Congresos

Congress

Great attendance at the VIII International Congress of Industrial Cybersecurity that ICC held on June 7 and 8 in Lima, Peru

June 7-8, 2017

As a fundamental part of its activity, the Industrial Cyber Security Center (CCI) has held its VIII International Congress of Industrial Cybersecurity, as one of the events of reference for the Latin American market, and as a meeting point and exchange of knowledge, experiences And relations of all the actors involved in this field.

This new edition has had as its central axis the current situation of cybersecurity in Latin American industry, presenting for the first time a benchmarking of the situation in Argentina, Brazil, Colombia, Chile, Peru and Uruguay. The congress has also counted on important experts who will present solutions and cases of success in industrial organizations.

This eighth meeting was held at the Hotel Sol de Oro (Calle San Martín 305 Miraflores, Lima, Peru) on June 7 and 8, and around the same was held on June 6 a workshop with the theme “Applying Cybersecurity In the Life Cycle of an Industrial Automation Project “.

The following chronicle has been elaborated by Segurilatam, collaborator of this Congress.

José Valiente, director of the CCI, started the conference by presenting the main objective of the Center, raising awareness about the technological risks of the industry, and for that reason its activities focus on sharing experiences on industrial cybersecurity through its documents, specialized workshops, Events and congresses, such as the one held in the Peruvian capital. CCI has an international reach with representatives in fifteen countries, of which more than half are in Latin America. Valiente explained that they have an ecosystem formed by more than 1,200 members between industrial organizations, manufacturers and integrators, universities, experts in different areas of security, etc.

Within the framework of the theme of the VIII International Congress, the coordinators of the Industrial Cyber Security Center (CCI), Ernesto Landa and Jorge Abanto, CCI coordinators in Peru, presented some of the main conclusions of the study on the state of industrial cybersecurity in Peru 2017. Among them, it should be noted that 21 percent of the organizations consulted have not assessed the level of risk in their automation and control systems or that 17 percent have not segmented the corporate and industrial networks. But, stressed the speakers, not all bad news, since 77 percent plans to undertake new activities in the field of industrial cyber security. And in order to promote the latter, they proposed, among other solutions, greater regulation, since, unfortunately, “in the industrial sector there is no real awareness about the threats”.

César Vílchez, undersecretary of Digital Technologies of the Digital Government Secretariat, announced the public policies being carried out in Peru to guarantee the provision of essential services to all citizens. Vílchez, warned that “talking about applied cybersecurity to industry is not something that can materialize overnight. We need to plan and dedicate economic resources to that goal”, while showing the Government’s desire to make Peru a Industrial country. “And to be a proactive nation,” he said, “information and communication technologies (ICTs) play a very important role.”

With a broader geographical perspective, Claudio Caracciolo, general coordinator for Latam of the CCI, presented below the Study on the state of industrial cyber security in Latin America, prepared after consulting organizations in Argentina, Brazil, Colombia, Chile, Peru and Uruguay. “A report,” said Caracciolo, “which shows that the assessment of the level of risk in control and automation systems is a pending issue” and noted that there is a high level of equipment connected to the Internet in the region and that There is a centralized incident management, something that can be seen in the formation of the CERT.

Already as rapporteur, José Valiente took the floor again, in this case to deal with a subject as relevant as cybersecurity in the life cycle of an industrial automation project, in this case used as an example an automation project in Oil & Gas, highlighting the consequences of not adequately addressing cybersecurity requirements. During his didactic intervention, the Director of the CCI placed special emphasis on remembering that, when it comes to tackling an industrial automation project, the challenges are many and of great importance (technical, economic, quality and planning), being essential the Presence of a cybersecurity officer responsible for coordinating cybersecurity activities correctly.

To help organizations in this area, Valiente recommended the document Cybersecurity in the life cycle of an industrial automation project, available in the CCI Publications section, https://www.cci-es.org/publications , The pocket guide Cybersecurity in the industrial automation pyramid is also available for free.

