Welcome and Presentation of the Congress
Samuel Linares (Director, Industrial Cybersecurity Center), Leonardo Huertas (Colombia CCI Coordinator, CSA Eleven Paths)
Status of Industrial Cybersecurity in Spain: The CCI
Samuel Linares ( Industrial Cybersecurity Center, Director )
Is Director at Industrial Cybersecurity Center, European Commission Independent Evaluator, ENISA (European Network and Information Security Agency) CIIP Expert and member of ISACA Cybersecurity Task Force. With 2 decades of security, system integration and multinational and multicultural projects management experience, he has been the main promoter of the “Industrial Cybersecurity” concept in Spanish, being recognized as one of the key Spanish and Latin-american experts in the area and participating as speaker, chairman and teacher in different events all over the world (including Spain, UK, USA, Belgium, Qatar, United Arab Emirates, Mexico, Cuba or Argentina, among others).
He holds various cybersecurity certifications including GICSP (Global Industrial Cyber Security Professional), CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in Governance of Enterprise IT), CISM (Certified Information Security Manager), CISA (Certified Information Security Auditor), CISSP (Certified Information Systems Security Professional), GIAC Assessing Wireless Networks (GAWN), Systems and Network Auditor (GSNA), and Google Hacking & Defense (SSP-GHD), BSI BS 25999 & BS 7799 Lead Auditor (since 2002), and several additional vendor specific technical certifications. He holds a B.S. in Computer Science from the Univ. de Oviedo and is University Specialist in Data Protection by the Colegio Universitario Escorial Maria Cristina.
Industrial Cybersecurity in Ibero-america: A Review of Different Countries
Claudio Caracciolo (CCI Argentina coordinator, CSA Eleven Paths), Leonardo Huertas (CCI Colombia coordinator, CSA Eleven Paths), Marcelo Branquinho (CCI Brasil coordinator, TISafe)
Claudio Caracciolo Is currently the Chief Security Ambassador for Eleven Paths in Argentina. He is founder of Root-Secure SRL, and as a consultant, he specializes in Information Security and holds various international certifications. He is the President of ISSA Argentina (2011-2013 and 2013-2015), Coordinator for the CCI in Argentina, Member of associations like ISSA International, OWASP, Usuaria, Argentina Cibersegura, Member of the academic committee of Segurinfo since 2007.
Renowned speaker at multiple national and international events like TEDxUTN 2012 ( http://holename.wordpress.com/2012/07/13/tedxutn-de-las-emociones-a-las-experiencias/ ), LatinCACS 2012 and 2013, Isaca Lima Full Day, Campus Party Ec 2011, Owasp Latam Tour 2011/12 and 13, Segurinfo 2007-2013, 8dot8 (2011-2013) among other big events.
Claudio is a teacher on subjects related to Ethical Hacking, Defense Methodologies, Platform Hardering, Web security, Anti-Forensics Techniques. Passionate about Social Engineering. Together with his partners at Root-Secure he is author of “Ethical Hacking, un enfoque metodológico” (Ethical Hacking, a methodological approach), published by Editorial Alfaomega with ISBN-13: 978-9871609017. He co-organizes the event MS Doing Blue.
Leonardo Huertas Is Chief Security Ambassador for Eleven Paths where he works together with renowned cyber security experts like Chema Alonso, David Barroso and Claudio Caracciolo. He has worked for the Colombian government for 20 years, at the National Defense Ministry, as Cyber Security and Defense Adviser. During this period, he represented the Colombian government in bilateral programs with the governments of Israel and South Korea on matters related to Cyber Security.
He was adviser for the National Cyber Security and Defense Policy – CONPES 3701, and responsible for the design and implementation of the Computer Emergency Response Team – colCERT, where he finished his career in the Government, as team coordinator. Leonardo participated in OAS technical missions advising on the creation of national CERTs in the Dominican Republic, Panama, Mexico and Guatemala. In this role, he also advised Guatemala and Chile on developing national cyber security policies.
