Agenda

09:00 - 09:10

Chairman's Welcome 

09:10 - 09:30

►Bridging Digital Divides — Navigating IT-OT Convergence in Critical Infrastructure

James Mockford, Cyber Security Operations Lead, Wessex Water

  • The drive towards interconnectivity and its benefits
  • Overcoming challenges arising from IT-OT interconnectivity
  • Specific Vulnerabilities in Hyper-connected environments
  • Strategies for secure IT-OT integration
  • Futureproofing CNI security
  • Case studies
09:30 - 09:50

►Internet Exposed Industrial System: protecting UK critical infrastructure and preventing high risk cyber attack 

Nick Palmer, Senior Solutions Engineer, Censys

  • As critical infrastructure becomes increasingly connected to the Internet, securing Industrial Control Systems (ICS) and Operational Technology (OT) is more vital than ever. In this session, we explore the latest research by Censys, which highlights significant security risks associated with UK critical infrastructure. 
  • Censys’ recent findings reveal over 1,500 publicly accessible control systems in the UK, spread across sectors like water and wastewater management. Alarmingly, a substantial portion of these systems is exposed to the public Internet, with weak or default credentials, making them vulnerable to potential exploitation.
  • The session will focus on:
    • The state of ICS/OT vulnerabilities in the UK and key industry sectors at risk.
    • How over 80% of exposed administrative interfaces relate to building controls.
    • Key protocols at risk, such as EtherNet/IP and DNP3, and the dangers of unprotected Human-Machine Interfaces (HMIs).
    • Practical steps organisations can take to safeguard critical infrastructure from emerging threats.
09:50 - 10:10

►Best Practice in Building Human Resilience in Cybersecurity Environments 

Bec McKeown, CPsychol, Mind Science

  • The psychology behind resilience
  • The research into ‘Best Thinking’
  • Cross-functional communication
  • Building high performing teams
     
10:10 - 10:15

Comfort Break

10:15 - 10:35

►The Importance of International Cybersecurity Co-operation In Securing Critical National Infrastructure

Nitin Natarajan, Deputy Director, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security, USA

  • Defining the scope of critical national infrastructure and the increasing interconnectedness globally 
  • Understanding the worldwide threat landscape: Cybersecurity threat actors and their preferred attack methods
  • How can professionals in cybersecurity, risk management, and data protection use best practices to work together on a global scale?
  • The benefits of international cooperation; setting the stage for future collaboration
10:35 - 10:55

►The Nuances of Protecting Critical National Infrastructure 

Tom Exelby, Head of Cyber, Red Helix 

  • Explore the latest security threats and solutions to protect the essential services your organisation delivers.
  • The unique challenges of protecting critical national infrastructure. 
  • The emerging reliance on the Internet of Things (IoT) and Operational Technology (OT). 
  • Creating perimeter security around your supply chain to combat third-party vulnerabilities. 
  • Addressing the risk of rogue devices on a vast and complex network.
10:55 - 11:15

►Fireside chat: Securing our airports 

Simon Brady, Managing Editor & Event Chairman, AKJ Associates (Moderator)
Charlie Kemp, Cyber Security Risk and Compliance Analyst, Manchester Airports Group

  • How do emerging cyber threats, such as advanced persistent threats (APTs) and ransomware, specifically target critical airport infrastructure, and what strategies can be implemented to detect and mitigate these evolving risks?
  • With the convergence of Information Technology (IT) and Operational Technology (OT) in airport systems, what are the key challenges in securing these interconnected environments, and how can airports balance the need for operational efficiency with robust cybersecurity measures?
  • Considering the complex ecosystem of vendors, suppliers, and third-party contractors involved in airport operations, what are the best practices for managing supply chain cybersecurity risks, particularly in preventing vulnerabilities that could be exploited by attackers?
  • In the event of a cyberattack on airport systems, what are the critical steps in an incident response plan, and how can airports ensure a swift recovery while maintaining operational continuity and public safety?
  • How can airports navigate the regulatory landscape and comply with international cybersecurity standards, such as the International Civil Aviation Organization (ICAO) guidelines, while also addressing local and regional requirements to create a unified and effective cybersecurity framework?

11:15 - 11:35

►The power of collaboration; How the UK water industry worked together to ease the burden of supply chain security

Emily Hodges, COO, Risk Ledger

  • Explore the growing challenges of securing the UK's critical national infrastructure (CNI), especially when it comes to supply chain security.
  • Using examples from the UK Water industry and NHS Test and Trace, we'll show how working together can make all the difference in staying ahead of cyber threats. 
  • You'll pick up practical tips on improving supply chain visibility, managing third-party risks, and building a stronger, more resilient network by collaborating across industries. 
  • Expect straightforward insights and real-world examples to on how you cause use collaboration to increase your supply chain security.
11:35 - 11:40

Comfort Break

11:40 - 12:00

►IAM in OT: A Consequence-driven Engineered Approach

Luay Baltaji, Principal Architect, National Gas Transmission 

  • The challenge of identification, authentication and authorisation in OT
  • How did this manifest recent threat intelligence?
  • Consequence-driven Engineered design
  • Data and delivery strategy for an efficient and effective implementation
12:00 - 12:20

►The Human Factor: The Importance of Cybersecurity and You

Javvad Malik, Lead Security Awareness Advocate, KnowBe4

  • We will explore the current landscape of cyber threats targeting critical infrastructure. We'll examine how organisations compare to their peers in terms of risk reduction efforts and discuss what constitutes an unacceptable level of risk.
  • The Social Engineering Threat Landscape: Delve into the growing problem of social engineering attacks, with a particular focus on phishing.
  • Creating a Security-Aware Culture: Learn actionable strategies to reduce cyber risks by fostering a security-conscious organisational culture. We'll discuss practical tips for employee education, implementing effective security policies, and encouraging proactive security behaviours.
  • Measuring and Improving Human-Centric Security: Explore methods for assessing the effectiveness of human-focused security initiatives. We'll cover key performance indicators, ongoing training techniques, and ways to continuously improve your organisation's human firewall. 
12:20 - 12:55

►Fireside chat: Beyond threat awareness to action — a necessary revolution

Simon Brady, Event Chairman, AKJ Associates
Ian Thompson, Head of Cyber Threat Intelligence, BP

  • Why do organizations need to change their approach to threat management?
  • How can we evolve our security strategies to incorporate threat intelligence and counter-threat tradecraft as distinct and vital elements of our overall cybersecurity efforts?
  • How do we separate threat management from traditional governance and policy frameworks in practice, and why is this essential in the evolution of security strategies?
  • As we can’t manage threat the same way we manage risk, how do we develop a deeper understanding of how threat actors operate and succeed?
  • What specific tailored strategies for threat mitigation and management have you put in place in BP? What in your opinion, has had the biggest impact and how do you measure this? 
  • What practical advice would you give to those wishing to integrate threat intelligence and counter-threat strategies into their core security mission? Where do they start? 
12:55 - 13:00

Chairman's Close