2019 IADC Cybersecurity for Drilling Assets Conference

Start: 8 October 2019
End: 9 October 2019

Venue: Hilton Houston Post Oak Hotel
Location: Houston, Texas, USA

Conference Sponsors

 
 

Registration Information

Click Here To Register Online For This Event

  • Registration fee: IADC Member: $425  Non-Member: $510
  • Employees of federal regulatory agencies may be eligible for a 50% discount on conference registration.
  • Speakers and sponsors are not eligible for online registration. (Complete the Conference Registration Form PDF below)
  • In order to receive a letter of invitation, IADC requires payment via Wire Transfer. The wire transfer information is included on the registration form. (Complete the Conference Registration Form PDF below)
  • Click here to download the Conference Registration Form (PDF format)

Conference Links

For questions regarding the conference, please contact Stephanie Carling at stephanie.carling@iadc.org or +1.713.292.1945.

Introduction

The 2019 IADC Cybersecurity for Drilling Assets Conference will examine existing cybersecurity regulations, industry best practices and standards of relevance for industrial control systems and drilling assets.  The event will convene timely technical papers and interactive panel sessions.

Conference Program

Tuesday, 8 October

7:45 am  Registration & Coffee Service  Ballroom A Foyer

7:50 am  Speaker Briefing  (Speakers, Moderators & Session Chairs only)

8:25 am  Welcome & Introduction  Ballroom A

  • Jim Rocco, Sr Director, Government & Industry Affairs – Offshore, IADC
  • Siv Hilde Houmb, Chair IADC Cybersecurity Committee, Security Professional, Houmb Invest AS

8:30 am  Cybersecurity Solutions for Rig Systems
Session Chair: Sean Gray, Electronics Superintendent, Stena Drilling

Automation, Condition Based Monitoring & Cybersecurity for Integrated Managed Pressure Drilling (MPD) Control Systems into Rig: Sayamik Ameen, Global MPD Control System Technical Manager, Thomas Koithan, Jose Brana, Anthony Spinler, Weatherford
This Intelligent MPD System integrates three major technologies: Automation, Cybersecurity and condition-based monitoring on a single PAC for the first time in a novel approach.  Our control system supports TPM (trusted platform module) services, which guaranties a high level of protection against tampering of data, intrusion and disruption.

Enabling Cybersecurity Solutions for Legacy Drilling Assets: Matthew Olson, Product Champion, Cameron, a Schlumberger company
This presentation will look at the Cameron cybersecurity journey from performing a control system risk assessment, detailed risk profile, recommended security implementation, Cameron cyber security simulator development, penetration testing and finally implementing new Windows 10 ICS and Wonderware platform for our customer’s existing control systems.

Drilling Down into the Murky World of ICS & Maritime Hacking: Nigel Hearne, Sr Consultant, Pen Test Partners
With real world vulnerabilities, we will show how cyber-attacks can be carried out against ICS hardware and infrastructure. We’ll look at how a mobile drilling platform could be compromised, to the ease with which satellite communications can be employed to cause disruption and failure, to the way in which passwords can be retrieved from Programmable Logic Controllers.  While we can’t always see where the next attack will come from, we can at least learn from security research and see how it applies to control systems to avoid disruption and reduce risk.

10:00 am  Coffee Service & Networking

10:30 am  Securing Rig Systems
Session Chair: Siv Hilde Houmb, Chair IADC Cybersecurity Committee, Security Professional, Houmb Invest AS

Hacking Modern PLCs: Siv Hilde Houmb, Security Professional, Houmb Invest AS, Erik David Martin, Security Consultant, Secure-NOK AS
The presentation will discuss how to hack a modern PLC, including a demonstration of a controlled brute-force password attack. The presentation also provides details on how to secure a PLC, as well as details on how to circumvent the security measures. The aim of the presentation is to demonstrate the consequence of incorrect use of cybersecurity measures on PLCs, and that even though modern PLCs are “secure”, they can still be hacked.

