Online Training Special: Get an iPad Mini, Surface Go, or $300 Off through 5/1!

ICS Europe 2019

Munich, Germany | Mon, Jun 24 - Sat, Jun 29, 2019
Event starts in 59 Days

Summit Agenda

Download the full Summit Agenda

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Sunday 23rd June 2019

Pre-Summit Meet and Greet
This optional session offers the opportunity to meet and network with your fellow attendees the night before the Summit kicks off. We highly recommend you attend if possible.

Monday 24th June 2019
08:00-08:45 Registration and Coffee
This is another great opportunity to meet, greet and interact with your peers so come down early.

Welcome and Introduction by Summit Chair
Tim Conway, Technical Director - ICS and SCADA programs, SANS Institute


ICS Down! It's Go Time.
This presentation will focus on performing Incident Response in an ICS environment, including the challenges and pitfalls that a responder may encounter. It will include examples of challenges identified during a real-world IR our team was involved in.
Christopher Robinson, Principal Consultant, Industrial Control Systems, Cylance


Engineer's worst day - How Murphy could keep his production running
This talk explores how to define the security posture from the SOC perspective for any banking institution in a practical and holistic way. It is based on the deep analysis of threats and adversaries by studying their strategy, tactics and operations. We will increase the prevention, as well as facilitate detection at the earliest stages to expedite reaction to fraud incidents to minimize their impact.
Daniel Buhmann, Business Unit Manager Security Solutions, KORAMIS GmbH


Extending an IT SOC to include critical OT/ICS systems. The perspective and a real use case study of Airbus as an asset owner’
Dr. Tobias Kiesling, OT Security Team Lead at Airbus Security, and Dr. Falk Lindner, Industrial IT Security Services at Airbus Security

10:45-11:15 Networking Break: Drinks and snacks will be served
11:15-11:50 Attack Bifurcation: Trends in ICS Intrusions
This talk will explore a bifurcation in attacks observed over the past three years in ICS intrusions: a significant and dramatic shift by adversaries toward “living off the land” techniques for initial intrusion and propagation in target networks; followed by the development and deployment of complex malware for final attack execution. Attendees will emerge from this discussion both better informed on the ICS threat environment, and better able to respond to current ICS adversaries. Ultimately, this talk will emphasize the need for greater host-based visibility and behavior-focused detection to complement existing industry emphasis on network-centric anomaly detection.
Joe Slowik, Principal Adversary Hunter, Dragos
11:50-12:25 Using ICS/SCADA Honeypots - the right way!
Fake devices or networks (Honeypots) has been around for decades, but very few asset owners are actual using the technology. Why? The presentation will demonstrate the value of using Honey-pots in industrial networks and provide practical guidance on planning, preparing and deploying such devices. This presentation is built on 5 years of an intense working experience with deception technologies and will include a live- stage demo to inspire the attendees. This will allow attendees to consider engaging with honeypots into an arsenal of defence lines and be prepared when the bad guys knocks on the door.
Mikael Vingaard, Preparedness Manager, Energinet
12:25-13:25 Networking Luncheon
Lunch is served onsite to maximize interaction and networking among attendees.
13:25-14:00 Assessing [Industrial Cybersecurity] Assessments
This talk will analyse the different "parameters" that can be considered in the scope of any industrial cybersecurity assessment such as independence, safety, risk, vulnerabilities, 'penetration testing', cybersecurity testing in FAT, iFAT and SATs) and compare how the different players in the market usually approach them.
Samuel Linares, Managing Director - Europe & Latin America ICS Security Lead for Resources, Accenture
14:00-14:35 Building a national cyber security strategy
Denmark has started a Cyber security project for all the critical infrastructure that add on-top of the NIS directive. The government has given 1.5 billion DKK to the national cyber security program. This program includes a cyber security project for all the critical sectors in the NIS directive. In this session I will present how the how the Danish Energy Agency developed the cyber security strategy for the energy sectors in cooperation with representatives from the Energy sectors companies, and why this was important. In addition the session will also cover: • Why NIS directive is only the start • How and why Denmark made a cyber security strategy with joint cooperation • What are the benefits for the energy companies and the government • What and why is the initiatives (actions) in the strategy.
Søren Egede Knudsen, Chief Advisor, Danish Energy Agency
14:35-15:10 Securing Large-Scale Industrial Networks
A real-world case study will present Europe’s largest manufacturing site mega-operational network: how its architecture developed, how the large network topology differs from that of small networks and what happens inside large- scale networks in terms of connectivity and traffic. The talk will further explain what vulnerabilities have been detected even in segmented areas of the network and what security tools and strategies have been adopted to eliminate them. Further, I’ll show how full and on-going OT network visibility has been achieved through continuous monitoring of 100% of the operational network traffic, and why it's critical to support the magnitude of assets and traffic of large-scale networks. Ultimately, our audience will learn about best ways to cost- effectively design and build future-proof, secure OT networks, no matter their size and complexity.
Yoni Shohet, Co-Founder and VP Business Development, SCADAfence
15:10-15:40 Networking Break: Drinks and snacks will be served
15:40-16:15 OT Security Requirements vs. Real Life stories
Every day there is a lot learned on the front-lines from those who build, maintain and must protect today’s ICS. Sharing these experiences is valuable to help others better meet their objectives and avoid common pitfalls. The black and white approach to choosing between speed of implementation and security of end-result still today leads to embarrassing cases of risk negligence. This talk will double click on several real-life examples of how security is unnecessarily weakened, seemingly for the sake of OT system’s functionality and will explain how to marry the two.
Łukasz Maciejewski, Security Manager, Accenture
16:15-16:50 Closing Remarks by Summit Chair
Tim Conway, Technical Director, ICS and SCADA programs, SANS Institute
Social events and informal networking activities are hosted after the Summit.