Event Agenda
11th – 12th 2024 // Calgary, Canada
11th – 12th 2024 // Calgary, Canada
Day 1 // June 11th 2024 Navigating Risk Through Canada’s Shifting Threat Landscape 08:00 – 05:30 |
|
08:00Registration & Coffee | |
08:50Chairman’s Opening Address | |
09:00Panel Discussion: Navigating Canada’s Threat Landscape: How Can We Best Manage The Biggest Risks Facing Canadian Cybersecurity in 2024? Over the last year, the threat landscape in Canada has shifted dramatically. Geopolitical tensions have increased the threat vectors facing Canadian businesses, meanwhile, economic conditions have limited business both in Canada and globally in their digital transformation efforts since the pandemic. Nevertheless, whilst these challenges come to a head, cyber attacks have increased across Canada’s critical infrastructure. Consequently, this session will explore: .
– Moderator: Ken Anderson, Chief Security Architect, ATCO |
|
09:40Presentation: Leveraging Threat Scenarios to Improve Your OT Cybersecurity The landscape of cybersecurity is shifting, and the stakes for OT security are higher than ever before. In this session, we explore the multifaceted benefits of incorporating threat scenarios into your cybersecurity strategy. From risk assessment to proactive defence, we shed light on how threat scenarios empower organisations to anticipate, prepare for, and mitigate potential cyber incidents. Consequently, this session will explore: .
– Foad Godarzy, Sr. Director of Operational Technologies, Fortinet |
|
10:20Presentation: Building For The Future - Lessons We Learned From A Ransomware Attack Ransomware has emerged as a major cyber threat to Canadian organisations. Through the Growth of affiliate programs and ransomware-as-a-service (RaaS) schemes, heightened risk from ransomware continues to threaten our security posture in 2024 with more sophisticated models being utilised by cyber criminals. This session will therefore explore a recent case study of a cyber attack, and what messages have been taken so we can all learn for the future. It will discuss: .
– Nimira Dhalwani, CTO & CISO, The Hospital for Sick Children |
|
10:50Break & Networking |
TRACK A Building An Operational Strategy Fit For The Future SiNguyen Vo, CISO, The International Civil Aviation Organization |
|
11:30Presentation: Unlocking Cyber Resilience in Industrial Environments: Five Principles The growing digitization and connectedness of industrial environments is opening up business opportunities and enhancing operational efficiency, but it also introduces inherent risk that must be accounted for and mitigated. This session will explore how these five principles can help organisations safeguard, maintain and monitor their industrial OT environment as well as ensure business continuity. It will therefore explore: .
– Aruba |
|
12:00Case Study: Maturity Assessment and Frameworks - Should You Be Certified? Canada’s critical infrastructure has become increasingly vulnerable to cyberattacks, costing the economy over $530 million annually. Cybercriminals, often operating with near impunity, are focusing on high-value targets such as electrical utilities, oil and gas, and aviation sectors.. This session will lead us through a case study example of maturity assessments, frameworks and certification to: .
– Tom Bornais, CISO, NAV CANADA |
|
12:30Presentation: How To Calculate Cyber Risk In Financial Terms In this session, learn how you can: .
– WSP |
TRACK B Addressing Technological Challenges Amidst an Expanding Security Outlook Caroline Turcotte, Head of IT Infrastructure, Confidential |
|
11:30Presentation: Tomorrow’s SOC: How To Approach Risk Management and the IT-OT Divide As digital transformation accelerates the connectivity between IT and operational technology (OT) networks, many organisations are incurring increased risks. To address these challenges, integrations can help lay the foundation for the future of the industrial security operations centre (SOC) and help implement overarching IT-OT security initiatives. This session will therefore explore: .
– Tenable |
|
12:00Case Study: A Roadmap For Cybersecurity Policies For Critical Infrastructure Companies This session will explore the importance of collaboration, standards and information sharing among stakeholders in the OT security ecosystem. It will delve into a case study of how to deal with issues in the area exploring an example of healthcare. It will explore public-private partnerships, information sharing platforms, and threat intelligence sharing initiatives specific to critical national infrastructure protection. It will discuss how we can establish trust, overcome legal and regulatory challenges, and foster an environment of cooperation among government agencies, industry sectors, and cyber security experts. This will allow attendees to gain insights into effective collaborative approaches and how collective efforts can lead to a stronger OT security posture. . – Kajeevan Rajanayagam, Director of Cyber Security, University Health Network . |
|
12:30Presentation: AI & ML Trends in OT/IoT Cybersecurity This presentation provides an overview of cutting-edge trends in artificial intelligence and machine learning in Operational Technology (OT) and Internet of Things (IoT) Cybersecurity, demonstrating examples of how AI can automate and improve cybersecurity processes in an OT/IoT environment. . – Ameen Hamdon, Founder and President, Subnet Solutions Inc . |
Lunch | |
12:40Lunch Hosted by Fortinet |
TRACK A Building An Operational Strategy Fit For The Future SiNguyen Vo, CISO, The International Civil Aviation Organization |
|
01:40Presentation: Old Habits Die Hard: How People, Process & Technology Challenges Hurt Your Cybersecurity Team and What You Can Do About It Your cybersecurity program is facing unprecedented scrutiny from government agencies, insurance companies, investors and even your board of directors. This highlights a common challenge: how to effectively assess, report on and communicate risk. In this session, we explore the people, process, and technology challenges hampering risk-reduction practices. This will therefore discuss: .