Claudio Caracciolo, on this occasion as head of Security at ElevenPaths, referred to the Cybersecurity process maturity evaluation tool in industrial organizations in the introduction of the paper titled “When scans do not reach”. An intervention in which he welcomed the existence of different books and documents dedicated to industrial cybersecurity, but in which he lamented that, when having to perform a scan, “use the tools that are used for everything “. Therefore, he encouraged the use of specific solutions and to implement policies such as the industrial cybersecurity master plans.

And before lunch, Miguel García-Menéndez, vice-president of CCI, was in charge of moderating the table-debate Regulatory framework and of relations between the areas of information systems and industrial control systems, in which Ernesto Landa, Claudio Caracciolo and Patrick Miller, CCI Ambassador to the US and President Emeritus of EnergySec.

On the first question raised by Miguel García-Menéndez – what importance do you give the human component regarding the risks of technologies in both a corporate and industrial environment? – Ernesto Landa said that “within organizations is essential To raise awareness of managers and to have the support of top management, and to achieve this, it is necessary to speak their own language. “Without doubt, awareness must be linked to the strategic business plan,” he said. On this comment, the moderator recalled that the latest document prepared by the CCI (Benefits of cybersecurity for industrial enterprises) is aimed precisely at senior management.

Patrick Miller said that “the technology is certainly for humans, a human can meet many requirements and technology is there, playing a very important role, but our actions are too,” he said, while Claudio Caracciolo Coincided with Ernesto Landa that “it is vital to raise awareness and that the different departments of an organization interact.”

In addition, during the panel discussion, issues such as the internal regulatory framework aspects applied in information systems that could also be beneficial to industrial control, the main difficulties encountered by organizations in achieving understanding between Areas of IT and OT and the performance priorities of organizations to integrate both departments. In relation to the latter, the representative of ElevenPaths insisted that “the two parties have to interact, meet and agree.”

In the evening, Enrique Domínguez and David Marco, strategic director of cybersecurity and responsible for Entelgy Industrial Cyber Security, respectively, offered a talk about the importance of properly managing incidents in the industrial field. The first one gave a brief introduction on InnoTec’s position within Entelgy in the cybersecurity sector and its wide range of services for the entire protection cycle of connected industrial systems, the basis of the secure management of critical infrastructures.

And as for the second, it explored how prevention, detection and effective management of security incidents in industrial systems ensure resilience. Marco showed attendees that the organizations better prepared to face the new challenges and threats presented by cyberspace are also more competitive and able to provide effective responses to situations that may compromise their activity. In the case of Entelgy, he proposes “to be flexible” and “to have no packetized solutions”. And the molds are set aside, as each client requires a personalization of cybersecurity.

Patrick Miller then spoke. The American expert explained several lessons and revealed some myths. During his speech, EnergySec’s chairman emeritus stated that there is no technology that solves problems and claimed that there are enemies everywhere for whom you should always be prepared. And, as he argued at the table-morning debate, he argued that human intervention becomes more important as organizations increase their automation. Regarding the latter, he said that they tend to acquire many tools that do not manage properly and generate more complexity, when it is advisable to simplify security.

Already in the final stretch, Miguel García-Menéndez dealt with some norms or regulatory frameworks that have appeared in Europe in recent years and are linked to cybersecurity. Firstly, the Vice-President of the JRC referred to the popularly known NIS Directive, “whose main objective is to achieve a high and homogeneous level of security in the networks and information systems of the European Union.” Likewise, García-Menéndez referred to the new European Data Protection Regulation, whose transposition to the Spanish scope must materialize before August 25, 2018. Finally, he referred to the ICCF, which aims to become a framework for An articulated reference specifying the principles, activities and actors of an evaluation of components of an industrial automation solution. Among other organizations, the ICC and the National Institute of Cybersecurity (Incibe) of Spain have been involved in the development of the ICCF.

