Mark your calendar for August 19-21, 2019 as the EnergySec Security & Compliance Summit returns to the Disneyland Hotel

Join us at the Disneyland Hotel in Anaheim, CA!

August 19-21, 2019

Our Annual Security and Compliance Summit returns for our 15th Anniversary! We are still the premier security conference for critical infrastructure and one of the longest running events of its kind in the nation.

The unique qualities of our Summit reside in the vast array of industry leaders and experts we invite to participate in the event.  Attendees benefit from a diverse collection of perspectives, knowledge, and experience as our presenters and panelists journey from destinations all around nation and globe! With such a concentration of thought leadership and talent, the stage is set for passionate discussion and debate on a variety of topics that highlight the burning issues and evolving needs of our industry.

Navigate our Summit page to learn more about this year’s exciting topics and speakers. Registrations and rooms go fast so start planning your educational experience and relaxing fun in the sun today!

Who should attend?

  • Chief technology officers (CTO)
  • Chief security officers (CSO)
  • Chief information officers (CIO)
  • Department of Homeland Security personnel
  • Department of Energy personnel
  • General Managers (municipal, coops, power plants, etc)
  • Compliance managers
  • Regulatory specialist
  • Operations managers
  • IT & security architects
  • Cyber risk managers
  • Auditors
  • Security analysts
  • Program and Project managers

Gold Sponsors

Silver Sponsors

Day 1 - Aug. 19, 2019

11:00a – 4:00p
Registration Open

10:00a – 4:30p
Breakout Sessions: Concurrent break-out sessions in four areas of interest

Leadership Track

Collective Cyber Defense in the Energy Sector: Towards An Organizational Maturity Model
Shawn Wallace & Greg Conti | Iron Net Security
Participation in an ISAC is a necessary milestone. Building on the ISAC foundation, this talk presents a maturity model for knowing where your organization stands on its journey toward true collective defense, where it should go next, and how it can get to the next level. We’ll provide a well‑ researched model for assessing the maturity of any organization’s collective defense programs.

Lessons Learned in Information Sharing
Bell Nelson | Global Resilience Federation (GRF)

Securing Digital Utility Transformation: Opportunities and the Way Forward
Souheil Sabbagh | SNC-Lavalin
The digitalization of utilities promises to optimize the supply and demand of electricity, manage the increasing number of renewable sources of energy and microgrids while offering efficiency improvements for consumers. The large volumes of data generated, combined with predictive analytics, allows utilities to transition to a proactive mode of asset management. Such a far-reaching digital transformation comes with many challenges for critical infrastructures, with cybersecurity near the top of the list. The widespread connection of distributed energy resources will drastically increase the attack surfaces, which will expose utilities to new threats. Mr. Souheil Sabbagh, Director Strategy & Consulting Services for SNC-Lavalin’s Intelligent Networks & Cybersecurity, will touch upon the digital utility transformation, point out some of the opportunities that it can bring, and highlight some of the industry’s best-practices for transitioning to a secure, digitally integrated electrical grid amidst increasingly sophisticated threats.

Security Operations Track

Creative Destruction and Agnostic Detection using a Structured Threat Observable Tool Set
Bryce McClurg | Idaho National Laboratory
As part of the California Energy Systems for the 21st Century (CES-21) project, Idaho National Laboratory (INL) has developed a Structured Threat Observable Tool Set (STOTS), using Structured Threat Information Expression (STIX), as a method for detection and monitoring that can be used by the most advanced and the most basic cyber personnel to find IOCs for configuration specific systems. The tools developed in STOTS focus on surgical detection and response for a specific threat, enabling cyber defenders to be more agile in defense against cyber adversaries.

STIX and Big Data
Christian O. Hunt | New Context Services
Discovering and defending cyber attacks against utilities requires machine automation for rapid observed data ingestion and pattern matching to detect threats. The use of STIX and ELK to quickly discover potentially malicious activity is a vendor agnostic means to achieve these goals in addition to providing a means to share these findings with trusted industry peers. Leveraging off­the­shelf big data tools
such as Elasticsearch to facilitate rapid querying of complex STIX observable datasets is not limited to IP addresses and malware signatures.

Seeing into the Black Box of Embedded Systems
Rita Foster | Idaho National Laboratory
Reverse engineering and binary analysis tools have been around for a long time and are evolving. Visualization and applying machine learning concepts to traditional RE and binary analysis are producing interesting results. The Firmware Indicator Translation (FIT) project funded by the Department of Energy, Office of Cybersecurity, Energy Security and Emergency Response, Cybersecurity of Energy Delivery Systems (DOE-OE-CESER), focuses on firmware in embedded system to produce multiple tool-sets that provide insight into previously black box type systems.

