Re-thinking ICS Security By Upgrading IT/OT Controls, Frameworks And Threat Monitoring For The Digital Age

27/07/2020 | Free-to-Attend | 8:50 am - 12:10 pm AEST

Agenda Day Program: 27th July 2020


9:20 am - 9:30 am Conference Opening – Remarks from the Conference Chairperson

9:30 am - 10:00 am Mitigate Human Factor & Technology Risks Exposing ICS Systems Through Rigorous Testing Around Crisis Management & Scenario Planning

Jeff Campbell - Chief Cyber & Information Security Officer, Horizon Power

Industrial control systems and critical infrastructure continue to become increasingly automated and digitised, yet it is an inescapable fact that we are still dependent on humans for the end-to-end security of these systems and services. In this presentation, Horizon Power’s Jeff Campbell will dive into how Horizon Power implemented business continuity planning processes that will protect their infrastructure from future threats and attacks in times of crisis.

  • Insights into cyber threats to critical infrastructure and control systems, exacerbated due to COVID-19
  • Understanding how to re-test and implement business continuity planning processes such as scenario planning to protect your network in times of crisis.
  • Alleviating increased resource usage through selective tunneling and securing traffic going to internet through CISCO umbrella.

Jeff Campbell

Chief Cyber & Information Security Officer
Horizon Power

10:00 am - 10:30 am Eight Common OT/Industrial Firewall Configuration Mistakes Control System Leaders Make And A Novel Approach To Minimising These Risks

Michael Firstenberg - Managing Director, Waterfall Security Solutions

Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable. We explore eight common mistakes that firewall administrators make and describe how these mistakes can compromise ICS network security. The lesson here though is not “stop making mistakes.” The lesson is to choose appropriate technology for the need. We explore technology alternatives to OT firewalls that eliminate the potential for online attacks as a result of misconfiguration.


Michael Firstenberg

Managing Director
Waterfall Security Solutions

10:30 am - 10:40 am Break

Between cloud, IoT, 5G, and global supply chains, the modern enterprise is increasingly complex and increasingly vulnerable.In this session, learn:

·        How today’s attackers are exploiting increased connectivity between IT and OT to disrupt critical environments

·        How the first AI security system ever deployed across ICS and SCADA networks understands and learns the patterns of life for unique operational environments

·        Where AI shines a light on key blind spots to provide visibility across the digital infrastructure, including ICS, cloud, email, and the on premise network.

·        How cyber AI has neutralized real-world threats to a medical manufacturing company’s IP, a transportation center’s IoT devices, and a major organization’s assembly line


Saoirse Lappin

Commercial Director

Liam Dermody

Cyber Threat Analysis Director, ANZ

11:10 am - 11:40 am Understanding How WesCEF Improved Control System Security In The Midst Of A Global Pandemic, And With A Skeleton Workforce.

Michael Dorn - Cyber Security & Control Systems Lead, Wesfarmers WesCEF

The separation of IT and OT introduces some interesting security challenges. Due to the nature of ICS, COVID-19 forced IT at Wesfarmers WesCEF to install a number of network changes which required a fast-moving OT environment on a skeleton crew. In this presentation, Michael Dorn will present on how Wesfarmers managed to re-size VPN’s for remote working, introduce network changes through IT, and had their reduced number of staff in operating facilities combat security challenges in a slower operating environment.

  • Re-sizing VPN’s for thousands of workers to enable remote working capabilities.
  • Maintaining stakeholder engagement and awareness throughout a period of uncertainty.
  • Providing centralised management and change control for a reduced IT and OT

Michael Dorn

Cyber Security & Control Systems Lead
Wesfarmers WesCEF

11:40 am - 11:50 am Conference Closing – Remarks from the Conference Chairperson

1:30 pm - 2:30 pm Premium Networking Session (Invite Only) - Lessons From Managing A Recent, High Profile Control System Disaster Recovery Program

David Brookes - Director, Optimate

No system is bullet proof. Join this group discussion with your industry peers to explore what steps are necessary to take before disaster strikes and the tools vital to ensure complete recovery. You facilitator will also dive into real life case studies and recent experiences with managing disaster recovery for control systems to help you come away with tangible steps you can take back to your own organisation.


David Brookes