Operational Technology Cybersecurity Expert Panel Forum 2024
About OTCEP Forum | What To Expect | Programme | OTCEP Members
The establishment of an Operational Technology Cybersecurity Expert Panel (OTCEP) was first announced at the Singapore International Cyber Week 2020. The OTCEP forum augments efforts under the OT Cybersecurity Masterplan which was developed to enhance the security and resilience of Singapore’s critical sectors, improve cross-sector response to mitigate cyber threats in the OT environment and strengthen partnerships with stakeholders.
Cyber threats to OT, especially Industrial Control Systems (ICS), are increasing in frequency and sophistication. It is therefore imperative to strengthen local cybersecurity capabilities and competencies in the OT sector.
The OTCEP forum will allow Singapore’s OT cybersecurity practitioners, operators, Industry, researchers, and policy makers from the Government, Critical Information Infrastructure (CII) sectors, academia and other OT industries to engage internationally renowned experts. Drawing from appointed members’ respective experience in OT domains in engineering, operations and governance, the OTCEP forum will discuss key global OT technologies, emerging cyber threats, share insights from their experience in handling global cybersecurity incidents, and recommend practices to address cybersecurity challenges and gaps for the OT sector.
| 20 August (Day 1) ㅤㅤ |
|
| 21 August (Day 2) |
|
| The program is tentative and may be subject to changes. The programme will be updated progressively. | |
Programme
Day 1 – 20 August
Day 2 – 21 August
The program is tentative and may be subject to changes. The programme will be updated progressively.
Robert is a recognised authority in the industrial cybersecurity community. He is CEO and co-founder of Dragos, a global technology leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments.
In addition, Robert serves on the Department of Energy's Electricity Advisory Committee as the Vice Chair of the Department of Energy's Grid Resilience for National Security Subcommittee, and is a member of the World Economic Forum's subcommittees on Cyber Resilience for the Oil & Gas and Electricity communities.
Robert is routinely sought after for advice and input on cybersecurity for industrial infrastructure and is regularly asked to brief national leaders. He testified to the U.S. House of Representatives Committee on Energy and Commerce--Subcommittee on Oversight and Investigations, and to the U.S. Senate Energy and Natural Resources Committee, to advise on policy issues related to critical infrastructure cyber threats. He is a member on the Reserve Forces Policy Board, Office of the Secretary of Defense; and also serves on the board of the National Cryptologic Foundation. He has also presented at the World Economic Forum Annual Meeting in Davos, and industry leading conferences such as RSA, SANS, BlackHat, and DefCon on the topic of industrial cybersecurity and threats.
Robert began his pioneering work in ICS/OT cybersecurity as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency, where he built a first-of-its-kind mission identifying and analysing national threats to industrial infrastructure. He went on to build the industrial community's first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognised cyber threat intelligence course (FOR578).
SC Media named Robert the Security Executive of the Year for 2022. A business leader but also technical practitioner, he helped lead the investigation into the 2015 attack on Ukraine's power grid, the first time an electric system was taken down due to a cyberattack. With his team at Dragos he has been involved in the most significant cyberattacks on industrial infrastructure, including the investigation and analysis of the 2016 attack on Ukraine’s electric system, the 2017 TRISIS attack on a Saudi Arabian petrochemical facility in the first attempt to try to kill people through malicious software, and the 2021 Colonial Pipeline ransomware attack. In 2022, his team at Dragos uncovered PIPEDREAM, a highly flexible framework to attack industrial infrastructure globally. Robert’s work has been featured in the book Sandworm and on 60 Minutes.
For over 20 years, Dale Peterson has been on the leading edge helping security conscious asset owners effectively and efficiently manage risk to their critical assets.
He has pioneered numerous ICS security tools and techniques. In 2007, he created S4 Events to showcase the best offensive and defensive work in ICS security and build a community. S4 is now the largest and most advanced ICS event in the world.
