[infopane color=”1″ icon=”0018.png”]The 2017 agenda will be available in the spring. Until then, the 2016 agenda is below, to allow you to get a taste of what might be coming. The 2017 Summit will include the events you love, including honoring the Energy Sector’s Cyber Security Professional of the YearPhysical Security Professional of the Year and Security Executive of the Year.[/infopane]


[day date=”22 August 2016″]Day 1 – EnergySec Workshops[/day]

[event time=”11:30 — 04:00″ room=”Magic Kingdom Ballroom / East Foyer”]Summit Registration[/event]
[event time=”01:30 — 04:00″ room= “Monorail C”]Workshop A

Top Ten Obstacles to Implementing CIPv6 and What to Do About Them

Instructor: Steve Parker, EnergySec and Stacy Bresler, EnergySec

CIP version 6 is now the law of the land. Although most entities have “crossed the finish line” and achieved at least “minimal” compliance, there may still be much work to be done to achieve sustainable, efficient compliance. This workshop will identify 10 of the most significant challenges and present practical advice on how to overcome them. In particular, we will focus on NERC CIP sustainability and how that might be achieved in your organization. Sign-up for this workshop to gain insight from two of the industries leading NERC CIP professionals – Mr. Parker and Mr. Bresler have devoted their careers to helping utilities address their security and compliance obligations. They are both former Regional Entity NERC CIP auditors and are very active in the pursuit of NERC CIP nirvana (although that is just a dream…but we are at Disneyland where dreams come true!!!).


[event time=”01:30 — 04:00″ room=”Monorail A”]Workshop B

Getting Started with the NIST CSF

Instructor: Jack Whitsitt, EnergySec 

This workshop is an abbreviated version of Jack Whitsitt’s full two-day training course on the subject. This is intended for those leaders, decisions makers, and technologists who feel that they are lacking a usable bridge between the technology and business aspects of cybersecurity and wish to do more than simply build a standard security program and hope for the best.

The instructor will use two common security frameworks (NIST and C2M2) alongside custom material (developed over 9 years and unavailable elsewhere) to help provide participants with the necessary cybersecurity, framework, and communication theory required to make practical improvements to their cybersecurity environments. As mentioned before, this is an abbreviated version of the full two-day training course. This workshop will get you started on your security framework journey!!


[event time=”01:30 – 04:00″ room=”Castle A”]Workshop C

ICS Security Hands-On Event

Instructor: Matt Luallen, Cybati 

Join Matt Luallen and go hands-on into ICS security. Matt is one of the most dynamic individuals you will ever meet. This is a must attend workshop where the take-aways will be absolutely invaluable.

Build, break and cybersecure a control system environment using the CybatiWorks cybersecurity educational platform.  In just 3 short hours we will step you through an active defense scenario of a pre-built control environment.  Each participant will be given access to a control system platform that you can use during the event and further share with your colleagues afterwards.  What you will learn from this hands-on event:

  • The general constructs of a control system environment (e.g. HMI, TAGS, OPC, HISTORIAN, DATABASE, LOGIC)
  • Typical dependencies of environments (e.g. WEB APPLICATIONS, AAA, NTP, GPS, VPN, STORAGE, COMMUNICATIONS, PHYSICAL, POWER)
  • Associated attack vectors and defenses based on adversarial goals
  • Incident detection and response

The environment will be entirely resettable with the ability to take your education with you to share with your colleagues.


[event time=”05:00 — 6:30″ room=”Sleeping Beauty Pavilion”]Welcome Reception

EnergySec is excited to invite you to our Welcome Reception as we kick off our 12th year of producing these events. It is a great time to meet other utility peers, vendors, regulators, and other summit staff. Enjoy refreshments, live music (sponsored by Archer Security Group) and take advantage of the opportunity to learn from one another!  We’re expecting some special visitors from nearby Magic Kingdom to drop by so bring your family and camera.


[day date=”23 August 2016″]Day 2 – Presentation Sessions[/day]

[event time=”07:00-04:00″ room=”Magic Kingdom Ballroom / East Foyer”]Summit Registration[/event]

[event time=”07:30 — 08:00″ room=”Magic Kingdom Ballroom 2″]Continental Breakfast and Networking[/event]
[event time=”08:00 — 08:15″ room=”Magic Kingdom Ballroom 1&4″]Welcome and Opening Remarks Sponsored by Archer Security Group

Summit Moderator: Patrick Miller, EnergySec, President Emeritus


[event time=”08:15 — 09:00″ room=”Magic Kingdom Ballroom 1&4″]Keynote Presentation – How Can Security Enable Business Agility and Resiliency?