He was awarded with the Military Medal “Ministry of National Defense” in the “Distinguished Services” category. He has served as university professor and instructor in courses on VoIP and Network Security and Integration. His blog is called SamuraiBlanco and he is also the moderator of the DragonJAR Security Community. Leonardo has been a speaker at national and international events on matters related to Security and, among other research, he was involved in the organization of the “Advanced Incident Handling”-course at Carnegie Mellon University, holds an Ethical Hacker certification from the EC-Council, he graduated as a Systems Engineer from the EAN University in Bogota and holds grades in Engineering Project Management and IT Management from the same University. He is a specialist in Network Security and Operating Systems Security at the Open University of Catalonia, Spain
Marcelo Branquinho Is a SCADA security expert and an electrical engineer who specializes in computer systems. Branquinho has an M.B.A. in Business Management and is founder and CEO of TI Safe Segurança da Informação. A senior member of ISA International, he has over 15 years in the field of critical infrastructures and SCADA Systems and is the coordinator of the TI Safe´s Security Automation Training, the first Brazilian in this segment. He is also a member of the ANSI/ISA-99 standard working group. He is a published author and frequent presenter of technical papers.
Borrowing Security from Operations
Patrick Miller ( The Anfield Group / EnergySec, Partner and Managing Principal / President Emeritus )
Has dedicated his career to the protection and defense of critical infrastructures as a trusted independent advisor. He is a Partner and Managing Principal at The Anfield Group, as well as the founder, director and president emeritus of EnergySec, a 501(c)(3) nonprofit organization focusing on information sharing, situational awareness and security workforce development. Patrick’s diverse background includes positions with regulatory agencies, private consulting firms as well as organizations in the Energy, Telecommunications and Financial Services verticals.
The Practical Approach for Protecting the Critical Infrastructures from Emerging Cyber Threats
Ayman Al‐Issa ( ADMA-OPCO, Digital Oilfields Cybersecurity Advisor )
Has over 20 years of experience in the fields of Automation, Information Technology, and Cyber Security. He has graduated with a Bachelor’s degree in Electronics Engineering and verse in different backgrounds like industrial control systems, systems engineering, and building cyber security strategies, designs and models. Ayman has a wide-ranging experience in protecting critical infrastructures, and he is an information contributor to the ISA99/IEC62443 international standard and currently the Co-Chairman of Workgroup1.
Ayman is currently the CCI Chief Technology Advisor in the Middle East and Asia, and he is an energetic member in the Cyber Security advisory boards of a number of the top worldwide universities that are exploiting researches for improving industrial cyber security, and he is an active member in different international Security Innovation Alliances that are focused in a worldwide program for improving the security of industrial control systems by the close collaboration of the leading IT Security vendors and leading industrial automation and control system vendors. Realizing that security measures are always behind the emerging cyber risks, he developed an ICS defense-in-depth industrial cyber security model that aims to early detection of threats based on security-through-vision-and-integration.
Control Systems Cyber Security Center Activities for Social Infrastructure in Japan
Hideaki Kobayashi ( Control Systems Security Center - Japan, Vice President )
He received Bachelor Applied Physics in 1970 from Waseda University and Master Physics in 1972 from Tokyo Institute of Technology. He is now a vice president of Control System Security Center (CSSC) through Hitachi, Ltd. and Information technology Promotion Agency, Japan(IPA).
He was working on network and security area.
Industrial Cibersecurity in the Colombian Electricity Sector
Diego Zuluaga ( ISAGEN, Information Security Officer )
Systems Engineer, Executive MBA, internationally certifies in IT risk management, information security and industrial control systems (CISM, CRISC, CGEIT, GICSP, ISO 27001 L.A.). Information security Officer at ISAGEN. He heads a group of cyber security experts in the National Committee of Operations of the Colombian electrical sector. Diego has more than 15 years of experience in information security, holding positions, among others, as international consultant at KPMG for companies in the public and private sector; he is a renowned speaker at national and international conferences and has been undergraduate and post-graduate professor at public and private universities. He collaborates with several initiatives to improve cyber security of critical infrastructures. He was awarded the “Americas Information Security Leadership Award” by (ISC)², received special mention as Outstanding Young Overachiever of Antioquia and of Colombia by the International Youth Chamber within the Program “Ten Outstanding Young Persons” and he was decorated with the Intelligence honor by the Colombian National Police.
Panel Discussion: The International Perspective
Patrick Miller (EnergySec), Ayman Al-Issa (ADMA-OPCO), Hideaki Kobayashi (CSSC), Diego Zuluaga (ISAGEN). Moderator: Samuel Linares (CCI)
SEC4SCADA: Industrial CyberSecurity & Smart Grid Testbed and Product Developer Center
Iñaki Eguía, Arkaitz Gamino ( Tecnalia, Research and Development Area )
Iñaki Eguia leads CyberSecurity team in IT-Competitiveness unit in Tecnalia. He has participated in several European projects related to security, web infrastructures, embedded systems and networks heterogeneity. He has coordinated ARCADIA FP7 funded project related to embedded systems and CIPS RISC Project. He is member of NIS and Artemis. He is also the responsible of International Innovation Unit of Prometeo that aims to push enterprises to do an international R&D. He obtained his degree in Computer Science from Deusto University and Lund University (Sweden 2001) and his degree in Industrial engineering at Deusto University (2006). He currently participates in a number of European Security R&D projects for large industries, such as nSHIELD, pSHIELD, ARCADIA, Internet of Energy and Chiron. Iñaki Eguia is professor in the University of Deusto for security engineering master course.
