Event Agenda

11th – 12th 2024 // Calgary, Canada

Day 1 - 11th June

Day 2 - 12th June

Day 1 // June 11th 2024 Navigating Risk Through Canada’s Shifting Threat Landscape 08:00 – 05:30
	08:00Registration & Coffee
	08:50Chairman’s Opening Address
	09:00Panel Discussion: Navigating Canada’s Threat Landscape: How Can We Best Manage The Biggest Risks Facing Canadian Cybersecurity in 2024? Over the last year, the threat landscape in Canada has shifted dramatically. Geopolitical tensions have increased the threat vectors facing Canadian businesses, meanwhile, economic conditions have limited business both in Canada and globally in their digital transformation efforts since the pandemic. Nevertheless, whilst these challenges come to a head, cyber attacks have increased across Canada’s critical infrastructure. Consequently, this session will explore: . What are the biggest challenges our critical infrastructure organisations face in terms of their cyber security? How do you increase your cyber resilience to ensure that your organisation can preserve and recover business operations? In a time of geopolitical uncertainty – how can we best make sure our organisations are prepared for these risks? How can a good Governance, Risk and Compliance (GRC) strategy help us overcome these risks brought to our cybersecurity? What does a good GRC Strategy look like? What are the best ways to mitigate against risks to ensure that the worst case scenario does not happen? Looking ahead to the rest of the decade, what are the new challenges you predict to open up to our OT Cyber networks? – Moderator: Ken Anderson, Chief Security Architect, ATCO – Panellist: Kayode Alawonde, Principal Information Security Officer, BHP Canada – Panellist: Roger Dery, IT Director, Rockpoint Gas Storage – Panellist: Tara Mulrooney, VP of Technology, Edmonton Airport – Panellist: Adam Roeckl, Sr, IOT Lead Specialist, Crowdstrike .
	09:40Presentation: Leveraging Threat Scenarios to Improve Your OT Cybersecurity The landscape of cybersecurity is shifting, and the stakes for OT security are higher than ever before. In this session, we explore the multifaceted benefits of incorporating threat scenarios into your cybersecurity strategy. From risk assessment to proactive defence, we shed light on how threat scenarios empower organisations to anticipate, prepare for, and mitigate potential cyber incidents. Consequently, this session will explore: . The importance of risk assessment specific to OT systems, and how threat scenarios identify vulnerabilities. How threat scenarios contribute to preparedness planning by anticipating potential cyberattacks and identifying security control gaps. The role of proactive defence in mitigating risks, from implementing network segmentation to intrusion detection systems. How threat scenarios can assist in aligning security practices with regulatory requirements to ensure compliance. – Foad Godarzy, Sr. Director of Operational Technologies, Fortinet .
	10:20Presentation: Building For The Future - Lessons We Learned From A Ransomware Attack Ransomware has emerged as a major cyber threat to Canadian organisations. Through the Growth of affiliate programs and ransomware-as-a-service (RaaS) schemes, heightened risk from ransomware continues to threaten our security posture in 2024 with more sophisticated models being utilised by cyber criminals. This session will therefore explore a recent case study of a cyber attack, and what messages have been taken so we can all learn for the future. It will discuss: . How we can tackle the biggest cyber threats facing Canada’s critical infrastructure. Where we can adapt our strategies increasing ransomware attacks to ensure our data remains safe Where we can reduce risks in our organisations to best prevent against ransomware moving forward What we can learn from a response to a ransomware attack to adapt our strategies accordingly – Nimira Dhalwani, CTO & CISO, The Hospital for Sick Children .
	10:50Break & Networking

TRACK A Building An Operational Strategy Fit For The Future SiNguyen Vo, CISO, The International Civil Aviation Organization
	11:30Presentation: Unlocking Cyber Resilience in Industrial Environments: Five Principles The growing digitization and connectedness of industrial environments is opening up business opportunities and enhancing operational efficiency, but it also introduces inherent risk that must be accounted for and mitigated. This session will explore how these five principles can help organisations safeguard, maintain and monitor their industrial OT environment as well as ensure business continuity. It will therefore explore: . How we can best perform comprehensive risk management of the OT environment. What can be done to ensure OT engineers and operators of installations have responsibility for OT cybersecurity. Where we can align with top organisational leadership, strategic planning teams and third parties to make security-by-design a reality. How we can make cybersecurity standards and best practices contractually enforceable on partners and vendors to build a cyber secure OT environment. How best we can run joint tabletop exercises to ensure preparedness in case of an actual incident. – Aruba .
	12:00Case Study: Maturity Assessment and Frameworks - Should You Be Certified? Canada’s critical infrastructure has become increasingly vulnerable to cyberattacks, costing the economy over $530 million annually. Cybercriminals, often operating with near impunity, are focusing on high-value targets such as electrical utilities, oil and gas, and aviation sectors.. This session will lead us through a case study example of maturity assessments, frameworks and certification to: . Explore the importance of Cybersecurity Maturity Model Certification (CMMC) in ensuring we stay secure Establish why frameworks such as ISO27001 can help us build a cyber strategy fit for the future Understand Where such assessments can help us improve visibility within our organisations. Follow a critical infrastructure company’s case study through exploring their roadmap so far surrounding maturity assessments, frameworks and certifications and what has gone both right and wrong. – Tom Bornais, CISO, NAV CANADA .
	12:30Presentation: How To Calculate Cyber Risk In Financial Terms In this session, learn how you can: . Integrate data from OT security scans into a strategy you can present to upper management Calculate the cyber risk exposure for each asset. Express the risk to each asset in monetary terms. – WSP .