Securing the Well of the Future: The Role of Standards in Protecting Modern Wells from Construction to Operations: Mark Carrier, Market Development Director, RTI
Modern wells are highly-collaborative, software-driven systems that require a new security model to protect against threats and to mitigate incidents. This session will discuss the DDS Security standard, designed for Industrial IoT environments, that offers fine-grain access control at the data level and how DDS Security works in modern well construction to protect the data-driven systems from both external and internal threats.

“It Was a Black Hole of Risk”: How Better Visibility Helped One Company Climb Out: Dario Lobozzo, Strategic Account Executive, Forescout Technologies, Juan Negrete, ICS Cybersecurity Manager, EnscoRowan
With quantifying and mitigating cyber and operational risks now becoming a board-level top priority, oil & gas ICS asset owners must begin to craft long term risk reduction strategies. A critical first step to measuring risk is having complete visibility into all devices connected to the network. In this presentation, we will walk you through the journey of how one offshore drilling company went from having limited OT visibility to achieving comprehensive device visibility capable of supporting the industry’s most stringent risk mitigation strategies for many of their offshore rigs.  We will also take a deep dive into how they architected sensor networks for continuous monitoring of their propulsion, BoP, bridge and telemetry systems and how this continuous monitoring provides ongoing support for fleet preventative maintenance, cyber and operational risk reduction and rapid response capabilities.

12:00 pm  Luncheon  BLVD Room  Sponsored by Forescout Technologies

1:00 pm  Application & Collaboration
Session Chair: Juan Negrete, ICS Cybersecurity Manager, EnscoRowan

Application of IADC Cybersecurity Guidelines in Practice: Jonathan Barry, Automation & Edge Data Lead, ExxonMobil
The presentation will address the various challenges associated with requiring compliance to IADC Cybersecurity Guidelines, including: The drive towards compliance is ongoing for many, Operator compliance stewardship is challenging and time consuming for all parties and Rig Contractors often have limited visibility of the Cybersecurity implementation of OEM systems. Consideration needs to be given to coordinating efforts across Operators, Rig Contractors and OEM’s to support the drive towards compliance in a way that manages cost and effort for all parties.

The Journey to Vendor Supported Cyber Seniority on DCS: Tommy Evensen, Cyber Security Responsible, Geir Lien, MHWirth
This presentation describes the journey that Seadrill and MHWirth have been on to develop a vendor supported Cyber security program for the MHWirth DCMS (Drilling Control and Monitoring System). MHWirth and Seadrill will describe the challenges and achievements from both from a vendor and customer perspective and describe the enhanced security the solution delivers.

Achieving Systemic Cybersecurity at Sea: Case Study with Stena IceMAX: Mirnes Alic, Cybersecurity Engineer, Mate Csorba, DNV GL, Sean Gray, Stena Drilling
In this paper, we follow Stena IceMAX on her path to verify and further develop Stena Drilling’s cybersecurity posture through following DNVGL’s Cyber Secure class notation. We present results, challenges and lessons learned from this undertaking as this drillship becomes the first DNVGL cybersecure classified vessel. We will layout typical flows of activities, a roadmap that the asset owner needs to consider as they implement an in-depth cybersecurity approach.

2:45 pm  Coffee Service & Networking 

3:15 pm  Bridging Documents vs Contracts Panel
Sustaining the integrity of disparate information resource management systems while simultaneously providing for inter-organizational interface to support E&P activities is exceedingly critical to safe and successful project execution. What has to be done and how to do it is a question that is becoming increasingly complex. This panel will explore these concepts and consider examples of cyber-risk elements that distinguish “contractual terms” from “bridging processes”.       

  • Michael Lewis, Policy & Framework Advisor, Chevron
  • Glenn Legge, Partner, HFW
  • Additional panelists to be named

4:45 pm  Do Not Let IT Dictate OT – One Drilling Company’s Experience: Louis Gainsborough, Software & Application Project Engineer, KCA Deutag Drilling GmbH
Overcoming the divide between OT and IT security requires that IT collaborate with OT but not dictate OT policy.  A well-defined boundary between OT and IT must be defined with OT then leading in the project, resource, and product selection.  Large machinery carries more risk and someone coming from OT is conditioned to see and mitigate them.  Expectations that a product exists to meet all OT needs must be circumvented with plans to innovate.

