WORKSHOP
Incident Command System for Industrial Control Systems
Instructor
Brian Peterson, ICS4ICS Program Manager, ISA
Incident Command System for Industrial Control Systems (ICS4ICS) is designed to improve cybersecurity incident response efforts that impact the industry by combining three capabilities that already exist in most companies:
- 1. Incident Command System is a proven process for managing various types of incidents
- 2. Cybersecurity teams leverage Computer Incident Response processes to investigate cyber
- 3. Industrial Control System/Operational Technology experts manage the technical aspects of many types of incidents
This session will help participants learn how ICS4ICS is the emergency cyber response for workforce development.
KEYNOTE
Security by Design — A Communication Problem?
Sarah Fluchs, CTO, admeritia GmbH
For a long time, cybersecurity regulation has mainly addressed critical infrastructure operators. This year, the focus has shifted to product manufacturers with regulations like EU’s Cyber Resilience Act (CRA) the UK Product Security and Telecommunications Infrastructure Act (PSTI) or UNECE R155/156 for cars. In addition, national security authorities from dozens of countries, led by US CISA, are pushing security by design globally through joint recommendations, and many countries are introducing cybersecurity labels for IoT products.
If everybody wants Security by Design – then why is it still not done? Maybe it’s not the technology. Maybe not even the money. Maybe the problem we need to solve is a communication problem between product manufacturers and operators / users. Sarah substantiates this point by summarizing what the above regulations require from manufacturers and shows new approaches for communicating cybersecurity – during design as well as after design, between engineers as well as towards management and an interested public.
INTELLIGENCE EVOLUTION TRACK
Intro to Intelligence Evolution
Megan Samford, VP, Chief Security Officer, US National Security Agreements & US Federal Business, Schneider Electric
In this introduction to intelligence evolution, our expert presenter will provide an overview of the latest advancements in artificial intelligence, machine learning and data analytics while exploring how these technologies are transforming the way we understand and interact with the world around us.
IOT CYBERSECURITY TRACK
The Growing Cyber Threat and Need to Respond in the OT Space
Brian Holliday, Managing Director, Siemens, Co-Chair Made Smarter Commission, Made Smarter UK
In this introductory session, Brian Holliday will talk about his experience with Made Smarter UK and provide a comprehensive overview of the fundamentals of cybersecurity. Attendees will gain a solid understanding of the key concepts, strategies and best practices for protecting digital assets and mitigating risk in today's interconnected world. Don't miss this opportunity to lay the foundation for a stronger, more secure digital future!
TECH DEMO
See and Secure Every Device and Connection in the Industrial Environments
Sponsored by Armis
Nick Morgan, Solution Architect, Armis
A lot of challenges faced in today's Operational Technology (OT) environments stem from the ever-evolving attack surface. Given the growing reliance on interconnected assets and cloud services, operators in manufacturing and critical infrastructure processes are more vulnerable than ever to attack. This session will demonstrate how organizations can see, protect, and manage their OT infrastructure with Armix Centrix™, the cyber exposure management platform.
INTELLIGENCE EVOLUTION TRACK
Leveraging an Outcomes-based Approach with International Standards to Mitigate Cyber Risks
Mohammed Zumla, Managing Consultant, Cyber ICS
Operators of essential services, regulators, government, vendors and consultancies have been navigating their way through compliance. Although the spirit of NIS regulations is to uplift the overall level of cyber resilience for critical national infrastructure, the journey has been complex and often misunderstood by many. This presentation helps all those concerned to focus on this spirit and develop a staged approach to both satisfy compliance requirements and be resilient against the ever-evolving threats.
IOT CYBERSECURITY TRACK
Secure by Design
Rob Barnes, Security Systems Architect, Rolls-Royce SMR Ltd.
In this informative session, Rob Barnes will delve into the core principles of Secure by Design, a critical approach to developing secure software and systems from the ground up. Attendees will learn about best practices for incorporating security into the entire development lifecycle, from design and coding to deployment and maintenance. This talk is designed for anyone looking to enhance their understanding of how to build security into the foundation of digital products and services.
IOT CYBERSECURITY TRACK
Practical Experience with NIS2 Directive Implementation Leveraging ISA/IEC 62443
Ilja David, CEO & Security Manager and Architect, Iron OT
This presentation will explore practical insights from implementing the NIS2 Directive using mainly ISA/IEC 62443 in two large enterprises from the chemical & pharmaceutical industry and from healthcare. It will detail the identification of OT systems within the NIS2 scope, insight into the Czech transposition of NIS2, and steps taken to achieve compliance with NIS2, ISA/IEC 62443 and ISO 27001 together in these organizations. This session aims to equip attendees with actionable steps that might serve as a basis for their own implementations or inspire them on how to do it on their own.
IOT CYBERSECURITY TRACK
Impact of New Tech in Standards
Cindy Segond von Banchet, OT Cybersecurity Lead, Yokogawa Europe
Join us as we discuss the complex interplay between new technology standards in the rapidly evolving world of cybersecurity. Attendees will learn how emerging technologies, such as AI, IoT and cloud computing, are shaping the development and enforcement of security standards. The talk will explore the challenges and opportunities presented by this intersection, as well as the implications for the future of cybersecurity. This session is designed for anyone seeking to enhance their understanding of how new technologies are transforming the standards landscape and how to effectively navigate these changes to maintain a strong security posture.
INTELLIGENCE EVOLUTION TRACK
Fireside Chat: Understanding the Hardware Side of Supply Chain Risk and Protecting It
JC Herz, Senior Vice President, Cyber Supply Chain, Exiger
Cassie Crossley, Vice President, Supply Chain Security, Cybersecurity & Product Security, Governance, Schneider Electric
During this fireside chat, our speakers will explore the dynamic relationship between the hardware side of supply chain risk and how to protect it. Our panel of industry experts will discuss the unique challenges and opportunities, offering valuable insights on how to leverage intelligence to identify and mitigate risks in the hardware supply chain industry. Attendees will learn about the latest trends and best practices for securing their hardware infrastructure and gain practical advice on how to stay ahead of emerging threats.
INTELLIGENCE EVOLUTION TRACK
Supply Chain Intelligence Sharing
Chris Blask, Vice President of Strategy, Cybeats
The CISA SBOM sharing working group recently published a document defining three key roles in SBOM sharing: author, distributor and consumer. In this session, the group's co-chair will discuss the current and future state of supply chain intelligence networks, and provide actionable steps for attendees in any of these roles.
