The UK Energy Cyber Security Executive Forum brochure

Thursday 5th February 2015
A One-Day Conference
The UK Energy Cyber
Security Executive Forum
Organised by
Addressing the cyber security risks at the board level
The new realities of cybercrime in the energy sector
Sponsored by
City & Financial Global
CCT Venues Plus – South Quay, London E14
Ciaran Martin,
Director General for
Government and
Industry Cyber
Security, GCHQ
Graham Wright,
Group CISO
and Digital
Risk Officer,
National Grid
Steve Purser,
Head of Core
Dr Gal Luft, Senior
Advisor, The United
States Energy
Security Council &
Chairman, Nation-E
Avtar Sehmbi,
Head of Information
Security & IT Risk
Stephanie Daman,
CEO, Cyber Security
Challenge UK
Troels Oerting,
Head of European
Cyber Security
Centre, Europol
Raj Roy,
Legal Director,
British Gas
Chris Gibson,
Director, CERT-UK
Supported by
Attend this forum to understand:
What the UK Government is doing to improve security skills and awareness within the energy sector
How to educate your employees to deal with the new realities of cybercrime in the oil & gas industry
Why energy companies fail to effectively manage data security breach incidents and how you can enhance
your incident management detection and response capabilities
What coverage cyber risk insurers provide for business interruption and how to deal with the ‘cyber risk gap’
in the energy sector
You will also learn about:
EU response to the increased cyber threat in the energy sector. How does the United States currently
manage cyber security?
Recent cyber security incidents that have the most profound impact on the oil & gas industry. Step by step
analysis and the lessons learned
Effectively responding to real-time operational security concerns of SCADA devices and networks for power
and utilities. Retesting vulnerabilities to eliminate threats
The trends in the type, volume and calibre of cyber security attacks in the energy sector. The most effective
risk mitigation strategies and commercially viable cyber security policies
QR Code
The UK Energy Cyber
Security Executive Forum
Addressing the cyber security risks at the board level
The new realities of cybercrime in the energy sector
CCT Venues Plus – South Quay, London E14
The energy sector is increasingly becoming a prime target for organised cyber
security crime. Globally, it is estimated that cyber security breaches in oil & gas and
power will cost owners $1.87billion by 2018. Cyber-attacks on industrial control
systems reported to ICS-CERT jumped from 34 in 2010 to 257 in 2013.
The European Union’s adoption of new data protection rules and a new cyber
security network by 2015 increases the challenge faced by energy companies in
Europe. With energy companies in the UK already losing approximately £400 million
every year, the sanctions for security breaches will increase the maximum fines from
2% to 5% of a company’s global annual turnover.
Despite all the evidence and with such high costs at stakes, many companies do not
fully appreciate the risk posed by cybercrime. Their existing security measures often
prove to be inadequate and energy firms are routinely refused insurance cover for
business interruption. Additionally, the current mainstream cyber insurance market
neither fully addresses the needs of the energy sector, nor provides coverage for
physical loss or damage. Furthermore, the waiting periods for cyber security
coverage can be significant in terms of energy networks.
With significant numbers of employees having insufficient knowledge of corporate
cyber threats, such as SpyEye, Zeus, Stuxnet and Flame, the nation’s critical energy
infrastructure remains extremely vulnerable. Energy companies, while struggling
with the complexity and size of the networks they manage, need to meet the
challenge of surviving and growing in the current cyber security climate now.
City & Financial Global’s Energy Cyber Security Executive Forum is a strategic and
practice-driven summit, which will give you an excellent opportunity to network
with the best of the energy cyber security sector and learn how to actively engage
with the cyber security issues.
This timely conference will offer you guidance to minimise the risks, avoid cyber
security breaches through internal controls and proper adherence to standards,
develop resilience, and protect and strengthen your business in the UK and globally.
CISOs, Heads of Digital Risk, CIOs, Data Protection
Officers, Cyber Security Managers, Cyber Security
Architects, Heads of Legal/Privacy/Cyber Threat/
Resilience/IT, Chief Risk Officers/Risk Managers,
SCADA Control Operators
This already highly-regarded executive Forum is an in-depth follow-up to the cyber
security panel at our City Week 2014 event, at which the Rt Hon Francis Maude,
Minister for the Cabinet Office spoke. There was enormous interest in the cross
industries cyber security session, much of which was from board directors of
national and international firms who were keen to get a better understanding of the
threat posed to their institutions by cybercrime, how they should identify their
vulnerabilities, what they should be protecting, how they should protect it and the
role of the board in establishing a cyber security strategy.