Arkaitz Gamino belongs to Research and Development Area at TECNALIA. He has participated in several European projects related to industrial security, convergence of cyber & physical systems, web infrastructures and embedded systems. He works in several projects related to IT Security, including data protection legislation which affects Spanish undertakings is the personal data protection act (15/1999 – Ley Orgánica 15/1999 de Datos de Carácter Personal – LOPD) and it’s implementing regulations. Also, he works in certification of the security measures laid down by gambling law (Ley 4/1988, de 3 de junio and Ley 4/1991, de 8 de noviembre). He obtained his degree in Computer Science from University of Deusto and he obtained his postgraduate in Cybersecurity from University of Deusto. He holds CISA (Certified Information Systems Auditor) certification in 2009 from ISACA/F – Information Systems Audit and Control Association / Foundation and he is member of CENELEC.
15 in 15: 15 Cyber-incidents in 15 Minutes
Bryan Owen ( OSIsoft, Cyber Security Manager )
Is the cyber security manager for OSIsoft LLC (www.osisoft.com) – a software company located in San Leandro, CA that builds systems for monitoring real time information principally of heavy industrial facilities. Bryan helped pioneer use of Plant Information systems while a control engineer in 1985. OSIsoft has since grown from a small software startup to a highly profitable global corporation that operates in 110 countries. It has, over 1200 employees worldwide with about 400 in San Leandro. Bryan’s career at OSIsoft started officially in 1996 as a field service application engineer where he travelled extensively to commission remote monitoring centers and deploy real time decision support infrastructure. This was ‘big data’ for industry before the term was part of mainstream technology.
Bryan later managed OSIsoft’s engineering services for the Oceania region before returning the United States to focus on cyber security in the post 9/11 era. OSIsoft started researching industrial cyber security with Idaho National Lab (INL) in 2005 under Bryan’s leadership with product assessments and intensive training activities. Similarly, the close partnership with Microsoft was used to help bootstrap formal security development lifecycle (SDL) process and practices at OSIsoft. Bryan is Microsoft certified and a State of Washington Professional Engineer holding a Bachelor of Science in Chemical Engineering from Oregon State University (1981).
Bryan’s outreach activities include the American Fuel & Petrochemical Manufacturers cyber security committee, US Department of Homeland Security Industrial Control System Joint Working Group, and various International Society of Automation standards teams.
Bryan is active with social media and publishes a blog on PI system security for the greater OSIsoft community.
Security and Protection Systems Born for the Industrial World - Taking care of Security in the Convergence of Corporate Networks and SCASA
Marcelo Mayorga ( Fortinet, Manager, System Engineering South-America )
Has been working in Information Security for more than 12 years. During this time, he has held positions in support, engineering, services, pre-sales and after-sales deparments and acquired certifications in various technologies and manufacturers. He holds a degree in Information Systems and is currently sturying a post-graduate course in Cryptography and Secure Communications at the Institute for Advanced Learning of the Argentine Army (IESE). Currently, he is the Manager of System Engineering for South America of Fortinet.
Panel Discussion: Learning from Cybersecurity Incidents in the Industrial World
Bryan Owen (OSISoft), Marcelo Mayorga (Fortinet), Arkaitz Gamino (Tecnalia), Robin Salcedo (CEO, Identian). Moderator: José Valiente (CCI)
First Day Closing Remarks
José Valiente ( Industrial Cybersecurity Center, Manager of Coordination and Communication )
Is manager of Coordination and Communication at the Industrial Cybersecurity Center. B.S. on Computer Science by the Universidad Pontificia of comillas, is a specialist in Security and Technology Consultancy. With more than 20 years of experience in consulting firms as Davinci Consulting and Tecnocom involved in projects related to IT and security for big companies and public enterprises he holds multiple certifications from security and IT vendors (Cisco CCNA y CCDA, System Security Mcafee, Security Specialist Juniper, Websense Certified Enginer, F5 Bigip Specialist y Radware certified security Specialist) as well as CISM from ISACA.
