IT and OT are increasingly becoming one and the same entity, and are approaching a common set of business goals and objectives for the future of many industries. Driven by the increase of Industrial Internet of Things (IIoT), Industry 4.0 and new business opportunities presented by digital transformation, many organizations in the energy sector are already entering the IT/OT integration journey and embracing the benefits as well as risks associated with such business models. This integration introduces new dynamics especially for IT and OT cybersecurity teams and a consolidation of responsibility for strategy. The need for a proven and different security approach beyond traditional defense in depth is becoming a necessity for many organizations in light of emerging cyber threats. Modern concepts that have been gaining traction over the last few years are Forrester’s Zero Trust model and Gartner’s Continuous Adaptive Risk and Trust Assessment (CARTA). What is Zero trust and Continuous Adaptive Risk and Trust Assessment (CARTA) in OT? Why are these models game changer for OT? Where are key benefits and how to embrace this journey for your OT? Case Study: applying zero trust to include IIoT and OT at major energy company

Ir. Jalal Bouhdada (Author/Presenter)

Founder,CEO

Applied Risk

Having led Applied Risk since he founded the company in 2012, Jalal is responsible for Applied Risk’s industrial security services and product development. Jalal has led many complex ICS cyber security projects for major global clients, including some of the world’s largest industrial companies and utilities. As a global thought-leader on industrial control systems security and critical infrastructure protection, Jalal is an active member of several professional security societies and has co-authored ICS security best practice guidelines for ENISA and the ISA 99. He also frequently lectures to private and public audiences around the world.

Implementing a Cyber Security Management System is a strategic change that will significantly improve an organization’s OT security posture. This will be achieved through aligning with the latest cyber security standards and best practices, as well as by establishing clear ownership for all responsibilities related to OT security. This presentation will elaborate on different steps which can be taken to overcome or eliminate security vulnerabilities. Attendees will gain insights into practices which can be improved or implemented in order to build on an organization’s OT security posture. Presentation outline: OT Security trends and research findings ARM: Assess, Remediate and Manage Security frameworks and governance Secure architecture System Hardening Security Awareness

Chris Sandford (Author/Presenter)

Director OT Security Services

Applied Risk

Based in the Middle East, Chris is a subject expert with 20 years of experience as an ICS security professional covering diverse platforms and security issues. His expertise is mostly focused around security assurance and risk management in OT environments, and how cyber security can help organizations achieve their business outcomes. Chris has led over 40 large global and complex ICS/SCADA security projects from inception through to completion across 15 countries. He was also a contributing member of IEC 62443 and has contributed to nurturing the OT cyber security community by speaking at industry conferences and conducting training to audiences ranging from engineers to executives.