A day later, after welcoming the audience, the director of the CCI gave the floor to César Cuadra. The representative of Open-Sec, a company specializing in security assessments, carried out the paper From theory to practice: ‘hacking’ in the industrial world to warn that “it is necessary to know the attacker to know how we have to defend ourselves: Exist from hacktivists to employees that can be a real danger for organizations, and just as there are different types of attackers, the attacks are also very diverse, from opportunists to social engineering. And among the recommendations addressed to those present, he advised to be “very meticulous” when it is time to perform intrusion tests on industrial systems with the aim of avoiding collateral damage.

Next, as an example of cybersecurity efforts, José Luis Ríos and Luis Hidalgo, representing Radware and Check Point, respectively, announced the alliance between the two Israeli companies to combat cyber attacks. The first, Rios said, specializes in mitigating Denial of Service (DoS) attacks and, among others, has signed a collaboration agreement with Telefonica, a company of which Check Point is a strategic partner. Regarding the work being carried out by this company, Hidalgo said that the same bet on sandboxing techniques and alerted the increase of cyber attacks to industrial organizations, especially through spear phising (emails that appear to be from a known person or company ).

Thinking about organizations, José Valiente wondered if they were prepared to measure their level of cybersecurity. The director of the CCI stressed that it is important to evaluate, since this facilitates “to continuous improvement”. And as a help document to achieve this, he referred to the Cybersecurity Process Maturity Assessment Tool in industrial organizations, downloadable through the CCI website and of general application to any industrial organization. In addition, it makes it possible to establish comparisons with third entities. With a total of 122 targets, the document, explained Valiente, has already been used to evaluate by companies such as Argentine oil company YPF.

Gabriel Faifman, Director of Strategic Programs at GE Digital, took over the role of Connectivity and Risk in industrial automation solutions. An intervention that started with a reminder that, 20 years ago, it was related to a well-known global refreshment brand “in which there was no talk of industrial safety.” Now, it is clear that connectivity is a risk. The organizations, at a global level, believe that it will be attacked. That is why it is necessary to prepare, “he reasoned, while calling it” very serious “that hospitals ceased to serve due to ransomware WannaCry. And considering that the industry 4.0 is a challenge from the point of view of cybersecurity, it opted for the implementation of the series of standards IEC 62443, which, among other advantages, also helps organizations to evaluate their level of maturity in Cybersecurity.

This is essential given that many of the organizations are considered critical and provide essential services to society, Ernesto Landa recalled, on this occasion as coordinator of Information Security of the Amazon Gas Operator Company (COGA). Before showing some practical cases of cyber attacks, this professional recommended reading the article Critical Infrastructure Protection, work of Jorge Albarrán and published in number 4 of Segurilatam, since it emphasizes the importance of having such basic services In day-to-day life such as electricity or water supply. After recalling cyber attacks such as those suffered by the Saudi Aramco oil company in 2012 or a Ukrainian power plant in 2015, Landa explained that COGA is part of the Cybersecurity Committee of the Regional Association of Companies of the Oil, Gas and Biofuels Sector in Latin America and the Caribbean (ARPEL).

Likewise, Ernesto Landa recommended some of the documents published by the CCI, among which are Benefits of cybersecurity for industrial companies. The same was analyzed by Miguel García-Menéndez, who, as in the first day, said that with this text “is intended to raise awareness of top management.” According to the CCI Vice-President, “the document looks for CEOs to be knowledgeable about cybersecurity, because the latter can contribute to a company’s revenue growth. However, 78 percent of CEOs and CEOs complain about Absence of cybersecurity news.

Finally, the four participants agreed that the suppliers of the organizations should be more involved in cybersecurity and have local structures that facilitate greater proximity to the client.

Many thanks to all the assistants, coordinators of Peru, general coordinator of Latam, sponsors and collaborators of the VIII International Congress of Industrial Cybersecurity, thanks to you it has been a success.

