01 - 02 October, 2019 | Sydney, Australia

Conference Day Two: Wednesday, 02 October 2019

8:30 am - 9:00 am Conference Registration and Welcome Coffee

9:00 am - 9:10 am Opening Remarks by IQPC and Conference Chair

Mike Wassell, Head of Operational Technology Services at Sydney Water

Mike Wassell

Head of Operational Technology Services
Sydney Water

9:10 am - 9:50 am Understanding how to Secure Critical Infrastructure with the Utilisation of Emerging Technologies

Glen Willoughby, Advisor of IT and Digital Innovation Lead at NASA, will deliver a keynote on the emerging technologies shaping government departments across the world. With NASA spending approximately $1.4 billion per year on IT investments, Glen will discuss the work taking place at NASA to improve big data and train teams to implement new security strategies. He will deliver a keynote looking into the convergence of these technologies, as well as the impact of data in implementing a secure control system environment.

  • Ensuring all departments have clear collaboration and capability shifts through agile leadership 
  • Understanding how to use AI and analytics to make sense of large scale data trends
  • Leading the business strategy through effective IT leadership

Speaker:
Glen Willoughby, Advisor IT Digital and Innovation – Office of the CTIO at NASA JPL

Glen Willoughby

Advisor IT Digital and Innovation – Office of the CTIO
NASA JPL

9:50 am - 10:30 am Reducing Cyber Security Risks across Your Organisation through a Comprehensive Governance Program

With the threat landscape shifting now to incorporate OT threats, Luke Sawtell, Business Resilience Manager at Queensland Urban Utilities, will present a case study on the work they do to create a holistic business resilience program. 2017 reports revealed security as a high impact, high uncertainty category for the organisation, which in turn led to a new governance strategy to cater to this

  • Enabling passive, real-time network monitoring of OT and ICS networks
  • Providing non-intrusive, active technology to deliver deeper visibility
  • Increasing threat discovery capabilities and reducing the mean time to respond (MTTR) to physical threats

Speaker:
Luke Sawtell, Business Resilience Manager, Office of the CEO at Queensland Urban Utilities

Luke Sawtell

Business Resilience Manager, Office of the CEO
Queensland Urban Utilities

10:30 am - 11:00 am MORNING TEA AND NETWORKING BREAK

11:00 am - 11:40 am How City of Sydney Built a Strategy for City Resilience to Improve Security Response Times

The City of Sydney, will discuss the work her and the team are doing to build resilient critical infrastructure within Australia. Developing a 5 year plan with 35 actions to build resilience, the aim is to secure Australia’s infrastructure against potential risks. Relying on networks of infrastructure to provide food, water and waste management, these assets has become interconnected to one another. This means, when disruptions occur to one system, they have the potential to affect multiple.

  • Implementing an effective cost-benefit analysis to assist in the development of future functions
  • Securing critical infrastructure through the resilience framework 
  • Understanding that as systems become more complex, organisations need to have a more cohesive way of managing risk

11:40 am - 12:20 pm Translating OT Security Challenges and Techniques to Mitigate Cyber Threats

With the threat landscape shifting now to incorporate OT threats, Vijay Varadharjan, Global Innovation Chair at the Australian Cyber Security Research Centre, will present a case study on the work taking place at the centre to review and build a more secure ICS network. Vijay will demonstrate ways organisations are now forced to implement security into their OT networks from a risk perspective to safeguard these attacks. Within this Vijay will discuss IEC 62443 and risk prevention measures.

  • Enabling passive, real-time network monitoring of OT and ICS networks
  • Providing non-intrusive active technology to deliver deeper asset visibility
  • Increasing threat discovery capabilities and reducing the mean time to respond (MTTR) to cyber physical threats 

Speaker:
Vijay Varadharajan, Global Innovation Chair in Cyber Security at Advanced Cyber Security Research Centre (ACSRC)

Vijay Varadharajan

Global Innovation Chair in Cyber Security
Advanced Cyber Security Research Centre (ACSRC)

12:20 pm - 1:20 pm NETWORKING LUNCH

This panel will host Risk and Resilience experts to discuss how Australia can enhance their critical security.

  • The challenges of securing the IT/OT environment while working with multiple vendors to adopt existing and new technologies
  • Balancing ease of use and accessibility and remote access demands in a multi-vendor environment 
  • Talking to your board to increase the level of security and potential funding

Panelists:
Paul Barnes, Head Risk and Resilience at Australian Strategic Policy Institute

Paul Barnes

Head Risk and Resilience
Australian Strategic Policy Institute

Ernest Foo, Associate Professor at Griffith University

Ernest Foo

Associate Professor
Griffith University

Luke Sawtell, Business Resilience Manager, Office of the CEO at Queensland Urban Utilities

Luke Sawtell

Business Resilience Manager, Office of the CEO
Queensland Urban Utilities

2:20 pm - 2:50 pm AFTERNOON TEA AND NETWORKING BREAK

2:50 pm - 3:30 pm Cyber security challenges in a changing IT/OT environment

Nikhil Manghirmalani, Team Leader of IT Maintenance, will present a case study on the DNP3 SA changes that have recently been made, and the process Water Corporation is employing to effectively address the obsolescence of their ICS equipment. With millions of dollars invested in system upgrades, Nikhil will talk about the company’s journey against security threats and the importance of making your ICS network resilient to future advancements.

  • Establishing a computer security incident response team to address cyber threats
  • Having a clear strategy for detection, tracking and mitigation in order to upskill teams to respond in a timely manner
  • Hiring staff with clear training and certifications in cyber security and risk management protocols 

Speaker:
Nikhil Manghirmalani, Team Leader, Maintenance Manager of Information and Technology at Water Corporation

Nikhil Manghirmalani

Team Leader, Maintenance Manager of Information and Technology
Water Corporation

3:00 pm - 3:30 pm Understanding the New Way of Implementing Cyber Security for Network Resilience

 
- ICS Security, Safety, Privacy is it all the same same, or different? 
- Knowing your landscape and stakeholders. Implementing the key framework that can improve resilience.
- Procurement, Awareness for both the demand side and supply side of the industry.

3:30 pm - 4:10 pm Identifying Cultural Shifts: Why the IT Triad of Confidentiality, Integrity and Availability Needs to Be Acknowledged for Effective IT – OT Collaboration

Though in the ICS domain cyber attacks tend to focus on the destabilization of assets, the IT space is primarily defined through the combination of confidentiality, integrity and availability (CIA), which they attribute to securing IT systems. While collaboration between the two fields is growing, there are still essential areas in terms of internal company culture that needs to be addressed before full IT – OT collaboration is reached.

  • Fostering clear collaboration in the security industry through training OT teams to understand IT practices
  • Investing in data collection, management and analysis to understand how these systems effectively operate
  • Improving internal culture to consider security in the same context as performance and safety 

Speaker:
Beenu Arora, Cyber Security Operations Manager at NBNco

Beenu Arora

Cyber Security Operations Manager
NBNco

4:10 pm - 4:10 pm Closing Remarks from the Conference Chair and Main Conference Close