Home » News » Blog

Category: Blog

Add this text line at category edit page

Aviation cyber security Cyber Senate

Aviation Cyber security: 21st Century business enabler for the sector

Cyber security is a business enabler in the 21st century and getting it right provides a foundation that is necessary to move the business forward. Companies need to understand and manage risks before decisions can be made that are transformational, which are key to the rapidly changing aviation industry.
Join us on November 21nd and 22nd in London. as the Cyber Senate looks at steps to align business strategy and goals with cyber security, key areas of focus for your cyber security program- getting the basics right and transforming from business silos to an enterprise program.

Delegates will be made up of key security decision makers from airports and airlines around the world, government influencers, cyber security subject matter experts and some of the world’s leading solution providers in the sector.

The purpose of the summit is to collaborate, share information and devise a common strategy to tackle cyber threats.

Secure your position while seating remains. 


Aviation Cyber Security Summit
London United Kingdom
November 21/22
Marriott Regents Park Hotel
Sponsored by Unisys

4 Exhibition Stands remain. We also have sponsored lunches and networking breaks for those who are seeking visibility in this market.
Contact marketing@cybersenate.com or Daryl.Fig@cybersenate.com
+44(0)207 096 1754

Industrial Control Cyber Security USA 2017 Cyber Senate conference

“The security threats to U.S. critical infrastructure span the digital divide” Presented by Idaho National Labs this October in Sacramento

The security threats to U.S. critical infrastructure span the digital divide. Resent attacks, like those in the Ukraine, blend the cyber and physical environment to cause confusion within and damage to the production environment. Modern cyber defense requires sophisticated operational tactics and strategies. Although, cyber hygiene is essential for fending off the daily barrage of lower level threats that can impair an organization’s performance, few companies are prepared for a targeted attack on their core operational processes from an advanced adversary.


If it can be programmed, it can be hacked. This daunting reality facing our interconnected and digital environments has been described as a battle to be won every day by cybersecurity professionals.

Control systems present unprecedented challenges as they are transitioned to a modern architecture based on digital control systems and increasingly wireless communications systems.  This transition creates a paradox – more efficient, effective operation, but dramatically increased vulnerabilities and attack surfaces.


INL’s unparalleled capabilities in nuclear nonproliferation and cybersecurity are fundamentally changing how the nation and world approach complex threats to nuclear assets, energy systems and cyber-physical systems.


•       Internationally recognized nonproliferation experts with real-world experience in nuclear facility inspection, physical protection, modeling and simulation, material science, physics and engineering.


•       Comprehensive instrumentation and control, cyber and nuclear nonproliferation capabilities with similar nuclear infrastructure and examination equipment found worldwide.


•       INL’s full-scale infrastructure includes; isolated, industry scale power grid, water and telecommunication distribution systems to provide an expansive and unique test site that can replicate critical services across a region or municipality.


•       Inclusive nuclear security approach that allows for field and laboratory technology evaluation.


•       Replication of typical control system network for architecture reviews and system hygiene to support asset owners in securing their systems.


•       Protocol analysis, reverse engineering and cybersecurity forensics to advance persistent threat mitigations for the nuclear industry.


•       Cyber-informed risk methods and unique engineering methodologies and tools designed to anticipate cyber and physical security risk, and inform investment strategies.


•       Frameworks for prioritization of investments and threat indicators to inform and advanced security profile for high-consequence operations.


Safeguarding critical infrastructure including the power grid, nuclear materials and facilities is inextricably linked to the cybersecurity of the command and control environment.


These environments are complicated by instrumentation and controls that are continuously connected with information technology and wireless communications.


An integrated cyber physical security approach is essential to address the resiliency of the power and nuclear installations and continuity of operations.


INL’s world-leading cyber and industrial control systems security experts are changing the way the nation and the world meet the unique security demands of operational environments.



Cyber Senate 4th annual Industrial Control Cybersecurity Europe conference

Understandings the BASICS – Optimising your ICS Security Posture

As Operational Technology (OT) environments become increasingly interconnected and smarter, organizations face significant digital transformation challenges. The business demand for the raw data and information produced by OT systems is growing exponentially both from an internal and external perspective. As the demand for data increases, so has the volume of cyber-attacks specifically aimed at OT system. Cyber-attacks are becoming more advanced and have the potential to impact a number of aspects of a company’s business including safety, health and environment, production operations, information integrity, financial performance and reputation.

