ElevateGov

2019 CISF EVENT LIBRARY

CISF 2019 Event Agenda, Presentations, Videos and Pictures

***COMING SOON!!!

Tuesday, December 10, 2019

Download CISF Opening Session Presentation

Opening Remarks by Sherilyn Hammond, CEO, ElevateGov & the Executive Sponsors of the 2019 Critical Infrastructure Security Forum

Opening Keynote Session - Download presentation here.

Opening Keynote Session 1 - Incorporating Cyber Informed Engineering design standards for SCADA projects

Speaker: Charley Cunningham, EIS Superintendent, DOU- City of Sacramento

Charley will present his experience on how the City of Sacramento-Department of Utilities is incorporating CIE/CCE ( Cyber Informed Engineering/ Consequence-driven Cyber-informed Engineering ) into our design standards for our SCADA projects. This approach considers potential cyber risks and vulnerabilities during the design phase of a project, as well as the consequences of the same being exploited or compromised. This effort intends to provide an engineered solution up-front, rather than finding a way to mitigate the risk after the fact. In short using CIE/CCE will hopefully result in providing a baked-in solution rather than a bolted-on modification after the fact. This information is a high-level overview of how we have incorporated the CIE/CCE approach into our SCADA Master Plan and are also following the recommendations Department of Homeland Security to use the NIST 800-82 framework regarding standards for Industrial Control Systems for Critical Infrastructure.

Opening Keynote Session 2 - Download presentation here

Opening Keynote Session 2 - The Cyber Punk’s Juxtaposition: INFRASTRUCTURE RISK: CYBER - PHYSICAL - BIO

Speaker: James Waterman, Founder and CEO, XCurve Partners
 
juxtaposition noun jux· ta· po· si· tion | \ ˌjək-stə-pə-ˈzi-shən \ The act or an instance of placing two or more things side by side often to compare or contrast or to create an interesting effect.
 
Join James Waterman, a 30 year IT Innovator, Start-Up Founder and “Cyber Punk exemplified” as he examines and envisions INFRASTRUCTURE RISK through the lens of “The Cyber Punk’s Juxtaposition.” If you think the past 30 years of technical advancement was a wild and crazy roller coaster ride, hold onto your seats...the exponential trajectory of the next thirty years presents opportunities - and associated risks - that are truly mind blowing.
 
Presented by Indegy
 
They are the workhorses of industrial operations and critical infrastructure. Industrial Controllers such as PLCs, RTUs an DCSs have been around forever and control virtually everything. Back when these controllers were deployed, there was little concern for security; but times have changed. As a result, you are now exposed to consistent and confusing noise regarding various ICS security approaches. You must take action, but what is the right action to take?
 
In this session we will help unravel the confusion and specifically:
 
- Explain the different approaches for ICS security
- Learn about the differences between active, passive and hybrid ICS security monitoring approaches
- Understand the benefits and disadvantages of each
- Learn which security gaps are addressed and not addressed by each approach
 
Expected Outcome: For IT and OT leaders to have the knowledge to determine which approach is best suited for protecting their ICS network. A handout will be provided which is an ICS Security Checklist, which serves as a starting point for any industrial cybersecurity program.
 
Intended Audience: CISO, Security Engineering, OT Security, SCADA, Network Architecture, Infrastructure
 
Presented by Tripwire
 
Description: This session introduces a next-generation data collection technique where raw data can be transformed into actionable information, providing holistic visibility across critical infrastructure networks augmenting existing active, passive, and hybrid data collection methods.. Attendees will learn about various practical, non-obtrusive techniques to help identify, mitigate and remediate cyber events – from vulnerabilities and system misconfigurations to unauthorized changes and equipment failure.
 
The session will also cover the benefits and risks of various data collection methods and key considerations to determine the best method to use in a particular environment. While more organizations are starting their cybersecurity journeys with passive monitoring first, then exploring active and hybrid solutions, the next step is to integrate with OT hardware technologies to provide cybersecurity insights across a broader, richer dataset leading to 100% holistic visibility within their environment. Attendees will leave this session understanding how to leverage each data collection method, as well as valuable tools and resources to achieving deep visibility for safe, reliant, resilient networks.
 
Expected Outcome: Attendees will leave this session understanding how to leverage the various data collection methods on ICS networks, as well as valuable tools and resources to achieving deep visibility for safe, reliant, resilient networks.
Session coming soon. 
 
