A: Rolling out standards and shared infrastructure for aSecure Smart Grid - Pros and Cons of different models

Workshop Leader: Søren Peter Nielsen, Managing Consultant,Nine Consult A/S and Danish Government Representative

08.30 - 12.30

B: Smart Meter Vulnerabilities and Privacy in SmartGrid Projects: A lesson from Brazil

Workshop Leader: Jose Reynaldo Formigoni Filho, InformationSecurity Manager, CPqD

13.30 - 17.30

www.smartgridcybersecurity.co.ukRegister online or fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711

Utility, Academic and Group Discounts Available

PLUS TWO INTERACTIVE HALF-DAY POST CONFERENCE WORKSHOPSWednesday 11th March 2015 | Marriott Regents Park Hotel, London, UK

WHY ATTEND THIS EVENT:• Learn how real-time information can make smart grids

more efficient

• Discuss how utilities on a pan-European scale can improve

a stronger security

• Explore intelligent financial investment

• Predict how smart grid and the green energy industry can

tackle cyber attacks

REGISTER BY 28th NOVEMBER AND RECEIVE £300 DISCOUNTREGISTER BY 30TH JANUARY AND RECEIVE £100 DISCOUNT

9th - 10th

MARCH2015

Marriott Regents Park Hotel, London, UK

European Smart GridCyber Security

SMi presents its 5th annual conference on…

@UtilitiesSMi

Michael John, Senior Security Consultant,European Network for Cyber Security (ENCS)

Carmine Rizzo, Technical Officer, EuropeanTelecommunications Standards Institute (ETSI)

KEYNOTE ADDRESSES FROM:

Certification and Private Software: Testing theequipment and bringing knowledge to the boardroom

Laurent Schmitt, Grid Power Electronics &Automation ,Vice President Strategy &Innovation, Alstom Grid

Eberhard Oehler, CEO, Stadtwerke EttlingenGmbH

Mauriche Kroos, Security Officer, ENEXIS B.V.

Søren Peter Nielsen, Managing Consultant, NineConsult A/S

Steven Frere, Expert Datacom and Security SmartMetering, Eandis

Dr. Konstantinos Moulinos, Expert in Network &Information Security, ENISA

Nandita Parshad, Director of Power and EnergyUtilities, EBRD

Alessandro Parisi, Ethical Hacker, Data Scientist,Start IT Hub

CONFERENCE SPEAKERS INCLUDE:

REGISTER ONLINE AT: WWW.SMARTGRIDCYBERSECURITY.CO.UK • ALTERNATIVELY FAX YOUR REG

08.30 Registration & Coffee

09.00 Chairman's Opening Remarks Dieter Sarrazyn, Consultant & Managing Partner, Toreon CVBA

Awareness Of Cyber Security Threats on Smart Grid

OPENING ADDRESS / KEYNOTE ADDRESS09.10 Finding the Best Means to Respond to Security Threats • The scope of cyber threats in the 21st century • Tapping into new solutions and new technology to

combat cyber threats • Perspective from the European Network for Cyber

Security (ENCS) Michael John, Senior Security Consultant, European

Network for Cyber Security (ENCS)

09.50 Cyber Security - Enterprise Risks and Governance Priority • Understanding what truly matters and just how much • Integrate and wrap all that technology • Yes better situational awareness & monitoring, but

‘respond’ sand ‘recover’ too • Lesson learning & sharing for more than merely ‘the

sum of the parts’ Stephen Daniels, FMS, FIOR, FBCS, CITP, Managing

Director, I.S.M.S Consulting Services Limited

10.30 Morning Coffee

10.50 Cyber Threat Intelligence applied to Industrial ControlSystems and Smart Grids

• Basic concepts on SmartGrid Cyber Attacks • Example of real attacks to IEC 61850 architecture • ICS Security: the challenge to detect a cyber attack

in an Industrial Process world • Connecting the dots with Threat Intelligence needs

capability from both worlds - ICT and ICS • Suggested framework to transform the Threat Intelligence

in Actionable Information for the Security Team Toto Zammataro, Senior Advisor, Intellium LTD and Andrea Carcano, Co Founder, CEO, Nozomi Networks SA