For a company looking to harden their OT environment, identifying where to begin can often be a confusing and difficult process. Before embarking on an OT hardening project, for example by either implementing costly technical solutions or introducing new OT specific policies and procedures, leaders need take a step back and ask themselves if they understand, or have thought about, the “BASICs” of OT.

In this session, Leidos Cyber Expert, Scott Keenan, will explain Leidos’ view of OT “BASICS” which provides organizations with the foundation necessary to build a OT hardening project.

Cyber Senate 4th annual Industrial Control Cybersecurity Europe conference

Why USB devices are still the #1 source of malware in Industrial Control Systems, presented by Honeywell

This September in London and October in Sacramento, we learn from Honeywell why USB devices are still the #1 source of malware in ICS. This discussion will help you understand how USB devices can pose a threat even without malware, including:
o Surprisingly effective HID attacks
o More advanced threats posed by rogue network devices, serial adapters and more
Participants in London and Sacramento will see real examples of the impact these attacks can pose to ICS, plus Eric Knapp, Global Director of Cyber Security Solutions and Chief Cyber Security Engineer for Honeywell Process Solutions asks “Are these really advanced? Do you even have to worry about this?”

This year all critical national infrastructure are invited to join both shows free as an initiative to further cyber resilience in both public and private domains!
Contact Daryl Fig for your free guest pass for your team at daryl.fig@cybersenate.com

4th Annual Industrial Control Cyber Security Europe
Millennium Gloucester Hotel
London United Kingdom
September 19/20th
Headline Sponsors Leidos
Co Sponsors Honeywell
Associate Sponsor Verve Industrial Protection
Associate Sponsor Airbus

Network and share best practice with leaders from Nuclear, Water, Oil and Gas, Chemical, Automotive and Smart Grid sectors

4th Annual Industrial Control Cyber Security USA Summit
The Sutter Club
Sacramento California
October 3/4
Cyber Ark

Associate Sponsors
Attivo Networks

Further events you won’t want to miss from the Cyber Senate:
European Rail Cyber Security Working Group, September 11/12th London
Aviation Cyber Security Summit, November 21/22 London United Kingdom

Aviation cyber security Cyber Senate

Aviation Cyber Security Cyber Senate November 21/22 London

Press release


Cyber security and aviation experts from all over the world are set to gather in London this Autumn for the Aviation Cyber Security Summit.

Taking part in the Marriott Hotel in Regent’s Park on the 21st and 22nd November, the event will explore how to manage the tension between the ‘smart’ aviation industry and the inevitable security threat caused by the use of new digital technology.

Addressing key issues such as supply chain and third party risk, the importance of information sharing and collaborationincident response and the integration of cyber security and safety, the event will explore how both the cyber security and aviation industries can work together to mitigate risks and improve safety without compromising efficiency.

As part of the event, there will be a number of panel sessions covering topics such as incident response, developing a culture of awareness, managing the skills gap and IT and operational technology convergence.

A number of experts in both the global aviation industry and security sector are also confirmed as speakers at the event. These include:

·      Filippos Komninos, Athens International Airport S.A., Information Security Specialist

·      Chris Blask, US ICS ISAC, Chair

·      Jonas Jorgensen, Copenhagen Airports, IT Director

·      John Hird, Eurocontrol, ATM & Cyber Security Senior Expert Directorate

·      Mike Heath, Calgary Airport Authority, Information Security Lead

·      Anson Fong, Los Angeles World Airports, Chief Information Security Officer

·      Peter Williams, Manchester Airports Group (MAG), Chief Information Security Officer

·      Kevin Borley, Bristol Airport, Head of IT and Innovation

·      Chris Johnson, University of Glasgow, Head of Computing

·      Fazle R Quasha, Fort McMurray Airport Authority, Manager Information Technologies

·     Francesco Di Maio, ENAV, Head, Security Department

·      Paul Hunton, Hunton Woods, Digital Forensics Expert

Discussing the event, Founder James Nesbitt of the Cyber Senate commented: “The aviation industry is evolving rapidly and the integration of numerous smart technologies in areas such as airports, aircrafts and control towers will undoubtedly help drive the sector forward.