Sarah Fluchs is the CTO of admeritia, which specialises in security consulting for the process industry, manufacturing, and critical infrastructures. Prior to her current role, Sarah has developed cybersecurity guidance for the water sector at the German Federal Office for Information Security (BSI).
A process and automation engineer herself, Sarah works on creating security engineering methods that help engineers make informed, conscious security decisions they can truly stand behind – and communicate convincingly.
Sarah has created the Top 20 Secure PLC Coding practices with Dale Peterson, Jake Brodsky and Vivek Ponnada, led a government-funded research project on security by design for ICS, and is the ISA Co-Convenor for revising the ISA/IEC 62443-3-2 standard. As of 2024, she succeeds Joe Weiss as a Co-Managing Director for ISA99.
Marco Ayala has over 27 years of experience where he designed, implemented, and maintained process instrumentation, automation systems, safety systems, and process control networks. In his role with large global manufacturing company, he is responsible for applications globally that are specific to plant site operations and corporate governance.
With around two decades focused specifically on industrial cybersecurity, he has led efforts to secure the oil and gas (all streams), maritime port, offshore facilities, and chemical sectors, supporting federal, local, and state entities for securing the private sector.
Marco is highly active in International Society of Automation and is a longtime member. He is a 22-year Senior Member and a certified cyber instructor for ISA (62443) with volunteering commitments and contributor to the AMSC Gulf of Mexico (GOM) cybersecurity committee in a sworn in role to the USCG as Chair of Threat Intelligence and Cybersecurity for the outer continental shelf (OCS).
InfraGard member since 2014, and currently serving as the President for the Houston Members Alliance.
Zachary (Zach) Tudor is the associate laboratory director of Idaho National Laboratory’s National and Homeland Security Science and Technology directorate, a major U.S. center for national security technology development and demonstration, employing some 800 scientists and engineers across over $550 million in programs for the Department of Defense (DOD), Department of Homeland Security (DHS) and the intelligence community. He is responsible for INL’s Nuclear Nonproliferation, Critical Infrastructure Protection and Defense Systems missions.
Previously, Tudor served as a program director in the Computer Science Laboratory at SRI International, where he supported cybersecurity and critical infrastructure programs, such as DHS Cyber Security Division’s Linking the Oil and Gas Industry to Improve Cybersecurity consortium and the Industrial Control System Joint Working Group R&D working group. He is the former board of directors chair of the International Information Systems Security Certification Consortium (ISC2).
He is a professor of practice in the computer science departments of the University of Idaho and Idaho State University and a member of Virginia’s Commonwealth Cyber Initiative advisory board. A retired U.S. Navy submarine electronics limited duty officer and chief data systems technician, Tudor holds an M.S. in information systems, with a concentration in cybersecurity, from George Mason University, where he was also an adjunct professor teaching graduate courses in information security.
Eric Byres is an expert and visionary in the field of SCADA/ICS and IIoT security. Experienced in controls engineering, cyber security research and corporate management, he offers a unique blend of deep technical knowledge and practical business experience.
Eric is best known for inventing and successfully commercialising the Tofino Firewall, the world’s most widely deployed ICS security appliance. Tofino technology has received numerous industry awards and is licensed by industry giants such as Honeywell, Schneider Electric and Caterpillar. Eric was also the inventor of GE’s Achilles Security Platform and was the founder of two successful consultancies in the industrial field.
Before starting Tofino Security, Eric founded the British Columbia Institute of Technology’s Critical Infrastructure Security Center. He shaped it into one of North America’s leading academic facilities in the field of ICS security, culminating in a SANS Institute Security Leadership Award in 2006.
Eric is also widely respected for his leadership in international standards for industrial environments. This included chairing the ISA99 Security Technologies Working Group (2004 to 2011). He also served as the chair of ISA99 Task Group 2, conducting an analysis of ISA/IEC-62443 standards with respect to Stuxnet.