Agenda

Schedule

07/06/2017
Welcome and Introduction of Congress
José Valiente ( Industrial Cybersecurity Center (CCI), Director )
Jose Valiente is Director and Responsible Coordination and Communication in Industrial Cyber Security Center. Specialist Security Technology and consulting. He has over 20 years experience working in large consulting firms, where he has developed his professional career in the field of information technology, as in the industrial automation sector. He has participated in more than a dozen publications on industrial cyber security, as well as numerous conferences, events and specialized courses in cybersecurity. Currently it has multiple certifications solutions and IT security vendors and professional certifications from ISACA CISM and Global Industrial Cyber Security Professional (GICSP) GIAC.
07/06/2017
Presentation of the State of Industrial Cybersecurity in LATAM
Claudio Caracciolo ( Chief Security Ambassador - Eleven Paths, LATAM General Coordinator - CCI )
LATAM General Coordinator of CCI. Consultant specialized in Information Security with international certifications. Professor of Computer Forensics at the Higher Institute of Public Security (ISSP). Member of environmental associations such as: ISSA International, OWASP, Usuaria, Argentina Cybersecurity, Member of the academic committee of Segurinfo from 2007 to the present. Speaker in a large number of national and international events and instructor on topics related to Ethical Hacking, Defense Methodologies, Harding Platforms, Web Security, Anti-Forensic Techniques.
07/06/2017
Presentation of the State of Industrial Cybersecurity in Perú
Jorge Abanto ( Industrial Cybersecurity Center, Peru Coordinator )
Professional with over 20 years of work experience, International Diploma in Cybersecurity, with specializations and international certifications in Information Security, Audit, Risk Management and Management in Public Administration, such as ISO27001 LA (Information Security Management Systems Auditor / Lead Auditor ), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control).

International lecturer with more than 10 years of academic experience. He is currently working in the Defense Sector and has participated in national and regional activities, in coordination with the National Incident Response Team of Peru (PCERT), the National Office of Electronic Government (ONGEI), the Working Group on Cybernetic Threats UNASUR (Union of South American Nations) and the Cybersecurity Program of the OEA. He is a member of ISACA, APACSI and ACM.
07/06/2017
Advances in Critical Infrastructure Protection in Perú
Lieneke Schol ( National Office of Electronic Government and Informatics (ONGEI), Director )
Graduated in Industrial Engineering at the University of Lima and with a master’s degree in Business Administration at Adolfo Ibañez, she has extensive experience in the technological sector. Since 2001 she was part of Microsoft, after thirteen years in IBM of Peru.

She is also the director of OWIT Peru, an international organization of women in business and has participated as a mentor in the start-ups accelerator Endeavor Peru
07/06/2017
Cybersecurity in the Life Cycle of an Industrial Automation Project
Samuel Linares ( Booz Allen Hamilton, Senior Lead Technologist )
Samuel Linares is Coordinator of the Industrial Cybersecurity Center for the Middle East Region, Senior Lead Technologist at Booz Allen Hamilton, European Commission Evaluation Expert and Critical Information Infrastructure Protection (CIIP) Expert at ENISA (European Network and Information Security Agency). With almost 2 decades of experience in security, systems integration and management multinational and multicultural projects, he has been the main promoter of the concept of “Industrial Cyber Security” in Spanish, which has led him to be recognized as one of the best Ibero-American experts in this area. (Spain, UK, Belgium, Qatar, Mexico or Argentina, in others).