“This tech brings with it many benefits, in everything from enhancing the customer experience to enabling asset owners to be more easily able to troubleshoot problems before they arise. However, it also makes aviation assets vulnerable to cyber threat and, perhaps in aviation more so than in any other industry, security breaches have the potential to be truly catastrophic.

“Cyber threats to the aviation industry are constantly evolving and asset owners must ensure that they have the most up-to-date strategies to ensure that they can manage them. This event will help them understand how to the fill the knowledge gaps in their cyber strategies and further understand how their industry counterparts are mitigating risk.”


Location: London Marriott Hotel Regents Park, 128 King Henry’s Road, London, NW3 3ST


For more information, contact James Nesbitt on +44 (0)207 096 1754 or james.nesbitt@cybersenate.com

Cyber Senate 4th annual Industrial Control Cybersecurity Europe conference

4th Annual Industrial Control Cyber Security Europe Summit London September 19/20th

Industrial Control Cyber Security USA 2017 Cyber Senate conference

Industrial Control Cyber Security Summit Sacramento announces all star line up of subject matter experts

We are pleased to announce our current line up of Industrial Control Cyber Security Subject Matter Experts for the 4th annual ICS USA conference in Sacramento California October 3/4th, hosted by the Cyber Senate.

Speakers include:

  • Keith Tresh, Commander, California Office of Emergency Services – California Cybersecurity Integration Center
  • Tim Roxey, Vice President, Chief Special Operations Officer, NERC
  • Darren Van Booven, Deputy Chief Information Officer, Idaho National Laboratory
  • Chris Blask, Chair, Director Industrial Control Security, Unisys, Chair US ICS ISAC and Director Cyber Space Research Institute-Webster University
  • Seán McGurk, Senior Policy Advisor, Author, Key Note Speaker, Cyber/Physical Security Subject Matter Expert
  • Billy Rios, Founder, WhiteScope LLC
  • Mike Ahmadi, Global Director – Critical Systems Security, Synopsys
  • Mary Morshed, Director of IT Security (CISO), Sacramento Municipal Utility District
  • Lenin Maran, EMS Supervisor Systems, Security and Compliance, SMUD
  • Everardo Trujillo, Information Security Operations and Engineering, Manager, Sempra Energy
  • Chris Maroun, National Director – Sales Engineers, CyberArk
  • Jack Leidecker, VP Information Security, Digital Realty
  • Harry Perper, Chief Engineer, National Cybersecurity Center of Excellence
  • Eric Knapp, Chief Engineer, Cyber Security Solutions and Technology, Honeywell
  • Stuart Phillips, Senior Program Manager Industrial Control Systems Security, Unisys
  • Stephen Kwok, IT Sec-Op Manager, Los Angeles Department of Water and Power
  • Michael Yelland, Chief Research Officer, AMCyber
  • Fred Wilmot, CEO, PacketSled
  • Simon Slobodnik, IT Specialist (INFOSEC), FERC
  • Thomas Williams, Security Architect Lead, California ISO
For further information visit us on www.industrialcontrolcybersecusa.com

Wargaming Battle Room for Industrial Control Cyber Security

The Cyber Senate are pleased to welcome in London this September 19/20th our Wargaming Partners, Circadence.

Led by Laura A. Lee, Executive Vice President, participants at all levels of skill are welcome to play in Project Ares, a cyber training and assessment environment that transforms a virtualized network of users and systems into a game that leverages Artificial Intelligence and Machine Learning to support the players and instructors. Project Ares provides many activities for individuals or teams to practice and assess their cybersecurity skills.

Players can enter a Battle Room where they are given cybersecurity tools (e.g., firewalls, routers, event management systems, Intrusion Detection Systems (IDS), endpoint protection systems) and tasks relevant to their work role to master hands-on keyboard techniques. Lastly, players can participate in mock missions or scenarios that present realistic problems that they need to solve. Users can invite other players online to their team or tackle it alone, but they must possess the problem solving and core cyber skills necessary to complete the mission. Missions to defend or attack the Industrial Control System in a Water Treatment Plant will be available during this session.

We are also pleased to announce the addition of Panellists Rick Kaun, VP of Solutions, Verve Industrial Protection and Sean Davin, Cyber and Defence Director, Sevin Cyber Security. They join us on our popular panel sessions moderated by the US ICS ISAC Chair, Chris Blask.