Presenter: Jamey Sample, EY

The energy sector is undergoing a significant transformation in its business operations with record-high infrastructure investments, while new opportunities and operational efficiencies are driving digitization. How can security teams enable continued growth by integrating an inherent security mindset in business processes rather than focusing on design and compliance activities? By adopting a set of governance and execution principles, organizations will gain agility and resiliency across the enterprise, aligning cross-functional business needs and proactively promoting long-term risk management. Jamey Sample, a leader of EY’s Power & Utilities-focused security team, will discuss how to move beyond the status quo, creating quantifiable value that truly benefits security.


[event time=”09:00— 09:20″ room=”Magic Kingdom Ballroom 1&4″]Introduction to Information Sharing for OT Environments Panel

Presenter: Philip Quade, National Security Agency

Safeguarding the physical and cyber aspects of critical infrastructures is a national priority that requires information sharing and partnerships at all levels of government and industry. No one organization has the resources to do the job alone. The threat to our nation in cyberspace can be addressed only through unity of vision and purpose, requiring strong partnerships throughout the US Government and with industry partners in the OT space. This will require advancing the vision for information sharing architectures that will create real-time shared situational awareness based on machine-to-machine information sharing.[/event]

[event time=”09:20 — 10:00″ room=”Magic Kingdom Ballroom 1&4″]Panel – Information Sharing for OT Environments

Moderator: Philip Quade, National Security Agency

Panelists: Josh Axelrod, EY; Jacob Kitchel, Exelon; Brian McKay, Booz Allen Hamilton; Doug Rhoades, Sempra USGP

The panel will discuss the way forward to accomplish information sharing at cyber speed that will drive down shared risk, speed response times, and allow preemptive mitigation actions to prevent, protect, and defend against malicious cyber activity.[/event]

[event time=”10:00 – 10:30″ room=”Magic Kingdom Ballroom 2″]Refreshment Break and Networking[/event]

[event time=”10:30 — 11:30″ room=”Magic Kingdom Ballroom 1&4″]Panel – Supply Chain Security

Moderator: Dave Lewis, Akamai

Panelists: Simon Slobodnik, FERC;  James McQuiggan, Siemens; Dennis Gammel, SEL; Bryan Owen, OSISoft; and David Foose, Emerson

Cybersecurity risks associated with supply chains for industrial control systems are receiving increased scrutiny. This expert panel will present perspectives from leading vendors on how these risks are being addressed.


[event time=”11:30 — 12:00″ room=”Magic Kingdom Ballroom 1&4″]CIOs and CISOs Playing Together

Presenters: Rani Johnson and Tim Virtue, Lower Colorado River Authority

Tim Virtue and Rani Johnson will share their experiences regarding an innovative and strategic initiative in which the Lower Colorado River Authority is building collaborative cybersecurity programs that support operational technology (OT), Information Technology (IT) and cybersecurity objectives.


[lunch time=”12:00 — 1:15″ room=”Rose Court Garden”]Catered Lunch sponsored by CyberX [/lunch]

[event time=”01:15 — 02:00″ room=”Magic Kingdom Ballroom 1&4″]Panel – Who’s Driving the Bus: Compliance or Security?

Moderator: Dr. Joseph Baugh, WECC

Panelists: Josh Sandler, Duke Energy; Brian Proctor, San Diego Gas & Electric; Tim Erlin, Tripwire

A common theme that is emerging in the electric industry is that compliance should be an outcome of security programs rather than attempting to derive security from compliance programs. This panel will explore this topic with insights from leading utilities.


[event time=”02:00 — 02:30″ room=”Magic Kingdom Ballroom 1&4″]Beyond CIP-010 – Configuration Management

Presenter: Mike Sanders, Southern Company

Mike will discuss a Configuration Management program designed for daily monitoring of security configurations for approximately 1100 devices.


[event time=”02:30 – 03:00″ room=”Magic Kingdom Ballroom 2″]Refreshment Break and Networking[/event]

[event time=”03:00 — 03:30″ room=”Magic Kingdom Ballroom 1&4″]Automated Assessment Technology Reveals Hidden IIot and ICS Vulnerabilities

Presented by: Jim Blaschke, CyberX

In this session we will reveal how CyberX has applied patent-pending automation technology to unmask vulnerabilities in OT networks. The session will provide an exclusive preview of a new automated tool, just released to the market, which provides IIoT environments with a single-click Vulnerability Assessment, offering an overall OT Network vulnerability score, detailed device-level information on where vulnerabilities lie, and the ways attackers would compromise these assets.

