Welkom koffie

8:30 - 9:00 uur

Kom bij ons op de koffie!

Opening Session –Cyber Security Obsolete ? Speak about Cyber Resilience now ! 

9:00 - 9:30 uur

Eric Van Cangh - Agoria

“We live in a world where digital transformation brings its share of advantages for our economy but also for our everyday life.

The other side of the coin, it also increases the exposure of our company (including our data) to the outside world.

Just look at what is happening in Belgium with the impacts on big cities, hospitals, multinational companies…

Cybersecurity the set of means to protect our information at the level of people, processes and technology is on the table of most of our leaders.However, with the number of attacks, the sophistication of the attacks and the increasingly growing impact, Cyber Security alone is becoming almost obsolete (World economic forum April 2022)

We are now talking about Cyber weerbaarheid, this ability to resist to a change’s  effect like floods, fires and cyber-attacks.

During this conference, the socio-economic state of cyber security in Belgium will be discussed (Agoria study Nov 2022) but also some notions on how to increase this cyber resilience for our industries and our public

At the end we will convince to you : Cyber resilience is a mindset to adopt.

De-mystifying Active Query in OT networks  

9:30 - 10:00 uur

Dominic Storey - Tenable

Mention “network scanning” and “OT network” in the same sentence and you will hear the cry – “It’s not safe!”. Yet OT vulnerability management deployments increasingly point to the inconvenient truth that passive discovery alone simply does not get the asset data necessary for security practitioners to do their jobs. How can security organisations safely resolve this paradox? This session explains how you can use active query methods safely and effectively in the OT environment and lays out a roadmap for getting buy-in from your concerned colleagues. We will also discuss real-world hybrid query scenarios and their benefits in reducing deployment costs and optimising time-to-value of the deployed solution.

Business Continuity and Cyber Security: a mandatory collaboration to reach operational resilience

10:00 - 10:30 uur

Christian De Boeck - SYNERGIT

The « NIST » cybersecurity framework (currently in version 1.1 released in 2018) has undertaken an update to version 2.0. The basic concept consisting of five functions (Identify, Protect, Detect, Respond and Recover) remains relevant, and so does, until now, the lack of enthusiasm of many cybersecurity teams to address this « Recover » part, which they believe should be covered « elsewhere ».

The challenge is indeed a major one: while most companies have developed Business Continuity Plans (BCP) which (hopefully) can build on their counterparts within IT departments (DRP plans), these initiatives are often not or only loosely coupled with cyber security, giving a false sense of security, especially when it comes to cyber threats.

Met de snelle convergentie van de IT- en OT-omgeving neemt het industriële risico als gevolg van een cyberaanval alleen maar toe en kan het veel meer in gevaar brengen dan alleen het bedrijf dat het doelwit is.

At Synergit, we are committed to co-creating proven enterprise resilience. In this presentation, we will propose our approach in which CISOs / CISOs and security teams are uniquely positioned to federate all of these initiatives into a cross-functional approach that will provide robustness and resilience to improve business performance and ultimately survival.

Koffiepauze

10:30 - 11:00 uur

Ruimte voor netwerken

Best practices for securing OT/IT Convergence

11:00 - 11:30 uur

Soultana Ellinidou & Stéphanie Tonneau - THALES

With the fast evolvement in digital technologies and the drive towards remote and data-driven operations, the two environments of Operational Technology (OT) and Information Technology (IT) have begun to converge.  Technological advances such as the Internet of Things (IoT) and big data analytics have allowed the information world to better understand and influence the physical operational world. As OT grows increasingly similar to IT, the increased connectivity and criticality of the OT systems creates significant challenges for their adaptability, resilience, safety, and cyber security. Hence, change is critical to pursue a secure combined centralized IT-OT organization model. This change should happen by applying a set of best practices, which rely on international standards as IEC 62 443, helping to improve the cybersecurity posture to comply with the NIS2 Directive. These best practices will be extensively presented during the conference.

« ISA-62443-3-3 Standard, lessons learn from the plant floor.”

11:30 - 12:00 uur

Gilles Loridon - Cyberium

In this presentation, in the first part, we will introduce the audience to IEC/ISA 62443 series of standards. Then we will focus on ISA-62443-3-3, which is System security requirements and security levels. In this standard, the security controls requirements depend of the Targeted Security level of the system in consideration. For Example, a Safety Injection System may have a higher Security Level than an Historian system, depending on their impact. We will briefly explain the concept of Zone & conduits, cardinal to the Security Level, SL, and illustrate the all process with Foundational Requirement  No5, FR5, Restricted Data Flow.

In the second part of this presentation, we will look at lessons we learn on the plan floor while implementing FR5 Restricted Data Flow and we will focus on SL-Target, SL-Capability and SL-Achieved across two real-life examples.

Defense in Depth

12:00 - 12:30 uur

Amaury Poncin - SIEMENS

Veilige communicatie in industriële netwerken

Een aanpak die alle niveaus tegelijk bestrijkt, is essentieel om industriële faciliteiten zowel intern als extern volledig te beschermen - van operationeel tot veldniveau, van toegangscontrole tot kopieerbeveiliging. Daartoe gebruiken wij een strategie die op alle niveaus voor verdediging zorgt: "Defense in Depth" is een alomvattend beveiligingsconcept dat gebaseerd is op fabrieksbeveiliging, netwerkbeveiliging en systeemintegriteit. Wij laten ons leiden door de IEC 62443-norm, de toonaangevende norm voor beveiliging in industriële automatisering.

Cybersecurity for Space as a critical infrastructure 

12:30 - 13:00 uur

Pascal Rogiest - RHEA

Space Systems have evolved over the last decade from simple communication bent-pipes, to complex data networks integrating satellite and ground communications and data-storage infrastructure. That has transformed space-systems into IT systems, rendering them potentially vulnerable to cyber-attacks. Moreover, the large increase of financial investments into Space, often coming from New Space entrepreneurs, have made Space Systems attractive from a monetary perspective. With high value and critical-services at stake, Space Systems have become prime targets to malicious stakeholders. Today, major cybersecurity systems are being deployed by EU and ESA in order to secure European space assets & services. RHEA is the trusted partner of those organizations in so-called « Cybersecurity for Space ». 

Lunchpauze

13:00 - 14:00 uur

Ruimte voor netwerken

Reveal the invisible! : You can’t protect what you can’t see

14.00 - 14.30 uur

Marc Foulon - Net Measure

Marc Foulon presents the latest trends in DDoS attacks and shows you a real time tool of the current landscape.Marc Foulon presents the latest trends in DDoS attacks and shows you a real time tool of the current landscape.

The volume, duration and growing complexity of attacks require industries to equip themselves with the right tools at the right places in order to preserve the continuity of their business.

Total visibility, real-time source detection and investigation are the keys to success in your monitoring and security approach.

Marc Foulon will explain how to implement an NDR solution that unloads  your firewall and provides you with always-on protection.

Security for Data-Sciences Applications

14:30 - 15:00 uur

Frank Vanden Berghen - Timi

We will cover different aspect of how to implement proper Security in Data-Sciences Applications.
How to secure passwords in open source code? What are the implications of GDPR when it comes to security?
How can we mitigate security breaches with our teams of data scientists?
How should tools and processes be adapted to meet the requirements of resultd for the CDO and security for the CIO?

How can we mitigate security breaches with our teams of data scientists

How should tools and processes be adapted to meet the requirements of resultd for the CDO and security for the CIO?

Afsluiting en netwerken 

15.30 uur

Afsluiting en netwerken