4th Annual Industrial Control Cyber Security Europe
Millennium Gloucester Hotel
London United Kingdom
September 19/20th
Headline Sponsors Leidos
Co Sponsors Honeywell
Associate Sponsor Verve Industrial Protection

Sponsoring and exhibiting available for limited time

Only 10 free Critical National Infrastructure Operators passes remain
4th Annual Industrial Control Cyber Security USA Summit
The Sutter Club
Sacramento California
October 3/4
Cyber Ark

Critical Infrastructure Operators and Owners passes reduced to $349 until August 1st
European Rail Cyber Security Working Group
London United Kingdom
Dinner September 11th, Working Group September 12th
Millennium Gloucester
London Kensington

* The 3rd Annual Rail Cyber Security Summit will take place on March 13/14 2018 in London.
Aviation Cyber Security Summit
London United Kingdom
November 21/22
Marriott Regents Park Hotel
Sponsored by Airbus
Interests in our shows? Contact marketing@cybersenate.com or Daryl.Fig@cybersenate.com

4th Annual Industrial Control Cybersecurity Europe and USA meetings to bring key stakeholders together this fall

Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe and USA meetings to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

This year we return with an all star line up asset owners, government and subject matter experts to assist in creating a common voice for the industrial control energy sector.

4th Annual Industrial Control Cyber Security Summit
September 19/20th London UK

**Operators attend free**

Speakers include:

•Nick Charnley, Deputy Director – Cyber Security, CLP Hong Kong
•Maksim Gluhhovtsenko, Information Security Officer, Elektrilevi OÜ
•Thomas Walter, Procecss IT Security Manager, PreussenElektra GmbH
•Karen Frith, Head of Cyber Security Operations and Risk, Sellafield Ltd
•Christian Schlehuber, Expert IT-Security digital command and control systems, DB Netz AG
•Stephen Burke, Head of Civil Nuclear Cyber Security, BEIS
•Steven Rumbold, Security Case and Strategy Development Manager, EDF Energy
•Matt Hardy, Chief Security Officer, Synthomer
•Lauri Luht, Head of Crisis Management, Estonian Information System Authority
•Tony McCabe, Lead Solution Architect (NMS), Electricity North West
•Matt Sims, Head of Cyber Security and Information Assurance, Office for Nuclear Regulation
•Chris Blask, Chair, Director Industrial Control Security, Unisys, Chair US ICS ISAC and Director Cyber Space Research Institute-Webster University
•Scott Keenon, Head of Process Control Security, Leidos Cyber
•David Higgins, an Independent consultant, acted as the Programme and Security Director for the DCC UK Smart Meters Programme for two years
Honeywell, Speaker to be announced
Verve Industrial Protection, Panellist to be announced


4th Annual Industrial Control Cyber Security USA
October 3/4 Sacramento California
**10 Operator Guest Passes available*

Speakers include:
•Keith Tresh, Commander, California Office of Emergency Services – California Cybersecurity Integration Center
•Tim Roxey, Vice President, Chief Special Operations Officer, NERC
•Darren Van Booven, Deputy Chief Information Officer, Idaho National Laboratory
•Chris Blask, Chair, Director Industrial Control Security, Unisys, Chair US ICS ISAC and Director Cyber Space Research Institute-Webster University
•Billy Rios, Founder, WhiteScope LLC
•Mike Ahmadi, Global Director – Critical Systems Security, Synopsys
•Mary Morshed, Director of IT Security (CISO), Sacramento Municipal Utility District
•Eric Hull, Principal CIP Compliance Engineer, SMUD
•Everardo Trujillo, Information Security Operations and Engineering, Manager, Sempra Energy
•Chris Maroun, National Director – Sales Engineers, CyberArk
•Jack Leidecker, VP Information Security, Digital Reality
•Harry Perper, Chief Engineer, National Cybersecurity Center of Excellence
•Honeywell, presenter to be confirmed

Next Events include
Aviation Cyber Security www.aviationcybersec.com
Rail Cyber Security www.railcybersecurity.co.uk , and our working group www.railcybersecurity.co


European Rail Cyber Security Working Group announced

On September 12th the Cyber Senate will be hosting the European Rail Cyber Security Working Group in a roundtable format with discussion groups in the morning and outcomes presented in the afternoon. Capped at 70 participants, this face to face knowledge sharing exercise is specifically designed to assist all stakeholders in the rail ecosystem with an opportunity to assess their security posture, and collaborate with their industry counterparts.
Already confirmed table leaders include the Rail Delivery Group, Deutsche Bahn, and the ERTMS Users Group. More announcements will be made shortly.