A transcript of Francis Maude’s speech at City Week 2014 is below:
WOOD GROUP and many, many others…
The UK Energy Cyber Security Executive Forum
The Programme
Registration, networking and morning coffee
Chairman’s opening remarks
Graham Wright,
Group CISO and Digital Risk
Officer, National Grid
Keynote address I - Enhancing the UK’s cyber resilience
Chris Gibson,
Director, CERT-UK
• The role of the Cyber-security Information Sharing partnership (CiSP)
• Why you need to exercise
• What we are seeing
Panel I - An in-depth look at the latest European and international cyber security policies for oil & gas and power
• The role of the regulatory bodies in relation to cyber security. The differences between the regulatory bodies in the UK, Europe and the US
• How are international security policies and standards changing to meet cyber challenges?
• The EU Cyber Security Strategy. The NIS Directive. The role of ENISA
• Smart Grid mandates across the EU. Smart Grid security measures
• How does the United States currently manage cyber security? Analysing the US’s NIST and Department of Homeland Security’s initiatives
• How do we share best practice to address the issues and challenges
Moderated by
Steve Purser,
Head of Core Operations
Department, European
Union Agency for Network
and Information Security
Dr Gal Luft,
Senior Adviser, The United
States Energy Security
Council & Chairman,
Patrick Curry OBE,
Director, British Business
Federation Authority
Chris Gibson,
Director, CERT-UK
Panel II - Rethinking cyber security: Making your business more secure and resilient
• What are the new realities of cyber threats in the energy sector?
• Which cyber risks and exposures your organisation is facing by simply running your business on a daily basis?
• Best practices of dealing with cyber threats and vulnerabilities. Improving response time and enhancing overall system robustness
• Ensuring a skilled workforce. How to educate your employees to deal with the new realities of cybercrime in the energy sector?
Moderated by
Graham Wright,
Group CISO and Digital Risk
Officer, National Grid
Avtar Sehmbi,
Head of Information
Security & IT Risk
Management, Centrica
Manu Sharma,
Director, Grant Thornton
Iowa Carels, Senior Cyber Security Advisor,
The National Cyber Security Centre,
The Dutch Ministry of Security and Justice
The UK Energy Cyber Security Executive Forum
Keynote address II - Cyber security and the energy sector. A GCHQ perspective
Ciaran Martin,
Director General for
Government and Industry
Cyber Security, GCHQ
• Government’s focus on cyber security and the nature of the threat
• Cross-government initiatives and cyber security guidance and standards
• Routes to seek IA support, advice, training and professionalisation
• How cyber security risk affects the energy sector
• Future options for defence through collaboration
Networking and morning coffee
Case-study I
Senior Representative, QinetiQ
Case-study II - Cyber threats to critical energy systems and risk mitigation strategies
• Reviewing recent cyber security incidents that have the most profound impact on the energy sector
• Understanding trends in the type, volume and calibre of those attacks
• Recommendations for risk mitigation and commercially viable cyber security policies
Case-study III - Building a comprehensive IT risk management system
• Technology changes in the energy companies. Reviewing different systems of IT protection
• What are key external penetration areas of critical infrastructure?
• Unifying IT protection methods and policies and
maximising standards of IT protection by adhering to
short- and long-term security plans
Scott Baron,
• Suggestions for an effective end-to-end IT management
Director Digital Risk &
Security Governance,
National Grid
• Looking at the existing outsourcing models
Dr Gal Luft,
Senior Adviser, The United
States Energy Security
Council & Chairman,
Ameet Patel,
Group IT&S Director –
Information Security,
Wood Group
Keynote address III - The race for skills in the energy sector
• The implications of not properly addressing the cyber security skills gap
• Barriers that need to be addressed and overcome if we are going to be successful
• Matching the solutions to the topic - why traditional approaches have limited success
Networking and lunch
Keynote address IV – International perspective
Stephanie Daman,
CEO, Cyber Security
Challenge UK
Troels Oerting,
Head of European Cyber
Security Centre, Europol
Case-study IV
Daniel Barriuso,
Richard Mackintosh,
Cyber Intelligence Advisor,
The UK Energy Cyber Security Executive Forum
Moderated by
Panel III - Protection of privacy data for energy
• The impact of the new European Data Protection regulation
on the energy sector
• What are the main energy data protection challenges?
