01 - 02 October, 2019 | Novotel Sydney Central, Sydney, Australia
Conference Day One: Tuesday, 01 October 2019
8:30 am - 9:00 am Conference Registration and Welcome Coffee
9:00 am - 9:10 am Opening Remarks by IQPC and Conference Chair
9:10 am - 9:50 am Keynote Presentation: How to Mitigate Cyber Security Risks in Today’s Digital Environment
In a world where cyber threats seem to be getting more complex and prolific, Theo Nassiokas, a former intelligence officer and the Director of Cyber & Information Security at Barclays, will deliver a keynote presentation that removes the technical jargon and explains what cyber threats really encompass in today’s society. It is here he will identify the key actors and motivations to real events, giving the audience a sense of the challenges that awaits.
- Connecting cyber events to real actors and geopolitical events reported in the press
- Providing a clear view of the challenge regarding cyber threats, including motivations
- Explaining how to quantify cyber in a defensible manner while identifying alleged state sponsored threat actors
Theo NassiokasDirector, APAC Cyber & Information Security
10:20 am - 11:00 am Deploying Key Maritime Cyber Security Initiatives in the Development of Auckland’s Smart Ports
Stephen Kraemer, Port of Auckland’s CISO, will present on the work his company is doing to secure their critical infrastructure. 72% of CEOs believe over the next 3 years, IoT will become more critical to their industry, with transformation at the heart of all disruptions. With the Port over two thirds of the way complete in their creation of a fully automated smart port, Stephen will talk on how the company has spent the past 3 years creating and updating their security framework.
- Cementing an effective OT governance strategy to ensure ownership is given to the relevant departments
- Upgrading legacy systems to detect real-time system breaches
- Creating a risk management framework that will allow your organisation to clearly implement cyber response protocols
Ports of Auckland
11:00 am - 11:20 am Speed Networking Session
An effective structured interactive session designed to help expand your network through one-to-one focused conversations. Bring your business cards!
11:20 am - 11:50 am MORNING TEA AND NETWORKING BREAK
11:50 am - 12:30 pm Addressing Critical Infrastructure Challenges through a National Risk & Resilience Lens
Dr Paul Barnes, Head of Risk and Resilience at the Australian Strategic Policy Institute (ASPI), will deliver a presentation on the selected challenges to promoting resilience in and across Australia’s critical infrastructure systems. Within this presentation Paul will discuss options to enhance engagement in national continuity planning and applied riskbased thinking to enable the resilient functioning of dependent and interdependent systems in the face of natural and socio-technical disruptions.
- Understanding how Australian utility and water companies can support a resilience framework for critical infrastructure
- Determining the role of a cohesive risk assessment to reduce downtime
- Ensuring teams have the skillsets needed to address immediate security breaches
Paul BarnesHead Risk and Resilience
Australian Strategic Policy Institute
12:30 pm - 1:10 pm Case Study: The Journey MMG Are Undergoing to Gain Situational Awareness of Your OT Network through Improved Visibility
Getting visibility to enterprise IT is essential from an operational security and risk management perspective, with 45% of IT and OT professionals believing this to be a leading focus for their organisation. One way to do this is through conducting an assessment of your OT network to identify key assets and existing OT/IT vulnerabilities. Dovid Clark, Security & Risk Lead at MMG Limited, will present a case study on the work his team does, and the journey they are undergoing to protect systems through various platforms.
- Aligning the priorities of your IT and OT departments for a seamless convergence
- Recognizing abnormalities within your control system before a threat is reached
- Having appropriate and ongoing assessments of existing operations within your network to identify vulnerabilities
Dovid ClarkLead – Security & Risk, Global Business Services & Technology
1:10 pm - 2:10 pm NETWORKING LUNCH
2:10 pm - 2:40 pm Strengthening your resilience by building a cyberaware culture
Industrial control systems and critical infrastructure continue to become increasingly automated and digitised, yet it is an inescapable fact that we are still dependent on humans for the end-to-end security of these systems and services.
Five years ago we published a paper identifying the top 10 most common cyber security weaknesses that PwC encountered in control system environments based on our global experience. Despite the advances in technology and the increase in cyber threats to ICS environments, today we still observe the same weaknesses as we did five years ago.
We believe this reflects the lack of investment into the human aspect of ICS security, as many of these weaknesses ultimately stem from a lack of crossdepartment collaboration and security awareness.
This presentation, rich with examples and takeaways, will focus on how organisations relying on ICS can strengthen their cyber resilience through a humancentric approach, and build a sustainable cyber-aware culture across organisational boundaries.
Larry VandenaweeleSenior Manager
Robert Di PietroPartner
2:40 pm - 3:20 pm Demystifying Machine Learning Analytics for Threat Monitoring in Industrial Control Systems
This case study will look at how organizations can use machine learning capabilities to analyze large volumes of malicious and attack traffic. This in turn will help organisations determine the key characteristics that make malicious traffic unique.
- Using machine learning to analyze data from a variety of sources over long periods of time
- Delivering the ability to highlight anomalous behavior through legitimate business transactions
- Continuous monitoring of unusual activity on the cyber network coupled with the ability to mitigate threats before they occur
Ernest FooAssociate Professor
3:20 pm - 4:00 pm Emerging Cyber Legislation: Understanding the Security of Critical Infrastructure Act
The Australian Government established the Critical Infrastructure Centre in January 2017 to safeguard Australia’s control systems and infrastructure. The Centre was designed to bring together expertise and capability from across the Australian Government to manage the increasingly complex national security risks of sabotage, espionage and coercion.
Through the Security of Critical Infrastructure Act 2018 and the Telecommunications and Other Legislation Amendment Act 2017, the Australian Government aims to identify and mitigate national security risks posed to Australia’s critical infrastructure.
This presentation will discuss the ongoing legislations at play in the security of Australia’s critical infrastructure, as well as ways they’re working to boost collaboration between government and private departments.
Lachlan BickleyDirector, Critical Infrastructure Centre Risk Assessments
Department of Home Affairs
4:00 pm - 4:30 pm AFTERNOON TEA AND NETWORKING BREAK
Interactive Discussion Group (IDGs)
This is your chance to make your conference experience truly interactive and collaborative. Each IDG is set in a roundtable format and will be facilitated by an expert practitioner in the space. In two rotations, each IDG will last for 30 minutes, allowing you to pick the two topics you wish to discuss and solve.
Table One4:30 pm - 5:10 pm Securing Your Digital Twin Technology Against Potential Data Security Risks
Table Two4:30 pm - 5:10 pm How to Gain Leadership Buy-In To Secure Security Funding
Table Three4:30 pm - 5:10 pm Implementing Situational Awareness Strategies To Mitigate Cyber Threats
Nikhil ManghirmalaniTeam Leader- Maintenance Management Operational Technology / SCADA