Chandigarh Cyber Security for Control Systems

It's time for the last of our big, half-day events of 2024!
Be sure to reserve your seat in our December 4th event with over six speakers, including a panel of senior cyber decision makers from global manufacturing firms!
https://events.zoom.us/ev/Ap4VQeoyAjwH8lScyZJG9Ys3Ac4gqTEjC6h4UEb_jIuQ4z_xALZd~Aq-Nr7MNBpJbnKKHMa_-j-2q9mHiiKuCV3Pv3KVGd6oxzJ4Ml4sbPYtpCMwzevX2DOVhCV-xI4WzY4td9LgDwr8UFg

Four and a half hours of educational content and discussion, with the opportunity to ask these cyber security leaders your questions (and get 4 Continuing Educational Units of credit!) Come for part or come for all, but be sure not to miss out!

This is also the event in which we are awarding the 2024 CS2AI Passport Awards, in addition to our regular Quality Question Awards!

## Event Agenda

1:00 PM Eastern
Session 1: Securing the Core: NIS2 Compliance for Multi-National Manufacturing Organizations
Featuring Hamish Wishart (Senior Consultant Cyber Security at KPMG)
In the increasingly vulnerable cybersecurity landscape, the manufacturing sector stands as a key target for security incidents. Upholding NIS2 compliance is not just a necessity— it's a strategic advantage. This talk offers exclusive insights into driving NIS2 compliance in a multi-national manufacturing environment where organizations must manage facilities in multiple EU Member States.
You will learn tailored collaboration strategies with site personnel for comprehensive risk ownership and effective incident detection and response. We will delve into 'quick wins' for immediate security boosts and outline a strategic long-term roadmap. This session aims to equip attendees with the tools needed to bolster OT security and transform what we see as the common pain points into areas of strength.

2:10 PM Eastern
Session 2: Asset Owners Panel Discussion
Featuring

• Yosef Beck (VP, Cyber Security at CRH)
• Jonas Rendahl (CISO at Aurobay)

Acquire valuable insights from cybersecurity leaders who serve asset owner operations in the manufacturing sector and ask them your questions!

3:10 PM Eastern
Session 3: Tales from the Crypt
Featuring Aamir Lakhani (Global Security Strategist and Researcher at Fortinet)
Attacks on operational technology (OT) — the systems controlling industrial equipment, processes, and events —have leaped from Hollywood screens into reality. What once seemed like special-effects fiction in disaster movies about nuclear meltdowns, power grid collapses, and poisoned water systems is now a genuine threat. OT and manufacturing attacks are not new, but their impact on modern life is more significant than ever.

4:10 PM Eastern
Session 4: A Random Walk Through a ~~Million~~ Billion IoT/OT Things
A conversation with millions of researched Cyber-Physical Systems…
Featuring John Terrill (CISO at Phosphorus Cybersecurity)
With billions of IoT and OT devices powering manufacturing and industrial operations today, the xTended Internet of Things (xIoT) now surpasses traditional endpoints by an order of magnitude. Despite their critical roles, many of these IoT and OT Cyber-Physical Systems (CPS) remain overlooked and unsecured—operating with default or weak credentials, outdated firmware, insecure configurations, and an end-of-life state. This creates a vast and vulnerable attack surface that threat actors increasingly target to disrupt operations, exfiltrate data, or stage sophisticated ransomware attacks.

In this session, we’ll take a comprehensive journey through the world of IoT and OT/ICS devices, uncovering what we’ve learned over the years about the vulnerabilities and risks associated with the immense benefits of connected devices. From outdated security hygiene to device-specific weaknesses across diverse environments, we’ll explore key insights and real-world examples that highlight the unique challenges of securing these systems.

The session will also delve into the anatomy of OT and OT-adjacent IoT cyberattacks, detailing how attackers exploit these devices to achieve malicious goals. A live hacking demonstration will showcase the methods used to compromise common, yet mission-critical, devices — emphasizing the importance of proactive security measures to disappoint bad actors.

Attendees will leave with a deeper understanding of the scope and state of this attack surface, the critical role IoT and OT security plays in protecting the modern industrial landscape, and actionable steps that can be taken to strengthen their xIoT security posture.

------------------------------------------------------------------------------------------

Register now: https://attendee.gotowebinar.com/register/1718806497456804440?source=10132024meetupevent

Ditching Misconceptions: Embracing Proactive OT Discovery and Remediation to Reduce Business Risk
With over 65 billion smart devices in use today, there are 10 times more xIoT devices worldwide than all traditional endpoints combined. Most of these devices—including OT, ICS, IIoT, and adjacent IoT Cyber-Physical Systems (CPS)—are unknown, unmanaged, and unmonitored – posing significant security and operational risks.

This massive, vulnerable xIoT attack surface is being successfully exploited by bad actors engaged in cyber espionage, data exfiltration, sabotage, and extortion. And this is especially true in the case of critical infrastructure and ICS environments as businesses gain powerful business benefits while increasing their risk with the convergence of OT and IT infrastructures.

Historically, active discovery and remediation of OT, ICS and IoT devices in sensitive industrial environments has been a HELL NO because it’s been perceived as dangerous and bad – and likely to disrupt operations, risk lives, and cost millions. Brutal.

This apprehension has limited operators and security practitioners to only explore legacy passive security tools – leaving them with limited visibility, incomplete or inaccurate inventory, vulnerable assets, and operational impact on sensitive, mission-critical devices.

When done the right way, however, active solutions are the scalpel rather than the cudgel, focusing on what the devices need rather than throwing the whole kitchen sink at them. This increases discovery speed, visibility completeness, classification accuracy, and risk assessment with zero operational impact – all while allowing for proactive hardening and remediation with full control.

And remember, bad actors are counting on you being passive. They want you to fail so they can continue to evade detection and maintain persistence on your mission-critical OT and IoT devices. Disappoint them!

In this presentation, we’ll help you take control of your embedded devices. We’ll detail findings from years of threat research across millions of Cyber-Physical Systems, demonstrate how IoT and OT devices can be hacked, recognize where they’re most vulnerable, and employ strategies – including a new generation of Intelligent Active Discovery technology – to not only safely find these assets but harden and remediate them at scale.

Attendees will understand:
● What went wrong with active discovery in the past
● How safe, fast, and accurate methods of intelligent active discovery can now be leveraged
● How devices can be hacked
● Why active discovery is the new path forward for organizations to safely FIND, FIX, and MONITOR OT & IoT Cyber-Physical systems

Speaker:
John Vecchi, Cybersecurity Evangelist, Phosphorus
https://www.linkedin.com/in/johnvecchi/