PANEL DISCUSSION
Linking Hardware and Software
Moderator: Steve Mustard, President & CEO, National Automation, Inc.
Megan Samford, VP, Chief Security Officer, US National Security Agreements & US Federal Business, Schneider Electric
Paul Hingley, Business Manager, Industrial Security and Safety Services, Siemens
Anna Burrell, Cyber Security for Industrials, OT SME, Director, Deloitte
Sarah Fluchs, CTO, admeritia GmbH
In this informative panel discussion, we will explore the critical link between hardware and software in securing our digital world. Listen as our panelists talk about the intersection of these two crucial components of cybersecurity, discussing the latest trends, challenges and opportunities in securing both hardware and software systems. Learn about the importance of implementing a holistic approach to cybersecurity, as well as practical strategies for enhancing the security of both hardware and software infrastructure.
INTELLIGENCE EVOLUTION TRACK
Securing Your Networks with the Addition of 5G Technology
Greig Paul, Research Engineer, Electronic and Electrical Engineering, University of Strathclyde
As technology continues to evolve, so do the threats to our network. The addition of 5G technology brings new challenges and opportunities for securing our networks. During this session, we will explore the latest developments in 5G technology and its impact on network security. Our expert speaker will discuss the intelligence evolution and how it affects the security of our networks. Attendees will gain insights into the best practices for securing 5G networks and learn about emerging threats and mitigation strategies.
IOT CYBERSECURITY TRACK
Ensuring IIoT Device Security Through Certification and the ISA Secure Standard
Patrick O'Brien, Cybersecurity Team Leader, exida
As the Industrial Internet of Things (IIoT) continues to expand, ensuring the security of connected devices has become a critical concern for organizations. This technical presentation will delve into the importance of IIoT device certification and the role of the ISA Secure standard in addressing these challenges.
TECH DEMO
Assessment and Certification Strategy for OT-security
Sponsored by UL Solutions
Alexander Koehler, Principal Security Advisor, UL Solutions
Learn how to comply with a multitude of regulations and standards globally, in an efficient and sustainable way.
TECH DEMO
Mitigating Risks in Operational Technology: Best Practices and Innovations
Sponsored by Claroty
David Van Crout, Senior Director, Europe, Claroty
Many organizations are struggling to move forward with their risk management program. This session delves deeper into how companies are moving to a pragmatic approach and how this has helped them to adopt frameworks such as NIST, 62443, OG86, CAF, and more. Learn practical examples of how other organizations have leveraged the data found through exposure management and how you can leverage this as part of an overall OT Cyber management system.
INTELLIGENCE EVOLUTION TRACK
Brave New World: How Do We Start the Quantum Migration?
Andersen Cheng, Founder, Post-Quantum
When the Quantum Computing Cybersecurity Preparedness Act became law in the United States in December 2022, quantum migration became a reality. Adoption began with U.S. federal agencies and was closely followed by other nation states. Critical nation infrastructures and highly-automated sectors have been identified as particularly vulnerable, and action needs to be taken now.
IOT CYBERSECURITY TRACK
Cybersecurity in Action: Real-World Applications of ISA/IEC 62443 in Energy Storage Systems
SZ Lin, Chief Cybersecurity Expert, Bureau Veritas
This presentation explores the integration of cybersecurity measures in energy storage systems (ESS), a vital aspect in the increasingly interconnected and digitalized energy sector. It focuses on the practical application of the ISA/IEC 62443 standard, an essential framework for industrial cybersecurity, especially within the context of ESS. The session highlights common challenges faced by organizations in the energy sector during the implementation of these standards and pinpoints crucial areas requiring attention for a robust cybersecurity posture.
KEYNOTE
The Intersection of Sustainability and Cybersecurity
Simon Hodgkinson, Former CISO, BP
As the world becomes increasingly digitized, the importance of cybersecurity is greater than ever. At the same time, the growing awareness of the environmental impact of technology has made sustainability a crucial consideration. In this keynote, we will explore the intersection of these two critical issues and discuss how organizations can balance security and sustainability in their digital strategies.
Attendees will gain a deeper understanding of the relationship between cybersecurity and sustainability and learn practical strategies for building a secure and environmentally responsible digital future.
INTELLIGENCE EVOLUTION TRACK
Cybersecurity and Sustainability: Partners to Drive Growth and Governance
Prabhu Soundarrajan, President, ISA
Cybersecurity and sustainability are two sides of the same coin, working together to drive business growth and corporate governance alike. Both cybersecurity and sustainability are driven by regulatory, reporting and standards frameworks that help shareholders, the general public and regulatory bodies to develop trust and understand how an enterprise operates. This presentation will cover how cybersecurity, sustainability and automation act in partnership to accelerate growth and safety.
IOT CYBERSECURITY TRACK
Clean Energy Cybersecurity
Emma Stewart, Chief Power Grid Scientist & Research Strategist, Idaho National Laboratory
As the world transitions to clean energy sources, the cybersecurity of these systems becomes increasingly critical. This session will explore the unique challenges and opportunities of securing clean energy infrastructure, from solar panels to electric vehicle charging stations.
Attendees will learn about the latest cybersecurity threats and trends in the clean energy sector, as well as strategies for protecting against them.
TECH DEMO
Simplifying Deployment by Preparing in Advance
Sponsored by Dragos
Neil Brown, Senior Solutions Architect, Dragos
Need to monitor your OT networks, but worried about how long it will take and paranoid about breaking something? Like anything, good planning and preparation can help smooth the journey. Here, we will talk about some steps you can take to plan how you will implement a monitoring solution, gaining quality visibility without causing any unwanted impact.
TECH DEMO
Enabling Secure and Simple Privileged Remote Access to OT
Sponsored by Cyolo
Ian Cuthbertson, Sales Engineer, Cyolo
In this session, you will learn how Cyolo can enable simple to use and secure remote access for your OT environment such as providing a reduced attack surface, greater visibility and control and practical controls like segmentation, encryption, identity, and privilege management. As a highly flexible solution for on premises, hybrid and cloud connect environments, you will understand how Cyolo can meet the demands of all enterprises, replacing insecure and complex to manage VPN connectivity
INTELLIGENCE EVOLUTION TRACK
Critical Infrastructure and Threat Intelligence
Carolyn Swinney, Executive Fellow, University of Essex
Critical infrastructure, such as energy, transportation, and communications systems, are essential for the functioning of our society. However, these systems are also vulnerable to cyber-attacks, which can have severe consequences. In this session, we will discuss the importance of threat intelligence in protecting critical infrastructure and share strategies for identifying and mitigating emerging threats.