11.30 ENISA’S work on smart grid cyber security • Security measures for smart grids • Security certification for smart grids • Smart grid security governance models in Europe Dr. Konstantinos Moulinos, Expert in Network &

Information Security, ENISA

12.10 Networking Lunch

Investment Opportunities and Cyber Security Assurance

13.30 Financial Investment in combating cyber-attacks on Smart Grid • Identifying opportunities for financial investments • ROI and cybersecurity : defining the issue for stakeholders • How to quantify cybersecurity investments • Bankability projects in the protection of Smart Grid Nandita Parshad, Director of Power and Energy Utilities, European Bank for Reconstruction and Development (EBRD)

14.10 The Role of Standards and Certification in Cyber SecurityAssurance

• The challenge – are standards, audits and your ownbusiness objectives compatible?

• Balancing the variety of standards and associatedassurance mechanisms.

• How to determine what is right for your organisation. • Picking the right partners to help. Steve G Watkins, Director, IT Governance Ltd.

Case Study on German Cyber Security Approach and New Technologies

14.50 Grid Computing - Can You Keep Control of a DistributedInfrastructure?

• Computer Network Defence (CND) is hard, and sprinklingyour computers all over the country doesn’t make iteasier. Which additional attack vectors must becovered?

• How are computer network based attacks against utilitiesperformed? How will the smart grid change that picture?

• Know your enemy: Who are the attackers and what dothey want?

• No magic box in the network will do defence for you, butyour staff well might.

• Compliance is not Security. Occasionally, it’s theopposite. How do we deal with regulated vulnerability?

Felix Lindner, Head, Recurity Labs GmbH

15.50 Afternoon Tea

15.50 The Relevance of Humans concerning Cyber-Secuity -especially in the Domain of Critical Sensitive Infrastructure

• IT-security as an important part of energy supply • Digital attacks against critical sensitive infrastructures • Internal and external protective measures • Absolute security can never be achieved. Eberhard Oehler, Managing Director, Stadtwerke Ettlingen GmbH

Panel Discussion on The Impact of EU Policies on The Cyber Security of Smart Grid

16.30 Smart Grid and Cyber Security: a case for national, regionalor local approach

• Harmonisation of Cybersecurity standards - a long term vision • The role of PPP • Do we need a specific legislation to deal with cyber-attacks? • Does cyber-security need a policy or risk-based approach? • Defining the role of the EU and local energy authorities in

protecting the smart grid Dr. Konstantinos Moulinos, Expert in Network & Information

Security, ENISA Felix Lindner, Head, Recurity Labs GmbH Stephen Daniels, FMS, FIOR, FBCS, CITP, Managing Director,

I.S.M.S Consulting Services Limited Steve G Watkins, Director, IT Governance Ltd. Dominik Spannheimer, Chief Information Officer, 50Hertz 17.10 Chairman's Closing Remarks and Close of Day One

European Smart Grid Cyber Security 2015 DAY ONE | 9th March 2015

SPONSORSHIP AND EXHIBITION OPPORTUNITIESSMi offer sponsorship, exhibition, advertising and branding packages,uniquely tailored to complement your company’s marketing strategy.Prime networking opportunities exist to entertain, enhance and expandyour client base within the context of an independent discussion specificto your industry.

Should you wish to join the increasing number of companies benefitingfrom sponsoring our conferences please call: Sadia Malick on +44 (0) 20 7827 6748 or email: smalick@smi-online.co.uk

Interested in promoting yourservices to this market?

