2022 Florida Public Power Cybersecurity Summit

Cancellation Policy
Cancellations and refund requests are subject to a 15% non-refundable administration fee and must be received by FMEA in writing by five (5) business days before scheduled start of event or meeting.

Because of hotel guarantee requirements, no registration refunds will be made after this date. No-shows will not be refunded. All registration and payment information is for FMEA use only and kept strictly confidential.

Cancellations must be made in writing, faxed or e-mailed to: Beth Morris, FMEA, PO Box 10114, Tallahassee, FL 32302-2214 • Fax 850-222-0358 • E-mail: bmorris@flpublicpower.com

$575

$65 (electricity will be supplied by the hotel to the exhibit table)

Agenda

Wednesday, November 2

8:00a - 5:00p      Registration desk open – Universal Center desk

9:00a - 4:00p      DOE/INL Cyber Strike Workshop (Preregistration required) – Sun & Surf. This workshop will provide hands-on practice using simulated demonstrations of cyber-attacks, including attacks based upon the real-life events in the Ukraine that opened breakers, turning off power to hundreds of thousands of people. Attendance is ideal for engineers, operators, and advanced IT/security professionals. Our preference is that utilities send a team of two (2) people, ideally one from Engineering & Operations and one from IT/Cybersecurity.

1:00 - 4:00p         Open Networking Session – Universal F. A casual meet and greet as attendees arrive.

4:00 - 6:30p         Energy Connections Trade Show – Universal Center Ballroom

Thursday, November 3

7:00 – 3:00          Registration desk open – Universal Center desk

7:30 - 8:30a         Continental Breakfast – Seminole D/E

8:00 - 8:10a         Welcome & Introduction – Seminole C

Jacob Williams, General Manager & CEO, FMPA

8:10 - 9:00a         Threat Briefing from ISAC, PNNL, and Cisco Talos. Joe Marshall, Senior Security Strategist - IoT, Cisco Talos, Elvin Ramirez, Senior Cyber Threat Intelligence Analyst, E-ISAC, and Bryce Kaspar, CRISP Lead Analyst, PNNL. Unclassified foreign and domestic threat briefing. Presentation.

9:00 - 9:30a         Funding from the IIJA, Cynthia Hsu, Cybersecurity Program Manager for Rural and Municipal Utilities, DOE CESER. Discussion will include DOE IIJA cybersecurity funding opportunities, what to expect and what kinds of opportunities are available – with an emphasis on BIL Section 40124, Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program. Presentation.

9:30 – 9:45          Cooperative Agreements, Richard Condello, Utility Cybersecurity Deployment Manager, APPA. 

10:00a – 4:45p   Three Concurrent Tracks

• IT Track– Seminole C
• OT Track – Seminole D
• Management Track – Seminole E

IT Track – Seminole C
10:00 - 10:45a    Unified IT-OT Risk Assessments, Bryson Bort, Founder & CEO, Scythe. Security is defined by the threat; resilience is the concrete result of your action (or inaction). And the threat is always changing. How do we understand and model the threat’s access and impact across our enterprise to give realistic, actionable insights? We will deconstruct real-world ICS incidents, case studies, and exercises to show the process and the results that work. Presentation.

10:45 - 11:00a    Networking Break

11:00 - 11:45a    Ransomware Trends, James McQuiggan, Security Awareness Advocate, KnowBe4. An entertaining and informative look at ransomware and how we are all dealing with it.

11:45 - 1:00p      Cyber Summit Lunch – Seminole C

1:00 - 1:45p         Network Visibility: IT vs. OT, Ben Callaway, Sales Director – Southeast, Nozomi. This presentation will cover network visibility and protocol comparisons between IT and OT networks, discuss the lessons learned in the IT space and the takeaways for the future of network monitoring in both IT and OT networks.

1:45 - 2:00p         Networking Break

2:00 - 2:45p         Transforming the Vulnerability Management Landscape, Iain Deason, Vulnerability Analyst, CISA, Brandon Tarr, Vulnerability Analyst, CISA. Learn of CISA's support to the modern vulnerability management ecosystem and what initiatives and resources exist to support US stakeholders in Critical Infrastructure. Presentation.

