OT cybersecurity is more than compliance, and requires more nuanced understanding of unique operating systems than traditional business technology environments. We should explore how to grow and professionalize the approach to cybersecurity that is led by operators and supported by sound cyber operational expertise.
Keynote: Honorable Ryan K. Zinke
US Navy SEAL Commander; State Senator; US Congressman; 52nd Secretary of Interior
“The Best Secretary of Interior in my 41 years of public service.” - Senator Orin Hatch, R, Utah
“Zinke was able to get done what President Reagan and I talked about but were never able to accomplish.” - Former Secretary of Interior Don Hodel.
The Honorable Ryan Zinke was born and raised in Montana and attended the University of Oregon where he was awarded All-PAC 10 honors, the Sahlstrom Award and the prestigious Emerald Cup Award for academic, leadership and athletic achievement. He then attended US Navy Officers Candidate School and completed Navy SEAL Training in 1985 and was assigned to SEAL Team ONE.
Highlights of Commander Zinke’s twenty-three year career in Special Operations includes two tours of duty at SEAL Team SIX, Acting Commander of Special Forces in Iraq, Task Force Commander in Bosnia and Kosovo, and served as the “Dean” of Special Warfare training. He was awarded the Bronze Star for combat in Iraq and is credited with conducting 360 combat missions and the capture or kill of 72 terrorists.
He retired from active duty in 2008 and was elected as a Montana State Senator and later twice elected as Montana’s sole member of the US House of Representatives. He served on the House Armed Services and Natural Resources committees. In 2016, Congressman Zinke was nominated by President Donald J. Trump and later confirmed by the US Senate to serve as the 52nd US Secretary of the Interior.
As Secretary, he was a champion of restoring the voice of state and local communities in land and wildlife management decisions, established and protected wildlife corridors, budgeted for the largest investment in our Nation’s history for National Parks, increased public access for recreation and traditional use, and was the principle architect of the American Energy “Dominance” policy.
After 31 years of public service, President Trump accepted his resignation in 2019. The Honorable Ryan Zinke is the author of "American Commander" and serves on numerous boards. He holds an MBA in Finance, an MS in Global Leadership, and a BS in Geology. He is married to the former Lolita Hand of Santa Barbara, has three children and two grandchildren.
Moderator: Teresa Papaleo
Threat Intelligence Lead, Accenture Federal
Teresa Papaleo is the Threat Intelligence Lead in the Cybersecurity practice for Accenture Federal Services (AFS). Teresa is a leader and subject matter expert in technical and cyber threats from sophisticated nation-state actors, informed by more than 10 years of experience serving the US federal government as both a government official and a federal contractor. Before joining AFS, she served as a career official at the White House under the Obama and Trump administrations, where she stood up the White House Threat Intelligence (WHTI) team for the Executive Office of the President (EOP) and served as both senior Russia analyst and Threat Intelligence Branch Chief. Prior to joining EOP, Teresa supported US government sanctions efforts with the Treasury Department’s Office of Foreign Assets Control. From 2010 to 2014, Teresa was the lead Russia cyber analyst at the Department of State, Cyber Threat Analysis Division (CTAD), where she provided all-source threat intelligence briefings to diplomatic personnel. Her professional research has focused extensively on advanced persistent threat (APT) activity, including APT28, APT29, and Sandworm/BlackEnergy, as well as threats to SCADA systems and critical infrastructure such as CrashOverride and Stuxnet. Teresa earned her undergraduate degree in History from Sweet Briar College, and her graduate degree in Global Policy from the Johns Hopkins University, School of Advanced International Studies (SAIS).
Senior Director For Energy Security and Resilience Programs at New York Power Authority
Adrienne Lotto recently joined NYPA as the Senior Director for Enterprise Resilience. With more than a decade of experience, Ms. Lotto is a seasoned risk management professional specifically addressing cross-sectional issues associated with cybersecurity, public policy, risk management, and the law.
Most recently, Ms. Lotto was the Acting Principal Deputy Assistant Secretary for the Department of Energy's (DOE's) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and Deputy Assistant Secretary of CESER's Infrastructure Security and Energy Restoration division (ISER).
Working on behalf of the Secretary of Energy to stand up the newly-formed CESER office, Ms. Lotto executed all aspects of the change management process, and successfully grew the infrastructure and security program from $17m in FY19 to $70m in FY20.
As Chief of Staff to DOE's Office of Electricity, she was responsible for all front office operations and implementation of priority initiatives on behalf of the Assistant Secretary. Her work included the expansion of the Grid Modernization Initiative and Grid Modernization Lab Consortium, as well as the strategic planning for the North American Energy Resiliency Model.