Samuel has numerous certifications in the area of cybersecurity, such as CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in Government of Enterprise IT), CISM (Certified Information Security Manager), CISA (GSNA), GIAC Assessing Wireless Networks (GAWN), BS 25999 Lead Auditor and BS 7799 Lead Auditor by BSI (British Standards Institution) since 2002.
07/06/2017
Example of multinational collaboration in cybersecurity: NIS Directive
Miguel García-Menéndez ( Industrial Cybersecurity Center(CCI), Vice President )
He has a degree in Computer Science from the University of Oviedo (Spain). He started the aforementioned track record of steel treatment facilities and control algorithms (MES) for the Spanish and Latin American steel industry, in charge of the Processes Informatics area Of an engineering, where also it was CIO. Certified Information Systems Manager (CISM), Certified Information Systems Manager (CRISC), Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), COBIT Foundation Certificate, COBIT Implementation Certificate, COBIT Assessor Certificate, COBIT Foundation Trainer, COBIT Implementation Trainer and COBIT Assessor Trainer, awarded by ISACA
07/06/2017
Unicorns, Infosharing, Threat Intelligence and Other Myths
Patrick Miller ( Archer Energy Solutions, LLC, Energy Sector Security Consortium, Managing Partner )
Patrick Miller is one of 20 experts in cyber Forbes policy to follow on Twitter and one of the 50 pioneers of smart grid smart grid 2015. Today is an independent trusted advisor dedicao the protection and defense of critical infrastructures around the world. Currently he is managing partner of Archer Energy Solutions, as well as founder, director and president emeritus of EnergySec a 501 (c) (3) nonprofit organization focused on the exchange of information, knowledge of the situation and development of staff security for the energy industry. Patrick’s experience extends to the Government, Telecommunications, Financial Services and Energy verticals within key positions with regulators, owners of utility assets and private consulting firms.
07/06/2017
Connectivity and risk in industrial automation solutions
Gabriel Faifman ( GE Digital, Director, Strategic Programs )
He is one of the experts representing Canada in the TC65 WG10 who developed the standard of cybersecurity for Industrial Control Systems IEC 62443-2-4. For over 25 years it has designed, installed and operated automation solutions and protection of critical infrastructures including energy, oil, beverages and food, and transport. During the 2010 Winter Olympics in Vancouver (Canada), he has planned and operated cybersecurity at Vancouver International Airport.

Gabriel is an Electronic Engineer at the University of Buenos Aires. Certified by the National Security Agency (NSA) as Infosec Professional, has participated in defensive exercises with security agencies.
07/06/2017
Cyberincident management is key to corporate resilience
David Marco ( Entelgy, Industrial Cybersecurity Manager )
David Marco Freire is a graduate in Technical Engineering in Computer Management at the Universidad Europea de Madrid.

It is certified in CCNA and CCNP. He is specialized in the development tools Visual Studio and Databases Oracle and Microsoft SQL, and in industrial tools like SmartPlat Instrumentation, SmartPlant Foundation, RMOS and WINCC. He started in the software world, passing through developer, analyst and project manager by different companies Such as SINAP, CEDEX, Proa Financial, MetroRed-Online, Banco Santander Central Hispano and Software AG. In Tecnicas Reunidas was Software Coordinator within the Instrumentation department and gave the change to the industrial world so he knows both worlds IT and OT.

He has participated in all the projects carried out in the last seven years in Tecnicas Reunidas with clients such as ARAMCO, GALP, PEMEX, SABIC, BOROUGE, PETRONAS, REPSOL.
08/06/2017
Welcome and Presentation of the day
Miguel García-Menéndez ( Industrial Cybersecurity Center(CCI), Vice president )
He has a degree in Computer Science from the University of Oviedo (Spain). He started the aforementioned track record of steel treatment facilities and control algorithms (MES) for the Spanish and Latin American steel industry, in charge of the Processes Informatics area Of an engineering, where also it was CIO. Certified Information Systems Manager (CISM), Certified Information Systems Manager (CRISC), Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), COBIT Foundation Certificate, COBIT Implementation Certificate, COBIT Assessor Certificate, COBIT Foundation Trainer, COBIT Implementation Trainer and COBIT Assessor Trainer, awarded by ISACA
08/06/2017
From theory to practice: Hacking in the industrial world
Cesar Cuadra ( Open-Sec, CyberSecurity Pentester )
César Cuadra is one of the members of the Open-Sec team of pentesters with more experience in the evaluation of web applications, mobile applications, transactional switches and industrial control systems both at penetration testing and source code review (including Level code embedded in reverse engineering devices).

