• Sist søkt
  1. Home
  2. Cyber Security Seminar 8 april

Cyber Security Seminar 8 april

From initial risk assessment to approved system according to ISO 27001 and IEC 62443
REGISTER HERE
futuristisk digital sort hull
Digital handshake

What to expect

Explore what efforts are necessary to start with IEC62443 compliance for a system. During this seminar, we will go through a "journey" of IEC62443 and its requirements for assessments. A typical electrical cabin (solution) with a few components (HMI, PLC, SWITCH, ROUTER) will be assessed and all participants will go through the process. 

The main part of the seminar will provide a systematic walkthrough of the efforts necessary to establish IEC 62443 compliance for a system including required assessments. A typical electrical system solution with a few basic components (HMI, PLC, SWITCH, ROUTER) will be used assessed for the participants to follow the various steps of the process hands on.

When:

April 8th, Tuesday.

Location:

Phoenix Contact AS, Strømsveien 344 Oslo.

Cost:

1800 NOK

Time:

April 8th
08:00 - 08:30 Registration
08:30 - 15:30 Seminar including lunch

Agenda

08:30 - 13:30:

How to start assessing and prepare for a secure system (according to IEC 62443-3-3) by John Paul Morgan, IEC62443 certified cyber security specialist. Details of the presentation at the end of the program. – John Paul Morgan

11:00 - 11:45

Lunch

13:45 - 14:30

Presentation of the L2 and L3 switches for IEC 61850 energy segment highlighting their cyber security related capabilities. - John Paul Morgan

Best practice recommendations for remote access.
Common solutions for remote access

• High-level risk assessment

• The key requirements from IEC62443

• Practical challenges and considerations

• Recommendations for best practice
– Jiunn-Jer Sun, Network & Cybersecurity Specialist, Nordic Hub

14:30 - 15:30

Compliance to CRA and NIS2 for products and solutions. – Lutz Jänicke

planning

Details for “How to start assessing and prepare for a secure system (according to IEC 62443-3-3)

Required tools:

  • Laptop, MS WORD, MS EXCEL, MS VISIO

Topics which will be presented for the participants to explore hands on during the seminar:

  • Creating an asset inventory
  • Creating a system design
  • Using a vulnerability management system to discover threats
  • Performing a risk assessment for a threat scenario
  • Risk treatment scenario to ensure a higher security level

The goal would be to assess the system as a whole and how to get started:

Detailed overview

Initial phase (before identifying):

Is there a current security program in place what the system must minimally meet?

  • Are there any requirements for using scanning tools?

Identification phase:

  • Inventory of the system (physical inspection + active/passive scan)

  • Creating an asset inventory from scratch (usable as template)

  • Communication flow: displaying in X, Y which protocols are being used between each asset.

  • Users and roles that are throughout available in the system.

  • Introduction to potential tools for advanced asset inventory

System design

  • Understand how each asset is connected.

  • Displaying sufficient parameters to understand the network design

  • Show how the inventory that is created can be connected to a system designed in VISIO

Vulnerability assessment

  • Deploying a quick vulnerability assessment showcasing which detected vulnerabilities are in place.

Risk assessment.

  • Understand the need for assessing risks.

  • Starting with a risk-tolerance point of view (what is low, medium, high) and how this is different per system.

  • Do a short risk assessment with the system under consideration.

Review of mitigations (results from the risk assessment)

  • Create a RADIUS database for central user management for example.

  • Put up a Network Monitoring System for central SNMP monitoring for example.

  • Implement an Intrusion Detection System for anomaly detection for example.

  • Set up an authentication server for dot1x authentication for example.

Review of the system design (potentially)

  • Implementation/Integration phase

  • Go through a limited document for FAT and SAT phase with some questions.

  • Integration manual, specifying with Security Level has been achieved. Showing the Security level for the system on each foundational requirement.

  • Explaining how these levels can be mapped to ISO 27001 and achieving a security capability level according to IEC 62443-3-3.

Presenters

John Paul Morgan

John Paul Morgan OT Network Engineer (Critical Infrastructure)

We are pleased to introduce John Paul Morgan, one of Phoenix Contacts OT network engineers specialized on cyber security and critical infrastructure at Phoenix Contact. With extensive hands-on experience in cybersecurity for operational technology (OT) systems, John Paul is an IEC 62443 certified cybersecurity specialist. His expertise spans across network security, risk assessment, and compliance with international standards such as ISO 27001 and IEC 62443. John Paul do also bring with him a personal dedication and enthusiasm for his work, making his presentations both insightful and inspiring.

John Paul has been instrumental in guiding organizations through the complexities of securing industrial control systems (ICS) and ensuring robust protection against cyber threats. His deep understanding of both IT and OT environments makes him a valuable resource for anyone looking to enhance their cybersecurity posture.

Dr. -Ing. Lutz Jänicke

Dr. -Ing. Lutz Jänicke Corporate Product & Solution Security Officer PHOENIX CONTACT GmbH & Co. KG

Dr.-Ing. Lutz Jänicke Corporate Product & Solution Security Officer

Dr. Jänicke is a recognized expert in security technologies. In 2002, he joined Innominate Security Technologies AG (now Phoenix Contact Cyber Security GmbH), a competence center for industrial cyber security, where, as CTO, he was responsible for development for both HW and SW for the mGuard industrial firewall ecosystem. Since 2016, Dr. Jänicke has been the Corporate Product & Solution Security Officer with overall responsibility for the cyber security of products and solutions at Phoenix Contact.

He is active in various committees and bodies that deal with OT security for automation applications, including being deputy chairman of DKE UK 931.1 «IT Security in Automation Technology», the German committee for IEC 62443.

Jiunn-Jer Sun

Presenter: Jiunn-Jer Sun Network & Cybersecurity Specialist, Nordic Hub

Having More than 15 years of career in industrial networking and is TUV fundamentals of cybersecurity training certified. He is also a highly-commended speaker who makes technical talks well-organized and easy to understand.