August 31-September 1, 2015 • San Diego, CA • www.PowerGridExchange.com

Proactive Strategies for Enabling Unified IT/OT Security

Presents:

JOIN THE CONVERSATION:

FEATURED SPEAKERS INCLUDE:

SPONSORED BY:

TWITTERLINKEDIN

For more information, please contact us at 1.800.882.8684 or enquiry@iqpc.com www.PowerGridExchange.com

TIM ROXEYChief Security OfficerNERC

LARRY SAXONChief Security OfficerOklahoma Gas & Electric Corp.

MARK WEATHERFORDFormer Deputy Under Secretary for Cyber Security, U.S. DHS & PrincipalThe Chertoff Group

DIRK MAHLINGChief Information OfficerSeattle City Light

ANN DELENELAChief Security OfficerERCOT

Dear Colleague,

An era of unrelenting cyber incursions has put an increased pressure and focus on securing both the informational and operational technology networks supporting the US electric grid. As a distributed and critical network of infrastructure, US utilities face a unique threat matrix: malicious actors that target both internal corporate information systems and the industrial control systems at the heart of operations.

In the midst of this turmoil, utilities need to prioritize the right projects that will protect critical information from sabotage and theft while also enabling greater resilience of operational environments. Increasing resilience of cyber assets will also prevent unnecessary disruption to customers, allow utilities to detect & restore normal operations swiftly after an incident, and maintain compliance with regulatory standards.

Join us at the Power Grid Cyber Security Exchange as we take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today’s technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response.

Kind regards,

Dina Aly Program Director IQPC- Power Grid Cyber Security Exchange

August 31-September 1, 2015 • San Diego, CA

The Exchange Format

Exchange Distinguishing Features:

An Exchange is a unique, invitation-only meeting driven by pre-scheduled business meetings, between pre-qualified solution providers and senior decision-makers. Thought-provoking conference sessions, executive roundtables and innovative networking opportunities round out the agenda, resulting in three days of focused, structured business development.

Unlike traditional conferences or tradeshows, the primary focus and benefit of the Exchange is for new relationships to be forged and existing partnerships to be enhanced. The Exchange only invites executives with the highest credentials and solution providers with the most cutting edge capabilities to ensure a true peer-to-peer learning and networking forum.

Closed-Door Brain Weave Discussions

Exclusive Senior-Level Attendance on an Invitation-Only Basis

Strategic Networking Sessions

Customized Itinerary

1-on-1 Intimate Business Meetings

2 www.PowerGridExchange.com • 1.800.882.8684 • enquiry@iqpc.com

“It can be difficult to prioritize low-hanging fruit from a multi-million dollar wish list when it comes to cybersecurity, but just like your own neighborhood security, hackers generally hit the easiest targets first. Humans are generally the easiest targets and can be compromised through relatively low-tech measures such as phishing attempts, an infected thumb drive, social engineering, or other forms of simple human error.”

Lea Deesing Chief Innovation & Technology Officer City of Riverside

August 31-September 1, 2015 San Diego, CA

CUSTOMIZED ITINERARY

WHO QUALIFIES TO ATTEND?

The Power Grid Cyber Security Exchange offers and array of session types and learning environments to provide you with the most value for your time out of the office. You can select from these sessions to build a customized itinerary that matches your current priorities, initiatives and objectives.

C-level executives from the utilities industry will be attending this exchange. We qualify all attendees on job function, strategic responsibility and budgeting authority to ensure you’re guaranteed to meet and engage with an elite group within the utilities industry. Passes are available solely to individuals who meet at least 3 criteria points below.

• Sit in or report to the executive management for your function?

• Have full responsibility for an annual budget of at least $5M for external solutions?

• Have an active requirement for cyber security tools, techniques, and technologies in the next 6-12 months?

• Oversee strategy for cyber security/critical infrastructure protection for your organization?

• Organization serves at least 500,000 customers or generates sales of at least 2M megawatthours?

If you have not yet received an invitation, but feel that you qualify to be one of the leaders in the room at 2015 Power Grid Cyber Security Exchange, please request an invite at www.PowerGridExchange.com or email James.Linney@iqpc.com, or call us at 1 800-882-8684. In response to your enquiry a member of the team will contact you to take you through the qualifying process.