Presented by IBM
 
Description: Responding to cyber security incidents in stressful and being prepared is key to surviving the incident and returning to business as usual in the minimal amount of time. The presentation will focus on developing a strategy to effectively respond to cyber incidents. We will explore preparation steps such as playbook development, roles and responsibilities in a breach investigation and how threat intelligence plays a role in investigating security events.
 
Expected Outcome: The audience will leave with a better idea of what constitutes an effective incident response plan and what factors go into making an organization better prepared for a security event.
 
Intended Audience: All organization members that would be impacted by a security breach
 
Presented by: Enterprise Networking Solutions, Inc & Lenovo
 
Speaker Panel: ENS, Inc., Lenovo, Cal OES, City and County of Sacramento, FHA
 
Description: IoT can be viewed as the convergence of information technology (IT) and operational technology (OT). Join us for a discussion on why IT & OT are converging, how IT & OT can create opportuinties with information that is already being collected, the challenges this convergence brings and the solutions it requires and creates.
 
Expected Outcome: You will leave with a greater understanding of IT & OT Convergence, how you can be proactive in preparation, along with understand the challenges and opportunities.
 
Intended Audience: We welcome everyone as this is important to everyone.
 
Presented by Taborda Solutions & Mandiant
 
Description: Mandiant assesses many types of industrial control systems each year, especially those supporting critical infrastructure, and have found several repeating themes. Although advanced products and security controls specific to control systems are coming to market, we continual find a gap in basic fundamentals for control system security. This talk will examine some of those themes, show how they can be used to protect systems, and give examples where these would have helped to alert defenders during cyber attacks.
 
Expected Outcome: Attendees will leave this session with a better understanding of the ways by which threat actors attack control systems.
 
Intended Audience: Control system engineers, control system security engineers, IT security engineers, control system managers
 
Presented by Okta
 
Description: While ransomware is the latest and certainly the most pressing threat facing government agencies today, it’s not the only way attackers are going after public entities. Security leaders at government agencies need strategies that help mitigate common and timely attacks, and fast, to get ahead of threat actors today – as well as for whatever strategies these attackers turn to tomorrow. With the use of stolen credentials and phishing as the top two causes of breaches across industries in 2019, it’s unsurprising to see the impact that successful people-oriented attacks can have across the attack chain. As the cat and mouse game continues, public security professionals must juggle ransomware mitigation alongside a growing list of threats and limited resources to prioritize protecting against this landscape.
 
Expected Outcome: In this talk, Sami Laine, Director of Technology Strategy at Okta, will talk through the impact of broken authentication on state and local governments, break down common attack types, and discuss strategies that can help agencies to protect their organizations.
 
Intended Audience: State and Local Government Security Leaders
 
Presented by DataEndure
 
Description: There is a fundamental expectation that agencies will have the ability to identify and respond to any cyber-event. Amidst the added responsibility and heightened expectations, technology leaders are in a valiant fight to keep up.
 
Medieval lords lived in an environment much like our cyber-landscape today — chaotic, with their fiefdoms under constant attack. While today’s attackers operate with digital swords, the principle and effectiveness of a Defense in Depth approach holds as true today as it did back then.
 
Defense in Depth is the simple principle that while no security is perfect, the presence of many independent layer,s of defenses will geometrically increase the difficulty of an attacker to breach the walls, and slow them down to the point where your defenses have an opportunity to thwart the attack. Defense in Depth places core assets behind layers of varied and individually effective security controls, each of which has to be circumvented for an attack to be successful.
 
In this expert session, you’ll learn the key components of a Defense in Depth strategy, and how to evaluate your ability to anticipate and defend against the ever growing quantity and cost of cyber-attacks.
 
Expected Outcome: From this discussion, attendees will be able to:
1. Recognize the multifaceted layers that make up a defense in depth approach
2. Assess where you are today and how to strengthen your security posture
3. Understand how to best deploy resources to accelerate your objectives
 
Intended Audience: Technology leaders under pressure to evaluate and quickly strengthen their security posture, and who are seeking cost-effective ways to enhance or complement their existing capabilities.
 
Presented by GroupSense and Red River
 

Speaker: Carlos Avila, VP Worldwide Sales, GroupSense

Description: Critical infrastructure represents a vulnerable target for threat actors. As technology innovations explode, these previously air-gapped systems are going online. As the traditional security perimeter fades away, it is more important than ever to maintain situational awareness of the most relevant threats. You need visibility into the external landscape so you can understand, prepare for, and respond to these threats. Learn how early detection, validation, and analysis of the threats emanating from the Surface, Deep, and Dark web can prepare you to address impending risks and become more resilient to attacks threatening critical infrastructure.