Contact Sarah Watson, SMi Marketing on+44 (0) 207 827 6134 or email swatson@smi-online.co.uk

Official Platinum Media Partner

www.smartgridcybersecurity.co.uk

GISTRATION TO +44 (0) 870 9090 712 OR CALL +44 (0) 870 9090 711 • GROUP DISCOUNTS AVAILABLE

European Smart Grid Cyber Security 2015DAY TWO | 10th March 2015

08.30 Registration & Coffee

09.00 Chairman's Opening Remarks Dieter Sarrazyn, Consultant & Managing Partner, Toreon CVBA

OPENING ADDRESS / KEYNOTE ADDRESS09.10 ETSI Cyber Security standardization • Overview of ETSI (European Telecommunications Standards

Institute) • ETSI Cyber Security work in its Technical Committee “CYBER” • Collaboration with other Standards Developing

Organisations • Other planned ETSI Cyber Security activities Carmine Rizzo, Technical Officer, European

Telecommunications Standards Institute (ETSI)

Case Study on Cyber Attacks and Pragmatic Impact on The Smart Grids

09.50 Implementing Secure Communications for CriticalInfrastructure - A Danish example

• Introduction to the Combined Heat and Power PlantCommunications (CHPCOM) project

• Smart Grid solutions for data communication acrossactors in the energy sector

• The use of IEC 62351 to ensure data communication • The use of X.509 based PKI for authentication of actors • Role-based access control • Trust Framework requirements Søren Peter Nielsen, Managing Consultant, NineConsult A/S

10.30 Morning Coffee

Estfeed: The Estonian Data Platform Project

10.50 How to Use Governmental Digital InfrastructureComponents to Develop Data Exchange in the EnergySector – Estonian case study

• Estfeed is data sharing platform (EU wide authentication,identification, crypto channels, log management,encryption, mandate management, public keyinfrastructure (PKI)).

• Simple data collection software (open sourcecomponents) for smart meter infrastructure.

• System for consumer accessing its hourly readings withoutthird parties involved. Mandates for sellers accessing thereadings

• The free software infrastructure connecting e-servicedatabases of the whole public sector in Estonia

Kristo Klesment, Project Manager, Elering AS (Estonian National Grid)

11.30 Security related lessons learned from the Eandis Flemish Pilot • Introduction Eandis – Flemish pilot • Eandis smart meter concept - Multi gateway & filtering - Smart Communication Module (SCM) - E2E security by design • Challenges at set-up and op • eration • Lessons Learned Steven Frère, Expert Datacom & Security Smart Metering,

Eandis

12.10 Networking Lunch

13.30 Case Study Overview of new American & European Recommendationsfor SmartGrids security

• Main recommendations from NERC & ENISA • Introduction of new cybersecurity levels • Implications on future SmartGrid ICT and project

deployment • New Cybersecurity situational applications Laurent Schmitt, Grid Power Electronics & Automation, Vice

President Strategy & Innovation, ALSTOM Grid

BSI Certification Gateways and Current Research

14.10 Protecting the energy sector’s infrastructure from cyber attack • Detecting threats and risks- assessment of Cyber attacks • Challenges and opportunities in the market • Developing Cyber Security Guidelines • Financial mechanism, incentives and regulatory

framework • Outlining Cybersecurity standards Ruth Davis, Head of Programme Cyber, Criminal Justice

and National Security, techUK

14.50 Organisational and Technical Security Challenges • Are you ready to manage and securely maintain millions

of devices? • What does Moore’s law tell us? • Software ages! Are you prepared? • Did you plan for an emergency upgrade of hundred

thousands of security components? • Is the public and are your MPs prepared for a rough smart

grid learning curve facing more power disruptions andless reliability?

• R&D challenges Eric Luiijf MSc, Principal Consultant, TNO

15.30 Afternoon Tea

Cyber Security and Telecom Solution: The Dutch Experience

15.50 An Integrated Approach to Cybersecurity within Enexis –lessons learned

• Which challenges is Enexis facing with it’s cybersecurityroadmap (IT/OT/Smartmeters)?