• Enforcing data protection polices and enabling open and
confident communication throughout your business and
with external parties
John Bowman,
Senior Principal, Data
Protection and Privacy,
Promontory Financial Group
Raj Roy, Legal Director,
British Gas
Afternoon tea
Case-study V - Heartbleed: lessons learned – or did we learn?
Ari Knuuti,
Co-founder and Vice
President of EMEA,
• What can the energy sector learn about cyber security from other industries
• Security build in or add on?
Panel IV - Cyber insurance: How to deal with the ‘cyber risk gap’ in the energy sector?
• Cyber insurance as a service – data breach response
• What coverage does cyber risk insurance provide?
• Policy details: what is covered, and what isn’t?
• What separates competitive insurers?
• UK market vs the rest of the world
• How legislation and regulatory change drive the need
and demand for insurance
• Systemic risk and risk management
• The future of the cyber insurance market
Ashley Roughton,
Barrister, Hogarth Chambers
Moderated by
Damian Beeley, Partner,
Haggie Partners
Laila Khudairi,
Global Underwriter for
International Cyber Risk,
Tokio Marine Kiln
Andrew Barratt, Managing
Director Europe, Coalfire
Panel V - Why energy companies fail to effectively manage data security breach incidents and how you can enhance your incident
management detection and response capabilities
• Understanding the threats, vulnerabilities and consequences of a cyber security breach within an organisation and its supply chain
• Identifying, protecting, detecting and responding
• Learning how to improve your resiliency and recovery to minimise your downtime if the system fails
Moderated by
Ari Knuuti,
Co-founder and Vice
President of EMEA,
Richard Mackintosh,
Cyber Intelligence Advisor,
Close of proceedings
Chris North,
Head of Information
Security, Gazprom
Marketing and Trading
Steve Armstrong,
Technical Security Director
and Owner, Logically
Secure; Certified Instructor,
SANS institute
The UK Energy Cyber Security Executive Forum
About our sponsors
Tokio Marine Kiln is a leading international provider of specialist and corporate insurance for clients within the
Lloyd’s and Company markets. Formed in 2014 through the integration of Kiln and Tokio Marine Europe, Tokio
Marine Kiln has been founded on empowered expertise and the strength of its relationships.
As part of one of the world’s largest insurance groups, Tokio Marine, we empower more than 700 employees in 22
cities to protect customers against complex and ever changing risks. We have seven underwriting teams focused
on Specialist Property, Liability & Motor; Corporate Property & Liability, Construction; Marine & Enterprise Risk; Aviation & Space, Accident,
Health & Life; and Reinsurance products, which are complemented by a first class claims team and an expert risk engineering service.
Tokio Marine Kiln benefits from exceptional financial strength with Standard & Poor’s ratings of AA- attributed to its Company platform and
A+ for its four managed syndicates at Lloyd’s.
Codenomicon provides a suite of next-generation solutions that reveal a better path to total defense.
These solutions provide new layers of testing, robustness, intelligence, collaboration and security to deliver
strength in visibility to the very Core of today’s critical systems, networks and devices. From automated
testing solutions to amplify security by bringing the unknown into view, to patent-pending verification and validation solutions that leaves
no stone unturned and no library or application unchecked, Codenomicon answers the call for new levels of security, safety and
transparency to the world’s connected and critical systems. Founded in 2001 in Oulu, Finland, the global company works with leading
telecommunications, networking, manufacturing, healthcare, financial services, defense, government, CERT and cyber authorities to
strengthen systems and proactively secure customers and connections.
QinetiQ provides best-in-class Cyber Security solutions, services and advice.
Our holistic solutions cover people, processes and technology; they help customers to maintain security, manage
risk, enhance corporate resilience and maintain competitive advantage. We specialise in advice, strategic Penetration Testing and Managed
Security Services across different sectors.
About City & Financial Global
City & Financial Global run around forty high level conferences each year, covering a wide variety
City & Financial Global
of topics held throughout the world. C&F Conferences have four distinguishing features. First, they
are often held under joint ventures with governments and government agencies. Second, our
speakers are always of the highest calibre, and include heads of government, senior government ministers, policy makers, and regulators
and chief executives and main board directors of some of the world’s leading companies, as well as experts from top advisory firms. Third,
our events focus on the impact of key change drivers such as government policy, regulation, product innovation, technology, supply and
demand side factors and specific developments in different markets. Fourth, we aim to produce the most authoritative conference on any
given topic. As a result, our events attract large audiences comprising senior decision-makers from both the public and private sectors, as
well as sponsorship from some of the world’s leading companies and financial institutions.
