About the conference:

The Herzliya Conference, the flagship event of the Institute for Policy and Strategy at IDC Herzliya, is a year-long work cycle consisting of the following phases: 

• Preliminary research and analysis conducted by the Herzliya Taskforces and commissioned experts; 
• The Conference, at which major policy statements and initiatives are delivered, and Herzliya Roundtables are held, followed by deliberations and the presentation of specially commissioned reports and studies; 
• Executive Herzliya Reports presented to key policy-makers, summarizing the Conference’s proceedings, findings, and major policy recommendations.  

Conference links:

Conference Website

About the conference:

The U.S. Nuclear Regulatory Commission has approved the Cyber Security Plans and Implementation Schedules for all currently operating commercial nuclear power reactors in the United States.  The NEI Cyber Security Implementation Workshop will assist licensees in implementing the requirements of the Plan and in meeting the milestones in the Implementation Schedule. 

Attendance at day one of the Workshop is restricted to employees of nuclear power plant utilities.  Others will not be permitted to register or attend.  Day one will focus on the activities associated with implementing milestones from the Implementation Schedule that are due to be completed by December 31, 2012. The format will be small break-out sessions that will focus on each of the seven milestones.  Session leaders will facilitate in-depth discussion regarding milestone implementation strategies, acceptance criteria, guidance for conducting audits and assessments, and preparing for inspections of the program. 

Days two and three will be open for general attendance, and will include presentations, panel discussions, and exhibitor fire-talks. 

Conference links: 

Conference Website

Registration

About the conference:

Securing the End-to-End Smart Grid Ecosystem

In the year since Stuxnet first struck, cyber security has become of critical concern for utilities. Securing the emerging smart grid must be an end-to-end, architectural undertaking built into all facets of IT, OT, ICS, communications and infrastructure. Introducing intelligence and two-way communication into the utility network means opening the door to vulnerability, and utilities must proceed with caution.

Organized by The Smart Grid Observer, the one day, 100% online Smart Grid Cyber Security Virtual Summit features a series of in-depth presentations designed to examine the very latest technologies, deployment strategies, best practices, and lessons learned in making smart grid security a reality. Critical questions addressed include:

• Where are the most significant weak points in the smart grid’s security? How should we address them?
• What is the current nature of the cyber security threat? What do we need to worry about?
• What are the latest NERC CIP requirements and how best to comply?
• What are the key technology enablers and advances for smart grid cyber security?
• What are the best practices and strategies for securing AMI?
• How can utilities effectively go about securing software and embedded devices designed for the smart grid?

Topics to be addressed include:

– Securing the end-to-end smart grid ecosystem — the big picture
– Safeguarding customer data and privacy
– Security systems integration and interoperability
– Evaluating, measuring, and testing smart grid security systems
– Standards update and trends
– Lessons from the trenches: utility cyber security case studies
– Managing potential security exposure — determining limits
– HAN security
– Latest vendor offerings and components
– Regulatory trends, developments, and expectations
– Crossing organizational silos to ensure smart grid security
– Network monitoring and anomaly detection

Conference links: 

Conference Website 

Registration

About the conference:

CyberSec, the international information cyber security conference, interacts companies, organizations and governmental bodies with cyber security experts to discuss latest developments in protecting enterprises from upcoming threats.

Topics:

-New techniques in enterprises cyber protection
-Avoiding APT best practices
-Meeting social attacks challenges
-Cloud cyber implications
-Israel 2012 – cyber security for business, governmental and defense segments
-Legal implications with cyber crime and cyber warfare

Conference links: 

Conference Website 

Registration

About the conference:

PennWell Corporation, publisher of WaterWorld, Industrial WaterWorld, and Water & Wastewater International magazines, will once again host its completely online water industry conference and exhibition, VirtualH₂O, on February 21, 2012 (8:00AM – 6:00PM ET).

VirtualH₂O combines virtual tradeshow exhibits and conference presenations to deliver attendees an innovative — and convenient — opportunity to network with and learn from leaders in the water and wastewater industries.

Conference Program:

VirtualH₂O offers attendees access to an expansive array of conference presenations addressing important topics in municipal drinking water, municipal wastewater, industrial water/wastewater, urban water management, and municipal water utility management.
Visitors who attend an entire presentation — even during the archive period — will receive a certificate of attendance, which can be used to apply for Professional Development Hours (PDH) with their respective state organizations.

Conference links: 

Conference Website

Registration

About the conference:

 The World Institute for Nuclear Security (WINS, Atomic Energy of Canada Limited (AECL), Bruce Power and Ontario Power Generation (OPG) are pleased to announce an International Best Practice Workshop on Security of Information Technology (IT) and Instrumentation and Control (IC) Systems.

This workshop will take place at the Delta Chelsea Hotel in Toronto, Ontario, Canada on the 27th -29th of February 2012.

Conference links: 

Conference Announcement

About the conference:

As an industry and as a nation, we must keep our sites secure and informed about the many changing threats to our critical infrastructure. The threats are diverse and increasing and could change the way refiners and petrochemical manufacturers operate. The conference presents current topics of critical importance to assist attendees in keeping themselves up to date on national critical infrastructure security issues—from terrorism to oil field crimes to DHS regulations and policies!

Don’t miss this great opportunity to meet with key government contacts, network with industry security experts and hear from national authorities on the terrorist threat the industry faces today.

Conference links: 

Conference Website

“You can’t attack, if you can’t communicate” is how Andrew Ginter sees it.

This is the concept of unidirectional gateways. There’s a security perimeter around your asset whatever it may be, a factory, a process, a data farm, whatever. Then there’s the outside world of threat, crime, and destruction.

Unidirectional gateways allow one-way communication only over the void where firewalls exist and where firewalls can fail. “Firewalls are only software,” said Ginter, director of industrial security at Waterfall Security Solutions. “Stuxnet could not have spread over the data diodes operating in a unidirectional gateway.”

The only communication to the outside world (the business network, for example) is data moving in one direction and that direction is out of the protected area. Moreover, that is data only, no code, no logic, no compromising intelligence.

Ginter talked about that topic and more during a Tuesday webinar entitled, “NERC Issues CAN-0024: Guidance for Unidirectional, Routable Communications” with Mark Simon, senior consultant with Encari a critical infrastructure protection-consulting firm, and Joel Langill, chief technology officer at SCADAhacker.

NERC has issued CAN-0024, which provides guidance to NERC-CIP auditors as to when unidirectional communications equipment or “data diodes” must come into consideration to facilitate “routable communications.”

NERC is the North American Electric Reliability Corporation. Its mission is to ensure the reliability of the North American bulk power system. CIP stands for critical infrastructure protection.

CAN is Compliance Application Notice and CAN-0024 is “Routable Protocols and Data Diode Devices.”

An increasing number of NERC entities are deploying unidirectional communications equipment, because such equipment provides stronger security to protected cyber assets than firewalls can provide.

“Unidirectional communications enable sandboxing,” Ginter said.

Sandboxing is creating confined execution environments. A sandbox limits, or reduces, the level of access its applications have. In effect, it is a container. Therefore, the scope of potential damage caused by a malicious entity within is minimal.

The CAN-0024 guidance makes it clear that some deployments use routable protocols, and other deployments do not. In some cases, this distinction influences which cyber assets are technically Critical Cyber Assets.

The best discussion of the security advantages of this technology and for helpful visuals and graphics, click here for Ginter’s white paper.

View the article

By Nicholas Sheble

ISS Source, January 25, 2012

With Internet security a rapidly growing business globally, Israeli firms are amongst most sought after • Waterfall Security Solutions employs hardware-based unidirectional fiber optic links to protect against attacks from external networks.

As the “cyberwar” widens, and nations’ critical infrastructures come under increasing attack, Internet security firms are increasingly filling the void of vital online security – a void created not only because the firms are far ahead of many government agencies, but also because of the rapid nature of the new form of warfare itself.

Hackers are known to spread their attacks across a wide field of targets, although it is important to distinguish between attacks against private companies’ Internet sites from those against the vital strategic infrastructures of nations. The latter include electricity grids, banks and financial institutions, water and transportation systems, as well as other systems in which disruption could seriously affect the daily lives of millions of people.

Internet security is a rapidly growing business across the globe, with firms in Israel among the most sought after for their innovation and success.

Israeli company Waterfall Security Solutions, for instance, provides a range of cyber security services for industrial networks and critical infrastructures and has patented a unique closed-system technology. The company took part in the 2012 Annual Cyber Security Convention on Monday in Petach Tikva, alongside a wide range of cyber security firms. The convention focused on highlighting tools, market trends, threats, continuous improvements in Israeli cyber security organizations, and foreseeable cyber security improvement trends. According to its website, Waterfall Security Solutions is a provider of “unidirectional security gateways and data diodes for process control systems, SCADA systems, remote monitoring and segregated networks, enabling secure and real-time data transfer, from critical networks to external/business networks.”

The company specializes in non-routable communication systems, a patent technology consisting of hardware-based unidirectional fiber optic links. The technology physically enforces unidirectional replication from the industrial network to the corporate network and segregates the industrial network, making any inbound data flow physically impossible. A country or company’s utilities’ critical assets are protected, the company says, against any cyber attacks, incoming viruses or human errors originating from external networks.

Waterfall says its products have been deployed in many critical national infrastructures, homeland security agencies and mission critical environments in the U.S., Canada, Europe, Asia and Israel.

Cyber security firms are divided into four groups: software developers, consultants who formulate the best practices and cyber security policies, programmers who integrate security systems into existing platforms, and firms which specialize in simulating cyber attacks (so-called “white-hat hackers”) to find breaches in the system and improve security.

On Monday, a consortium of cyber security firms met with managers of Israeli sites who had suffered attacks, as well as others who are potentially at risk, to assess their vulnerability and decide which cyber security tools to employ. Access to several Israeli sites from Arab countries has been blocked.

View the article

By Ilan Gattegno

Israel Hayom, January 17, 2012

About the conference:

The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Security Summit is an action conference designed so that every attendee leaves with new tools and techniques they can put to work immediately when they return to their office.

The Summit is the place to come and interact with top SCADA experts, key government personnel, researchers and asset owners at the multiple special networking events.

In addition to the Summit, you will be able to attend technical courses led by the top SCADA experts that will provide a deep dive into how to combat the Advanced Persistent Threat.

Conference links:

Conference Website

Registration