Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Operation: Next Summit Takeaways

OT cybersecurity practitioner insights on building, driving & advancing OT cybersecurity programs.

Les commentaires sont fermés

  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Operation: Next Summit Takeaways

  1. 1. accenture.com/OperationNext Event follow-up
  2. 2. | Advance today, accelerate tomorrow During this unparalleled time of physical distancing, traditional collaboration has been a challenge. It’s created a void and we felt it. Why? That’s the first question my team asked when I said we were hosting a summit. It’s a fair question. Knowledge sharing is a hallmark of the OT/ICS community. During this unparalleled time of physical distancing, traditional collaboration has been a challenge. It’s created a void and we felt it. In talking with our clients, our alliance partners, and even some of our competitors, the sentiment was echoed back, loudly. My response to my team was, why not? Our mission was to bring together people from the critical infrastructure space and provide a forum that offers: • candid peer-to-peer cross-industry discussions • real-world experiences from the field to the boardroom • scalable security solutions for future success • tangible next steps for building an OT/ICS security roadmap What follows are key takeaways from each session. Bold statements from OT cybersecurity practitioners based on real- world experience advancing programs and surmounting the same challenges facing your organization. Review the notes. Share the on-demand content. And reach out if you’re looking for a sounding board. Always happy to collaborate to advance today and accelerate tomorrow. Cheers Jim Guinn, II Accenture Global Managing Director LinkedIn: @Jim Guinn, II Twitter: @jimmy_guinn —Jim Guinn II
  3. 3. Stage 1 Operation Track
  4. 4. How do you build an OT security program that is threat-justified and business-aligned? Should OT monitoring be centralized in an IT or an OT SOC? What factors should inform your decision-making process? Listen in to a discussion on navigating—and conquering—complex challenges from program inception to SOC design, build and implementation including; • enterprise-wide configuration and asset management • foundational program elements and structure • critical criteria for scoping technology • measuring success metrics that align to the business Conquering Complexities from OT Program to OT SOC OT Security Program with Jason Holcomb, Accenture Tony Souza Duke Energy Director of Cyber Architecture, IT/OT Integration and TVM | Advance today, accelerate tomorrow Contact to learn more
  5. 5. Conquering Complexities from OT Program to OT SOC OT Security Program | Advance today, accelerate tomorrow Stop manual asset management. You can’t protect things you don’t know exist and you can’t protect systems being changed in a vacuum. If the goal is to build good, see bad, take action, you’ll never get there manually. Continue operational excellence. Build relationships, foster synergies, and collaborate between operators and cyber defenders. Start building an OT security program. It’s a heavy lift no matter the size of the company, but it’s important. Important things are hard and hard things are necessary. Key session takeaways: View session on-demand
  6. 6. Once sacrilege to the OT/ICS cybersecurity “secure by isolation” ethos, cloud and edge technologies are steadily making their way into operational use cases with plenty of business drivers to support the shift. This session will examine the use cases, drivers, and lessons learned for using cloud in OT from the perspectives of current state as well as what is coming next. Evolving IT/OT Security Architecture OT Cloud with Doug Wylie, Accenture Darren Highfill Norfolk Southern Chief Information Security Officer | Advance today, accelerate tomorrow Contact to learn more
  7. 7. Evolving IT/OT Security Architecture OT Cloud | Advance today, accelerate tomorrow Stop fighting the inevitable. OT is progressively moving in the direction of IT. As OT environments become increasingly more technology- enabled, it’s imperative to employ a measured risk evaluation process to make deliberate, case-by-case decisions along the way. Continue sharpening your problem statements. In light of recent supply chain headlines and evolving technology opportunities, you need to continue tuning your action plans. Start tightening alignment between your contracts and your projects. Treat it as an API at the business level with defined responsibilities on both sides. Key session takeaways: View session on-demand
  8. 8. Aligning risk management to the business while effectively addressing the security needs of both IT and OT environments requires balance. Join Sam Linares as he leads a lively panel discussion with three security- specialist contributors ready to share their real-world insights. • How can risk be categorized —if at all? • What factors contribute to building a resilient infrastructure and business processes? • Can cyber risk be engineered out of the defense equation? • Are new methodologies and approaches (like CCE) bringing additional light or additional noise to the cybersecurity control room? IT/OT Risk Alignment Risk Management with Samuel Linares, Accenture Andrew Bochman Idaho National Laboratory Senior Cyber & Energy Security Strategist Agustin Valencia Iberdrola Head of OT Global Security | Advance today, accelerate tomorrow Contact to learn more
  9. 9. IT/OT Risk Alignment Risk Management | Advance today, accelerate tomorrow Stop trusting. Don't assume something (people, process, technology) is trustworthy because others are using it or you're told to trust it. Always question what you're doing: is it the right thing to do and are we doing enough of it. Continue collaborating. IT and OT need to continue to work together. When you work in silos you create weaknesses in your organization. Adversaries will exploit those weaknesses. Start empowering your people. Empower them to adopt IT technology in the OT environment, and hold them accountable for the security systems they use and manage. View session on-demand Key session takeaways:
  10. 10. When cyber incidents, such as ransomware, compromise industrial control systems the impacts are significant and protracted. Companies are being attacked repeatedly and post- incident action plans are falling short of meaningful mitigations. Bryan Singer reveals the lessons learned and insights gained during his time working on hundreds of incident response engagements across various industries. Hear about: • What companies can do to prepare for security breach impacts • What common pitfalls to avoid when recovering from an incident • What benefits are gained from proactive and reactive incident response activities Proactive and Reactive IR Incident Response Bryan Singer Accenture Principal Director, Security Innovation | Advance today, accelerate tomorrow Contact to learn more
  11. 11. Proactive and Reactive IR Incident Response | Advance today, accelerate tomorrow Stop ignoring past lessons. Continue working to improve detection and alignment. Start improving– or creating– an incident response strategy today. Key session takeaways: View session on-demand
  12. 12. Intermission Houston OT Cyber Fusion Center I challenge you to think about a pressing OT security concern in your organization and then let us collaborate with you to solve it jointly. —Jim Guinn II
  13. 13. Stage 2 Executive Track
  14. 14. Rich Mahler talks with leaders from electricity supply company Southern California Edison about what it takes to pull a formal governance program together—from conception and design to approval and implementation. Find out how the team took a fresh approach to OT governance with the buy-in of every stakeholder involved; cybersecurity, distribution, operations and IT. OT Governance Structure with Rich Mahler, Accenture Paul J. Grigaux Southern California Edison Vice President, Asset Management, Strategy & Engineering Puesh Kumar Southern California Edison Principal Manager for Cybersecurity and Risk Management | Advance today, accelerate tomorrow OT Cybersecurity Contact to learn more
  15. 15. OT Governance Structure | Advance today, accelerate tomorrow OT Cybersecurity View session on-demand Stop fighting the last battle. Focus on improvements versus fighting over what went wrong and what led you to consider building in cybersecurity. Continue discussing reliability and safety as the bedrock of the electric industry. Fold in security as a key element to ensure that safety and reliability. Start confirming you have executive buy-in at the highest levels (C-suite). Key session takeaways:
  16. 16. Dan Mellen will moderate a deep-dive discussion focused on how OT stakeholders are meeting the challenge to deploy and secure next- gen cloud architectures. Participants will speak to key components for success based on their experience securing an environment where cyber incidents can have kinetic impact. Tune in as they reveal pro tips to enabling new technology at the intersection of IT and OT: • determining the right fundamentals to drive a secure cloud foundation from the start • harnessing standardization and automation to build consistent and repeatable outcomes • articulating noteworthy business outcomes to gain—and keep— momentum Cloud and IoT Integration Next-Gen Cloud with Dan Mellen, Accenture Gretchen Myers Chevron Principal Architect IT/OT | Advance today, accelerate tomorrow Contact to learn more
  17. 17. Cloud and IoT Integration Next-Gen Cloud | Advance today, accelerate tomorrow Stop using IT compliance as a barrier to innovation. Don’t create blockers where they don’t need to be; innovate the conversation around risk. Continue learning, tinkering, and exploring new technology. Push to uncover new data models and new ways to use IIoT by bringing engineers and software engineers together to collaborate. Start building cross functional teams. Get key business SMEs in the same room with IT so they can work together to build the prototype of what good looks like. Key session takeaways: View session on-demand
  18. 18. Prioritization is the name of the game when it comes to managing risk—and expectations. Luis Luque is the host for a conversation between two OT security stakeholders, each with a different constituency—IT and OT. They will explore why context matters when it comes to prioritizing investments and implementing program metrics and will reveal how to: • deal with cyber risk specific to operations • negotiate road map timelines to support successful outcomes • answer the toughest question you’re likely to get from the board Priority Investments and Program Metrics Risk Management with Luis Luque, Accenture Ruud Gal DSM Global Project Director Cyber Security in Operations Giancarlo Mirtelli ENI Head of Cyber Security for Foreign Subsidiaries and Industrial Sites | Advance today, accelerate tomorrow Contact to learn more
  19. 19. Priority Investments and Program Metrics Risk Management | Advance today, accelerate tomorrow Stop postponing upgrades. Upgrade cycle is only going to become more frequent as technology advances and virtualization makes its way to the plant floor. Continue to align with the overall enterprise risk management (ERM). Engage the broader group of stakeholders to elevate internal visibility of the program and ensure the scale of the priority is given the appropriate ranking. Start thinking of change management as the critical success factor on which communication, customer satisfaction and confidence can be built. Key session takeaways: View session on-demand
  20. 20. Negotiating Risk, Security and Spending Across the Board Executive Roundtable with Michael Krauss, Accenture Cybersecurity Forum Kelly Bissel Accenture Senior Managing Director What are the challenges and leading practices necessary for effective security, efficient operations, proper risk management, sensible spending and suitable governance? During this roundtable discussion, an executive panel of senior leaders from cyber defense, business operations, finance and the board will weigh-in on the challenges. Under scrutiny will be how to align diverse business functions to achieve the right levels of risk management, while limiting cost and optimizing enterprise outcomes. Adam Lee Dominion Energy Vice President, Chief Security Officer Frank Modruson First Midwest Bank Board Member | Advance today, accelerate tomorrow Contact to learn more
  21. 21. Negotiating Risk, Security and Spending Across the Board Executive Roundtable | Advance today, accelerate tomorrow Stop working in silos and focusing solely on through-put and efficiency. Continue executing on a balanced enterprise vision that considers operational effectiveness and risk management. Start a deeper dialogue between operations, security, risk management, the C-suite, and the Board. Key session takeaways: View session on-demand
  22. 22. Thank you to our sponsors: Thank you

×