TRACK B Addressing Technological Challenges Amidst an Expanding Security Outlook Caroline Turcotte, Head of IT Infrastructure, Confidential
	11:30Presentation: Tomorrow’s SOC: How To Approach Risk Management and the IT-OT Divide As digital transformation accelerates the connectivity between IT and operational technology (OT) networks, many organisations are incurring increased risks. To address these challenges, integrations can help lay the foundation for the future of the industrial security operations centre (SOC) and help implement overarching IT-OT security initiatives. This session will therefore explore: . The Challenges of Bringing OT into the SOC Managing OT Risk Through Cyber Resilience Building Tomorrow’s SOC Walking Through a Threat Scenario: Remote Access – Tenable .
	12:00Case Study: A Roadmap For Cybersecurity Policies For Critical Infrastructure Companies This session will explore the importance of collaboration, standards and information sharing among stakeholders in the OT security ecosystem. It will delve into a case study of how to deal with issues in the area exploring an example of healthcare. It will explore public-private partnerships, information sharing platforms, and threat intelligence sharing initiatives specific to critical national infrastructure protection. It will discuss how we can establish trust, overcome legal and regulatory challenges, and foster an environment of cooperation among government agencies, industry sectors, and cyber security experts. This will allow attendees to gain insights into effective collaborative approaches and how collective efforts can lead to a stronger OT security posture. . – Kajeevan Rajanayagam, Director of Cyber Security, University Health Network .
	12:30Presentation: AI & ML Trends in OT/IoT Cybersecurity This presentation provides an overview of cutting-edge trends in artificial intelligence and machine learning in Operational Technology (OT) and Internet of Things (IoT) Cybersecurity, demonstrating examples of how AI can automate and improve cybersecurity processes in an OT/IoT environment. . – Ameen Hamdon, Founder and President, Subnet Solutions Inc .

Lunch
	12:40Lunch Hosted by Fortinet

TRACK A Building An Operational Strategy Fit For The Future SiNguyen Vo, CISO, The International Civil Aviation Organization
	01:40Presentation: Old Habits Die Hard: How People, Process & Technology Challenges Hurt Your Cybersecurity Team and What You Can Do About It Your cybersecurity program is facing unprecedented scrutiny from government agencies, insurance companies, investors and even your board of directors. This highlights a common challenge: how to effectively assess, report on and communicate risk. In this session, we explore the people, process, and technology challenges hampering risk-reduction practices. This will therefore discuss: . Which organisational and technological silos are getting in the way of preventive cybersecurity What the most mature organisations are doing to improve their preventive cybersecurity practices and culture Key recommendations you can implement in your organisation today — no matter where you are on your cybersecurity journey – SCADAfence .
	02:10Case Study: Why You Should Be Applying Consequence-driven Cyber-informed Engineering Principles In this presentation we will introduce the concept of Consequence-driven Cyber-informed Engineering championed by Idaho National Labs. We will focus on how, from an engineering perspective, High Consequence Events can impact the Nation’s Critical Infrastructure. And more importantly, we will illustrate why CI organisations should be applying Cyber-informed Engineering principles, by encouraging them to view cyber risk under a different light: from an engineering perspective, and from a high consequence point of view. . – Prashant Prashant, Senior Cybersecurity Advisor, Enbridge .
	02:40Presentation: A Calculated Approach to Cybersecurity Risk This session explores how we can implement a calculated approach to cybersecurity risk assessment by addressing the limitations of current practices in determining the impact and risk associated with Common Vulnerabilities Exposures (CVEs). Traditional methods often rely on generalised information, leading to inaccurate prioritisation of assets and vulnerabilities. Hence, this session presents a novel methodology incorporating Calculated Impact Rating (CIR) and Calculated Risk Ratings (CRR) to precisely evaluate the impact and risk of CVEs on an organisation’s assets. This approach, coupled with the Exploit Prediction Scoring System, offers a more tailored and accurate assessment of cybersecurity threats. . – Verve .