ONE-ON-ONE BUSINESS MEETINGS

BRAINWEAVE® DISCUSSIONS:

The most integral part of the exchange is the one-on-one business meetings with leading solution providers. When you register

for the Power Grid Cyber Security Exchange, you will be asked to identify the solutions and services you are currently considering, so we can invite leading experts to the exchange who will fit your business needs.

Prior to the exchange, you will be able to assess the solution providers who will be attending and select those who offer products and services that match your initiatives and priorities.

Your selections are then incorporated into your customized agenda. These closed-door thirty minute one-on-one meetings give you the opportunity to hear from leading specialists whose industry knowledge and experience enable them to make a valuable contribution to the requirements of your business. They offer objective, flexible, and relevant strategies for success. This unique aspect of the Power Grid Cyber Security Exchange serves to simplify the process for sourcing new solutions, enable you to discover strategies that are working for others and offer you early previews of emerging technologies.

A group discussion encouraging debate and learning over topics which are top of mind issues. You can choose to participate in these sixty minute discussions

will be moderated to ensure that the discussions stay on-course and deliver maximum benefit to you. Ask questions, share experiences and ideas and find the right answers to your immediate concerns.

3 www.PowerGridExchange.com • 1.800.882.8684 • enquiry@iqpc.com

“A sound security posture must be designed holistically. Having a single security team accountable for the overall design of the policies, program, procedures and architecture helps ensure that the needs of the company to fulfill its business objectives are met with the flexibility to manage security across all business domains without negatively impacting the desired business mission.”

Larry Saxon Chief Security Officer Oklahoma Gas & Electric Corp.

In order to ensure we’re delivering the most qualified Exchange Delegates, we focus exclusively on job titles and specific criteria detailed below on an invitation-only basis.

CRITERIA:JOB TITLES:• Customer base of at least 500,000 or minimum

sales of 2M megawatt hours

• Holds budgetary responsibility of $5M+ specifically for cyber security solutions

• Reports directly to executive management

• Has an active requirement for cyber security tools, techniques, and technologies in the next 6-12 months

• Oversees the strategy for cyber security/critical infrastructure protection for their organization

• CISO

• CIO

• CSO

• CTO

• VP of Cyber Security

• VP of IT

• VP of Operational Technology

August 31-September 1, 2015 San Diego, CA

DELEGATE PROFILE THE ATTENDEE EXPERIENCE

VENUE

Paradise Point Resort & Spa, San Diego, CA

All Exchange venues are very carefully selected. We believe that the backdrop and ambience are crucial to the success of an Exchange. By tying in rich traditions, historic significance and unsurpassed quality at stunning locations around the world; these venues present the perfect setting to conduct business and meet a peer group of senior strategists. The hotels provide a peaceful and productive retreat, ensuring that you are able to focus on your priorities for participating in this Exchange.

For more information on Paradise Point, visit www.ParadisePoint.com.

PAST UTILITIES IN ATTENDANCE:

PAST CYBER SECURITY EXCHANGE SPONSORS:

4 www.PowerGridExchange.com • 1.800.882.8684 • enquiry@iqpc.com

10:45Business Meeting 1 BRAINWEAVE

Designing Network Architecture to Develop High-Performing Cyber-Defense Systems

• Reviewing the benefit of re-designing network architecture and the opportunity cost of not properly protecting the “crown jewels”

• Utilizing actionable intelligence to assess vulnerabilities and re-designing system architecture to close gaps in security

11:15Business Meeting 2

11:45Business Meeting 3 BRAINWEAVE

Protecting Against Advanced Persistent Threat (APT) Malware and Increasingly Complex Hacker Abilities

• Reviewing recent examples of APT malware in cyber-attacks

• Observing successes and failures in dealing with APT malware attacks and means for outwitting the attacker

• Evaluating the ramifications of prolonged exposure of ICS controls to APT malware

12:15Business Meeting 4

12:45 Networking Lunch

1:45 Elevating the Role of the Security Executive: Beyond IT/OT to Cyber-Physical

• Expanding your organization’s capability for managing risk by identifying weaknesses at the physical-cyber nexus

• Continuing to develop an understanding of the most susceptible target areas and how to protect them

• Driving a new approach to security throughout the organization

Larry Saxon, Chief Security Officer, Oklahoma Gas & Electric (OGE)