For more information please visit
Thursday 5th February 2015
The UK Energy Cyber Security Executive Forum
Please do not cover this address, even if incorrect
– it contains your customer code
+44 (0) 1483 479 409
Provisional bookings can be made by completing the
registration form and faxing it to us. Your place will be
confirmed on receipt of payment.
Send the completed registration form,
along with payment to the address below:
City & Financial Global Ltd, 1st Floor, Swift House,
Walnut Tree Place, Send, Woking GU23 7HL
United Kingdom
ENQUIRIES: +44 (0) 1483 479 331
Save 20% when you
book 3 or more places
First Name Mr/Mrs/Ms:
Family Name:
This will be used to send you
conference documentation.
My special dietary requirements are:
Payment Details
Payable to: City & Financial
*Bank Transfer:
IBAN: GB51 BARC 2097 5893 8408 91
Credit Card:
Card No:
Expiry Date:
City & Financial Premier
SAVE 5% City & Financial invite you to join City & Financial Premier. Membership of City & Financial Premier will entitle you
to a 5% discount off all City & Financial conferences & publications. To join you must provide City & Financial with your email
address and agree to allow us to send you details about relevant conferences and publications by email. Your email address
will not be released to third parties, except to those organisations sponsoring or exhibiting at a conference that you attend.
Please tick this box to join [ ] (Joining is free of charge)
Please indicate which of the following subject areas interest you:
Infrastructure/PPP [ ] Public Policy/General Business [ ] Energy [ ] Financial Regulation [ ] Corporate Finance [ ]
The discount is available for as long as you are a member of City & Financial Premier. You may unsubscribe after three
months’ membership. The 5% discount will be applied to your current order.
Please tick this box if you already are a City & Financial Premier member [ ]
CONFIRMATION If you have not received confirmation of your booking prior to the conference, please
call City & Financial on +44 (0) 1483 479 331. Your delegate place is not confirmed until payment is
received. Payment must be received before the conference date. If payment has not been received before
the conference date City & Financial reserves the right to ask for a credit or debit card guarantee of
payment when you register at the conference.
PRIVATE SECTOR FEE: £595.00 plus VAT (£714.00)
The fee for this conference as shown above includes refreshments, luncheon, and written documentation
for one delegate. Additional conference documentation packs are available on request at £199 + VAT.
These can be ordered by fax or email.
Please tick to receive an invoice
in advance of payment
3 digit security code
Issue Date:
CCT Venues Plus – South Quay
Details of nearby
Isis Building – Thames Quay
accommodation may be
193 Marsh Wall
found on the venue’s website
E14 9SG
Tel: 0207 537 6545
must be received in writing (an email or fax is acceptable). Non-attendance, or non-payment does not
constitute cancellation. If payment has not been made prior to the event, a full charge will still apply.
I cannot attend the conference but wish to buy the event documentation pack, which includes the
speakers presentations
Full documentation costs £199 + VAT
To order, complete the registration form and method of payment. Payment must be received
before the documentation and password can be despatched
All conference presentations will be available from the City & Financial website:
When paying by Bank Transfers quote this reference:
(Please ensure ALL bank charges are met by your organisation)
CANCELLATIONS/SUBSTITUTIONS Delegates cancelling 15 days or more before the event will
Personal Data is gathered in accordance with the Data Protection Act 1998.
If you do not wish to receive promotional material from City & Financial, please tick here
If you do not wish to receive promotional material from the Conference Sponsor, please tick here
If you do not wish to receive promotional material from any other 3rd party, please tick here
Please return this form with the address and customer code, clearly visible if you wish us to remove your records
from our database.
City & Financial Conferences reserves the right to make any necessary alterations/changes to the programme.
receive a refund less a 10% administration fee (waived if you elect to buy the conference documentation).
Cancellations received between 14 and 7 days before the event will be entitled to a 50% refund of the
conference fee, and will receive a copy of all conference documentation. Cancellations received 6 days
or less before the event will receive no refund but will receive a copy of all conference documentation.
Delegates can be substituted at any time prior to the event; notification of cancellations or substitutions