Eric’s achievements include testifying to the US Congress and receiving awards from numerous international organisations, such as the “IEEE Outstanding Industry Applications Article Prize” in 2000 and the “ISA Donald P. Eckman Education Award” in 2004. Eric was made an ISA fellow in 2009 and given the ISA’s highest honour, “ISA Excellence in Leadership”, in 2013.
Today Eric is the President of aDolus Technology Inc, a cybersecurity research and development company focusing on improving the security of the software supply chain for OT. He is member of the NTIA SBOM Awareness & Adoption Committee and has authored numerous articles of Software Bill of Materials. Eric is also the Senior Partner at ICS Secure, advising investors and IT companies entering the ICS and “Internet of Things” security markets.
Dr Lim Woo Lip is currently the Chief Technology Officer (Cyber) of ST Engineering, overseeing the research and advanced solution development in cybersecurity. Woo Lip is also a member of the Board of Governors and Chairman of the School of Infocomm Advisory Committee at Republic Polytechnic (RP). He is also the Joseph K. TWANMOH Chair Professor at Soochow University, Taiwan, and he chairs the Advisory Committee of Soochow University’s Cyber Security Centre of Excellence. Woo Lip is also a member of the Coordinating Committee for Cybersecurity in Singapore.
Prior to joining ST Engineering, Woo Lip was the Executive Vice President (Technology and Capability) of Ensign Infosecurity and the Vice President Data Analytics and Cyber Security of StarHub from 2013 to 2020. During this period, he helped StarHub to build up the big data analytics capability and establish StarHub’s Cyber Security Centre of Excellence (CS-COE) that was subsequently merged with two other entities to form Ensign Infosecurity in Oct 2018. Woo Lip also worked in the Ministry of Defence (MINDEF), Centre for Strategic Infocomm Technologies (CSIT) and the Singapore Armed Forces (SAF) on technologies related to national security for 25 years before joining StarHub.
Woo Lip is also a technical reviewer for various professional journals and conferences. He was also a member of Cybersecurity Advisory Group (CAG) to Minister-in-Charge of Cybersecurity in Singapore from 2019 to 2022. Woo Lip was conferred the Singapore Computer Society IT Leader Professional of The Year Award in 2017 and the Leader Award at the Inaugural Cyber Security Awards in 2018 by the Association of Information Security Professionals.
Saltanat Mashirova is an Advanced Cyber Security Architect at the Honeywell Center of Excellence. She has extensive on-site OT Cybersecurity experience, primarily in the energy sector, and now focuses on cyber security risk assessment for hazardous operations, ISA 62443 compliance, cybersecurity vulnerability assessment, project engineering, governance, training, and leading global projects.
Dr. Terence Liu leads TXOne Networks, a cybersecurity company focusing on protecting OT and ICS with unique OT Zero Trust approach throughout the lifecycle of Cyber-Physical Systems. TXOne has thousands of satisfied enterprise customers in a variety of verticals such like Automotive, Semiconductor, Pharmaceutical, Aviation, and Critical Infrastructures.
Before current position, Terence was Trend Micro’s Corporate Vice President and led its Network Threat Defense Group. He focused on new-generation telecommunication technologies like Software Defined Network (SDN) and Network Function Virtualisation (NFV).
Prior to Trend Micro, Terence was the CEO of Broadweb. He defined and created its DPI licensing business, and had provide the technology to many networking and cybersecurity vendors in the world. BroadWeb was finally acquired by Trend Micro in October 2013.
Terence earned the PhD and M.S. degree in Computer Science from National Tsing-Hua University, and holds several patents and IEEE/ACM publications.
Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing. He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).
Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences. His current courses at SANS and Black Hat are among the world's most attended ICS cybersecurity courses. Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.
Justin leads prominent open-source projects, including The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), and Samurai Security Testing Framework for Utilities (SamuraiSTFU). He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP).