2:45 - 3:00p         Refreshment and Networking Break

3:00 - 3:45p         The Forest for the Trees: The National IT Threat Landscape, Randy Rose, Senior Director of Security Operations & Intel, MS-ISAC. MS-ISAC will present a view across the State, Local, Tribal, and Territorial (SLTT) landscape nationwide, describe trends in threats and incidents, and narrow down to regional and sector-specific observations. The presentation will be based on actual data collected by the MS-ISAC, members, and partners, and aim to provide practical recommendations to remain proactively protected. Presentation.

3:45 – 4:00          Networking Break

4:00 - 4:45p         IR Retainers: The Right People, Plan, Tools, David Foland, Global Cybersecurity Architect, Dell, Melissa Ressler, Cybersecurity IRR & Intake Solution Lead, Dell. To deliver the most effective incident response no matter the size of your company, walk through a real-world example from the beginning to the end to ensure the incident has been completed.    

OT Track – Seminole D

10:00 - 10:45a    CyOTE: Methodology for Cybersecurity in Operational Technology Environments, Samuel Farnan, Control Systems Cybersecurity Analyst, Idaho National Labs. Learn how The Department of Energy is working with energy sector asset owners and operators (AOOs), partners, and INL to develop capabilities for AOOs to independently identify adversarial tactics, techniques, and procedures (TTPs) within their operational technology (OT) environments. CyOTETM seeks to tie anomalies in operations to the TTPs that indicate a cyber-attack. By stringing together multiple techniques in the OT environment, AOOs can identify attack campaigns earlier, with more certainty, and with ever-decreasing impacts.

10:45 - 11:00a    Networking Break

11:00 - 11:45a    Architecting for Detection: Detecting an Adversary Moving from IT to OT, Jake Williams, Executive Director of Cyber Threat Intelligence, Scythe. Best practices dictate that OT assets should not be directly connected to the Internet. While some remote access gateways exist, that's not the focus of this talk. We know that in many intrusions involving OT, threat actors first compromise the IT environment and then move laterally into the OT environment. While preventing this movement is important, detection is perhaps even more critical. In this session, we'll discuss methods for detecting the movement from IT to OT: an activity that starts with architecture to ensure you have the right telemetry.

11:45 - 1:00p      Cyber Summit Lunch – Seminole C

1:00 - 1:45p         Purple Teaming: Ocala, FL and DHS, Andrew Clay, ICS Community Engagement, CISA; Mark Bristow, Director of Cyber Infrastructure Protection Innovation Center, MITRE; Chris Ramos, Assistant Director of Cyber and Physical Security, Dorian Hernandez, IT/OT Network Systems Engineer - Water, Kenneth Szczerba, Senior Network Systems Engineer - Electric, City of Ocala. A review of a simulated engagement with the City of Ocala, Florida which found the use of CELR beneficial for them and the information security needs. Discussion will include: Hunting Adversary Behavior in an OT Environment w/o the Risk, How Owner/Operators can get Threat Hunting Experience in an OT Environment, OT Environment Threat Hunting Experience for Owner/Operators. Presentation.

1:45 - 2:00p         Networking Break

2:00 - 2:45p         Assessing the Balance Between Visibility and Confidentiality, Joe Slowik, Detection Engineering & Threat Intel Lead, Gigamon. In this presentation, we will explore the issues surrounding communications security in control system networks to gain a greater understanding of the costs and benefits of various potential asset owner responses to this problem. In doing so, we will review adversary tradecraft examples to see just what risks are either mitigated or accepted by different choices, and how the security posture of a control system network would be impacted. Ultimately a balance between visibility and confidentiality must be sought, in exploring this topic we will identify critical issues in the design and implementation of control system networks, including addressing issues such as increased remote location control and cloud infrastructure incorporation. Presentation.

