 attack on Ukraine's power grid, the first time an electric system was taken down due to a cyberattack. With his team at Dragos he has been involved in the most significant cyberattacks on industrial infrastructure, including the investigation and analysis of the 2016 attack on Ukraine’s electric system, the 2017 TRISIS attack on a Saudi Arabian petrochemical facility in the first attempt to try to kill people through malicious software, and the 2021 Colonial Pipeline ransomware attack. In 2022, his team at Dragos uncovered PIPEDREAM, a highly flexible framework to attack industrial infrastructure globally. Robert’s work has been featured in the book Sandworm and on 60 Minutes.
For over 20 years, Dale Peterson has been on the leading/bleeding edge helping security- conscious asset owners effectively and efficiently manage risk to their critical assets. He has pioneered numerous Industrial Control Systems (ICS) security tools and techniques, such as the first intrusion detection signatures for ICS that are now in every commercial product. In 2007, he created S4 Events to showcase the best offensive and defensive work in ICS security and build a community. S4 is now the largest and most advanced ICS event in the world.
Joel Langill is a globally recognised leader in the field of industrial security focusing on advanced automation, control, and monitoring technologies. He worked for more than two decades designing automation technologies and solutions for some of the largest infrastructure projects in the world before shifting his focus entirely to cyber security. Joel was one of the first to offer a training programme focusing on defensive skills for control system engineers and is currently an adjunct professor at Texas A&M University where he teaches and works along with the RELLIS campus research facility on advanced defensive cyber operations for industrial systems. He supervises an innovative industrial control system data center built in close cooperation with solution leaders in the industrial security sector for education and new product testing and evaluation. Joel has published numerous articles on industrial security risk and mitigation, is credited with various vulnerability disclosures, has been a distinguished speaker at public and private conferences globally, and is the co-author of the best-selling book “Industrial Network Security”.
Sarah Fluchs is the CTO of admeritia, which specializes in security consulting for the process industry, manufacturing, and critical infrastructures. Prior to her current role, Sarah has developed cybersecurity guidance for the water sector at the German Federal Office for Information Security (BSI).
A process and automation engineer herself, Sarah is convinced that creating solid engineering methods that speak the language of automation engineers is key for OT Security. Her main research interests include security engineering, security by design, security for safety, and security diagrams and information models.
She currently leads a government-funded research project on security by design for ICS in cooperation with industry partners INEOS and HIMA, two German universities, and NAMUR (User Association of Automation Technology in Process Industries).
Marco (Marc) Ayala is a process automation professional with over 25 years of experience working in petrochemical facilities where he designed, implemented, and maintained their process instrumentation, automation systems and process control networks. Marco has expertise with safety systems, advanced process control, enterprise historians and industrial network security where he worked with enterprise-IT to implement a corporate PCN security solution. He is active in the Oil and Gas, Maritime port, offshore facilities, and Chemical Sector cyber security efforts working alongside federal, local, and state entities for securing the private sector. Marco is a certified cyber instructor for ISA.
Maggy Powell is a Security Assurance Principal Industry Specialist focused on the Power and Utility Sector. She joined Amazon Web Services after 14 years in the power & utility industry, having worked in a variety of functions - regulatory risk, environmental permitting, reliability compliance and security operations. She was responsible for leading three technical cybersecurity teams dedicated to real time systems, including security engineering, industrial control systems (ICS) security operations centre, and security & compliance. Maggy was an industry participant in NERC CIP standards development including serving as Chair on CIP Standard Drafting Teams. She is well versed in the security and compliance challenges facing power and utility customers.
Zachary (Zach) Tudor is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection and Defense Systems missions. Previously, Tudor served as a Program Director in the Computer Science Laboratory at SRI International, where he supported cyber security and critical infrastructure programs such as DHS Cyber Security Division’s Linking the Oil and Gas Industry to Improve Cybersecurity (LOGIIC) consortium, and the Industrial Control System Joint Working Group R&D working group. He has served as a member of (ISC)2’s Application Security Advisory Board and the NRC’s Nuclear Cyber Security Working Group, as well as the Vice Chair of the Institute for Information Infrastructure Protection at George Washington University. He is a Professor of Practice in the Computer Science Departments of the University of Idaho and Idaho State University, is the Chair of the Board of Directors of the International Information Systems Security Certification Consortium (ISC)2, and a member of the Commonwealth Cyber Initiative advisory board (Virginia).
