Session 2017

ADIPEC Conference Sessions

Security In Energy - Hall A

Cyber and critical infrastructure security experts and oil and gas executives discuss the real life security threats and challenges facing the oil and gas industry.

08:00 - 09:00
Registration
Session Location: Hall A
09:00 - 09:10
Welcome Address
Session Location: Hall A
09:10 - 09:25
Keynote Address: Regional collaboration and its impact on oil and gas infrastructure security
Session Location: Hall A
  • Keynote Address: Regional collaboration and its impact on oil and gas infrastructure security

    Essential to the industry’s security and resilience is the ability to quickly disseminate accurate information to help in the fight to combat the most complex cyber and critical infrastructure security threats in a more comprehensive and effective manner.

    Key topics and take aways

    •     Spotlight on critical infrastructure threats and front line protection strategies across the Middle East
    •     Insights into monitoring high levels of vigilance and implementing active defence mechanisms to protect against infrastructure attacks
    •     The benefits of collaboration to identify cyber vulnerabilities and fight against and prevent repeat cyber attacks
    •     Initiatives with technology assessed against the rapidly changing threat landscape  
    Speakers:
    Don Randall

    Don Randall

    Former Head of Security and Chief Information Security Officer

    BANK Of ENGLAND

09:25 - 10:25
Panel Discussion: Proactive defence and offensive security measures for the protection of oil and gas critical infrastructure
Session Location: Hall A
  • Panel Discussion: Proactive defence and offensive security measures for the protection of oil and gas critical infrastructure

    The continuous protection of oil and gas critical infrastructure from pipelines, offshore rigs, oil tankers and gas fields are crucial to the continuous day to day operations and performance of the sector.

    Key topics and take aways

    •     Learn what security and resilience mean from an oil and gas critical infrastructure perspective, plus coordinated approaches, key resource roles and responsibilities for NOC, IOC, federal and private sector security       partners
    •     Protecting against piracy - the disruption and physical threat of vessel hijack attacks and the importance of improving security of strategic maritime trade routes through the Suez Canal and beyond
    •     Strengthening security at high risk oil, gas, refining and petrochemical facilities – understanding vulnerability assessments and implementing risk based protection programmes designed to deter and mitigate against     attacks
    •     Can a security framework and policy for public private-partnerships deliver security to the oil and gas sector?
    Session Chairpersons:
    Yueliang Guo

    Yueliang Guo

    Senior Vice President Middle East and UAE Country Manager

    CNPC

    Dr. Waddah S. Ghanem Al Hashmi

    Dr. Waddah S. Ghanem Al Hashmi

    Executive Director

    EHSSQ & Corporate Affairs, EMIRATES NATIONAL OIL COMPANY LIMITED (ENOC) LLC

    Alfio Rapisarda

    Alfio Rapisarda

    Senior Vice President of Security

    ENI

    Ahmed Alshemaly

    Ahmed Alshemaly

    Director, Cyber Defense Centre

    National Electronic Security Authority (NESA) United Arab Emirates

    Jan Leitermann

    Jan Leitermann

    Group Chief Information Officer

    OMV

10:25 - 11:00
Coffee Break
Session Location: Hall A
11:00 - 11:45
Panel Discussion: Assessing the global cost of oil and gas cyber crimes, policy and legislation effects on the industry 2017-2020
Session Location: Hall A
  • Panel Discussion: Assessing the global cost of oil and gas cyber crimes, policy and legislation effects on the industry 2017-2020

    Costing the world hundreds of millions of dollars every year, cyber crime is on the increase, making it imperative that oil and gas operators take the threat seriously and understand the potential costs to their business.

    Key topics and take aways

    •     What is the monetary impact of a cyber crime in the oil and gas sector and how do you put a financial value to a cyber crime on your business?  And why does it matter?
    •     Implementing strategies, IT processes and  high-tech defences to reduce the cost of oil and gas cyber crime 
    Session Chairpersons:
    Nehal Al Hemeiri

    Nehal Al Hemeiri

    Head, IT Security Risk & Compliance Section Group Information Technology Unit

    ADNOC

    Sandip Patel

    Sandip Patel

    Queens Council (QC)

    MEMBER OF THE CHARTERED INSTITUTE OF ARBITRATORS (MCIArb)

    IBRAHIM ALSHAMRANI

    Eng. Ibrahim Alshamrani

    Executive Director of Operations, National Cyber Security Centre

    Ministry of Interior Saudi Arabia

11:45 - 12:30
Panel Discussion: Evaluating Insider threat solutions from technology and intelligence
Session Location: Hall A
  • Panel Discussion: Evaluating Insider threat solutions from technology and intelligence

    Major cyber security threats across a business are mostly through internal human negligence or carelessness making it vital that companies make the appropriate investments in human capital, processes and technologies in order to improve their cyber readiness.