Its analytical and technical capacity allows it to carry out evaluations of unconventional systems and to obtain that the vectors of attack realize 100% successful way.

It has the certifications OSCP (Offensive Security Certified Professional) and CISSP.

It occupies the position of CyberSecurity Pentester and has been part of the Open-Sec team since 2008.
08/06/2017
How to evaluate the maturity in cybersecurity of an industrial organization?
José Valiente Pérez ( Industrial Cybersecurity Center (CCI), Director )
Jose Valiente is Director and Responsible Coordination and Communication in Industrial Cyber Security Center. Specialist Security Technology and consulting. He has over 20 years experience working in large consulting firms, where he has developed his professional career in the field of information technology, as in the industrial automation sector. He has participated in more than a dozen publications on industrial cyber security, as well as numerous conferences, events and specialized courses in cybersecurity. Currently it has multiple certifications solutions and IT security vendors and professional certifications from ISACA CISM and Global Industrial Cyber Security Professional (GICSP) GIAC.
08/06/2017
Approach to the protection of Critical Infrastructures. Practical examples.
Ernesto Landa ( Gas Operator of the Amazon (COGA), Responsible for Information Security Area )
Systems Engineer Graduated from the University of Lima (Peru) with more than 10 years of experience in Information Technology and Telecommunications in the Energy and Hydrocarbons Sector. Specialist in Information Security and Cybersecurity in Critical Infrastructures, is an active member of the Industrial Cybersecurity Committee of the Regional Association of Companies of the Oil, Gas and Biofuels Sector of Latin America and the Caribbean (ARPEL). It is ISO 27001: 20013 accredited by The International Register of Certificated Auditors (IRCA), and has international certifications such as Project Manager Professional (PMI), ISO 27001: 2013 Internal Auditor and ISMS ISO27001: 2013 Implementer.

He currently leads the Information Security Area of Amazon Gas Operator Company (COGA), a company specialized in the management, operation and maintenance of infrastructures in the energy sector.

Ponentes

Speakers

Jorge Abanto
Peru Coordinator
Industrial Cybersecurity Center
Profesional con más de 20 años de experiencia laboral, Diplomado Internacional en Ciberseguridad, con especializaciones y certificaciones internacionales en Seguridad de la Información, Auditoría, Gestión de Riesgos y Gerencia en Administración Pública, tales como ISO27001 LA (Information Security Management Systems Auditor/Lead Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control).

Conferencista internacional con más de 10 años de experiencia académica. Actualmente labora en el Sector Defensa y ha participado en actividades nacionales y regionales, en coordinación con el Equipo Nacional de Respuesta a Incidentes del Perú (PCERT), la Oficina Nacional de Gobierno Electrónico (ONGEI), el Grupo de Trabajo ante amenazas Cibernéticas de la UNASUR (Unión de Naciones Suramericanas) y el Programa de Seguridad Cibernética de la OEA. Es miembro de ISACA, APACSI y ACM.
Claudio Caracciolo
LATAM General Coordinator - CCI, Chief Security Ambassador
Eleven Paths
LATAM General Coordinator of CCI. Consultant specialized in Information Security with international certifications. Professor of Computer Forensics at the Higher Institute of Public Security (ISSP). Member of environmental associations such as: ISSA International, OWASP, Usuaria, Argentina Cybersecurity, Member of the academic committee of Segurinfo from 2007 to the present. Speaker in a large number of national and international events and instructor on topics related to Ethical Hacking, Defense Methodologies, Harding Platforms, Web Security, Anti-Forensic Techniques.
César Cuadra
CyberSecurity Pentester
OPEN-SEC
César Cuadra is one of the members of the Open-Sec team of pentesters with more experience in the evaluation of web applications, mobile applications, transactional switches and industrial control systems both at penetration testing and source code review (including Level code embedded in reverse engineering devices).