IOT CYBERSECURITY TRACK
Navigating the Complexities of Maritime Cybersecurity: Challenges, Controls and Collaboration
Christopher Stein, Lead Engineer, Maritime Cybersecurity, Royal Caribbean Group
The maritime industry is rapidly digitizing, making cybersecurity a critical concern. Join us as we explore the unique challenges of cybersecurity in maritime environments, including the need to balance safety and security and the challenges of applying traditional Industrial Control Systems (ICS) security measures. Learn about the key cybersecurity controls for the maritime industry — such as asset management, multi-factor authentication and risk assessment – and come to understand the importance of collaboration between maritime stakeholders, including shipowners, equipment manufacturers and cybersecurity experts, to develop effective cybersecurity strategies and mitigate risks. Drawing on real-world examples from companies like Royal Caribbean, Christopher Stein will provide insights into how the maritime industry can navigate the complexities of cybersecurity and ensure the safety and security of its operations.
IoT CYBERSECURITY TRACK
Exploring the Security Impacts of GenAI in IT and OT
Dr. Andrew Rogoyski, Director of Innovation, Surrey Institute for People-Centered AI
Generative AI (GenAI) has emerged as a transformative technology with numerous applications across industries. While GenAI presents exciting opportunities for innovation, it also introduces new security challenges in both Information Technology (IT) and Operational Technology (OT) environments. This technical presentation will explore the security impacts of Generative AI in IT and OT.
IOT CYBERSECURITY TRACK
ISA Cybersecurity Programs and Initiatives
Andre Ristaino, Managing Director, Global Consortia, Conformity Assessment, ISA
Join us for an overview of ISA cybersecurity programs and initiatives, including our industry-leading consortia. In this session, we will delve into the details of the ISA/IEC 62443 Cybersecurity Certificate Program, which provides training and knowledge-based recognition in industrial cybersecurity based on the world's only consensus-based series of standards.
IOT CYBERSECURITY TRACK
Where Conflict and Adversaries Collide Within the Cyber Supply Chain
JC Herz, Senior Vice President, Cyber Supply Chain, Exiger
Geopolitical conflict and the geopolitical fault lines in critical industries have made cybersecurity into a higher-dimension intelligence problem: product vulnerabilities, exploitability and targeting are more effectively prioritized and managed with an overlay of supplier risks that are not present or detectable with code scans. These risks can be detected and managed by combining operational transparency with geopolitical risk data metrics on devices, software and upstream service providers and software suppliers. Attendees will walk away with:
- An overview of the intersection of cybersecurity and intelligence
- Positioning of the supply chain challenges relating to threats not simply found through tools
- Non-obvious threats in the software and firmware ecosystem
- How these threats can be detected and managed through a comprehensive program that can be tailored to your risk appetite and regulatory obligations
INTELLIGENCE EVOLUTION TRACK
Defining an Incidence Response Plan on a National Level
Ivan Monforte Fugarolas, Head of Communication, Ecosystem and Cybersecurity Culture, Cybersecurity Agency of Catalonia
As cyber threats continue to evolve and become more sophisticated, having a robust incident response plan is essential for minimizing damage and ensuring a quick recovery. This session will explore the challenges and best practices for defining and implementing an incident response plan on a national level in Spain, with a focus on coordination between government agencies, critical infrastructure operators and other stakeholders.
PANEL DISCUSSION
Evolving Threat Landscape
Moderator: Scott Reynolds, Security Engineering Manager - ITD, Johns Manville
JC Herz, Senior Vice President, Cyber Supply Chain, Exiger
Jack Duffield, Royal Air Force
Johnny Awad, Cyber Leader for Energy and Renewables, Strategy & Transformation, Deloitte
Phil Tonkin, Field Chief Technology Officer, Dragos
This panel discussion will bring together experts in the field of threat intelligence to share their experiences, strategies, and best practices. Our panelists will discuss the current state of threat intelligence, including the latest trends, challenges, and opportunities. Attendees will learn about cyber threat intelligence, addressing and identifying the threats, and emerging risk.
TECH DEMO
Evidencing Zones and Conduits
Sponsored by Fortinet
Stefan Liversidge, OT SE & Subject Matter Expert, Fortinet
Ben White, UKI OT Business Development Manager, Fortinet
Fortinet will present an application of ISA/IEC 62443 Zones and Conduits in the context of simple PID loop environment in Operational Technology. The Demo will show how FortiGate and FortiSwitch can perform Segmentation and Protocol Inspection. We will summarize this demo by then showing Foundational Requirements alignment.
WORKSHOP
Standards Workshop: Empowering Global Automation with ISA's International Standards Program
Charley Robinson, Senior Director, ISA Standards
ISA’s international standards play a vital role in promoting safety, cybersecurity, and efficiency across global industry. This workshop will provide an overview of ISA’s international standards program and its relationship to and collaboration with the International Electrotechnical Commission (IEC). A panel of experts representing standards stakeholders will then answer questions from the audience.
View by Topic
View by Track
View by Day
Cyber Empowerment Forum
Empower your team with operational technology (OT) cybersecurity! This panel brings together A-list professionals to explore how OT cybersecurity strengthens safety, resilience and operational reliability in industrial environments. Panelists will discuss real-world challenges at the intersection of information technology (IT) and OT, including legacy systems, workforce upskilling and risk communication. Drawing on practical insights and lived experience, this session highlights how OT cybersecurity teams can move beyond compliance to become trusted enablers of secure operations. Attendees will leave with actionable perspectives they can apply directly on the plant floor and in the boardroom.
Presenters:
Topic(s): Cybersecurity Standards, Policy and Regulations Industrial Control Systems (ICS) Connectivity & Communications Threat Intelligence Risk Assessment & Management Cyber Physical Safety
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Megan Samford is responsible for driving the security strategy across products within Schneider Electric’s Energy Management business. In taking her role at Schneider Electric, Megan became the first female chief product security officer (CPSO) for a major industrial without first being a chief information security officer (CISO).