    Key topics and take aways

    •     Insider threats pose the most serious risks to critical operations; assessments, vulnerabilities and consequences
    •     Managing human factors in information security, human transformation and employee upskilling
    Session Chairpersons:
    Peter Barrichter

    Peter Barrichter

    Chief Information Security Officer

    MAERSK OIL

    Emad Ali Maisari

    Emad Ali Maisari

    Senior Vice President & Head - Information Security & Risk

    MUBADALA

    Hans-Jörg Kalcher

    Hans-Jörg Kalcher

    Chief Information Security Officer, Head of Enterprise Architecture and Information Security

    OMV

12:30 - 13:30
Lunch Break
Session Location: Hall A
13:30 - 14:30
Addressing advanced ransomware attacks and what the recent outbreaks mean for the oil and gas industry
Session Location: Hall A
  • Addressing advanced ransomware attacks and what the recent outbreaks mean for the oil and gas industry

    Key Take aways

    • Developing a risk mitigation strategy and measuring risk management approaches within the business to combat and manage the ever increasing dynamic and adaptive ransomware attacks
    • How to design and implement standards that reduce exploitable conflicts in IT systems across the oil and gas industry
    • Strengthening modern information security departments to prepare them for potential oil and gas ransomware attacks
    • Securing the electronic messaging infrastructure in your organisation as a first step in avoiding ransomware attacks
    • Evaluating intelligent analyses on what is happening on your system in order to fight back offenders
    Session Chairpersons:
    Adam El Adama

    Adam El Adama

    Chief Information Security Officer

    Al Hosn Gas

    Don Randall

    Don Randall

    Former Head of Security and Chief Information Security Officer

    BANK Of ENGLAND

    Mohammed Bushlaibi

    Mohammed Bushlaibi

    Forensic Analyst

    Telecommunications Regulatory Authority (TRA)

    Speakers:
    Lars Idland

    Lars Idland

    Vice President Information Technology, Chief Information Security Officer Corporate IT

    STATOIL

14:30 - 15:30
Case studies: Delving in on new security designs and the retrofitting of existing Industrial Control Systems (ICS) to secure facilities
Session Location: Hall A
  • Case studies: Delving in on new security designs and the retrofitting of existing Industrial Control Systems (ICS) to secure facilities

    Malware and cyber attacks are posing new threats across the oil and gas industry and are exposing weaknesses in Industrial Control System (ICS) designs.  Safeguarding this critical area requires a unique mix of technical and operating procedures into how threat actors (hostile nation-states, terrorist and hacktivist organisations) can compromise industrial controls that operate and manage industrial processes.

    Key topics and take aways

    •     Analysing security design architecture and evaluating lost control events to date in ICS
    •     What are the mistakes made in automation when designing control systems?
    •     Learn what is normal vs abnormal activity relative to standard protocols in ICS
    •     The biggest vulnerability to organisations is the outdated and ageing control systems in facilities - how can the industry protect their existing control systems?
    Session Chairpersons:
    Alya Almarzooqi

    Alya Almarzooqi

    Information Security Manager

    BOROUGE

15:30 - 00:00
Panel discussion: The future of IOT and the oil and gas industry – Where are we headed?
Session Location: Hall A
  • Panel discussion: The future of IOT and the oil and gas industry – Where are we headed?

    Identifying the latest trends of IOT connectivity and IOT solutions for the oil and gas sector to fulfill their needs as security becomes a serious consideration. 

