Cybersecurity Resiliency Takes Center Stage at ISA OT Cybersecurity Summit in London

Summary

ISA will host its second annual OT Cybersecurity Summit in London on June 18-19, 2024. This two-track, two-day event focused on operational technology (OT) systems will be organized around two major topics: intelligence evolution and IoT cybersecurity, with additional panel discussions on standards and conformity assessment. In addition to the robust technical program, additional workshops, special events and training opportunities are available.

OT cybersecurity operations resiliency—an industrial organization’s ability to identify, respond to, and recover swiftly from a cybersecurity incident—will take center stage with two keynote addresses from two distinguished experts.

Sarah Fluchs is chief technology officer of admeritia, which specializes in security consulting for the process industry, manufacturing, and critical infrastructures. A process and automation engineer herself, she is convinced that creating solid engineering methods that speak the language of automation engineers is key for security in automation. Her main research interest is to help automation security engineering grow up as a discipline.

More specifically, this includes security and systems engineering, understanding security (and safety) as part of a broader resilience engineering, the use of human-readable models to make security engineering more intuitive and the use of machine-readable models to make it more efficient. Fluchs is an active contributor to ISA and IEC standards regarding automation security and the title of her keynote talk is “Security by Design – A Communication Problem?”

Keynote speaker Simon Hodgkinson is the former chief information security officer for BP and he will be speaking on the intersection of sustainability and cybersecurity. He has said jobs in cybersecurity should enable the business to be successful to deliver on its strategic outcomes.

“That means that we need to think through the lens of is the business operationally resilient, rather than is it just secure from a cyber perspective?” said Hodgkinson. “[At BP] we weren’t there to do cybersecurity. At BP we were there to get hydrocarbons out of the ground, there to produce renewable energy or to deliver fuel into retail stations. We were there to enable the business to be successful with appropriate mitigations and controls in place.”

Joining event keynotes are more than 30 speakers representing the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), RollsRoyce, Siemens, Royal Caribbean, Schneider Electric, Cybeats, exida, Cyber ICS, Exiger, Debian, Surrey Institute for People-Centered AI, National Automation, and more.

Sponsors of the 2024 OT Cybersecurity Summit include OT cybersecurity experts Armis, Cyolo, and Dragos, among others; registration is open. Beyond the technical program are additional special events including:

• A Cyber Escape Room Experience: Imagine you’re on the International Space Station, your oxygen system has been hacked and you have 15 minutes to solve the code before you run out of air. Working in a virtual, realistic OT environment, solve puzzles and get answers to achieve your goal before the clock runs out.
• Training: Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32)
• Training: Assessing the Cybersecurity of New Existing IACS Systems (IC33)
• Workshop: Incident Command Systems for Industrial Control Systems (ICS4ICS)

ISA standards include ISA/IEC 62443, the world’s only consensus-based automation and control systems cybersecurity standards. In addition to developing and maintaining these standards, ISA offers training and credentialing on cybersecurity; certifies products, processes, and systems through its ISASecure certification; and raises awareness about the importance of OT cybersecurity through its membership consortium, the ISA Global Cybersecurity Alliance (ISAGCA).

Claire Fallon, ISA executive director, said, “The ISA OT Cybersecurity Summit stands apart from other cybersecurity events as a venue where attendees can gain practical knowledge about the standard and best practices for its implementation.” Past attendees have said, “It’s really refreshing to get such a rich group of professionals in the room all talking about the same challenges. ISA represents the leading standard, so it’s the right community for these conversations.”

_{This news item originally appeared in the February issue of InTech digital magazine.}