Expected Outcome: Learn about the external threat landscape and open source tools for threat discovery. Find out how cyber reconnaissance can make critical infrastructure more secure and resilient with intel to help you prioritize security efforts and respond early to confirmed attacks.

Intended Audience: CISO, Security Engineering, Incident Response Team, Security Team

Presented by GroupSense and Red River
 
Speaker: Carlos Avila, VP Worldwide Sales, GroupSense
 
Description: Critical infrastructure represents a vulnerable target for threat actors. As technology innovations explode, these previously air-gapped systems are going online. As the traditional security perimeter fades away, it is more important than ever to maintain situational awareness of the most relevant threats. You need visibility into the external landscape so you can understand, prepare for, and respond to these threats. Learn how early detection, validation, and analysis of the threats emanating from the Surface, Deep, and Dark web can prepare you to address impending risks and become more resilient to attacks threatening critical infrastructure.
 
Expected Outcome: Learn about the external threat landscape and open source tools for threat discovery. Find out how cyber reconnaissance can make critical infrastructure more secure and resilient with intel to help you prioritize security efforts and respond early to confirmed attacks.
 
Intended Audience: CISO, Security Engineering, Incident Response Team, Security Team

Lunch Keynote - DOwnload the presentation here

 

Lunch Keynote Session: Elements of a Cyber Incident & Recovery

Presenters:
Marc Glenn, Cyber Intelligence Analyst – California Office of Emergency Services
Greg Park, Information Technology Coordinator – City of Livermore Police Department

Walking through a hypothetical cyber incident, the presenters will share how steps can be taken to lessen the risk of an incident, and what preparations can be helpful to be ready for a recovery.

 
Presented by ConvergeOne & Cisco
 
Description: Specialized systems require specialized handling yet the expertise and authority to properly secure these critical infrastructure elements may not be present. Operational engineers have great knowledge of their process and equipment. Security specialists know their trade. But we know that critical infrastructure was built without security in mind and there is a history of standard security practices actually breaking critical infrastructure. This discussion will give examples of how these boundary weaknesses have resulted in mishaps and exposure. In turn specific actionable guidance will be provided to increase security in the future.
 
Expected Outcome: Attendees will find similarities between the operating states of impacted systems and their own environments. The presentation will present explicit steps to improve critical infrastructure security that can be acted on immediately.
 
Intended Audience: All Conference attendees.
 
Presented by Metropolitan Water District, Los Angeles/Southern CA Jacob Margolis, CISO
 
Description: A discussion on how to focus your efforts on getting back to the basics of cybersecurity. How to determine & assess your risks, look at threats and prepare to respond to cyber incidents. This is a discussion on building the foundation for a resilient cybersecurity program.
 
Expected Outcome: Provide a basic check list attendees can use to self assess or set goals for their own organizations.
 
Intended Audience: Security, SCADA (OT), and IT Professionals and Leaders.
 
Presented by Dynamic Systems
 
Speakers: Ken Clement, Account Executive, Dynamic Systems, Inc. Mike Williams Solution Engineer Dynamic Systems, Inc.
 
Description: We believe there are twenty questions that your organization's Leadership Team should know and be able to answer regarding Cybersecurity. Presented by the Professional Services team at Dynamic Systems, Inc., a State and Federal IT Consulting firm with Security clients such as the DoD and IRS, this session will bring awareness to those questions to ensure you organization is better prepared to handle current and future threats to your network infrastructure and applications. Have you ever determined how valuable a target you are to cyber criminals and who they are? We will also discuss how Dynamic Systems can get you thinking about how “cybersecurity-ready” your organization really is and what we can provide in the way of data security and system hardening. Hear how we can help architect, integrate and deploy Enterprise Services and Infrastructure into Secure Environments.
 
Expected Outcome: To bring awareness to the audience of what it means to be cybersecurity-ready, best in class preparation methodologies, and what they and Dynamic Systems can do to help them become truly Cybersecure.
 
Intended Audience: CIOs, CISOs, IT Managers, Architecture and Network managers, and Compute and Storage managers.
 
Presented by CyberArk & SailPoint
 
Description: Organizations have more challenges and technology concerns than ever before. Maintaining a modern computing environment means more applications, users, and data in more places. That means more risk. There can also be a tradeoff between operational efficiency and a sound security posture.
 