2:45 - 3:00p         Refreshment and Networking Break

3:00 - 3:45p         South Staffordshire Hack: Objective Look at the Evidence, Ron Fabela, Co-Founder and CTO, SynSaber. This summer South Staffordshire Water was the victim of a Cl0p gang attack with 5 TB of data eventually being released on the dark web. Additionally they were also the victim of internet/media expert analysis that the SCADA system was accessible based on 2 screenshots provided from the attackers. In this debrief we'll review: Validating claims based on evidence: an overview of the dark web, data breaches, and ethical ways to independently validate claims; a review of the entire data set and efficient analysis techniques; making sense of the data, implications for access, and what assumptions can be made with breach data. Presentation.

3:45 - 4:00p         Networking Break

4:00 - 4:45p         Ensuring Operational Resiliency in a Contested World, Mark Bistow, Director, Cyber Infrastructure Protection Innovation Center, MITRE. Operating a safe and reliable system has become increasingly complex in the last 10 years.  Gone are the days where logical isolation and security by obscurity could be relied on to ensure safety from cyber threats.  Today’s asset owners and operators need new methods tools to meet these challenges while maintain the high standards of reliability that the public and the economy have come to rely on.  This presentation will cover how the landscape has changed over the past 10 years and discuss some ways that owners and operators can engineer resiliency solutions to prioritize activities and reduce these risks. Presentation.

Management Track – Seminole E

10:00 - 10:45a    SANS 418/456, Jason Christopher, SANS Certified Instructor, Dragos. Join SANS ICS418 course author Jason Christopher as they walk through the course essential topics on ICS Security for managers, why this course, why now, and how managers with ICS security responsibilities will benefit. Presentation.

10:45 - 11:00a    Networking Break

11:00 - 11:45a    Measuring Risk in Your Cybersecurity Program, Phil Susmann, CEO, NUARI. This Board of Directors/Senior Management-focused session addresses how to measure risk in your cybersecurity program. Includes a discussion on current threat and risk environment in a non-technical way followed by questions you should be asking your organizational leadership. Presentation.

11:45 - 1:00p      Cyber Summit Lunch – Seminole C

1:00 - 1:45p        Cyber Risk and Insurance: A community risk that requires a community solution, Jose Seara, CEO, DeNexus; Jason Christopher, SANS Certified Instructor, Dragos. Over the past few decades, the insurance market has attempted to quantify and manage cyber risk, but often misses the mark. Whether it be due to IT-centric policies, gaps in coverage, or generally not knowing the magnitude of the risk itself. This problem, however, impacts everyone. Insurance, credit ratings, and other financial drivers are critical to municipal strategies to fund public projects, including digital transformation. As such, the community needs to address OT cyber risk with a clear understanding of how to measure, prioritize, and address specific elements of the risk equation-- as well as understand how traditional risk management tools, like insurance, come into play. Presentation.

1:45 - 2:00p         Networking Break

2:00 - 2:45p         5 Things to Increase Security Culture, James McQuiggan, Security Awareness Advocate, KnowBe4. This session will address ways to take your security awareness program from boring and bland to engaging, innovative and work towards having a robust security culture working to protect your organization. Presentation.

2:45 - 3:00p         Refreshment and Networking Break

3:00 - 3:45p         Understanding Service Offerings: MS-ISAC, E-ISAC & CISA, Marty Smith, Senior Director of Security Operations and Intel, Yolanda Williams, Cybersecurity State Coordinator, CISA, Eugene Kipniss, Director of Strategic Enablement, CISA, Elvin Ramirez, Senior Cyber Threat Intelligence Analyst, E-ISAC. This panel will review services or resources offered by MS-ISAC, E-ISAC and CISA.  Come learn who and what you need to know to take advantage of these offerings at your utility. Presentation.

3:45 - 4:00p         Networking Break

4:00 - 4:45p         Risk and Maturity in an Increasingly Fractured OT World, Bill Lawrence, CISO, SecurityGate.IO. A discussion on how to help overworked and underpaid security teams. Presentation.