• Aligning Corporate Strategy with the cybersecurityapproach

• How to identify internal and external stakeholders andsatisfying their (security) needs

• Lesson’s learned from security monitoring in the OT domain • A practical approach to embedding security in a Private

Virtual Network Operator environment (PVNO) Mauriche Kroos, Security Officer, ENEXIS B.V

Data Strategies for Clouds and Smart Grids

16.30 Data Driven Strategies for Prioritizing Malicious Code Threatswithin Cloud and Smart Grids infrastructures

Session Details to be announced Alessandro Parisi, Ethical Hacker, Data Scientist, HackingWisdom.com, StartITHub.com

17.10 Chairman's Closing Remarks and Close of Day Two

Official Silver Media Partner

Official Leading Media Partner

Supported by

www.smartgridcybersecurity.co.uk

HALF-DAY POST CONFERENCE AM WORKSHOPWednesday 11th March 2015

08.30 – 12.30Marriott Regents Park Hotel, London, UK

A: Rolling out standards and sharedinfrastructure for a Secure Smart Grid -

Pros and Cons of different models

Workshop Leader:Søren Peter Nielsen, Managing Consultant, Nine Consult

A/S and Danish Government Representative

Overview of workshop:When it comes to reaching the goal of securing thecommunication between all critical factors in the electricitysector a big question is how well the approach toimplementation can be copied between different countries.

There are many factors that will influence the models forsecurity architecture, roll-out, legislation, funding,governance etc. This workshop will present characteristics ofmodels applied in different countries and open for adiscussion of pros and cons of the different models.

Why you should attend this workshop:• Most countries face the challenge of implementing secure

standardized communications in the energy sector toenable open transparent markets and to counter cyberthreats.

• This workshop will provide a forum to discuss different rolloutmodels, and exchange experiences:

• Authorities and regulators should attend to get inspirationabout the regulatory and governance requirements indifferent scenarios.

• TSO’s and DSO’s should attend to get a more clear pictureof their roles and responsibilities depending on the type ofroll-out

• Service Providers and Suppliers should attend to learnabout their market opportunities and the types of newrequirements to expect.

Programme:08.30 Registration & Coffee

09.00 Welcome and Introduction

09.10 Presentation of different models for a rollout ofsecure standardized communications infrastructurewith examples from different countries initiatives

10.10 Morning Coffee

10.30 Break out into smaller groups to discuss pros andcons of the different models

11.30 Interactive Q & A session

12.30 Close of Workshop

About the workshop leader:Søren Peter Nielsen has 30+ years with bridgingtechnology and business in the ICT sector. He hasbeen a key player in the execution of the DanishGovernment strategies for digitization of thepublic sector and has solid experience with

Shared Services, ICT infrastructure and EnterpriseArchitecture. Since 2010 Søren has been working with theutilization of ICT in the Energy sector. In 2011 he lead the workto produce recommendations for the Danish GovernmentSmart Grid strategy in the areas of new services, consumerengagement, standards and security. Søren currently worksas a consultant on various projects in the Energy sectorincluding the CHPCOM project.

About CHPCOM:CHPCOM brings the futures Smart Grid solutionsfor data communication to and fromdecentralized combined heat and powerplants close to the demand of today.

The international standards for data communication forDistributed Energy Resources (DER) have been underway for10 years. First and foremost it has been the electrotechnicalstandardisation organisation IEC, who has been leading thisdevelopment and now the major part of the standards areready for use. CHPCOM takes the standards from the paperand into actual use. The standards are validated throughactual use in production among a number of power plants,balancing responsibles, DSO’s and the Danish TSO.www.chpcom.dk/en

HALF-DAY POST CONFERENCE PM WORKSHOPWednesday 11th March 2015

13.30 – 17.30Marriott Regents Park Hotel, London, UK

Smart Meter Vulnerabilities and Privacy inSmart Grid Projects: A lesson from Brazil

Jose Reynaldo Formigoni Filho, InformationSecurity Manager, CPqD

The workshop will closely explore :• Threat Assessment in Smart Meters• Possible Attacks in Brazilian Power Companies• Methodology of Vulnerability Assessment • Security Tests• Laboratory Certification