Based on our successful field-testing of this ground-breaking Vulnerability Assessment tool, we will also reveal examples of unexpected vulnerability findings, and the potential impact these available exploits would have on customer production environments, as well as mitigation recommendations for strengthening OT networks’ overall security posture.


[event time=”03:30 — 04:00″ room=”Magic Kingdom Ballroom 1&4″]Intelligence and Near-Incidents – Learning from What Didn’t Happen

Presented by: Orange County Intelligence Assessment Center

Physical and cyber security convergence is on the short-list for many security professionals in today’s rapidly evolving threat environment.  Analyzing the most up-to-date intelligence can help security professionals in the Energy Sector tackle these threats more efficiently.  However, a majority of the most useful intelligence often comes from those incidents that did not occur, those near-incidents, which do not always meet reporting standards for energy partners.  This presentation will highlight case studies and lessons learned from Orange County’s DHS-recognized fusion center, comprised of public safety agencies coordinating with critical infrastructure partners to prevent and safeguard the region from threats.


[day date=”24 August 2016″]Day 3 – Presentation Sessions[/day]

[event time=”07:00-04:00″]Summit Registration[/event]

[event time=”07:30 — 08:00″ room=”Magic Kingdom Ballroom 2″]Continental Breakfast and Networking[/event]

[event time=”08:00 — 08:15″ room=”Magic Kingdom Ballroom 1&4″]Welcome and Opening Remarks

Moderator: Patrick Miller, Archer Energy Solutions


[event time=”08:15 — 09:00″ room=”Magic Kingdom Ballroom 1&4″]Keynote Presentation – Empowering a Small Security Team

Presenter: Kelly Brazil, ProtectWise

Cybercrime is blossoming in the shadow economy. The frequency of attacks is increasing, costing businesses upwards of $500 billion each year. But as security budgets wane, smaller teams are tasked with the same formidable challenge of ensuring the integrity of vital corporate assets.

With more imminent threats and limited resources, companies need to completely reevaluate the way they approach cybersecurity. Small teams have to be more efficient and agile by pivoting from a reactive to proactive strategy. They need to not only be aware of security threats but also be the aggressor, able to pre-emptively go after them early in the kill chain.

In this presentation, Kelly Brazil, emerging security technologies specialist and vice president of systems engineering at ProtectWise, will discuss real-life examples of how the lean team of an electric cooperative operationalized cybersecurity to be the hunter, not the hunted.


[event time=”09:00 — 10:00″ room=”Magic Kingdom Ballroom 1&4″]Panel – Threat Intelligence: Finding the Bad Guys Together

Moderator: Chris Sistrunk, Mandiant

Panelists: Chris Jager, Arizona Public Service; Del Rodillas, Palo Alto Networks; Intelligence Analysts, Orange County Intelligence Assessment Center

As attackers become increasingly stealthy and sophisticated, advanced detection, analysis, and threat intelligence become more important for effective defense. This panel will discuss the latest in attacker techniques, as well as methods that defenders use for collaborative detection and analysis.


[event time=”10:00 — 10:30″ room=”Magic Kingdom Ballroom 2″]Refreshment Break & Networking[/event]

[event time=”10:30 — 10:45″ room=”Magic Kingdom Ballroom 1&4″]Millennials in the Workforce

Presenter: Andrew Plato, Anitian

By 2025 members of the Millennial generation will comprise 75% of the global workforce. Like it or not, Millennials are changing your workplace and your information security program.

How do we manage this tectonic shift? Millennials bring a profoundly different approach and attitude to work. We cannot keep using the same security practices, and expecting the same results. Our security program must evolve.

For the past year, Anitian has studied the impact Millennials are having on information security. While this demographic shift has many challenges, it offers an equal number of opportunities to improve outdated and ineffective security practices.

In this presentation, security veteran Andrew Plato will discuss how to adapt your information security program to a Millennial dominated workforce. Specifically, we will discuss how to build a Next Generation Security Program. As both a security practitioner and business leader, Mr. Plato has a unique perspective on building engaged workforces.