Eric Byres is widely recognized as one of the world’s leading experts in the field of Operation Technology (OT) cybersecurity. He is the inventor of the Tofino Security technology – the most widely deployed ICS-specific firewall in the world. Eric is also known for his leadership in international standards and research for industrial communications. Eric holds an extensive list of accomplishments, which includes founding the BCIT Critical Infrastructure Security Centre, providing guidance to government security agencies and major energy companies on protection for critical infrastructures, sitting as the chair of the ISA SP-99 Security Technologies Working Group, representing Canada for the IEC TC65/WG10 standards effort, and testifying to the US Congress on the Security of Industrial Control Systems in National Critical Infrastructures. He has received numerous awards from international organizations and was made an ISA Fellow in 2009. In 2013 he received ISA’s highest honor: Excellence in Leadership. Eric was also a founding member of the NTIA/INL Energy Industry SBOM Proof of Concept Working Group and the NTIA SBOM Awareness & Adoption Committee. Today Eric is the Chief Technology Officer for aDolus Technology Inc, and is focused on ensure the security of the software supply chain in OT systems.
Robert is international Chairman of BlueVoyant, a global cyber security company specialising in supply chain risk and advanced managed security services. Robert Hannigan is a former Director of Government Communications Headquarters (GCHQ), the UK’s largest intelligence and cyber security agency and established the UK National Cyber Security Centre in 2016. He retired from Government service after 20 years in national security roles, including the role of Prime Minister’s Security Adviser. Robert writes on cyber, technology and national security issues in the Financial Times and is a Senior Fellow at the Belfer Center, Harvard, the Royal United Services Institute, and the Institution of Engineering and Technology, London.
Christophe Blassiau is an experienced leader in global digital transformations. He started his career in cryptography for the French Army. Since then, he has been leading digital transformation programs for over 20 years, among which the salesforce.com implementation at Schneider Electric with 50,000 users and deploying customer digital platforms. He was also the founder and manager of a web & digital marketing agency for 11 years.
For the last 5 years, he has been driving Cybersecurity at Schneider Electric as Senior Vice President (SVP) and global Chief Information Security Officer (CISO). In a context of IT/OT/ IoT convergence and digital transformation at speed, he is addressing Schneider Electric’s cybersecurity posture for a worldwide ecosystem of customers, partners and employees. The approach he drives aims at being risk-informed, managing cyber risks in depth and on establishing a company-wide cybersecurity culture.
He advocates for partnership with Schneider Electric ecosystem of customers, suppliers, and with authorities to enable trust and raise resilience level of the industry at large.
In that context, he is an Executive Member of the Cyber Resilience in Electricity and Oil & Gas Communities at the World Economic Forum and has been contributing to common reports and blogs on various topics like supply chain security, third-party risk management, Board Principles etc.
In architecting Singapore’s digital future, Dr Ong Chen Hui, Assistant Chief Executive of BizTech Group at the Infocomm and Media Development Authority (IMDA), is overseeing efforts the Emerging Technology Programme, 5G innovation and IMDA role in the Research, Innovation, Enterprise (RIE2025) national industry efforts in the areas of Artificial Intelligence & Data, Communications & Connectivity and Trust Technologies. Dr Ong has over two decades of experience in cybersecurity and technology innovation. Prior to her current role at IMDA, she was the APJ Chief Technology Officer in Trustwave – a Singtel company and Principal Member of Technical Staff in DSO National Laboratories, Singapore’s national defence research and development organisation. At Trustwave, she drove its vision and oversaw the execution of emerging technologies in cybersecurity. Her portfolio covered building Minimum Viable Products (MVPs), consulting and vulnerability research in Operational Technology Cybersecurity, Big Data for Telco Cybersecurity, Automotive Cybersecurity and 5G cybersecurity. Dr Ong was also a member of the committee for TR68: Technical Reference for Autonomous Vehicles and the Cybersecurity Working Group in the 2018 Services and Digital Economy Technology Roadmap. In her earlier role as Principal Member of Technical Staff in DSO National Laboratories, she performed applied research, malware analysis, risk and vulnerability assessments. Her research work on Artificial Intelligence, Natural Language Processing and Deep Learning has been published in leading conferences.
Kazuo Yamaoka is currently the Chief Information Security Officer (CISO) at a Japanese semiconductor manufacturing company, and fully understands the various cybersecurity challenges which both management and practitioners are facing. He was a cybersecurity consultant, after working for over 20 years in the electric power industry.
As a cybersecurity consultant, he was responsible for advisory work for critical infrastructure industries and manufacturing companies, and service development based on IT/OT converged cybersecurity architecture, as well as worked on a Vehicle Security Operation Center (VSOC) development project for connected cars.
While working in the electric power industry, he was a member of the committee that created "Guidelines for Electric Power Control System Security" for Japanese electric power industry, a member of the Smart Grid Technical Standardization Committee, and a member of the IEC TC57.
Daniel Ehrenreich is a consultant and lecturer acting at Secure Communications and Control Experts, and periodically teaches in colleges and presents at industry conferences on the secured integration of cyber defense with ICS. Daniel has over 32 years of engineering experience with ICS and OT systems for electricity, water, gas, and power plants as part of his activities at Tadiran, Motorola, Siemens, and Waterfall Security. He is a contributing member to three ISA 62443 workgroups and has been re-selected as Chairperson for the 7th ICS CyberSec 2022 conference taking place in Israel on 16 November 2022.