Why you should attend this workshop:Anyone likely to be involved in the preparation ofscientific material for an outward license or inevaluating inward licensing opportunities will benefitfrom this workshop, which will cover all the keyscientific drivers and issues that need to beconsidered

Programme:13.30 Registration & Coffee

14.00 Introduction and Threat Assessment in Smart Meters

14.30 Possible Attacks in Brazilian Power Companies

15.30 Coffee Break

16.00 Methodology of Vulnerability Assessment

17.00 Security Tests and Laboratory Certification

17.30 End of Workshop

About the workshop leader: José Reynaldo Formigoni Filho finished his Master´sDegree in Systems Engineering in 1995 andBachelor´s Degree in Electrical Engineering in 1984.Presently, he is the manager of the information andcommunication security department at CPqDFoundation, Brazil. His department has the followingR&D projects: (i) Biometric authentication (voice and facial), (ii) Security technologies for mobileenvironments, (iii) Security of SDR (Software DefinedRadio) and (iv) Vulnerability analysis of smartmeters. He is responsible for the provision ofspecialized security information services likevulnerability analysis, cryptography, and securecommunication for mobile systems, for the followingsectors: financial, utilities, government, military andtelecommunications. www.cpqd.com

SPONSORSHIP AND EXHIBITIONOPPORTUNITIESSMi offer sponsorship, exhibition, advertisingand branding packages, uniquely tailored tocomplement your company’s marketingstrategy. Prime networking opportunities exist toentertain, enhance and expand your clientbase within the context of an independentdiscussion specific to your industry.

Should you wish to join the increasing number ofcompanies benefiting from sponsoring ourconferences please call:

Sadia Malick on +44 (0) 20 7827 6748 oremail: smalick@smi-online.co.uk

EUROPEAN SMART GRID CYBER SECURITYConference: 9th - 10th March 2015, Marriott Regents Park Hotel, London UK Workshops: 11th March 2015

4 WAYS TO REGISTER

FAX your booking form to +44 (0) 870 9090 712

PHONE on +44 (0) 870 9090 711

ONLINE at www.smartgridcybersecurity.co.uk

If you have NOT received registration confirmation within 48 hours of registering, please call +44 (0) 870 9090 711

POST your booking form to: Events Team, SMi Group Ltd, 2nd Floor South,

Harling House, 47-51 Great Suffolk Street, London, SE1 0BS

Payment: If payment is not made at the time of booking, then an invoice will be issued and must be paidimmediately and prior to the start of the event. If payment has not been received then credit card detailswill be requested and payment taken before entry to the event. Bookings within 7 days of event requirepayment on booking. Access to the Document Portal will not be given until payment has been received.

Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, another delegateto take your place at any time prior to the start of the event. Two or more delegates may not ‘share’ aplace at an event. Please make separate bookings for each delegate.

Cancellation: If you wish to cancel your attendance at an event and you are unable to send a substitute,then we will refund/credit 50% of the due fee less a £50 administration charge, providing that cancellationis made in writing and received at least 28 days prior to the start of the event. Regretfully cancellation afterthis time cannot be accepted. We will however provide the conferences documentation via theDocument Portal to any delegate who has paid but is unable to attend for any reason. Due to theinteractive nature of the Briefings we are not normally able to provide documentation in thesecircumstances. We cannot accept cancellations of orders placed for Documentation or the DocumentPortal as these are reproduced specifically to order. If we have to cancel the event for any reason, thenwe will make a full refund immediately, but disclaim any further liability.

Alterations: It may become necessary for us to make alterations to the content, speakers, timing, venueor date of the event compared to the advertised programme.

Data Protection: The SMi Group gathers personal data in accordance with the UK Data Protection Act1998 and we may use this to contact you by telephone, fax, post or email to tell you about other productsand services. Unless you tick here □ we may also share your data with third parties offeringcomplementary products or services. If you have any queries or want to update any of the data that wehold then please contact our Database Manager databasemanager@smi-online.co.uk or visit ourwebsite www.smi-online.co.uk/updates quoting the URN as detailed above your address on theattached letter.