José is an expert in project management and has lead ISMS deployment projects for IBEX35 companies and public enterprises working with security top level teams. He has wide knowledge on ITIL and PMI and experience in providing training to industrial sectors companies and public enterprises.
Welcome and Presentation
José Valiente ( CCI, Manager of Coordination and Communication )
Cyber Money Laundering: A Risk for the Security of Critical Infrastructures
Luis Edmundo Suárez Soto ( Information and Financial Analysis Unit (UIAF), Director )
Is attorney at the Andes University, he specializes in Economy and also holds a degree in Administrative law from the University of Rosario. He has held various positions both in the public and private sector, such as the National Planning Department. He has also been Manager of Suárez & Asociados, carrying out advising, consulting and legal activities relating to financial, constitutional and administrative Law.
He has been professor and speaker on subjects relating to Financial Law at the Andes University and the Javeriana University. Currently, he is professor of Law, with emphasis on Banking and Securities Law at the Externado University in Colombia.
Luis assumed the lead of the Information and Financial Analysis Unit (UIAF) in November 2010, where he inspired and lead the construction and implementation of a new approach based on innovation to fight money laundering and terrorist financing, leading to unprecedented results.
Under his leadership, he won the Best Egmont Case Award (BECA) for Colombia, in recognition of the best financial intelligence case 2013-2014.
He also provides the Technical Secretariat of the Commission on Inter-agency Coordination for the Control of Money-Laundering (CCICLA) and he represents Colombia at the Financial Action Group of South America (GAFISUD), being the President for 2014.
Experiences in Industrial Cyber Security
Alexis Hidalgo Donoso ( PEMEX, CISO )
Alexis graduated from UTFSM in Chile, has been an information technology consultant for 20 years, with a solid background in information security, fraud prevention, incident response and forensic analisys. He has analysed, designed and implemented sollutions, procedures and mechanisms focussed on mitigating IT risk for the financial, telecommunications sectors and the governments in Mexico, Europa and Latin America. Alexis is the leading creator of “Security Plans” for fraud mitigation in the payment card industry, ATMs and online banking, such as innovative attack prevention systems against ciberplagas y cibercrimen, that effectively reduces risks in the critical infrastructures and the industry. He has been Security Director in several consulting firms and holds various industry certifications.
New Thinking to Narrow the Security Gap in Scada Environment
Stephen Fallas ( CISCO - Sourcefire, Consulting Security Architect/Security Instructor LATAM )
Stephen is a Consulting Security Architect and Security Instructor for Cisco Security Business Group, Inc. in the region of Latin America. Their projects include analysis, design and implementation of computer science security architecture and security assessment in the commercial, financial, governmental and SCADA sector. He has +20 years of information technology experience, specializing in information security for 15 years. He has been working directly with customer and managing the relationship between them and the ISS delivery services team such as PSS and MSS. Stephen has a strong background in systems and network administration and application development and has in-depth experience in designing and implementing secure networks. He also has extensive experience in security management – creating and managing security policies, risk assessment programs, and security infrastructure. He has conducted numerous information risk assessments and penetration test for variety of financial and civilian clients.
Industrial Cybersecurity in the Oil and Gas Industries: A Real Case
Johanna Orjuela Parra / Paulo Orozco ( Ecopetrol, SCADA Maintainance and Applied Applications Coordinator / Control Systems Information Security and Telecommunications Professional ) Johanna Orjuela.
Johanna Orjuela. Johanna has worked for Ecopetrol since 2006, developing Information Security in Industrial Control Systems and generating corporate and specific guidelines for the department she works for, as well as an operational and tactical plan for their implementation and sustain it over time.
Johanna holds an Engineers degree, graduated from the Electronic Engineering Faculty of the Pontificia Universidad Javeriana in Bogotá and holds a Master´s degree in Electronic Engineering from the same university graduated with great honor. She also holds international certifications as SCADA Professional and is PMP certified.
Pablo Orozco.Paulo currently works as Control Systems Information Security and Telecommunications Professional for the Transport department (VIT) of ECOPETROL. He is electrical engineer, specializes in automatic and industrial computer science and certified SCADA Security Architect. Since 2010, he is responsible for the information security and control systems program of the VIT, where he defines and ensures compliance with control systems guidelines and implementation of controls under international standards. Additionally, he is responsible for securing the control systems communications architecture, under the principle of defense in depth.