Prior to joining Schneider Electric, she led product safety and security programs at GE and Rockwell Automation. Before joining the private sector, Megan served as Virginia’s critical infrastructure protection coordinator for Governors Tim Kaine and Bob McDonnell. She is the current chair of the DHS Control Systems Working Group Incident Management Sub-Working Group, ISA Board Member and founder of the Incident Command System for Industrial Control Systems (ICS4ICS) public-private partnership.
Cheri Caddy is an independent consultant on cybersecurity and emerging technology policy, strategy, technical standards and governance/risk/compliance issues. She is a senior cybersecurity advisor to Savannah River National and a member of several advisory boards, including the Technology Advancement Center. She also chairs the Board of Fellows Visiting Committee of the Leahy School of Cybersecurity and Advanced Computing at Norwich University.
Ms. Caddy held her senior national security and technical policy roles in the US Government for over 30 years. Prior to retiring from federal service, she served as deputy assistant national cyber director for technology and research in the Office of the National Cyber Director (ONCD) at the White House. At ONCD, she was executive technical lead for development and implementation of the 2023 National Cybersecurity Strategy and a principal contributor to the 2023 National Standards for Critical and Emerging Technology.
Ms. Caddy also recently served as senior technical advisor for cybersecurity at the Department of Energy (DOE) where she managed a portfolio of 60 million USD in cyber-related R&D across the National Laboratories, coordinated cyber R&D across the department and represented DOE at the National Science and Technology Council.
.jpg?width=417&height=417&name=Marina%20Krotofil%20(1).jpg)
Dr-Eng Marina Krotofil is a cybersecurity professional with 15 years of hands-on experience in industrial control systems (ICS) and cyber-physical security with a strong focus on critical infrastructure protection. She has managed and executed diverse technical projects worldwide across a variety of industrial and non-industrial domains.
Marina is also an experienced cybersecurity researcher and Red/Blue Teamer who has discovered numerous novel attack vectors and exploitation techniques, designed innovative defense methods and assisted with complex incident responses. She frequently collaborates with international organizations on technical threat intelligence topics, is a member of the Black Hat Review Board and serves as an evaluator of EU-funded security project proposals.
Keynote: Transatlantic Cyber Cooperation: Perspective of the Czech Republic
This session will provide a clear, practical overview of transatlantic cyber cooperation from the Czech Republic’s perspective. Berta Jarošová will explain how the Czech Republic and the United States collaborate to address growing cyber threats, particularly those targeting critical infrastructure. It will focus on how cooperation will evolve in response to current challenges, including geopolitical tensions, rising cyberattacks and regulatory differences.
Attendees will learn how the Czech Republic continuously improves its national cybersecurity framework, including adopting the new National Cyber Strategy, implementing the new Act on Cyber Security (ACS), which transposes the NIS2 Directive, proposing a new ICT Supply Chain Mechanism and building a new Cyber Portal for incident reporting and management across the constituency.
This session will also explore how the Czech Republic contributes to international efforts through its roles in the European Union (EU) and the North Atlantic Treaty Organization (NATO). Additionally, it will share practical insights from real-world collaboration, including recent cybersecurity advisories on cyber threats and actors, published in cooperation with US partners, joint cybersecurity advisories and the attribution of malicious cyber activities to state-sponsored actors.
Presenter: Berta Jarošová
Topic(s): Cybersecurity Supply Chain Standards, Policy and Regulations Threat Intelligence Incident Response Risk Assessment & Management Cyber Physical Safety
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Session Sponsored by Honeywell: Continuous Compliance in OT: Leveraging Automated Collection for ICS/OT Audits
In the rapidly evolving landscape of operational technology (OT) and industrial control systems (ICS), traditional "point-in-time" manual audits are no longer sufficient to address modern cybersecurity threats. Organizations often struggle with fragmented tools and manual evidence collection, leading to "compliance fatigue" and dangerous security blind spots.
This presentation explores how automated collection for governance, risk (management) and compliance (GRC) can transform OT cybersecurity audits from a reactive, annual burden into a proactive, continuous process. It also discusses the integration of GRC platforms with OT-specific assets to enable:
- Automated evidence collection: Reducing manual effort by pulling logs and configurations directly from industrial systems
- Continuous controls monitoring (CCM): Moving beyond periodic snapshots to real-time visibility into control health across multiple sites
- Framework mapping: Efficiently aligning OT operations with standards like ISA/IEC 62443-3-3 and NIST SP 800-82
Presenter: Bart van der Hoorn
Topic(s): Industrial Control Systems (ICS) Cybersecurity Standards, Policy and Regulations Threat Intelligence ISA/IEC 62443
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Bart van der Hoorn is a product manager specializing in industrial cybersecurity at Honeywell, with 19 years of industry experience. He currently shapes Honeywell’s cybersecurity portfolio around end‑user needs, leaning on 8 years as a solution architect working closely with customers in operational environments.
Over the past 5 years, his focus has been dedicated to industrial cybersecurity, helping organizations strengthen operational technology (OT) cyber resilience while maintaining operational performance, safety and availability. With a background spanning engineering, operator effectiveness and connected industrial platforms, Bart brings a holistic perspective on how cybersecurity enables secure and scalable digital transformation.
Cyber-Physical Safety in Practice: Audit Insights from TÜV SÜD in Industrial Environments
Industrial companies increasingly face overlapping cybersecurity and safety requirements. Drawing on TÜV SÜD’s audit and inspection experience, this presentation explains how cybersecurity requirements are introduced through the German Technical Rule for Occupational Safety and Health ("TRBS 1115-1"), which provides a practical foundation for addressing cyber-physical safety, particularly for small and medium-sized industrial enterprises (SMEs).
The 2017 Triton/Trisis attack is a well-known example of this risk. Yet major gaps remain in even the most fundamental cybersecurity measures, as many SMEs continue to allow direct access by service providers, operate with only rudimentary firewalls and lack proper network segmentation. Shared accounts are also widespread, often due to technical limitations. Although regulatory frameworks provide generic guidance, for example, an increased set of requirements based on the connectivity level of an asset in TRBS 1115-1, more holistic approaches, such as the ISA/IEC 62443 foundational requirements, are regularly applied in practice.
This talk further illustrates how rising regulatory pressure from the Machinery Directive, the Cyber Resilience Act and NIS2 drives the need for structured alignment with established standards such as ISO/IEC 27001 and ISA/IEC 62443. Drawing on recurring inspections of safety-critical assets, including pressure- and explosion-prone equipment, this session highlights the fundamental challenges of establishing sustainable cybersecurity operations in a “functionality-first,” engineering-driven context, even when long-established, trusted business relationships exist.