With integrated partnerships between Sailpoint and CyberArk, you can now gain the best of all worlds. Attend this informative, interactive session and learn how you can securely and effectively authenticate, provision, and govern access to all your applications and data across a hybrid cloud and on-premise enterprise.
 
• Delight users with tools that provide powerful secure access
• Realize identity governance, security, operational efficiency and compliance to enterprises with complex IT environments
• Provide comprehensive privileged access protection, monitoring, detection, alerting, and reporting on all privileged users
 
Expected Outcome:
• Delight users with tools that provide powerful secure access
• Realize identity governance, security, operational efficiency and compliance to enterprises with complex IT environments
• Provide comprehensive privileged access protection, monitoring, detection, alerting, and reporting on all privileged users
 
Intended Audience: Those interested in Identity and Access Management
 
Presented by Palo Alto Networks
 
Speakers: Kalyan Siddam, Product Management, Palo Alto Networks Mayuresh Ektare, Product Management, Director, Palo Alto Networks
 
Description: With billions of connected devices coming online in every industry, their promise of innovation and transformation has been accompanied by concerns of visibility, risk posture and operational continuity. To realize the full benefit of these smart devices it requires a wholistic device lifecycle management approach that focuses on device visibility, security, vulnerability, operational optimization, and end of life.
 
In this session we will cover the following topics: • Summary of challenges and issues faced by IoT devices • Need for a new approach to securing IoT devices • Practical approaches for securing IoT devices
 
Expected Outcome: Our goal is to share some of the issues these IoT devices face, strategies to secure, manage and optimize your environment to provide trust in your devices, their services, and their business impact.
 
Intended Audience: CISO, CIO, Security Analysts, Policy Makers, Critical Infrastructure and Public Safety Managers
Presentation coming soon!
 
Presented by AttackIQ
 
Speaker: Jose Barajas, Director Field Engineering, AttackIQ
 
Description: This talk will overview Breach and Attack Simulation and why it is valuable to fold an automated BAS into your risk management program. You will also learn the benefits of using MITRE ATT&CK to power your BAS platform. You will then get an overview of the top 12 adversarial techniques, tactics, and procedures (TTPs) where most enterprises are experiencing easily avoided protection failures. These techniques are based on AttackIQ’s automated continuous security assessment platform SaaS utilization telemetry, open-source and industry developed TTP analysis, and other MITRE ATT&CK framework correlations. Following the discussion of these TTPs, there will be insights provided into systematically closing these prevention and detection gaps within the framework of higher-level risk mitigation strategies. Lastly, we will discuss how to fold continuous security validation constructs into the customer's cyber automation continuum.
 
Expected Outcome: Provide a better understanding of how the Mitre Att&ck Framework can automate, and simplify validation of security controls. For a clearer understanding of their security tools ROI. And measuring the efficiency of their tools blocking, detection & reporting capabilities.
 
Intended Audience: Anyone concerned- and/or involved with their organizations cyber security policies and strategies.
 
Presented by: BeyondTrust Corporation
 
Speaker: Joe Vachon, Sr. Solutions Engineer, BeyondTrust
 
Description: We all know the world of IT is changing and evolving exponentially. Our customers are telling us that the expansion of the perimeter is making it harder to keep track of privileged credentials. In many organizations exist tens of thousands of privileged accounts across thousands of devices. In this session, we will explore how this complexity creates some common challenges (and common myths).
 
Expected Outcome: To inform folks on Privileged Access Management by enhancing the attendee’s understanding of how PAM projects can impact their organization, advise on challenges that occur when pursuing a PAM implementation, and to further educate around additional contextual items regarding PAM deployments.
 
Intended Audience: Technical, Decision Maker, Security, Identity and Access Management
Presented by Team One Networking & Trend Micro
 
Speaker: Keith Tarantino, Senior Principle Engineer
 
Description:
In this session we’ll discuss the role of next generation IPS by addressing Virtual Patching as part of an effective vulnerability management program. If an attacker can compromise a workstation or IoT device, they can also get access to the internal network AND the cloud with the users’ credentials. State agencies require solutions that are purpose-built for both on premise and the cloud, that can be deployed without disrupting business or re-architecting the infrastructure.
Closing remarks by ElevateGov & Members of the Forum Executive Council

Following the closing reception in the Solution Center!