Industrial Automation Security Belgium 2015, Initiative of Egemin, Phoenix Contact, Siemens and LSEC 

IAS was established for companies that are involved in industrial- based process automation and control. Due to the constant evolution of control processes and automation systems, as well as their underlying platforms on which they operate, each day new possibilities are discovered that could pose serious security risks to those systems. IAS aims to inform them about the necessity to secure their systems, and to provide them with best practices and practical and actionable guidelines.

The possibilities offered to manage the systems easier and better, by evolving into modern capabilities ,by equipping them with new functionalities or by having multiple systems interconnect and work together, poses new challenges in terms of security. Legacy systems , or underlying IT systems already no longer be maintained for a long period of time can be a major threat . Only fully insulated systems can probably continue to exist , but they also will be subjected to external administration or changes eventually. The further automation within the sector (smart factories, internet of things, industrial internet,...) has lead to an increase of targeted attacks on industrial systems. For the proper functioning of the business, and to ensure the continuity of the activities it is important to evaluate the potential risks, assess them against your systems, and take proper counter measures.

IAS will present various models, methods, solutions and security best practices that can be used. This year's edition will include a special attention to the Industrial Internet and the Internet of Things, their impact on Industrial Automation, opportunities that it brings and risks that must be mitigated.

Security for information in production it demands a specific approach and support by domain specialists. U will be able to meet them on May 28th in De Hoorn in Leuven. 

Program

12:00   Welcome with Sandwich Lunch
13:00   Introduction, program of the day, major developments and evolutions

Ulrich Seldeslachts, CEO LSEC - Leaders in Security

About 3IF
Introducing 3IF : Manufacturers today are facing big challenges ahead: High labor costs and the emergence of regions outside Europe has put revenue and market share under pressure. The introduction of new technologies has affected customer expectations in the area of time-to-market, performance of products and production, mass - customization and the evolution to co-creation. Also, the continuous automation of the industry has introduced new challenges with regards to industrial espionage, sabotage, fraud, cyber security and even privacy. Through innovation to (safe and reliable) industrial internet, the sector can convert this revenue loss in growth. Industrial Internet will increase productivity and efficiency in the production process and improve the entire chain drastically. Processes will govern themselves, with intelligent machines that take corrective action to avoid unplanned downtime of machinery. Each mobile device indicates the status of any digital components within the production environment, providing employees mobile access to real-time information ... Sensors track the location of employees at the plant in case of emergency ... the possibilities seem endless…..Manufacturers in multiple industry sectors must start to innovate and make the transition in order to remain competetive. As will technology companies active in Industrial automation; and IT Security companies that are increasingly confronted with the challenges of protecting industrial control systems, production systems and production networks

13:25  Keynote 1 : Protecting industrial networks and connected devices, Dr.-Ing. Lutz Jänicke, CTO, Innominate Security Technologies (Germany) 

About Dr. Lutz
Dr. Lutz Jänicke joined Innominate in February 2002 and leads Innominate's development efforts. He brings over 25 years of experience in electrical engineering and in the design and implementation of large software projects to the Innominate team. He is a recognized expert in security technologies and has been involved in many OpenSource projects. He developed the Postfix/TLS encrypted mail transport protocol (RFC 2487), among others. He is also a member of the "OpenSSL" development team. Lutz Jänicke is active on various committees overseeing IT security for automation applications. He is head of the "Security in Networked Systems" commission of the "Industrie 4.0" platform.

14u15 Keynote  : Critical Infrastructure Network & Information Security Obligations, the way to go for Production & Automation
companies? – ENISA, Steve Purser (tbc)

About Steve Purser

Steve Purser was born in the UK and attended the universities of Bristol and East Anglia where he obtained a BSc. in Chemistry and a PhD in Chemical Physics respectively. He started work in 1985 in the area of software development, subsequently progressing to project management and consultancy roles. From 1993 to 2008, he occupied the role of Information Security Manager for a number of companies in the financial sector. He joined ENISA in December 2008 as Head of the Technical Department and is currently responsible for all operational activities of ENISA. Steve is currently a member of several Steering Boards and Advisory Committees, including notably the Steering Board of the CERT EU and the Programme Board of the EU Cyber Crime Centre. In the area of standards, he is the ENISA representative on the ISO SC 27 working group. As Head of the Core Operations Department, he regularly represents ENISA in international conferences on information security.  He was a co-founder of the 'Club de Securité des Systèmes Informatiques au Luxembourg' (CLUSSIL) and has frequently published articles in the specialised press. He is also the author of 'A Practical Guide to Managing Information Security' (Artech House, 2004).

15:00   Coffee break

15:30   First Results of VERBOTEN, Supporting industry developing, installing and maintaining secure industrial networks - Jan Vossaert, Postdoctoral Researcher at KU Leuven

About Jan Vossaert

Jan Vossaert is working as a postdoc researcher in the MSEC research group. His expertise is in the domain of trusted computing solutions to increase the security of advanced mobile applications and embedded systems. He manages a IWT TeTra project that supports industrial players with the development, installation and maintenance of secure industrial networks. Four research groups are involved in the project and the user group consists of providers as well as users and integrators of ICS equipment. In his presentation, he will give a more detailed overview of the project and how it aims to combine expertise from different partners to facilitate securing industrial networks in the Flemish industrial sector

16:00   Dieter Sarrazyn, Experiences from Industry Control Security in the Field, Managing Consultant and ICS security solutions specialist at Toreon

Most people know by now that industrial control system security is not as good as IT security. The top 10 of most observed security weaknesses and excuses is a proof for this situation. Nevertheless, ICS environments can be secured but needs a pragmatic approach which is tailored to the environment (taking into account assessments, pentests, "things that worked" ...). In this session Dieter Sarrazyn who has worked in both areas will outline how he has used this approach help in assessing and securing ICS environments.

About Dieter

About Dieter: Dieter has built his career in industrial environments and has gained excellent knowledge on strategic, tactical and operational level regarding security related subjects. He has worked extensively on the security within the industrial control system area including more than 6 years in a large electricity generation company. Within Toreon, he is the assessments team leader as well as the driver for the ICS security solutions Toreon offers. His main focus exists in performing penetration tests (as well external as internal), performing security audits, creating and evaluating security architectures, teaching Hacking Inside Out™, creating and setting up vulnerability management frameworks & tools. 

He deploys this expertise primarily in an Operational Technology (OT) environment, performing SCADA security assessments and securing SCADA environments. These activities are always part of a larger programme, aimed at reducing business risks. He has extensive knowledge concerning penetration testing, social engineering, infrastructure security and has the following certifications: CISSP, GCIH, GSEC, GXPN, GCIH, GSNA, CIRM and Scada Security Architect. He is also SANS Local Mentor and SANS Community Teacher

16:15   Factories of the Future, Factory of the Future - Walter Auwers, Program Manager Smart Production & Factory of the Future, SIRRIS

What does it take to become ready for the future. What are the challenges ahead and how to cope with them. The Factories of the Future program, fed by Madedifferent indicates that a process is required to ensure the transition. But next to technology there are a number of other things to do. 

About Walter

About Walter : Walter Auwers is active within the domain of Advanced Manufacturing. He is responsible for the World Class Production Technologies and Factories of the Future programmes. While the former is mainly focused on high precision, the latter includes flexible automation systems en digital support during production.
Through these programmes Walter supports Made Different, an initiative by Sirris and Agoria to transform manufacturing companies into Factories of the Future. He helps these enterprises defining and realising technology and production roadmaps.

16:30    Use case Oleon: Safeguarding the availability of your plant, now and for the future – Ing. Yves Vandorpe MSc, Technology Manager Industrial Communications, Siemens

About Yves:

Yves beschikt over een ruime ervaring op vlak van industriële communicatie. Als technical consultant bij Siemens NV (1999-2004) leerde hij er de "bits & bytes" van de verschillende industriële netwerken zoals PROFIBUS en Industrieel Ethernet en later ook aangevuld met PROFINET. Yves Vandorpe, Technology Manager, is sinds 14 jaar werkzaam bij Siemens NV. Hij behaalde zijn  master diploma aan de hogeschool West-Vlaanderen (1999) en voltooide zijn Postgraduaat Industrieel Ondernemingsbeleid bij EHSAL (2008). In 2004 nam hij met de lancering van PROFINET op de Belgische markt de functie van Promotor op zich en zorgde voor een ruime verspreiding van de PROFINET-technologie en de vele nieuwe mogelijkheden die PROFINET biedt. Sinds 2005 specialiseerde hij zich op de implementatie van draadloze systemen binnen  industriële toepassingen, zoals AGV- en kraansturingen. Door de sterke toename van Ethernet in industriële applicaties vormt vandaag ook de beveiliging van deze industriële netwerken een bijkomende verantwoordelijkheid. Vandaag neemt hij als Technology Manager de verantwoordelijkheid bij Siemens over de ruime wereld van industriële communicatie in al zijn facetten.

17:00   Q&A

17:30   Networking dinner