Prior to joining DOE, previous positions included the Senior Deputy County Attorney for Risk and Compliance for Putnam County, New York, where she developed the risk strategy for county infrastructure, eliminating high-priority risks across the day-to-day operations for all county agencies, and conducted a risk assessment for county functions and assets. She also served as a member of the Incident Command Staff, working closely with Federal Emergency Management Agency (FEMA) on recovery.
Ms. Lotto received a Juris Doctor from the Pace University School of Law, and a Bachelor of Science from the State University of New York at Albany.
Deputy Assistant Secretary, Infrastructure Security and Energy Restoration, U.S. Department of Energy, CESER
Prior to joining the Department of Energy, Nick Andersen served in the White House Office of Management and Budget (OMB) as the Federal Cybersecurity Lead and Senior Cybersecurity Advisor to the Federal Chief Information Officer, where he led the OMB Cyber Team and was responsible for government-wide cybersecurity policy development and compliance of shared federal security services.
Andersen previously served as Chief Information Security Officer for the State of Vermont, where he was appointed to lead State efforts pertaining to the security and protection of data, security compliance activities, risk reduction, security operations, and threat intelligence.
Prior to this, Andersen was a senior executive and senior intelligence officer serving as the Chief Information Officer for Navy Intelligence and was the Head of the Office of Intelligence, Surveillance, and Reconnaissance Systems and Technologies at the U.S. Coast Guard. He has served on active duty with the U.S. Marine Corps, managing intelligence mission systems in Iraq, Europe, and Africa; and has led cybersecurity and technology programs worldwide with several leading and emerging companies.
Andersen holds a Bachelor of Science in Information Technology Management and a Master of Science in Information Security and Assurance. He has received awards from the U.S. Navy, U.S. Marine Corps, U.S. Coast Guard, and Intelligence Community.
CISO, Fortinet; Former Director of the NSA Cyber Taskforce
Phil brings more than three decades of cyber, security and networking experience working across foreign, government, commercial and critical infrastructure sectors at the National Security Agency (NSA). As Fortinet’s CISO, Phil serves as a strategic consultant to Fortinet’s C-Level customers and partners, has responsibility for Fortinet’s enterprise and product security, and leads strategy and expansion of Fortinet’s Federal and Critical Infrastructure business. Prior to Fortinet, Phil was the NSA Director’s Special Assistant for Cyber and Chief of the NSA Cyber Task Force, with responsibilities that included foreign intelligence, Defense Department security, the White House relationship and critical infrastructure engagement. Previously, Phil served as the Chief Operating Officer of the Information Assurance Directorate at the NSA, managing day-to-day operations, strategy, and relationships in cybersecurity for classified systems. He held a variety of roles earlier in his tenure at the NSA, including as the head of the Information Operations Technology Center’s Advanced Technology Group, as a professional staffer to the U.S. Senate, at the Office of the Director for National Intelligence, and as cryptanalyst, developer, evaluator and computer scientist.
Robert M. Lee
CEO, Dragos, Inc.
Robert Lee is a recognized pioneer in the industrial security incident response and threat intelligence community. He gained his start in security as a US Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He is also a Course Author and Instructor at SANS.
Power and utilities systems that connect organizations and homes are essential types of critical infrastructure—a realization that has not gone unnoticed by cyber criminals. A recent study shows that attacks against energy utilities are among the top three most targeted sectors for cyberattacks in the United States. In addition, Europe, Australia, and Japan have reported an increase in threats against critical infrastructure. The threat is global.
This threat is only exacerbated by the modernization of OT networks that control critical infrastructure. As OT and IT networks converge, the “air gap” that OT systems once relied on for cybersecurity is eliminated. Without traditional utility cybersecurity measures in place, these critical infrastructures are left at risk. The risk of a successful cyberattack on critical infrastructure could be severe—damaged power grids could leave cities in the dark, or even put lives at risk.
The good news is that power and utilities CEOs are not taking the risk of cyberattacks and damaged infrastructure lightly. A recent survey reveals that 48% of CEOs say an attack against critical infrastructure is imminent. Despite a shortage of skilled staff and resources, 59% of power and utilities CEOs report that cybersecurity specialists are the most critical new role within their organization. Fortinet solutions for power and utilities can lend support to lean security teams by providing integrated, automated protection across evolving OT and IT environments.
SCADA HMI Vulnerability Exploit
Only 10 seats per session.
Special CyberCon discount for OT Cyber Speed Conference attendees of $500 discount off list price of $1500! Use code CyberCon2020
This is a private link to the conference participants only. It will not be offered on the MarketPlace with the other classes.
Name: SCADA HMI Vulnerability Exploit
Short Description: An outdated web server is the attack vector for a SCADA attack that completely cripples a plant.
New Course Description: Your plant is under attack! The attacker enters the SCADA network by exploiting an outdated web server that is installed on a computer on the SCADA network. The attack cripples the plant completely, using Modbus Force packets to toggle the plant machines such as turbines and centrifuges on and off.