Security Technology Track

ICS Security or Security at the Edge
Kip Gering | Xage
Distributed energy resources and microgrids are increasingly owned and operated by a third party. These DERs connect to the distribution grid and can not only create power flow challenges, but may also pose security risks that can disrupt other grid operations. In this session, Xage will share recent customer projects which have demonstrated how DER systems and machine-to-machine and machine-to-control interactions can be secured.

Cyber Resiliency of Mission Critical Systems
John Collins | FoxGuard
Mission critical control systems have become vulnerable over time as the Internet of Things (IoT) has become more integrated. As IoT converged networks have become more integrated their Cyber Security vulnerabilities have had consequences effecting operations and uptime availability. FoxGuard would highlight these vulnerabilities to educate what these networks are, why they are vulnerable and ideas on how to enable resilience through cyber security best practices. The best practices would focus on organizational leadership recommendations, technology enablers to create scale, and processes that shift risk of down time operations for critical assets. FoxGuard Solutions has 14 years of experience in the ICS/IoT cyber security and 39 years building critical systems hardware. Our presentation will focus on the relevance of improving cyber security of integrated networked automation systems

Compliance Track

Growing Your Compliance Program: A Maturity Model for NERC Compliance
Kathryn Wagner | AssurX
Energy and Utility companies have a challenging set of regulations, not just NERC CIP but a variety of others – many of which have overlapping scope. Cyber security program maturity is an evolutionary path from defensive, event-driven tactics to offensive, predictive strategies. Explore a proven maturity model for compliance that contributes to continual program improvement through internal controls and risk management techniques across a wide scope.

CIP Project 2016-02 Update
Scott Klauminzer | Tacoma Power
The CIP presentation will provide industry with a status update on the current CIP project (Project 2016-02). Main points covered during this presentation will be the virtualization and future technology update being made to the CIP standards. We will discuss the current direction and new defined terms that will aid in applying CIP Standards Requirements to virtualized systems.

Day 2 - Aug. 20, 2019

7:00a
Registration Open

7:00a
A Continental Breakfast will be served in the Expo area.

8:00a – 8:15a
Opening Remarks

08:15 – 09:00
Presentation

9:00a – 9:45a
Keynote Presentation

9:45a – 10:15a
Networking Break

10:15a – 11:00a
You’ve been hacked! Now what?
Bill Nelson | Global Resilience Federation (GRF)
Mr. Nelson will describe a real life response to a cyber attack that resulted in no damage to the victim organization or loss of reputation among its customers. He will reveal how important honesty and speed are to demonstrate from a public relations perspective that a victim organization takes the incident seriously and is taking steps to correct it. He will then compare this type of transparent response to other types of responses that were vague, ambiguous or even a stonewall response. These often result in the loss of jobs for those companies’ CISOs, CIOs and even CEOs.

11:00a – 11:30a
Next-Generation Visibility for Industrial Cyber Risks: Beyond Active vs. Passive Monitoring
Robert Landavazo | Tripwire
In this session, we’ll explore hardware and software used in Internet of Things (IoT) devices, drawing on similarities between devices used to automate our homes and those used in IIoT (Industrial Internet of Things) applications to automate our critical infrastructure. Attendees will also learn essential security best practices for achieving deep visibility in
ICS environments, including considerations for gathering data using non­obtrusive techniques to help identify, mitigate and remediate cyber events.

11:30a – 12:00p
Unleash the Data Around Your Supply Chain Program
Tony Turner & Steve Earley | Fortress Information Security
Supply chain attacks are everywhere. The board is taking notice, but your supply chain program just doesn’t feel actionable or useful. This session will demonstrate why these investments are failing to hit the mark and companies continue to be compromised by their trusted suppliers. We will discuss some actionable steps you can take to create contextual awareness around your supply chain risk program and focus on achieving outcomes. Not scores.

12:00p – 1:15p
Catered Lunch

1:15p – 2:15p
Panel – Addressing Supply Chain Risks

2:15p – 3:15p
The Elevator: Rapidfire Presentations

3:15p – 5:30p
Expo Hall Open | Refreshments, Networking, Prize Giveaways, and more

5:30p
Drinks at 5:00pm | Plated dinner at 6:00p

Day 3 - Aug. 21, 2019

7:00a
Registration Open

7:30a
A Continental Breakfast will be served in the Expo area.