Panel Discussion: The Impact of Industrial Cybersecurity in our Society
José Valiente (CCI), Stephen Fallas (Cisco-Sourcefire), Luis Edmundo Suárez Soto (UIAF), Johanna Orjuela (Ecopetrol). Moderator: Claudio Caracciolo
Industrial Cyber Threats and Trends
Andrey Nikishin ( Kaspersky Lab, Special Projects Director - Future Technologies )
In a career that stretches back to the early days of Kaspersky Lab, Andrey worked as a Senior Software Engineer and Architect before moving to the Strategic Marketing Department as a Product Strategy Manager. Prior to his present role, Andrey headed the Cloud and Content Technologies Research and Development Department. Before joining Kaspersky Lab, Andrey had several years of experience developing his own antivirus programs. Andrey has a degree from the Baltic State Technical University in St. Petersburg and received his MBA from the London Business School.
Towards Early Detection of Advanced Threats in Industrial Word
María Pilar Torres Bruna ( EVERIS, Manager of Cybersecurity Projects )
Is currently the manager of cyber security projects at Everis Aerospace and Defense. After almost 11 years with the company, she has vast experience in large IT projects. She spent 5 years in the public sector in Spain, 3 in the public sector of the Mexican office of Everis and finally, 3 years ago, she assumed the responsibility of developing the Security division of Everis Aerospace and Defense, leveraging the services that the Everis Group already offers to small and medium-sized niche companies.
She has executed projects related to Security Master Plans, in Spain and Europe and within the company she is promoting protection campaigns against malware; privacy and personal data; the use of cyber attack simulators for training at critical infrastructures; analysis of necessary certifications for Security directors of critical infrastructures; cyber security in Smart Grids; monitoring infrastructures in networks; Finally, she is participating in several projects related to cyber security roadmaps aimed at contributing to the main European investment and innovation programs.
Security Researchers in the Industrial World
Rony Lerner ( Tripwire, Vice President of Engineering )
Rony, a Bogota native, is a veteran executive in the software industry with a proven track record of leading small and large engineering organizations in companies from early development through successful initial public offering and acquisition. He leads the Research and Development of Tripwire Security portfolio of products.
Tripwire trusted technology for connecting cybersecurity to the business, delivers unprecedented risk visibility, business context and security business intelligence enabling enterprises to protect sensitive data and assets from breaches, vulnerabilities, and threats, through its trusted portfolio of high priority security controls.
Prior to joining Tripwire, Rony was Vice President of Research and Development for the Database Management Business Unit of Quest Software Inc. He has led organizations in more than 20 locations across four continents and released more than 40 very successful products.
Rony earned his Bachelor of Science degree in Computer Science from the Israel Institute of Technology in Haifa, Israel. Rony also served eight years in the Israeli Air Force, where he received intensive technical and officer’s leadership training. He retired with the rank of Major
Physical Security, Entering your Company like in the Movies
Jaime Andrés Restrepo ( DragonJAR Community, Founder )
“Telecommunications and Computer Science Engineer who graduated the Manizales University. CEH. Information Security Researcher with more than 10 years of experience in Ethical Hacking, Pen Testing, Vulnerability Analysis and Forensic Analysis. Manager of DragonJAR Solutions and Information Security SAS, Co-founder of the ACK Security Conference and Founder of the DragonJAR Community, one of the largest Spanish speaking information security communities and considered a reference within the sector.
He has been a speaker at several Security events (EKO Party in Argentina, iSummit in Ecuador, e-Security Guayaquil, OWASP Latam Tour, Campus Party Colombia and Mexico, 8.8 Security Conference in Chile, INFOTEK 2012 Peru, Ethical Hacker Conference Bolivia, GuadalajaraCON in Mexico, BSides PR in Puerto Rico, HubCON in Paraguay, CSI Security 2013, International Meeting for Information Security, Ethical Hacking Conference, SegurINFO, among many others).”
Panel Discussion: Vulnerabilities in the Industrial World and Protection Technologies
Rony Lerner (Tripwire), Andrey Nikishin (Kaspersky), Maria Pilar Torres (Everis), Juan Carlos Guel (Mnemo), Jaime Andrés Restrepo (DragonJAR). Moderator: Nacho Paredes (CCI)
The Perception of the Industrial Organizations: And Now? (Lessons Learned, Next Steps…)
Diego Zuluaga (ISAGEN), Alexis Hidalgo (PEMEX), Johanna Orjuela (EcoPetrol), Fernando Guerrero (CISO & CIO, CELEC EP). Moderator: Samuel Linares
Congress Closing Remarks
Samuel Linares ( CCI, Director )