Its analytical and technical capacity allows it to carry out evaluations of unconventional systems and to obtain that the vectors of attack realize 100% successful way.

It has the certifications OSCP (Offensive Security Certified Professional) and CISSP.

It occupies the position of CyberSecurity Pentester and has been part of the Open-Sec team since 2008.
Gabriel Faifman
Director of Strategic Programs
Wurldtech, GE Digital
He is one of the experts representing Canada in the TC65 WG10 who developed the standard of cybersecurity for Industrial Control Systems IEC 62443-2-4. For over 25 years it has designed, installed and operated automation solutions and protection of critical infrastructures including energy, oil, beverages and food, and transport. During the 2010 Winter Olympics in Vancouver (Canada), he has planned and operated cybersecurity at Vancouver International Airport.

Gabriel is an Electronic Engineer at the University of Buenos Aires. Certified by the National Security Agency (NSA) as Infosec Professional, has participated in defensive exercises with security agencies.
Miguel García-Menéndez
Vice President
Industrial Cybersecurity Center
He has a degree in Computer Science from the University of Oviedo (Spain). He started the aforementioned track record of steel treatment facilities and control algorithms (MES) for the Spanish and Latin American steel industry, in charge of the Processes Informatics area Of an engineering, where also it was CIO. Certified Information Systems Manager (CISM), Certified Information Systems Manager (CRISC), Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), COBIT Foundation Certificate, COBIT Implementation Certificate, COBIT Assessor Certificate, COBIT Foundation Trainer, COBIT Implementation Trainer and COBIT Assessor Trainer, awarded by ISACA.
Ernesto Landa
Responsible for Information Security Area
Gas Operator of the Amazon (COGA)
Systems Engineer Graduated from the University of Lima (Peru) with more than 10 years of experience in Information Technology and Telecommunications in the Energy and Hydrocarbons Sector. Specialist in Information Security and Cybersecurity in Critical Infrastructures, is an active member of the Industrial Cybersecurity Committee of the Regional Association of Companies of the Oil, Gas and Biofuels Sector of Latin America and the Caribbean (ARPEL). It is ISO 27001: 20013 accredited by The International Register of Certificated Auditors (IRCA), and has international certifications such as Project Manager Professional (PMI), ISO 27001: 2013 Internal Auditor and ISMS ISO27001: 2013 Implementer.

He currently leads the Information Security Area of Amazon Gas Operator Company (COGA), a company specialized in the management, operation and maintenance of infrastructures in the energy sector.
Schol Lieneke
Directora
National Office of Electronic Government and Informatics (ONGEI)
Graduated in Industrial Engineering at the University of Lima and with a master’s degree in Business Administration at Adolfo Ibañez, she has extensive experience in the technological sector. Since 2001 she was part of Microsoft, after thirteen years in IBM of Peru.

She is also the director of OWIT Peru, an international organization of women in business and has participated as a mentor in the start-ups accelerator Endeavor Peru.
Samuel Linares
Senior Lead Technologist
Booz Allen Hamilton
Samuel Linares is Coordinator of the Industrial Cybersecurity Center for the Middle East Region, Senior Lead Technologist at Booz Allen Hamilton, European Commission Evaluation Expert and Critical Information Infrastructure Protection (CIIP) Expert at ENISA (European Network and Information Security Agency). With almost 2 decades of experience in security, systems integration and management multinational and multicultural projects, he has been the main promoter of the concept of “Industrial Cyber Security” in Spanish, which has led him to be recognized as one of the best Ibero-American experts in this area. (Spain, UK, Belgium, Qatar, Mexico or Argentina, in others).