Presenter: Kai Hartmann
Topic(s): Cybersecurity Cyber Physical Safety Industrial Control Systems (ICS)
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
International Policy and Regulation: From Red Lines to Rules of Engagement
Presenter: Danielle Jablanski
Topic(s): Transportation Connectivity & Communications CRA Cyber Physical Safety Cybersecurity Incident Response ISA/IEC 62443
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Danielle “DJ” Jablanski leads STV’s operational technology (OT) cybersecurity consulting program. DJ developed OT and industrial control systems (ICS) strategy for the Cybersecurity Division (CSD) of the US Cybersecurity and Infrastructure Security Agency (CISA), a department of the US Department of Homeland Security (DHS). She conducted analysis of cross-sector security needs, controls assessments and OT cybersecurity challenges.
DJ authored the latest OT guidance on network segmentation and consulted on OT projects across the federal government, from Zero Trust implementation in OT networks to high-value asset identification and classification across the federal civilian and executive branch. DJ also led interagency and cross-sector risk analysis related to the White House National Security Memorandum 22, Sector Risk Management priorities and industry collaboration efforts.
From Compliance to Resilience: An Actionable Blueprint for Global OT Security
How does a global enterprise secure thousands of operational technology (OT) assets – from legacy programmable logic controllers (PLCs) on isolated production lines to modern, connected supervisory control and data acquisition (SCADA) systems – against emerging threats while complying with disparate legislative mandates, such as NIS 2.0 and TRBS 1115-1?
This presentation provides a technical blueprint for establishing a unified, resilient and auditable OT cybersecurity program. We move beyond high-level strategy to detail a practical framework that translates legal and standards-based requirements into concrete, implementable controls for a technical audience.
Presenter: Gustav Martin Bartel
Topic(s): Cybersecurity Anomaly Detection Threat Intelligence Incident Response Risk Assessment & Management
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Effective Cross-Sector Cybersecurity: Where Government Structure, Standards and Cyber Safety Meet
Presenter: Cheri Caddy
Topic(s): Cybersecurity Supply Chain Standards, Policy and Regulations Threat Intelligence Incident Response Risk Assessment & Management Cyber Physical Safety
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
Cheri Caddy is an independent consultant on cybersecurity and emerging technology policy, strategy, technical standards and governance/risk/compliance issues. She is a senior cybersecurity advisor to Savannah River National and a member of several advisory boards, including the Technology Advancement Center. She also chairs the Board of Fellows Visiting Committee of the Leahy School of Cybersecurity and Advanced Computing at Norwich University.
Ms. Caddy held her senior national security and technical policy roles in the US Government for over 30 years. Prior to retiring from federal service, she served as deputy assistant national cyber director for technology and research in the Office of the National Cyber Director (ONCD) at the White House. At ONCD, she was executive technical lead for development and implementation of the 2023 National Cybersecurity Strategy and a principal contributor to the 2023 National Standards for Critical and Emerging Technology.
Ms. Caddy also recently served as senior technical advisor for cybersecurity at the Department of Energy (DOE) where she managed a portfolio of 60 million USD in cyber-related R&D across the National Laboratories, coordinated cyber R&D across the department and represented DOE at the National Science and Technology Council.
Managing Modern Complexity: A Practical Case Study of Colgate-Palmolive’s New Site Design
How should we design a manufacturing site to handle digital transformation? The growing number of operational technology (OT) network devices creates complex traffic, making security hardening and universal remote access essential.
Using real-world site examples, we will demonstrate how Colgate implemented a segmentation standard to meet the challenges of the Fourth Industrial Revolution. We will share an engineering perspective on how Ethernet topology, VLANs, machine integration and the server environment converge to form a secure, practical-to-manage system that enables seamless automation.
Presenter: Jakub Kogut
Topic(s): Connectivity & Communications Cybersecurity Industrial Control Systems (ICS) ISA/IEC 62443 Maritime/Marine
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
The Human Side of Industrial Cybersecurity: Culture, Drift, and Risk in Automation & Safety Systems
Cybersecurity in industrial automation and safety systems isn’t just a technology problem – it’s a people problem. Over time, small shortcuts, pressure to keep production running, and “we’ve always done it this way” thinking quietly erode defenses. This talk examines how organizational culture and everyday human factors contribute to the normalization of deviance, in which risky practices gradually become the new normal.
Drawing on real-world risk management lessons, we’ll cover practical ways to push back: better awareness training, stronger behavioral signals from leadership and early warning systems that actually catch drift before it becomes a headline.
The goal is simple – build environments where people are part of the protection, not the weakest link.
Presenter: Marco (Marc) Ayala
Topic(s): Cybersecurity Industrial Control Systems (ICS) Incident Response Risk Assessment & Management ISA/IEC 62443 Maritime/Marine Cyber Physical Safety
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
Marco has 30 years of field experience, during which time he designed, implemented and maintained process instrumentation, automation systems, safety systems and process control networks. In his role with a large global manufacturing company, he is responsible for applications globally that are specific to plant site operations and corporate governance.
With nearly 2 decades focused specifically on industrial cybersecurity, he led efforts to secure the oil and gas (all streams), maritime port, offshore facilities and chemical sectors supporting federal, local and state entities in securing the private sector.
Marco is highly active in the International Society of Automation (ISA) as a longtime member and has recently been elected to the ISA Executive Board. He is a 22-year Senior Member and a certified cyber instructor for ISA/IEC 62443 with volunteering commitments and contributor to the AMSC Gulf of America (Mexico) cybersecurity committee in a sworn-in role to the US Coast Guard (USCG) as chair of threat intelligence and cybersecurity for the outer continental shelf (OCS).
He has been an InfraGard member since 2014 and is currently serving as president of the Houston Members Alliance.
Session Sponsored by Booz Allen: From Intel to Impact: Sharpening OT IR Before the Alarms Sound
Operational technology (OT) cyber incidents rarely begin with a bang – they begin with gaps: gaps in preparation, gaps in documentation and gaps in coordination.
This session explores the anatomy of an incident, outlining a practical process that takes the organization from discovery through recovery and back to business-as-usual. Drawing on Booz Allen’s extensive field experience across critical infrastructure environments, we will then discuss a recent OT incident case study, providing the blow-by-blow of how the response unfolded and an accounting of client outcomes once the dust settled. We will also break down recurring challenges encountered during live OT incidents, as well as pre-incident best practices to help you avoid becoming a case study.