8:00a – 8:45a
Opening Remarks

8:45a – 9:15a
Presentation

9:15a – 10:00a
Evolving Compliance towards a Culture of Resiliency
Joe Tellez & Scott Klauminzer | Tacoma Public Utilities & Tacoma Power
Building upon a strong foundation of a culture of compliance, Tacoma Power is maturing its cyber security capabilities to extend beyond protective and detective measures to meet regulatory obligations by leveraging cyber security technology, process engineering, and workforce to be better positioned to handle cyber events from a resiliency standpoint. We will share our journey towards creating a culture of resilience and how cyber security capabilities are being extended to all ICS systems which involves asking hard questions and taking consistent incremental positive steps.

10:00a – 10:30a
Networking Break

10:30a – 11:00a
Migrating to the Cloud – Balancing Risk: Collaborative Tools and Data Protection
Michael Colao & Rachel Swanson | Arizona Public Service

11:00a – 11:30a
Presentation

11:30a – 12:00p
Presentation

12:00p – 1:30p
Catered Lunch and Awards

1:30p – 2:00p
The 2035 Crypto Conundrum 
Colin Gordon | SEL Secure Solutions
We manufacturers are seeing an increase in market pressure for cryptographic technologies in our embedded products, with the end-goal of integrating authenticity and integrity controls on SCADA, protection, and engineering access data-in-motion. While it may be trivial to implement open-source crypto libraries and protocols to achieve these goals in the short-term, there are a number of downsides to crypto implementations in the long term that have forced us to reconsider our available options. These downsides include susceptibility to standards changes, expanded protocol attack surface, key management and implementation complexity, expanded computational resource needs, and a lack of good entropy – which all lead to the conclusion that a poor crypto implementation can actually reduce safety and availability of a critical system. This presentation will further elucidate those concerns, and contrast standard encryption technologies such as MACsec, IPsec, and TLS against the goals of safety, reliability, and availability of critical embedded devices.

2:00p – 3:00p
Panel

3:00p
End of Summit

Our 15th Annual Security & Compliance Summit brings another great lineup of industry experts and presenters! Visit our speakers page for biographies and additional information.

Disneyland Hotel

1150 West Magic Way | Anaheim, CA | 92802 | Phone: (714) 778-6600


EnergySec has secured a special room rate of $242/night at the famous Disneyland Hotel.

Once you have successfully registered for the event, you will receive a confirmation email with the link for making room reservations. The cut-off date for making reservations is July 27, 2019.

Not interested in waiting in lines? Downtown Disney is always a great time with the foot-tapping live music and carefree atmosphere. When you need a break from the hustle and bustle the resort itself offers a number of swimming pools and waterslides that are sure to tempt those families looking to recharge the batteries, enjoy the weather, and stay cool.

The Disneyland Hotel is the perfect spot to have a summit! The meeting rooms are spacious, the exhibitor space is outstanding, the food amazing and the atmosphere is unmatched. Look for the conference rooms near the pool area next to Goofy’s kitchen. Most activities are held up stairs – just follow the signs and you will find our smiling faces at the registration desk.

Bring the Whole Family

Special Rate of $242/night. We have also worked out a deal for magical prices on Disneyland park tickets. Click the button for more details.

Security and Compliance Summit Sponsorship

Interested in sponsoring our Summit? Check out the prospectus for available opportunities.

Student Scholarships at the EnergySec Summit

The need to attract new talent from the next generation of security professionals is more important than ever! We can all agree thousands of security professionals will be needed in the coming years to help secure entities in every industry. EnergySec has established a Workforce Development program to grow the cybersecurity workforce within the electric sector. One aspect of this program involves outreach to current college students to attract them to jobs in our industry. The Summit scholarship furthers this effort.

Our goal is to invite at least 35 students to the summit who have been identified as exemplary students and potential stars in the security industry. We want to directly connect students getting ready to graduate with employers who are in need of new talent for their workforce. We are asking both students and employers to participate in this effort.

Are you an Employer?

We are asking for $2,000 contributions which will support eight students attending our summit. Your contribution provides:

• Eight student scholarships which include
meals, conference admission, and the Monday evening student/industry dinner
• Meet the security professionals of tomorrow with
two tickets for your organization to attend the
student dinner.
• A copy of the student resume book.

Are you a Student?

If you are a information technology student with a focus on security, and would like to attend our summit to learn more about what it takes to secure our nation’s grid from industry experts please fill out our application below.

Join Our Fast Growing Membership Base Today!

Memberships Start At

$1,195/YR

Invalid slider ID or alias.
Contact Us

Send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt