„OT for IT“ Workshop Zürich

„OT for IT“ Workshop Zürich

To ensure cyber security for manufacturing there is a joint effort between IT and OT required. Sounds straight forward – but causes still some issues. Of course, very often a lot of security services are already deployed and all should be OK for now. But is it?

IT are providing security services to the OT colleagues – and are wondering sometimes how the OT environment behaves – still using legacy OS. So very often, these legacy OS machines are showing up in IT lists to be mitigated as soon as possible – to upgrade them to newer OS versions. OT is wondering – because no one typically asks for legacy PLCs which is a similar problem for them. But writing OT – Operational Technology – it seems obvious – but is it really properly defined in the company. What is OT and what is not OT?

The vendor independent workshop provides methods to define OT to make it totally clear – what is OT – and what is not. This definition will then provide an overview about the OT environment in an enterprise. Knowing the OT environment – then IT and OT know what must be protected. Very often – the front door gets more additional locks – but maybe the backdoor is wide open. The workshop is developed by an engineer – being in discussions with the IT colleagues for more than 10 years – and being able to translate IT to OT and OT to IT.

The workshop is explaining typical OT system types – allowing IT to get a better insight into manufacturing, into the OT-world. The workshop will show that it is very important to align on terminology – what is a system, what is an application?. Having a common terminology – then the workshop will provide details allowing IT to understand the „OT-needs“ better to mitigate cyber risk. But what is a risk? Is it to protect the „IT Environment from the OT environment“ or vice versa? When defining risk – what about risk assessments – why does OT sometimes even not understand the „risk“. The workshop will provide information about differences between IT and OT – beyond AIC or CIA, which governance for OT to follow and many other comparisons, sometimes technical, sometimes visually and in the beginning tasty.

Delegates will learn and understand:

  • Proper definition of OT, OT security objectives compared to IT security objectives
  • Definition of risks in the OT environment – different kind of risk assessments to be done
  • Changing the term from „risks“ to „protection levels“ – beneficial?
  • How to evaluate and define a cyber security strategy for OT?
  • What are threats? Definition of sub levels for a common language to allow easy analysis.
  • Overview of Standards in OT (IEC 62443) – translated into IT language – or is the standard already IT language and must be translated for OT?

Takeaways

After attending the workshop you will:

  • Have a understanding about differences between IT and OT, better insight into OT
  • Know what are the challenges in OT and how IT can provide tailored support to OT- serving the business goals
  • Know how a governance for OT can be defined
  • Know how to use aligned terminology to access threats

Who should attend?:

  • IT people facing „discussions“ with the OT people about cyber security
  • IT people who want to have a more insight into the OT environment

 

Workshop details:

Presentations are in English, Workshop language is either German or English – depending on attendees.

 

Agenda:

08:30 : 09:00              Welcome, Registration

09:00 : 09:30              Expectations, „Must haves“

09:30 : 11:30              Definitions, Terminology around OT

11:30 : 12:15              Threats, risk, risk assessments, security services part I

Lunchbreak

13:00 – 15:00              Threats risk, risk assessments, security services part II

15:00 – 17:00              Governance for OT, Standards in the OT environment.

17:00 – 17:30              Conclusions, Q&A

 

 

Location

Hotel Hilton Zürich Airport, Hohenbuehlstrasse 10, 8152 Opfikon

Participation Fee

Non ISSS-Members CHF 950.00 (excl. 7.7 % VAT)

ISSS Members CHF 850.00 (excl. 7.7 % VAT)

The price includes the workshop, coffee breakes, lunch

Terms & Conditions

  • Cancellations between the 30th calendar day and the 7th calendar day before the start of the event: 50% of the costs
  • Cancellations 1 to 7 calendar days before the start of the event or in case of no-show, the full costs are to be paid
  • The above mentioned costs are waived if a substitute person participates
  • The written cancellation becomes legally valid only after ISSS has confirmed it in writing
  • If the date of the event is postponed, the same conditions listed above apply

Referenten

Thomas Sturm

I’m a Senior Technical Expert with a strong background in automation in the pharmaceuticals and chemical industry. I have a strong experience with Process Control Systems (Emerson DeltaV), PLCs, Computer System Validation (CSV), SCADA, Data Integrity, Serialization.
I’m passionate about OT Security – coming from a solid „hands-on“ automation background I‘m being able to translate IT-Security controls to the OT environment. I have demonstrated project panagement skills as discipline lead or project lead in several projects.

Information Security
Society Switzerland (ISSS)
Zentweg 13
3006 Bern
info(at)isss.ch
+41 31 311 53 00
Nach oben