[event time=”10:45 — 11:15″ room=”Magic Kingdom Ballroom 1&4″]Panel – Workforce Development

Moderator: Twila Denham, EnergySec

Panelists: Andrew Plato, Anitian Dr. Dan Manson, Cal Poly Pomona; Marc Blackmer, Cisco; Steve Parker, EnergySec

The scarcity of qualified cybersecurity professionals, particularly in the ICS/SCADA space is a significant issue for the electric sector. This panel will explore the issue and possible solutions to this problem.

[event time=”11:15 — 11:45″ room=”Magic Kingdom Ballroom 1&4″]A Smarter Approach to Third and Fourth-Party Vendor Risk

Presenter: Jonathan Dambrot, Prevalent

Governing and managing third- and fourth-party relationships continues to be more complex and significant given all of the new regulations, technologies, and standards. Financial organizations want to protect themselves and their clients from third-party threats, but their current approaches are leaving too many gaps.

What if there was a better way, a smarter way to manage vendor risk, while reducing both the time and the cost to do so?

In this session, Prevalent CEO and Co-Founder Jonathan Dambrot will discuss how to effectively build and maintain your vendor risk program.


[lunch time=”11:45 — 01:00″ room=”Rose Court Garden”]Catered Lunch and Awards Presentation

Join us as we honor the 2016 Electric Sector Security Executive of the Year, Electric Sector Cyber Security Professional of the Year and Physical Security Professional of the Year.


[event time=”01:00 — 01:15″ room=”Magic Kingdom Ballroom 1&4″]Attack in Depth

Presenter: Monta Elkins, FoxGuard Solutions

We’re starting to see a new style of attack Monta Elkins has dubbed “Attack in Depth”.

You’ve heard of “Defense in depth” as a defense strategy.

Now we are seeing “Attack in depth” as an attack strategy.

It includes attacking the places we have few tools or policies to defend and places we seldom if ever review. Because of these “features” these places are becoming the new attack targets of serious attackers.

We’ll review the concept of “Attack in depth”, and some specifics of how it was used in an actual attack to keep the operators blinded.


[event time=”01:15 — 02:00″ room=”Magic Kingdom Ballroom 1&4″]Panel – Gates, Guns, Guards and Gigabytes: Bringing Physical and Cyber Security Together FTW!!

Moderator: Toni Linenberger, United States Bureau of Reclamation

Panelists: Nick Webber, Grant County PUD; Kelly Whitlock, Pacific Gas & Electric, Leonard M. Ketchens, (Mike), ReliabilityFirst

Sometimes lost in the focus on cybersecurity, physical attacks remain a significant vulnerability for critical infrastructure. This panel will discuss the latest developments related to physical security and how organizations are working towards a convergence of security disciplines as a means of improved risk management alignment, efficiencies and overall increase of effectiveness.


[event time=”02:00 — 02:30″ room=”Magic Kingdom Ballroom 2″]Refreshment Break & Networking[/event]

[event time=”02:30 — 03:15″ room=”Magic Kingdom Ballroom 1&4″]Panel – Building ICS Security Programs

Moderator: David Coher, Southern California Edison

Panelists: Doug Clifton, EY; Samara Moore, Exelon; Mark Heard, Mandiant

Some utility organizations have established cybersecurity programs specifically for their ICS and SCADA environments. This panel will discuss lessons learned from those efforts, and whether such an approach should be considered by other organizations.


[event time=”03:15 – 04:00″ room=”Magic Kingdom Ballroom 1&4″]Hacking the Power Grid: Analyzing What Hackers Do When They Have Access to the “Power Grid Honeypot”

Presenter: Dewan Chowdhury, MalCrawler

The nightmarish scenario of the power grid being hacked, and causing disruption to the electric grid has been used by the entertainment industry to politician to show the public the seriousness of cyber threats. Energy companies are the number one target for cyber attacks against critical infrastructure based on DHS reporting, so it is well known in the industry that hackers are trying to access the ICS/SCADA side of energy companies.

We created a honeypot that replicates the Energy Management System (EMS/SCADA) of a modern electric company. The EMS/SCADA is used by electric companies to monitor, control, and optimize power grid.

The EMS/SCADA honeypot allows attacker to control key component of the power grid such as Nuclear power generator, major transmission lines that affect the BES (Bulk Electric System). We added component to mimic the Smart grid such as distributed generation (Solar, Wind) to distributed automation.   This honeypot allows the community to understand what hacker would do if they have access to the most important system in the GRID the “EMS/SCADA”. We examine a wide variety of skill set from novice hackers to APT actors on the Honeypot. We try to understand their actions and objective when they are controlling the grid, is it sabotage or espionage?