ICS and the need for public and private information sharing

The cyber attacks from the last week have affected entities globally, from telecommunication infrastructure to medical facilities across the UK to European utilities as well as multiple other types of industries and consumers. The WannaCry ransomware will go down in history for setting an example of how malicious software can disrupt global networks, leaving systems crippled until demands are met.

This highlights so many issues we at the Cyber Senate have been working so hard to bring to our forums. We believe there is so much work to be done to fully understand how we can better develop a culture of awareness within our organisations, and how we address the skills gap in our industry. We Tneed to have a better understanding of the risks of 3rd party applications and the supply chain, as well as better educate procurement. There is still much work to do in developing synergies between IT and OT divisions wrestling with convergence, in understanding that compliance doesn’t equal security and that just because “you’re not connected to the internet” that you’re cyber secure. That is just a few areas we need better insight. On another note, how many ICS systems are still running a unpatched version of Windows XP?

Cyber attacks that impact critical national infrastructure can ultimately cost lives. That is why these discussions are so important. These events are built to facilitate public and private information sharing, to assist you and your team in understanding how your industry counterparts are meeting the challenge, what you are doing right, wrong, and to help define “what is best practice?”

We hear a lot about vendor accountability and disclosure which is another piece of this puzzle that needs to be addressed. We, however, believe people are the most important factor in the cyber kill chain. Technology will never tick all the boxes, it can and does fail and so do humans. It is how we get up, respond, move forward and learn from these lessons that count.

We hope to meet you in 2017. If we can help you bridge the gap, do not hesitate to reach out.

The DHS issue Statement on WannaCry

“DHS Statement on Ongoing Ransomware Attacks”
The DHS have issues a statement in relation to the latest ransomware attacks and advice on how to get help and deal with the cyber attack.

“We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally.  DHS has a cadre of cybersecurity professionals that can provide expertise and support to critical infrastructure entities.” 

The statement can be found here https://www.dhs.gov/news/2017/05/12/dhs-statement-ongoing-ransomware-attacks

Further guidance can be found here:

WANNACRY guidance from the NCSC

The NCSC issue guidance on Ransomware

‘The NCSC are aware of a ransomware campaign relating to version 2 of the “WannaCry” malware affecting a wide range of organisations globally.

NCSC are working with affected organisations and partners to investigate and coordinate the response in the UK. This guidance will be updated as new information becomes available.

From investigations and analysis performed to date, we know that the malware encrypts files, provides the user with a prompt which includes; a ransom demand, a countdown timer and bitcoin wallet to pay the ransom into.

The malware uses the vulnerability MS17-010 to propagate through a network using the SMBv1 protocol. This enables the malware to infect additional devices connected to the same network.”

Visit https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance


“The National Cyber Security Strategy set out the Government’s overarching plan “to make Britain confident, capable and resilient in a fast-moving digital world.”2 This strategy specifically supports the Government in ensuring that the UK has a secure and resilient energy system, by ensuring that the civil nuclear sector is able to defend against, recover from, and is resilient to evolving cyber threats. This enables the sector to continue to produce secure, affordable and clean energy. The strategy will also support the safe, responsible and cost effective management of the UK’s energy legacy. This strategy sets out a path to keeping the UK civil nuclear sector ahead of rapidly evolving threats to, and vulnerabilities in, software and equipment in the next five years.”


The Cyber Senate 2nd Annual ICS Cyber Security Nuclear Summit will take place in Warrington on May 22-24th.


Civil Nuclear Strategy can be found here https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/591619/170213_-_Civil_Nuclear_Cyber_Security_Strategy.pdf

New wave of cyberattacks against Ukrainian power industry

“The cyberattacks against the Ukrainian electric power industry continue. Yesterday (January 19th) we discovered a new wave of these attacks, where a number of electricity distribution companies in Ukraine were targeted again following the power outages in December.” – See article by BY POSTED 20 JAN 2016 – 06:59PM http://www.welivesecurity.com/2016/01/20/new-wave-attacks-ukrainian-power-industry/