OT Security Workshop

„OT Systems are secure when they are switched off, but then there is a little detail missing…”

Save the DateClick on the .ics file to save the date

CPE Credits Earn 7.25 CPE (Continuing Professional Education) for attending this workshop. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the Hotel Shuttle

Date of Event 4th June 2019
Time 9:00 – 5:30 pm
Language Depends on the participants – English or German
Participation Fee Fr. 950.— (including lunch and apéro)

This Vendor-independent Workshop Provides You

Cyber Security is required – this is well understood and accepted, latest after the ransomware WannaCry hits the industry. IT security experts are supporting the OT colleagues to protect Laboratory and automation systems.
There is an IT-framework available as governance documentation – but does it apply 1:1 to OT? What is OT all about, what needs to be protected? The information or the business process supported by the OT-System. IT doesn’t want to protect the desktop as such, it is
about the information – so why to protect then the PLC?

The workshop is designed from an engineer to transfer the “IT-Language” to engineers. The workshop explains the differences between IT and OT, how terminologies and definitions are used different in both worlds – or do even not exist.

The attendee will get an comprehensive comparison of definitions, methodologies and principles to allow better management insight into the topic and to get management support to deploy solutions with the right maturity level – and not solutions for the solutions sake.
 

Delegates will learn and understand:

  • Industrial Standards (e.g. IEC 62443) strive for excellence – but what if the environment (people, systems) is innocent or „just“ aware of the threats? We have solutions – but what are the problems- or causing the solutions (new) problems?
  • Principles to integrate OT into existing IT frameworks for better management support
  • What are the threats? Definition of sublevels for a common language to allow interdisciplinary analysis
  • Security principles to address the threats: network segmentation, proper backup strategies, malware protection and patch management?
  • Secure procedures in IT and OT – what are the differences in terminology and processes (e.g. Configuration Management, Definition of infrastructure)
  • Engineering requirements to „IT-Services“ and to understand the information that need to be provided to design them (e.g. RPO / RTO, Organizational Units, WSUS or SCCM?)
  • OT System “Scenarios” to address security controls in a language understandable by IT and OT
  • IEC 62443 principles- explained from an engineering point of view
  • OT Security – what about service integrators, suppliers? How to integrate them into a security framework?

Takeaways
After attending this workshop you’ll

  • have views to standards, security controls, IT security in general from an OT point of view, explained in your language
  • have a understanding of the differences IT/OT beyond CIA or AIC
  • you have a mechanism to understand threats, what to protect that may allow you to adjust the right investments, convince management
  • have a translation from IT terminology to OT terminology

Who Should Attend

  • Automation Engineers & Project Leads involved in security programs to protect OT Systems
  • IT people who want to have an more deep insight in the OT environment

About the trainer

Thomas Sturm has a strong background in the chemical and pharmaceutical industry with coding PLC, SCADA and DCS Systems for different applications – from container washing units up to recipe control based on PLCs and similar applications for the DCS environment. He was working at Novartis, was leading a green field site project in Singapore, responsible for electrical, instrumentation and automation. With additional projects around serialization and laboratory applications, MES integration of automated equipment he covers a wide range of the OT environment.

He triggered in 2012 the first cyber security initiative and crossed the „bridge“ with the IT colleagues – working together to protect the OT Systems. He is passionate about OT-Security – coming from a solid „hands-on“ automation background – he recognized it is crucial to have a translator from IT language, IT security controls to the OT environment.

Registration
Cancellations of registration are free of charge until 30 days before. Cancellations received beyond this point will incur 100% of the admission fee. You will get an invoice for the respective amount. In any case, however, a delegate may be sent at no additional costs.

Register here!