Unique Reference Number

Our Reference LV U-036

Terms and Conditions of Booking

DELEGATE DETAILSPlease complete fully and clearly in capital letters. Please photocopy for additional delegates.

Title: Forename:

Surname:

Job Title:

Department/Division:

Company/Organisation:

Email:

Address:

Town/City:

Post/Zip Code: Country:

Direct Tel: Direct Fax:

Mobile:

Switchboard:

Signature: Date:I agree to be bound by SMi's Terms and Conditions of Booking.

ACCOUNTS DEPT

Title: Forename:

Surname:

Email:

Address (if different from above):

Town/City:

Post/Zip Code: Country:

Direct Tel: Direct Fax:

VENUE Marriott Regents Park Hotel, 128 King Henry's RoadLondon, NW3 3ST, United Kingdom

□ Please contact me to book my hotelAlternatively call us on +44 (0) 870 9090 711, email: hotels@smi-online.co.uk or fax +44 (0) 870 9090 712

□ Book by 28th November to receive £300 off the conference price□ Book by 30th January to receive £100 off the conference price

EARLY BIRDDISCOUNT

Payment must be made to SMi Group Ltd, and received before the event, by one ofthe following methods quoting reference U-036 and the delegate’s name. Bookingsmade within 7 days of the event require payment on booking, methods of paymentare below. Please indicate method of payment:

□ UK BACS Sort Code 300009, Account 00936418□ Wire Transfer Lloyds TSB Bank plc, 39 Threadneedle Street, London, EC2R 8AU Swift (BIC): LOYDGB21013, Account 00936418 IBAN GB48 LOYD 3000 0900 9364 18□ Cheque We can only accept Sterling cheques drawn on a UK bank.□ Credit Card □ Visa □ MasterCard □ American Express All credit card payments will be subject to standard credit card charges.

Card No: □□□□ □□□□ □□□□ □□□□Valid From □□/□□ Expiry Date □□/□□CVV Number □□□□ 3 digit security on reverse of card, 4 digits for AMEX card

Cardholder’s Name:

Signature: Date:I agree to be bound by SMi's Terms and Conditions of Booking.

Card Billing Address (If different from above):

DOCUMENTATIONI cannot attend but would like to purchase access to the following DocumentPortal/paper copy documentation Price Total□ Access to the conference documentation

on the Document Portal £499.00 + VAT £598.80□ The Conference Presentations – paper copy £499.00 - £499.00

(or only £300 if ordered with the Document Portal)

PAYMENT

VATVAT at 20% is charged on the attendance fees for all delegates. VAT is also charged on liveStreaming, on Demand, Document portal and literature distribution for all UK customers andfor those EU Customers not supplying a registration number for their own country here.______________________________________________________________________________________________

CONFERENCE PRICESI would like to attend: (Please tick as appropriate) Fee TotalUTILITY AND ACADEMIC COMPANIES□ Conference and 2 Workshops £2097.00 +VAT £2516.40□ Conference and 1 Workshop £1498.00 +VAT £1797.60□ Conference only £899.00 +VAT £1078.80□ 2 Workshops £1198.00 +VAT £1437.60□ 1 Workshop only £599.00 +VAT £718.80□ AM □ PM

COMMERCIAL ORGANISATIONS□ Conference and 2 Workshops £2697.00 +VAT £3236.40□ Conference and 1 Workshop £2098.00 +VAT £2517.60□ Conference only £1499.00 +VAT £1798.80□ 2 Workshops £1198.00 +VAT £1437.60□ 1 Workshop only £599.00 +VAT £718.80□ AM □ PM

PROMOTIONAL LITERATURE DISTRIBUTION □ Distribution of your company’s promotional literature to all conference attendees £999.00 + VAT £1198.80The conference fee includes refreshments, lunch, conference papers, and access to theDocument Portal. Presentations that are available for download will be subject todistribution rights by speakers. Please note that some presentations may not be availablefor download. Access information for the document portal will be sent to the e-mailaddress provided during registration. Details are sent within 24 hours post conference.