Lessons learned from real experience illustrate how preparation translates directly into reduced downtime, safer containment decisions, greater resilience and faster recovery when an incident occurs. Attendees will leave with a technically grounded blueprint for sharpening OT incident response programs before the alarms sound.
Presenters:
Topic(s): Cybersecurity Incident Response Industrial Control Systems (ICS) NIS2 Supply Chain Threat Intelligence
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
As a vice president at Booz Allen Hamilton, Kyle Miller oversees the firm's infrastructure cybersecurity portfolio within the Global Commercial account. As part of this role, he is responsible for leading Booz Allen’s operational technology (OT) cybersecurity, enterprise information technology (IT) cybersecurity, Zero Trust and smart manufacturing practices.
With over 20 years of professional experience, Kyle has worked with a wide range of clients across the manufacturing, oil & gas, defense, transportation, energy and water/wastewater critical infrastructure sectors. These clients have included Fortune 100 and Global 2000 organizations, as well as the US Department of Defense (DoD) and other civil agencies. Miller holds various professional certifications including GICSP, CISSP, CEH, CHFI, ISO 27001 Lead Auditor, Security+ and PMP; as well as two graduate certificates and a Master’s Degree in Cybersecurity.
Session Sponsored by ISAGCA: Industrial Cybersecurity - A Collective Effort
To ensure secure products and services, and ultimately secure industrial systems, collaboration across all market boundaries is essential. We are responsible for the most critical processes and services, where risks are measured not only by lost profits but primarily by the health and safety of people and the ability of entire communities to function normally. So, while there are no sentimental values in business, in cybersecurity we should build strong, effective collaboration.
Is this possible? If so, how can we achieve it?
Presenters:
Topic(s): Cybersecurity NIS2 CRA Industrial Control Systems (ICS) Incident Response Cyber Physical Safety
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
.jpg?width=417&height=417&name=Lukasz%20kister%20(1).jpg)
Lukasz is a seasoned practitioner with 25 years of experience in security. Throughout his career, he has held various roles, including manager, strategic advisor, lead auditor and trainer. He served as an expert for the European Commission on Product Cybersecurity within the Cyber Resilience Act (CRA) Expert Group.
Lukasz earned a PhD in security management from the Faculty of Special Engineering at the University of Zilina in Slovakia and an Executive MBA from the French Institute of Management and Warsaw University of Business in Poland.
Currently, he is the product cyber security director at Honeywell, responsible for organizing the process of ensuring product compliance with the growing cybersecurity requirements of the European Union (CRA, RED, etc.).
As a Certified Industrial Cybersecurity Incident Commander, Lukasz is globally recognized as one of the top ten incident commanders according to the US Federal Emergency Management Agency’s (FEMA) National Incident Management System (NIMS) model. He also holds a certification as an aviation cybersecurity expert from Embry-Riddle Aeronautical University in the US and has completed the industrial cybersecurity certification track at the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
Additionally, Lukasz is an active member of several prestigious professional organizations, including the International Society of Automation (ISA) Industrial Cybersecurity Standardization Committee (ISA99), the Incident Command System for Industrial Control Systems (ICS4ICS) project at the ISA Global Cybersecurity Alliance (ISAGCA) and the Industrial Cybersecurity and Cyber-Informed Engineering (CIE) Communities of Practice at the Idaho National Laboratory (INL). He also participates in the Aviation Cybersecurity Community at the European Aviation Safety Agency (EASA).
SZ Lin has over 15 years of experience in industrial cybersecurity. He currently serves as the president of ISA Taiwan Section and is an official ISA instructor. He actively contributes to the development of the ISA/IEC 62443 standards and the ISASecure certification program. With extensive expertise in power and energy, transportation, semiconductor and factory automation, he has led numerous cybersecurity initiatives across critical infrastructure sectors.
As an active member of ISAGCA, SZ Lin is dedicated to advancing global operational technology (OT) cybersecurity frameworks and certification programs, ensuring industrial systems meet rigorous security standards. Additionally, he is a Debian developer for major open source projects and holds multiple industry-recognized certifications, including CISSP, ISSAP, CSSLP, CISM, CISA and GICSP (Gold).
Immersive Cyber Incident Exercising: Preparing You and Your Supply Chain for the Day it All Goes Wrong
As the UK continues to recover from its most costly cyberattack, which affected Jaguar Land Rover and hundreds of its suppliers, it’s clear that both the organization and its supply chain were unprepared. This ripple effect underscores a critical gap: digital dependencies across complex supply chains are often poorly understood until a crisis strikes.
In an immersive exercise project with National Highways, Betty and the team set out to make cybersecurity tangible by grounding it in operational reality. Building on ISA/IEC 62443-based threat and risk assessments, they developed scenarios informed by real-world operational context and supported by ICS4ICS practices.
This presentation will demonstrate how these elements shaped the exercise design and what the operational technology (OT) cyber community can learn from this approach.
Drawing on over a decade of cyber exercise experience, Betty will explore essential questions operators often struggle to answer:
- Do we fully understand our supply chain?
- Do service level agreements (SLAs) account for cyber incident response?
- How and when should we be notified of an incident in our supply chain?
- Do we have the right contacts in our playbooks?
Such gaps, if discovered during a crisis, can threaten an organization’s stability and the resilience of critical infrastructure. This presentation aims to show how these challenges can be addressed in practical, concrete ways across an entire critical national infrastructure (CNI) organization.
Presenter: Alzbeta "Betty" Helienek
Topic(s): Supply Chain ISA/IEC 62443 Cybersecurity
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
IEC 63452: Toward the First International Standard Dedicated to Railway Cybersecurity
Rail systems are becoming increasingly connected, digital, and exposed, making them more vulnerable. Yet until now, no international cybersecurity standard has fully addressed the specific challenges of railway applications. IEC 63452 is set to change that.
Grounded in the ISA/IEC 62443 series, this new standard adapts core industrial cybersecurity principles to the operational and safety-critical realities of the rail sector. Its objective is to provide manufacturers, operators and integrators with a shared, actionable framework for securing the next generation of railway systems.
In this 20-minute session, we’ll briefly take you behind the scenes of the IEC 63452 journey, explaining how the project team was structured, how the work progressed and which rail-specific constraints shaped those choices. You’ll also get a concise preview of the standard’s structure, its main requirement areas and the value it brings to the rail cybersecurity ecosystem.