5:15 pm   Closing Remarks

Wednesday, 9 October

8:00 am  Registration & Coffee Service  

8:25 am  Welcome & Introduction: Siv Hilde Houmb, Chair IADC Cybersecurity Committee, Security Professional, Houmb Invest AS

IADC Cybersecurity Committee Activities Update: Siv Hilde Houmb, Chair IADC Cybersecurity Committee, Security Professional, Houmb Invest AS

8:45 am  Overview of the USCG Cyber Risk Management: US Coast Guard Cyber Officer
Cyber-attacks on industrial control systems could kill or injure workers, damage equipment, expose the public and the environment to harmful pollutants, and lead to extensive economic damage. There are as many potential avenues for cyber damage in the maritime sector as there are cyber systems. We must identify and prioritize those risks, take this threat seriously, and work together to improve our defenses. Fortunately, the men and women of the United States Coast Guard take our responsibility to protect the nation from threats seriously.

9:00 am  Regulatory Panel: Emerging Mandates & Technical Directives, What Might We Expect to See?
Moderator: Jim Rocco, Sr Director, Government & Industry Affairs – Offshore, IADC
Robust integrity of infrastructure that underpins the delivery of vital services and execution of risk-sensitive operations is growing evermore critical to today’s industrial and business functions. This panel will entertain a variety of initiatives and policies that regulatory authorities potentially envision and are promulgating in support of national cyber risk concerns.     

  • Captain Russell Holmes, Officer in Charge, Marine Inspection Outer Continental Shelf
  • Angela Haun, Executive Director, ONG-ISAC
  • George Reeves, CISSP, Cyber Security Advisor, Region VI, South Texas & New Mexico, CISA

10:15 am  Coffee Service & Networking

10:30 am Cybersecurity Solutions for Rig Systems II
Session Chair: Thomas Koithan, Engineering Manager Control Systems, Weatherford

Best Practices, Lessons & Next Steps for Cybersecurity Program Implementation: Christopher Goetz, CEO, Nebosja Stanivuk, Kingston Systems LLC
Designed for drillers and operators to understand how to apply NIST, ISA 62443 and IADC recommendations. Kingston Systems will provide a case study based presentation of lessons learned from global observation of operational technology (OT) Control Systems Cybersecurity program implementations. What works, what needs works, and where do you start if just starting your cybersecurity program. A practical review for those with a mature program and a great place to start for those trying to find their footing.

Cyber Risk Management in the Offshore Industry: Felipe Mondragon, Director, Cyber Security, Noble Corporation
A standardized methodology for managing cyber risk in the drilling industry is not defined at this time. Cybersecurity standards / guidelines are maturing, and regulation is on the horizon. A cyber security incident in the drilling industry would have negative impacts across all industry sectors. Benefits of an industry risk management approach include standardized risk assessments, acceleration of gap remediation, compliance with cyber security standards, and reduction of cyber risk impact across the drilling industry.

Zero Trust Segmentation of Offshore platform: Lionel Jacobs, Sr Security Architect for ICS & SCADA Systems, Palo Alto Networks
Industrial automation and control systems found in critical infrastructure, energy, and the manufacturing industries have enjoyed unprecedented agility, speed and cost savings with the introduction of information technology. However, with this integration have also come IT vulnerabilities, which malicious actors are increasingly exploiting to disrupt critical processes and steal confidential information. One major area of concern for many ICS and SCADA operators, especially those with marine-based process control environments, is ensuring proper control system isolation. Maintaining proper segmentation between the local controls systems, business network, and the general use network used to provide crews with the creature comforts of home is critical to ensure safe operations.  Cybersecurity professionals agree that network segmentation is a crucial step in network security.