Samuel has numerous certifications in the area of cybersecurity, such as CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in Government of Enterprise IT), CISM (Certified Information Security Manager), CISA (GSNA), GIAC Assessing Wireless Networks (GAWN), BS 25999 Lead Auditor and BS 7799 Lead Auditor by BSI (British Standards Institution)
David Marco
Industrial Cybersecurity Manager
Entelgy
David Marco Freire is a graduate in Technical Engineering in Computer Management at the Universidad Europea de Madrid.

It is certified in CCNA and CCNP. He is specialized in the development tools Visual Studio and Databases Oracle and Microsoft SQL, and in industrial tools like SmartPlat Instrumentation, SmartPlant Foundation, RMOS and WINCC. He started in the software world, passing through developer, analyst and project manager by different companies Such as SINAP, CEDEX, Proa Financial, MetroRed-Online, Banco Santander Central Hispano and Software AG. In Tecnicas Reunidas was Software Coordinator within the Instrumentation department and gave the change to the industrial world so he knows both worlds IT and OT.

He has participated in all the projects carried out in the last seven years in Tecnicas Reunidas with clients such as ARAMCO, GALP, PEMEX, SABIC, BOROUGE, PETRONAS, REPSOL.
Patrick Miller
Managing Partner, Archer Energy Solutions, LLC
Energy Sector Security Consortium
Patrick Miller is one of 20 experts in cyber Forbes policy to follow on Twitter and one of the 50 pioneers of smart grid smart grid 2015. Today is an independent trusted advisor dedicao the protection and defense of critical infrastructures around the world. Currently he is managing partner of Archer Energy Solutions, as well as founder, director and president emeritus of EnergySec a 501 (c) (3) nonprofit organization focused on the exchange of information, knowledge of the situation and development of staff security for the energy industry. Patrick’s experience extends to the Government, Telecommunications, Financial Services and Energy verticals within key positions with regulators, owners of utility assets and private consulting firms.
José Valiente
Director
Industrial Cybersecurity Center
Jose Valiente is Director and Responsible Coordination and Communication in Industrial Cyber Security Center. Specialist Security Technology and consulting. He has over 20 years experience working in large consulting firms, where he has developed his professional career in the field of information technology, as in the industrial automation sector. He has participated in more than a dozen publications on industrial cyber security, as well as numerous conferences, events and specialized courses in cybersecurity. Currently it has multiple certifications solutions and IT security vendors and professional certifications from ISACA CISM and Global Industrial Cyber Security Professional (GICSP) GIAC.

Talleres

Main Host

06/06/2017
Pre-Congress Workshop Presential (200 US$)
9:00 a 17:00h: Aplicando Ciberseguridad en un Proyecto de Automatización Industrial

The aim of this workshop is to provide engineering professionals, integrators, IT and OT apply fundamental knowledge of cybersecurity in the design of industrial automation, analyzing the risks and impact on the business.

The most effective way to protect digital technologies used in the operation of an industrial plant, is to do in the earliest stages of their life cycle I design, supply and installation / start-fly, incorporating, in each, measures and mechanisms cybersecurity, along with the other requirements for functionality, quality and safety linked to operations.

This workshop will enable best practices and techniques for the protection of industrial control systems, ICS (English, Industrial Control Systems), employed therein and covering the five stages of the life cycle of a project of industrial automation.

Reasons to attend:

• Learn how to include cybersecurity in each of the phases of a project of industrial automation.

• Assess the important aspects that should be considered before implementing each phase of a project of industrial automation.

Main points of the workshop:

• Understand the best approach in the implementation of cybersecurity in the design.

• Identify and implement cybersecurity requirements in each phase of a project of industrial automation.

Professors: Jose Valiente (CCI), Miguel Garcia-Menendez (CCI) _ ( Cost of attendance Registration: 200 €, Limited places: 20 )

Cookie	Duration	Description
_GRECAPTCHA	180d	Cookie used by Google ReCaptcha anti-spam system, necessary to manage the spam filters all along this site.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
pll_language	365d	Cookie for custom language management.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Congresos

Congress