    Key topics and take aways

    •     Deploying, securing, managing and monitoring IOT infrastructure for the oil and gas sector
    •     Overcoming challenges to keep the Internet of Things ecosystem connected and safe
    •     Discover how Internet of Things (IoT) technology applies to the future of the oil and gas industry from the perspectives of exploration and production
    •     Cyber security and the Internet of Things - how should oil and gas operators stay ahead?
    Session Chairpersons:
    Nasser Al Buhairi

    Nasser Al Buhairi

    Chief Security Officer for Maritime Security and head of the Emergency Response Coordination Unit

    KUWAIT OIL COMPANY

    Perrin Mathieu

    MATHIEU PERRIN

    Loss Prevention engineer and Cyber Security Analyst

    SAUDI ARAMCO

    Ali Al Marzouqi

    Ali Al Marzouqi

    Information Security Manager

    ZADCO

08:00 - 09:00
Registration
Session Location: Hall A
09:00 - 09:10
Welcome Address
Session Location: Hall A
09:10 - 09:25
Keynote Address: The state of cyber security across the oil and gas industry -Worth Investing in or worth risking?
Session Location: Hall A
  • Keynote Address: The state of cyber security across the oil and gas industry -Worth Investing in or worth risking?

    The deployment of cyber security measures in the oil and gas industry are not keeping pace with the growth of digitalisation in oil and gas operations. Most of the oil and gas companies in the Middle East and GCC region have low to medium cyber security readiness causing security compromises that are resulting in loss of data and therefore need to understand the cyber security matrix in order to be able to fight against malicious attacks.

    Key topics and take aways

    •     Ensuring appropriate levels of sector participation (IOC’s and NOC’s) to increase cyber security awareness
    •     Recognising the importance of defence mechanismsagainst cyber threats in the oil and gas sector
    •     Analysing organisational challenges for cyber security readiness in oil and gas
    Speakers:
    Ronnie Flanagan

    Ronnie Flanagan

    former Chief Constable of the Royal Ulster Constabulary ( RUC) and Chief Inspector of Constabulary Strategic , Currently Security Adviser to the Minister of Interior

    UNITED ARAB EMIRATES

09:25 - 10:25
Panel Discussion: Convergence of Operational Technology (OT) and Information Technology (IT) and addressing the security landscape
Session Location: Hall A
  • Panel Discussion: Convergence of Operational Technology (OT) and Information Technology (IT) and addressing the security landscape

    IT/OT convergence will provide better transparency with regards to cost and structures and therefore lead to efficiencies in oil and gas. This session will discuss specific attacks and vulnerabilities related to oil and gas companies as well as guidelines and processes on how to avoid them. Experts say there is greater risk in the OT than the IT environment. An average of 46% of all cyber attacks in the OT environment go undetected, suggesting the need for investments in technologies that detect cyber threats to oil and gas operations.

     

    Key topics and take aways

    •     Understanding the risks connected to oil and gas companies infrastructure from both IT and OT perspectives
    •     Applying standards and governance principals for IT and OT to ensure cost reductions
    •     Enhancing performance through the integration of IT and OT
    Session Chairpersons:
    Joaquín Reyes

    Joaquín Reyes

    Chief Information Security Officer

    CEPSA

    Lamya Ali Anoon AlNuaimi

    Lamya Ali Anoon AlNuaimi

    Network and Security Manager

    RUWAIS FERTILIZER INDUSTRIES FERTIL

    Abdulla AL-Qamzi

    Abdulla AL-Qamzi

    Digital Oil Field Manager

    ZADCO

    Speakers:
    Ramesh Rajagopal

    Ramesh Rajagopal

    Director- Strategic Growth for Digital Solutions, Middle East North Africa, Turkey (MENAT) & India

    BAKER HUGHES, GE COMPANY

    Lars Idland

    Lars Idland

    Vice President Information Technology, Chief Information Security Officer Corporate IT

    STATOIL

10:25 - 10:55
Coffee Break
Session Location: Hall A
10:55 - 11:55
Panel discussion: Security and compliance risks in cloud computing
Session Location: Hall A
  • Panel discussion: Security and compliance risks in cloud computing

    Cloud based services should be engineered and operated with security in mind, and the operational processes should be integrated into the organisations security management.

