Critical Infrastructure

 

Education Level: Intermediate

3111 - Can IT and OT Ever Come to the Same Table? (Workshop Part 1)

Monday, September 25
10:00 AM - 12:00 PM

The day after Patch Tuesday unwinds as follows:

Operating Technology (OT) : "The OT servers start rebooting and the ability to produce product slows or stops. Who made changes?"
After many phone calls, the exchange breaks down as this:
Information Technology (IT): "We applied patches for critical vulnerabilities."
OT: "Our production has stopped."

The primarily focus of this session is to assist in a greater understand of the IT and OT constraints each face. IT is mandated to secure the environment, while security OT is responsible to keep production functional.

Discussion points will include (but are not limited to):

  • Patching
  • Vulnerability scanning
  • Other methods of securing OT servers
  • Ways to put both departments on the same page
  • Helping management understand some of the shortcomings of OT systems
  • Common language for contracts

    NOTE: In-conference workshops this year have limited seating and require preregistration. If you would like to attend a certain workshop, please register for it during your registration process. Attendees will be checked in at the door and walk-ups may not be granted access if we reach room capacity.

    Learning Objectives:

    • Understand techniques that can be used to secure critical infrastructure systems.
    • Develop language for contracts with third-party vendors.
    • Develop strategies to ensure both patching and vulnerability scans occur.
    • Slides

    Diana-Lynn Contesti

    CEO/Security Architect
    DLConsulting Inc

    Diana-Lynn Contesti CISSP-ISSAP, ISSMP, CSSLP, SSCP, CBCP
    Diana is an independent contractor focusing on ICS and security architecture for various organizations. She brings more than 30 years' experience in the information security industry to the table and until recently, held the position of ISO at ArcelorMittal Dofasco (steel manufacturer). Diana co-authored of the first edition of the SSCP Study Guide; has been a longtime volunteer for item writing with (ISC)2; and has spoken at conferences worldwide on topics such as: women in security, UNIX security, security metrics, computer malware and protecting critical infrastructure/SCADA. Diana is currently a member of North American Advisory Board for (ISC)2.

    She is a past chair of the (ISC)2 Board of Directors. Whilst a member of the (ISC)2 board, Diana played a key role in the implementation of the Women's Scholarship and served on many committees, including strategy. Recently shd was named to the Fifty Top Women in Internet Security.

    Presentation(s):

    Slides

    Send Email for Diana-Lynn Contesti

    Zachary Tudor

    Associate Laboratory Director
    Idaho National Laboratory

    Zachary Tudor is the Associate Laboratory Director of Idaho National Laboratory’s (INL) National and Homeland Security’s (N&HS) organization, a major center for national security technology development and demonstration, employing scientists and engineers across $300 million in programs for the Department of Defense, Department of Homeland Security and intelligence community. N&HS is responsible for INL’s nuclear nonproliferation, critical infrastructure protection, defense systems and homeland security missions. Those include safeguarding and securing vulnerable nuclear materia;, enhancing overall security and resilience of the nation’s infrastructure; and providing protective system solutions and heavy manufacturing of armour for national defense. He has more than 30 years' experience in IT and cybersecurity management, operations and incident response; and holds a M.S. in information systems, with a cybersecurity concentration, from George Mason University.

    Presentation(s):

    Slides

    Send Email for Zachary Tudor

    James McQuiggan

    Product & Solution Security Officer
    Siemens Gamesa Renewable Energy

    James R. McQuiggan, CISSP, is a product and solutions security officer for the Siemens Gamesa renewable energy company, providing strategy and policies for its SCADA products -- including incident handling, vulnerability management and regulatory best practices. With 16-plus years working at Siemens, James has supported the multiple corporate divisions groups on NERC CIP regulations, information security awareness and training and other information security topics.

    James has been an (ISC)2 member since 2008 and volunteer of the Safe and Secure Online Program for the Center for Cyber Education & Safety since 2010. In 2015 he was a finalist for the (ISC)2 Community Awareness Award and last year received the (ISC)2 President’s Award. He is a proud member of the North American Advisory Council (NAAC). Within the Central Florida community, he has been president of the Central Florida ISSA chapter and is currently president of the Central Florida (ISC)2 chapter.

    James is the father of two teenage daughters and continues to make sure they are safe and secure online while using their smartphones and social media.

    Presentation(s):

    Slides

    Send Email for James McQuiggan

    Steven Hernandez

    CISO
    US Department of Health and Human Services

    Steven Hernandez, MBA, CISSP, CSSLP, SSCP, CAP, CISA, ITIL, is the CISO for the Office of Inspector General (OIG) at the U.S. Department of Health and Human Services (HHS) and director of OIG's Information Assurance Division. He has more than 19 years of progressive information assurance and privacy experience in industries including international heavy manufacturing, global finance, higher education and federal government agencies.  Prior to joining the HHS Inspector General’s office, he held senior information assurance positions at the U.S. Department of Education, the U.S. Department of Agriculture and at a National Security Administration Center of Academic Excellence Research Institue. Steven is affiliate faculty at the National Information Assurance Training and Education Center and an honorary professor at California State University-San Bernardino. He lectures and presents on numerous information assurance topics including risk management, information security investment and the implications of privacy decisions to a broad spectrum of government, industry, graduate and post-graduate audiences. Steven is a member of (ISC)2's board of directors and also volunteers service to (ISC)2's Government Advisory Board and Executive Writers Bureau.

    Presentation(s):

    Slides

    Send Email for Steven Hernandez


    Assets

    3111 - Can IT and OT Ever Come to the Same Table? (Workshop Part 1)

    Slides

    Attendees who have favorited this

    Please enter your access key

    The asset you are trying to access is locked. Please enter your access key to unlock.

    Send Email for Can IT and OT Ever Come to the Same Table? (Workshop Part 1)