Presenter: Serge Benoliel
Topic(s): Cybersecurity Standards, Policy and Regulations Transportation Rail NIS2 Industrial Control Systems (ICS) ISA/IEC 62443
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Serge Benoliel is the head of Product Cybersecurity Governance & Expertise at Alstom. With more than three decades of experience in technology and twenty years in the rail industry, he has built a strong track record in engineering leadership, strategic transformation and the integration of cybersecurity into complex industrial systems. He plays a central role within Alstom’s global product cybersecurity organization, shaping governance frameworks, driving expertise development and supporting the deployment of cybersecurity across the company’s portfolio.
Serge is also the project lead of the IEC 63452 Working Group, responsible for the first future international standard on cybersecurity for railway. Serge is a committed advocate for sector-wide collaboration, convinced that the resilience of tomorrow’s railway systems will depend on shared standards, collective intelligence and long-term strategic alignment across the industry.
Beyond the Perimeter: Moving Towards an OT Security Architecture Model (OT-SAM)
Presenter: Ilja David
Topic(s): Cybersecurity Supply Chain Standards, Policy and Regulations Industrial Control Systems (ICS) Incident Response Cyber Physical Safety
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
Welcome Reception
Countdown to Compliance Forum: Implementing European Cybersecurity Directives
With directives such as the NIS2 Directive and the Cyber Resilience Act reshaping expectations for critical infrastructure operators and product manufacturers, organizations face a clear reality: compliance deadlines are approaching and the work is substantial.
This panel brings together a cross-section of stakeholders: policymakers and standards contributors shaping European cybersecurity directives, asset owners responsible for operational continuity and consultants guiding implementation strategies. Together, they will explore the practical implications of these directives, including governance obligations, product security requirements, supply chain transparency, reporting mandates and the cultural shift toward demonstrable cybersecurity by design.
Beyond the legal text, this discussion will focus on execution. What does “good” look like in practice? Where are organizations struggling? How do asset-intensive industries, including energy, water, manufacturing and transportation, align technical controls, documentation and lifecycle management with regulatory expectations?
Presenters:
Topic(s): Cybersecurity Standards, Policy and Regulations NIS2 CRA Industrial Control Systems (ICS) Risk Assessment & Management Cyber Physical Safety
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Steve Mustard, PE, CAP, GICSP, CMCP, has over 35 years of experience in the automation industry. He has developed embedded software and hardware for military applications and created products for industrial automation and control systems. Currently, much of his work focuses on assessing the cybersecurity readiness of organizations in critical infrastructure.
In addition to being the former 2021 ISA President, Mustard holds multiple certifications and professional engineering licenses. These include being a licensed Professional Engineer (PE), an ISA Certified Automation Professional (CAP), a UK-registered Chartered Engineer (CEng), a Fellow of the Institution of Engineering & Technology, a European-registered Engineer (EUR Ing), a Global Industrial Cyber Security Professional (GICSP) and a Certified Mission Critical Professional (CMCP).
Lukasz is a seasoned practitioner with 25 years of experience in security. Throughout his career, he has held various roles, including manager, strategic advisor, lead auditor and trainer. He served as an expert for the European Commission on Product Cybersecurity within the Cyber Resilience Act (CRA) Expert Group.
Lukasz earned a PhD in security management from the Faculty of Special Engineering at the University of Zilina in Slovakia and an Executive MBA from the French Institute of Management and Warsaw University of Business in Poland.
Currently, he is the product cyber security director at Honeywell, responsible for organizing the process of ensuring product compliance with the growing cybersecurity requirements of the European Union (CRA, RED, etc.).
As a Certified Industrial Cybersecurity Incident Commander, Lukasz is globally recognized as one of the top ten incident commanders according to the US Federal Emergency Management Agency’s (FEMA) National Incident Management System (NIMS) model. He also holds a certification as an aviation cybersecurity expert from Embry-Riddle Aeronautical University in the US and has completed the industrial cybersecurity certification track at the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
Additionally, Lukasz is an active member of several prestigious professional organizations, including the International Society of Automation (ISA) Industrial Cybersecurity Standardization Committee (ISA99), the Incident Command System for Industrial Control Systems (ICS4ICS) project at the ISA Global Cybersecurity Alliance (ISAGCA) and the Industrial Cybersecurity and Cyber-Informed Engineering (CIE) Communities of Practice at the Idaho National Laboratory (INL). He also participates in the Aviation Cybersecurity Community at the European Aviation Safety Agency (EASA).
Keynote: Operational Threat Environment and Cyber Legislation in Europe (EU Focus)
Presenter: Mark Harbord
Topic(s): Cybersecurity Supply Chain Standards, Policy and Regulations NIS2 CRA
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Session Sponsored by Cyolo: When Suppliers Become Pathways: Reducing OT Supply-Chain Risk Through Access Control and Blast-Radius Containment
Operational technology (OT) supply-chain risk is often discussed in terms of software provenance, vendor assurance and threat intelligence. But in many industrial environments, one of the most practical supply-chain risks is much closer to home: suppliers, contractors and original equipment manufacturers (OEMs) who require remote access to production systems.
This session explores how third-party access can become a pathway to compromise and why traditional perimeter-based controls are no longer sufficient when vendors, engineers and service partners require ongoing connectivity to critical assets. Rather than treating supplier access as a binary allow-or-deny decision, organizations need to understand where each connection lands, what it can reach and how quickly a compromise could move laterally.
We will discuss a practical approach to reducing OT supply-chain exposure by combining secure remote access, identity-based controls, asset-level policies and segmentation designed to limit the blast radius. This session will show how OT teams can move from broad network access to least-privilege connectivity, using discovery, modeling and staged enforcement to reduce operational risk and avoid disruptive segmentation projects.
Attendees will leave with a framework for asking better questions about supplier access: who needs access, to what, under what conditions and how far an incident could spread if that access is abused?
Presenter: Ian Cuthbertson
Topic(s): Cyber Physical Safety Cybersecurity Supply Chain
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
How Functional Safety Meets Cybersecurity to Save Lives
This session explores the critical intersection of functional safety and operational technology (OT) cybersecurity, demonstrating that a safety justification is fundamentally incomplete without rigorous mitigation of cyber threats. As industrial systems become increasingly connected, attendees will see why the historically siloed disciplines of safety and security must converge to protect human lives.