– SCADAfence |
|
02:10Case Study: Why You Should Be Applying Consequence-driven Cyber-informed Engineering Principles In this presentation we will introduce the concept of Consequence-driven Cyber-informed Engineering championed by Idaho National Labs. We will focus on how, from an engineering perspective, High Consequence Events can impact the Nation’s Critical Infrastructure. And more importantly, we will illustrate why CI organisations should be applying Cyber-informed Engineering principles, by encouraging them to view cyber risk under a different light: from an engineering perspective, and from a high consequence point of view. . – Prashant Prashant, Senior Cybersecurity Advisor, Enbridge . |
|
02:40Presentation: A Calculated Approach to Cybersecurity Risk This session explores how we can implement a calculated approach to cybersecurity risk assessment by addressing the limitations of current practices in determining the impact and risk associated with Common Vulnerabilities Exposures (CVEs). Traditional methods often rely on generalised information, leading to inaccurate prioritisation of assets and vulnerabilities. Hence, this session presents a novel methodology incorporating Calculated Impact Rating (CIR) and Calculated Risk Ratings (CRR) to precisely evaluate the impact and risk of CVEs on an organisation’s assets. This approach, coupled with the Exploit Prediction Scoring System, offers a more tailored and accurate assessment of cybersecurity threats. . – Verve . |
TRACK B Addressing Technological Challenges Amidst an Expanding Security Outlook Caroline Turcotte, Head of IT Infrastructure, Confidential |
|
01:40Presentation: Closing IoT Security Gaps in Your Operations Industrial networks are quickly adopting Internet of Things (IoT) technologies to reduce costs and deliver more value to customers and shareholders. Unfortunately, this trend is creating new security risks, as many organisations lack the ability to monitor and secure their IoT assets. The challenges will only increase over the next few years as industrial organisations deploy 5G with the capacity to support hundreds of thousands of IoT assets in their global operations. Business and security leaders need to get ahead of the risks and challenges coming their way. This session will provide an insight into the issues involved in securing IoT assets and effective ways to overcome them in your OT environments . – Otorio . |
|
02:00Case Study: Addressing The Rapidly Increasing Threats Generative AI Presents Generative AI poses a huge potential threat as a gateway for fraud and malicious data gathering through helping to write code as well as writing more sophisticated phishing emails, among others dangers. While most organisations are worried about potential cyber threats from new technology, such as generative AI (68%), only 32% of Canadian Businesses have policies in place to prevent, protect and educate their teams of its threats. This session will therefore discuss: .
– Martin Dinel, CISO, Government of Alberta |
|
02:40Presentation: Managing AI Decision-Making in Cyber Security The threat of a cyber-attack is constant, but maintaining a 24/7 SOC is often unfeasible. Many defenders are now considering deploying Autonomous Response to contain threats around the clock. However, others remain hesitant to let an AI take action across digital systems. This session explores the different ways in which humans can set boundaries and interact with AI to ensure optimal and responsible cyber security. . – Xage . |
– | |
03:10Presentation: How to Prepare For & Respond to Ransomware In Operational Technology Environments Over the past five years, Canada has seen an increase in ransomware used against industrial control systems (ICS) and operational technology (OT) environments. The ransomware used in these cyber attacks has been both intentional and unintentional in nature, yet has made this threat the most common cause of compromise in the industrial sector in the past year. Knowing how to prepare for and respond to ransomware threats in ICS/OT environments requires a different approach than for IT. IT-focused response plans cannot simply be re-used in OT. OT incident response plans (IRPs) and playbooks must be ICS-specific and be tested, exercised, and validated in these environments to be effective. This session will explore the best practices for how we can both prepare and respond to ransomware in OT Environments. . – ServiceNow . |
|
03:40 Break & Networking | |
04:10Roundtables: T1: Best Practices for Protecting Ourselves Through Our Digital Transformation Efforts – Andrew Ginter, VP Industrial Security, Waterfall Security Solutions, Waterfall . T2: Ensuring Value Whilst Implementing Our Cyber Strategies – Acronis . T3: Implementing A Zero-Trust Framework In Our Organisations – Xona . T4: Analysing How We Can Best Ensure Our Supply Chains Stay Safe – Dragos . T5: Exploring the Benefits and Drawbacks of Quantum Cryptography . T6: Utilising NERC AND NERC-CIP Standards Whilst Protecting Our Infrastructure . |
|
04:50Panel Discussion: Looking Ahead to Bill C-26: Are New Standards & Regulations Necessary In Ensuring Our Critical Infrastructure Stays Protected? Bill C-26 is a comprehensive legislative initiative to enhance cybersecurity in critical sectors, introducing measures to address incidents, enforce compliance, and secure supply chains. If passed, it will position Canada as a leader in protecting critical infrastructure from cyber threats. Meanwhile, the federal government hopes the bill could serve as a model for provinces, territories, and municipalities to collaborate on securing their critical infrastructure. This session will therefore explore and debate the necessity for bills like Bill C-26. It will also ask: .
– >Moderator: Tara Mulrooney, VP of Technology, Edmonton Airport |
|
05:30Chairman’s Closing Remarks & Drinks Reception |