12:00 pm  Adjournment

Unassigned Paper of Note
Should a scheduled presentation become unavailable, an unassigned paper may be accepted for presentation. In addition,  presentations will be made available in the IADC conference proceedings, should the authors so desire.

Insider Turned Outsider: A Framework for Managing Insider Threats to Oil & Gas: Crystal Lister, Sr Director, Insider & Cyber Threats, GPSG, Bonnie Stith, Stith Associates
The global nature of the oil and gas industry and its dependence on information technology to run widespread operations increases the risk of critical assets or data being mishandled or stolen by an insider. Malicious and unintentional insider incidents can result in lost productivity, corporate image harm, physical violence to your workforce, and more. This discussion provides a framework for managing insider risk that challenges internal decision-making processes, discovers communication conflicts among stakeholders, and enhances enterprise insider incident response plans. It includes actionable recommendations and resources based on executive leadership team best practices and lessons learned from real-world insider incidents.

Conference Program Committee

Ben Ramduny
Juan Negrete, EnscoRowan
Michael Lewis, Chevron
Nathan Singleton, Helmerich & Payne, Inc.
Oren Niskin, Diamond Offshore Drilling, Inc.
Sean Gray, Stena Drilling
Siv Hilde Houmb, Houmb Invest AS
Thomas Koithan, Weatherford
Vikas Rakhunde, Schlumberger
Zach Hrabak, Cameron, a Schlumberger company
Jim Rocco, IADC

 

Sponsorship Opportunities

There are four levels of sponsoring: Diamond sponsors, Platinum Sponsors, Gold Sponsors, and Silver Sponsors. Event sponsorships are also available and will be categorized by monetary contribution with the appropriate level of sponsorship. Please find the benefits of the sponsor packages below. The conference sponsor will receive high profile recognition before, during and after the conference.

Diamond Sponsor Header

Diamond $25,000
(10 Comps*)

img-Platinum

Platinum $15,000
(5 Comps*)

img-Gold

Gold $10,000
(3 Comps*)

img-Silver

Silver $5,000
(1 Comp*)

img-Event

Event sponsorships are also available!

For more information please contact:

Stephanie Carling, stephanie.carling@iadc.org or Lori Gagula, lori.gagula@iadc.org, at +1.713.292.1945.

* Comps refer to number of complimentary registrations

Hotel Information

Please make your room reservations directly with the hotel.
Please be sure to mention IADC to obtain discounted rate.

Hilton Houston Post Oak by the Galleria

2001 Post Oak Blvd, Houston, TX 77056, United States
Phone: +1.713.961.9300
Room Rates: $179.00 per night (single or double)
Parking: $15 for 24 hours (discounted IADC rate)
Rates are available until 16 September 2019.
Click here to make your reservation online.

Click here to view the hotel website.

Warning: Please note that there is a company named Exhibition Housing Services (EHS) actively approaching conference delegates and exhibitors by phone and email trying to sell hotel rooms at the Hotel for a cheaper rate than the published rate on this conference website. Please note that Exhibition Housing Services does not represent IADC or the hotel, nor has IADC or the hotel authorized EHS to use their names or trademarks on information they send out to exhibitors and delegates.

To avoid being a victim of fraud, please do not give out your credit card details to any other party and make your hotel reservations exclusively through the Hotel.

Toggle

Press Policy

Complimentary press registration is limited to one (1) person per company. This individual must be a titled editor, writer, reporter or other bona fide editorial representative of a legitimate industry or consumer publication. Publishers and sales and marketing specialists are excluded from this complimentary registration practice and must pay the full conference registration fee to attend an event.

The IADC Cybersecurity for Drilling Assets Conference is advertised in industry publications media including:

Click the logo to visit: Click the logo to visit:
DC Logo Events Footer Upstream Logo Events Footer

IADC provides web links as a member service. IADC does not warranty or endorse the accuracy or reliability of any of the information, content, or advertisements contained on websites linked to www.iadc.org or any of its subsidiary pages.

Event Summary

IADC Cybersecurity for Drilling Assets Conference