2:30 Maturing Your Information Security Program

• Why we need layered security and Defense in Depth: we can no longer simply rely on firewalls, system patches, and virus protection to protect our critical infrastructure

• Raising security awareness throughout your organization is imperative

• Why continuity of operations planning is crucial

Lea Deesing, Chief Innovation & Technology Officer, City of Riverside (CA)

3:15 Networking Break

5

7:45 Registration and Coffee

8:30 Chairperson Opening Remarks

8:45 OPENING ADDRESS: Rise of Critical Infrastructure Attacks: Evolving the Organization to Mitigate Today’s Advanced Threats

• Analyzing the trajectory of cyber warfare: considering the evolution of cyber attacks and the actors behind them

• Discussing the most recent cyber-attacks across industry sectors to develop a more holistic assessment of cyber threats

• How industry leaders are addressing challenges in policy, technology, and procedures to reduce risk and provide a secure operational environment

Mark Weatherford, Former Deputy Under Secretary for Cyber Security, U.S. DHS & Principal, The Chertoff Group

9:40 KEYNOTE: The Perfect Storm and Climate for Transformational Change in Cybersecurity

• Examining the factors that necessitate a transformational change in our treatment of cyber security, and what types of change need to occur

• Discussing the ICS supply chain landscape and the gaps that lay bare the frailty of digital/operational systems

• Addressing the disparity between the perception of security capabilities and the reality of security needs

Tim Roxey, Chief Security Officer, NERC

10:30 Networking Break

DAY ONE • Monday, August 31st, 2015

www.PowerGridExchange.com • 1.800.882.8684 • enquiry@iqpc.com

Agenda at a Glance

Agenda at a Glance continued

DAY TWO • Tuesday, September 1st , 2015

7:45 VIP Breakfast

8:45 Chair’s Recap of Day One

9:00 Supporting Risk Management by Developing Cyber Threat Awareness Across All Levels of Personnel

• Investing in your personnel: improving ROI through smarter organization with a culture of security

• Developing your cyber dream team and an effective employee vetting process to limit the potential for internal threat and retaining integral personnel

• Discussing the usage of social engineering attacks and deploying an active defense strategy

• Employing strict access management strategies to mitigate proliferation of an intrusion from inside the network

Ann Delenela, Chief Security Officer, ERCOT

9:45 Business Meeting 9 BRAINWEAVE

Collaborating Across the Enterprise for Resilient Cyber Incident Response Planning

• An integrated plan with all cross-functional departments is critical to contain the breach and mitigate operational impact as quickly as possible

• Cyber incident response plan should also take into account a cascading hazard scenario, which includes an intentional cyber attack and/or unforeseen cyber impacts during a natural disaster

10:15 Business Meeting 10

DAY ONE • continued

3:30 Business Meeting 5 BRAINWEAVE

Capitalizing on the Benefits of Cyber Threat Intelligence

• Conventional cyber-security systems simply cannot scale to meet the threat with millions of potential attackers hiding amongst billions of legitimate users

• This session will discuss how enterprise threat intelligence is evolving to enhance security and reduce risk for critical infrastructure operations

4:00Business Meeting 6

4:30 Adopting a Risk-Based Approach to Cyber Security

• Choosing a risk-based approach over a traditional framework

• Challenges of using risk-based methodology to address persistent cyber security threats

• Making a risk-based approach work for your utility

Lacey Zinser, Information Security Officer, Orlando Utilities Commission (OUC)

5:15 Cocktail Reception

6

10:45 Managing an Asset-Based Approach to Cyber Security

• Action steps to be very clear about what you are protecting, before being consumed by the attack vectors; some may not apply to you

• Insight on how cyber security differs for the Internet of information and the Internet of things

• Tools to heighten security for ICS and remote access tools while digitizing operations and keeping facilities connected

Dirk Mahling, Chief Information Officer, Seattle City & Light

11:30 Applying Lessons Learned to Advance IT and Cyber Security Strategy

• Analyzing industry data and assessing threat levels based on empirical data

• Utilizing an understanding of nature of cyber-threats to create best practices

• Developing means for gathering actionable intelligence through partnerships and cyber counter intelligence

Ryan Hutson, Director, IT Security & Compliance, Entergy

12:15 Chair’s Closing Remarks & Exchange Concludes

www.PowerGridExchange.com • 1.800.882.8684 • enquiry@iqpc.com