TRACK B Addressing Technological Challenges Amidst an Expanding Security Outlook Caroline Turcotte, Head of IT Infrastructure, Confidential
	01:40Presentation: Closing IoT Security Gaps in Your Operations Industrial networks are quickly adopting Internet of Things (IoT) technologies to reduce costs and deliver more value to customers and shareholders. Unfortunately, this trend is creating new security risks, as many organisations lack the ability to monitor and secure their IoT assets. The challenges will only increase over the next few years as industrial organisations deploy 5G with the capacity to support hundreds of thousands of IoT assets in their global operations. Business and security leaders need to get ahead of the risks and challenges coming their way. This session will provide an insight into the issues involved in securing IoT assets and effective ways to overcome them in your OT environments . – Otorio .
	02:00Case Study: Addressing The Rapidly Increasing Threats Generative AI Presents Generative AI poses a huge potential threat as a gateway for fraud and malicious data gathering through helping to write code as well as writing more sophisticated phishing emails, among others dangers. While most organisations are worried about potential cyber threats from new technology, such as generative AI (68%), only 32% of Canadian Businesses have policies in place to prevent, protect and educate their teams of its threats. This session will therefore discuss: . How can ChatGPT and Generative AI open up new threats to our IT strategies? Where can these threats translate into our OT/ICS technologies? How can we utilise these new technologies first, and better than the rogue actors who aim to disrupt our manufacturing processes? How do these technologies have the potential to disrupt our systems further moving forward? – Martin Dinel, CISO, Government of Alberta .
	02:40Presentation: Managing AI Decision-Making in Cyber Security The threat of a cyber-attack is constant, but maintaining a 24/7 SOC is often unfeasible. Many defenders are now considering deploying Autonomous Response to contain threats around the clock. However, others remain hesitant to let an AI take action across digital systems. This session explores the different ways in which humans can set boundaries and interact with AI to ensure optimal and responsible cyber security. . – Xage .

–
	03:10Presentation: How to Prepare For & Respond to Ransomware In Operational Technology Environments Over the past five years, Canada has seen an increase in ransomware used against industrial control systems (ICS) and operational technology (OT) environments. The ransomware used in these cyber attacks has been both intentional and unintentional in nature, yet has made this threat the most common cause of compromise in the industrial sector in the past year. Knowing how to prepare for and respond to ransomware threats in ICS/OT environments requires a different approach than for IT. IT-focused response plans cannot simply be re-used in OT. OT incident response plans (IRPs) and playbooks must be ICS-specific and be tested, exercised, and validated in these environments to be effective. This session will explore the best practices for how we can both prepare and respond to ransomware in OT Environments. . – ServiceNow .
	03:40 Break & Networking
	04:10Roundtables: T1: Best Practices for Protecting Ourselves Through Our Digital Transformation Efforts – Andrew Ginter, VP Industrial Security, Waterfall Security Solutions, Waterfall . T2: Ensuring Value Whilst Implementing Our Cyber Strategies – Acronis . T3: Implementing A Zero-Trust Framework In Our Organisations – Xona . T4: Analysing How We Can Best Ensure Our Supply Chains Stay Safe – Dragos . T5: Exploring the Benefits and Drawbacks of Quantum Cryptography . T6: Utilising NERC AND NERC-CIP Standards Whilst Protecting Our Infrastructure .
	04:50Panel Discussion: Looking Ahead to Bill C-26: Are New Standards & Regulations Necessary In Ensuring Our Critical Infrastructure Stays Protected? Bill C-26 is a comprehensive legislative initiative to enhance cybersecurity in critical sectors, introducing measures to address incidents, enforce compliance, and secure supply chains. If passed, it will position Canada as a leader in protecting critical infrastructure from cyber threats. Meanwhile, the federal government hopes the bill could serve as a model for provinces, territories, and municipalities to collaborate on securing their critical infrastructure. This session will therefore explore and debate the necessity for bills like Bill C-26. It will also ask: . Why is Bill C-26 a necessity in protecting our infrastructure moving forward? Are regulations imperative? What can be done to ensure that your organisation meets new and evolving regulations? Does the Scope of Bill C-26 need to go further? Do Regulations Need to be tighter and more industries covered? What are the business and operational challenges which Bill C-26 brings? How can we overcome these challenges? How could you leverage NIST and IEC 62443 to comply with the bill’s aims? Are there lessons learned from other jurisdictions and other standards such as NIS2 (EU) and NERC-CIP? How can Bill C-26 have a knock-on effect on provincially regulated industries? – >Moderator: Tara Mulrooney, VP of Technology, Edmonton Airport – Panellist: Robert Martin, Senior Director, Security, Canada Health Infoway – Panellist: Tom Bornais, CISO, NAV CANADA – Panellist: Daniel Couillard, Director General of Partnerships and Risk Mitigation, Canadian Center for Cybersecurity – Panellist: Foad Godarzy, Sr. Director of Operational Technologies, Fortinet – Panellist: Ken Dohan, Sr. Director, OT Cyber / MSSP Americas, Cybolt .
	05:30Chairman’s Closing Remarks & Drinks Reception

Join the Line-Up

Submit a Proposal

Register Now

Choose Your Pass

Request a Sponsor Pack