OT Security Workshop

„..from threats to the definition of OT, security controls principles, services and governance for OT Systems”

Save the DateClick on the .ics file to save the date

CPE Credits Earn 8 CPE (Continuing Professional Education) for attending this workshop. Please request a confirmation.
Location TBD
Date of Event On request
Time 9:00 – 5:30 pm
Language Depends on the participants – English or German
Participation Fee Fr. 950.—

This Vendor-independent Workshop Provides You

Cyber Security is required – this is well understood and accepted, the latest after the ransomware WannaCry hits the industry. This triggered that IT security experts are now supporting the OT colleagues to protect Laboratory and Automation Systems.

But how to protect these systems? Standard IT solutions are the preferred choice, patching the systems. But this might not be always possible due to several reasons. IT experts are surprised that they will find legacy OS systems are still in use – unpatched and even unprotected against malware.

That means there is a gap in terminology, definitions and security solutions, what is IT, what makes a system an OT-System? What is OT?

How to govern OT? Following IT rules? What needs to be protected? Does IT want to protect the laptop or the information stored on that laptop? Does OT want to protect the supported business process or a PLC or Laboratory analyzer?

Can patching be the main strategy for OT?

The workshop is designed from an engineer to provide an approach to evaluate the situation, the differences in terminology and strategies for security controls. The workshop is introducing definition of OT Systems, OT Domains, threat analysis to determine easy understandable security control families and derive from there a security controls strategy.

The attendee will be guided to make these definitions for the own company and to better understand existing solutions and international standards for the OT environment.

Delegates will learn and understand:

  • Definition of OT
  • Maturity Levels, why is it difficult to read a security standard providing “Excellence” when the maturity level is innocent or awareness?
  • Definition of OT Systems in use in their business, purpose, benefits of OT Domains / OT Groups
  • Definition of Sublevels to have network architectures in a graphical way
  • Threat analysis of selected components (High level)
  • Definition of security principles to address the threats (control families)
  • Defining the security services required to support the security principles
  • OT requirements to these services (RTO, RPO and others)
  • Approach how to provide governance to address OT specifics without developing a complete new framework in addition to IT
  • Security Levels versus Protection Levels
  • Assessment of gaps versus assigning systems to security principles
  • Overview of International Standards in the OT environment
  • Information exchange between the attendees what are other companies, industries doing

After attending this workshop you’ll

  • have views to standards, security controls, IT security in general from an OT point of view, explained in your language
  • have a understanding of the differences IT/OT beyond CIA or AIC
  • you have a mechanism to understand threats, what to protect that may allow you to adjust the right investments, convince management
  • have a translation from IT terminology to OT terminology

Who Should Attend

  • Automation Engineers & Project Leads involved in security programs to protect OT Systems
  • IT people who want to have an more deep insight in the OT environment

It’s not a technical workshop!

About the trainer
Thomas Sturm has a strong background in the chemical and pharmaceutical industry with coding PLC, SCADA and DCS Systems for different applications – from container washing units up to recipe control based on PLCs and similar applications for the DCS environment. He was working at Novartis, was leading a green field site project in Singapore, responsible for electrical, instrumentation and automation. With additional projects around serialization and laboratory applications, MES integration of automated equipment he covers a wide range of the OT environment.

He triggered in 2012 the first cyber security initiative and crossed the „bridge“ with the IT colleagues – working together to protect the OT Systems. He is passionate about OT-Security – coming from a solid „hands-on“ automation background – he recognized it is crucial to have a translator from IT language, IT security controls to the OT environment.

Cancellations of registration are free of charge until 30 days before. Cancellations received beyond this point will incur 100% of the admission fee. You will get an invoice for the respective amount. In any case, however, a delegate may be sent at no additional costs.

If you are interested, you can get in touch directly with the teacher