     

    Key topics and take aways

    •  Insights into cloud visibilty assessment in the oil and gas industry
    •  Achieving operational excellence through cloud adaption of interdependent application deployments in oil and gas
    •  Security and compliance awareness in cloud computing - what are the various cloud models and services available and how should the oil and gas sector assess which ones are the most effective for your organisation?  
    Session Chairpersons:
    Rajaa Mohamed Jabir

    Rajaa Mohamed Jabir

    Senior IT Solution Analyst/Developer, Information Technology Division

    ABU DHABI COMPANY FOR ONSHORE PETROLEUM OPERATIONS LTD. (ADCO)

11:55 - 12:30
Panel Discussion: Assurance and risk management methods for oil and gas supply chain security and business continuity
Session Location: Hall A
  • Panel Discussion: Assurance and risk management methods for oil and gas supply chain security and business continuity

    Oil and gas supply chain management involves configuration, coordination and improvement in security measures across Exploration → Production → Refining → Marketing → Consumer.  Cyber risks, especially across the supply chain, are difficult to address.

     

    Key topics and take aways

    •     Developing security solutions and strategies for acute supply chain management issues
    •     Identifying the seamless technologies that run throughout the entire supply chain cycle in the oil and gas sector
    •     Exploratory information is most vulnerable to a cyber attack in the oil and gas value chain. What types of cyber attacks should you watch out for throughout the supply chain cycle?
    Speakers:
    Shoaib Yousuf

    Shoaib Yousuf

    Expert Principal Cyber Security and Regional Topic Leader Cybersecurity

    BOSTON CONSULTING GROUP (BCG)

    Richard Preece

    Richard Preece

    International Data Protection Officer

    DA RESILIENCE

    Kamran Ahsan

    Kamran Ahsan

    Senior Digital Security Solutions

    ETISALAT

    Hussein Abdallah

    Hussein Abdallah

    Regional Security Analyst

    Shell

12:30 - 13:30
Lunch Break
Session Location: Hall A
13:30 - 14:30
Technology woes for the oil and gas industry
Session Location: Hall A
  • 13:30 Technology woes for the oil and gas industry

    Cyber security is an ever increasing concern for the energy sector as cyber crimes become bolder and more viscious. Innovations have assured technological evolution, with these rapid advancements it is imperative the energy sector stays vigilant of emerging technological trends to make certain their systems are protected from new attacks at all times.

     

    Key topics and take aways

    •     Assessing the latest security technologies available to ascertain which specific technologies are vital to securing oil and gas infrastructure
    •     How much technology is needed to improve security in the oil and gas sector?
    •     How can oil and gas companies adopt proactive solutions rather than reactive solutions to establish appropriate cyber defences?
    Speakers:
    OMAR QAISE

    OMAR QAISE

    Founder and Chief Executive Officer

    OQ TECHNOLOGY LUXEMBURG

    Russell Herbert

    Russell Herbert

    Global oil and gas Industry Principal

    OSISOFT

14:30 - 15:30
Offensive protection with big data and analytics in the oil and gas sector
Session Location: Hall A
  • Offensive protection with big data and analytics in the oil and gas sector

    Oil and gas companies are increasingly analysing their data, but what happens when we bring big data into the equation?  Eliminating ineffiencies and harnessing the power of big data analytics to drive excellence in oil and gas and secure data.

     

    Key topics and take aways

    •     Implementing successful information management strategies for the protection of big data analytics in the oil and gas sector
    •     Increasing productivity and efficiency across all major business units through best practices for data harmonisation and security and safety measures
    •     Determining where to place investment in technology R&D for securing data analytics tools and applications
15:30 - 16:30
Improving cyber security of Supervisory Control and Data Acquisition (SCADA) networks, process, protection and protocol
Session Location: Hall A
  • Improving cyber security of Supervisory Control and Data Acquisition (SCADA) networks, process, protection and protocol

    Supervisory control and data acquisition (SCADA) networks are considered to be the nervous system in the oil and gas industry and its secure protection is imperative.

     

    Key topics and take aways

    •     As most current SCADA (critical) components operate in a context that is completely different from what they were initially designed for, what system upgrades and protection measures have been taken to improve     the obvious security risks in current SCADA systems?
    •     How can government and private sector work together diligently to ensure protection for these critical components in all corporate cyber strategies?
    •     The importance of developing human competency and security skills sets to effectively manage scada system components
    •     Navigating through the perspective of cyber security as applied to process safety