This presentation will emphasize that traditional safety engineering assumes random failures, whereas cybersecurity defends against calculated attacks intended to alter the plant's physical behavior and defeat protective measures. Attendees will learn how cyber-attacks can be a common cause of failure that undermines traditional layers of protection analysis (LOPA), triggering hazardous events and disabling the safety instrumented systems designed to prevent them.
To address this dangerous vulnerability, this session will guide professionals through the practical integration of cyber threats into established safety frameworks, such as process hazard analysis (PHA). Participants will explore consequence-based cybersecurity methodologies and learn to evaluate scenarios by asking:
- Is the initiating cause vulnerable to attack?
- Are the safeguards vulnerable to attack?
- Is the physical consequence significant enough to warrant a stringent Security Level Target (SL-T)?
Furthermore, this session will unpack the guiding principles of IEC TR 63069, providing a framework for coordinated threat analysis, simultaneous hazard and security risk assessments and formal conflict resolution between safety and security requirements. By attending, you will gain an actionable roadmap for breaking down organizational silos and enabling security experts, safety engineers and operations to collaborate effectively.
Key takeaways:
- Master the integration of ISA/IEC 62443 with the IEC 61508 and IEC 61511 lifecycles
- Implement layered defense-in-depth strategies using zones and conduits
- Understand how to conduct joint cybersecurity risk assessments for safety-critical systems
Ultimately, this session will empower attendees to build resilient, security-informed safety systems, demonstrating that cybersecurity is no longer just about protecting data – it is about saving lives.
Presenter: Dr. Fan Ye
Topic(s): Cybersecurity Cyber Physical Safety CRA Industrial Control Systems (ICS) Risk Assessment & Management
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
Threat Intelligence and Supply Chain in the Context of Cyber-Physical Risk Management
Presenter: Dr. Marina Krotofil
Topic(s): Cybersecurity Supply Chain Risk Assessment & Management Cyber Physical Safety
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Dr-Eng Marina Krotofil is a cybersecurity professional with 15 years of hands-on experience in industrial control systems (ICS) and cyber-physical security with a strong focus on critical infrastructure protection. She has managed and executed diverse technical projects worldwide across a variety of industrial and non-industrial domains.
Marina is also an experienced cybersecurity researcher and Red/Blue Teamer who has discovered numerous novel attack vectors and exploitation techniques, designed innovative defense methods and assisted with complex incident responses. She frequently collaborates with international organizations on technical threat intelligence topics, is a member of the Black Hat Review Board and serves as an evaluator of EU-funded security project proposals.
Panel Discussion: Automation Control System Security Assurance (ACSSA) Program Overview
This session is sponsored by: 
Presenters:
Topic(s): Cybersecurity Supply Chain Industrial Control Systems (ICS) Threat Intelligence
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
Dr. Mark P. DeAngelo is the program manager of the ISA Security Compliance Institute and the ISA100 Wireless Compliance Institute, commonly referred to as ISASecure and ISA100 Wireless. He provides staff leadership for ISA’s conformance certification programs, including the ISASecure control systems certification program managed under the ISA Security Compliance Institute.
Previously, Dr. DeAngelo worked as a systems safety engineer working on autonomous systems and commercial derivative aircraft at Boeing Defense, Space & Security. Before joining Boeing, he worked as the aerospace initiatives manager for SAE International, where he served as SAE’s spokesperson for advanced air mobility standards and integration activities, collaborating with SAE, NASA, FAA, ICAO, international civil aviation authorities and industry.
He earned a BS, MS and PhD in aerospace engineering from the Pennsylvania State University. He also holds an FAA Part 61 Private Pilot Certificate. His hobbies include photography with publications in the Smithsonian Air & Space Magazine, Miami New Times and awards from the Pittsburgh Post-Gazette and Point Park University.
Steve Mustard, PE, CAP, GICSP, CMCP, has over 35 years of experience in the automation industry. He has developed embedded software and hardware for military applications and created products for industrial automation and control systems. Currently, much of his work focuses on assessing the cybersecurity readiness of organizations in critical infrastructure.
In addition to being the former 2021 ISA President, Mustard holds multiple certifications and professional engineering licenses. These include being a licensed Professional Engineer (PE), an ISA Certified Automation Professional (CAP), a UK-registered Chartered Engineer (CEng), a Fellow of the Institution of Engineering & Technology, a European-registered Engineer (EUR Ing), a Global Industrial Cyber Security Professional (GICSP) and a Certified Mission Critical Professional (CMCP).
Marco has 30 years of field experience, during which time he designed, implemented and maintained process instrumentation, automation systems, safety systems and process control networks. In his role with a large global manufacturing company, he is responsible for applications globally that are specific to plant site operations and corporate governance.
With nearly 2 decades focused specifically on industrial cybersecurity, he led efforts to secure the oil and gas (all streams), maritime port, offshore facilities and chemical sectors supporting federal, local and state entities in securing the private sector.
Marco is highly active in the International Society of Automation (ISA) as a longtime member and has recently been elected to the ISA Executive Board. He is a 22-year Senior Member and a certified cyber instructor for ISA/IEC 62443 with volunteering commitments and contributor to the AMSC Gulf of America (Mexico) cybersecurity committee in a sworn-in role to the US Coast Guard (USCG) as chair of threat intelligence and cybersecurity for the outer continental shelf (OCS).
He has been an InfraGard member since 2014 and is currently serving as president of the Houston Members Alliance.
Threats Against Positioning, Navigation and Timing (PNT) Systems in OT, Marine, Rail and Aviation Sectors
While there has been extensive discussion of global navigation satellite system (GNSS) jamming and spoofing in recent years, there has been far less focus on the wealth of other positioning, navigation and timing (PNT) technologies, such as automated information system (AIS), Automatic Dependent Surveillance–Broadcast/Contrast (ADS-B/C), enhanced long-range navigation (eLoran), European Train Control System (ETCS), network time protocol (NTP)/precision time protocol (PTP) and process management repository (PMR) and satellite communications (SATCOM) PNT, where threats to availability or integrity could have grave consequences for everything from the electric grid to international logistics by sea, air or land.
This talk explores various threats to these PNT technologies, backed by a mix of real-world incidents, research and red teaming scenarios conducted by Midnight Blue.
Presenter: Jos Wetzels
Topic(s): Cybersecurity Threat Intelligence Incident Response Risk Assessment & Management ISA/IEC 62443 Maritime/Marine Aviation Cyber Physical Safety
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Jos, a co-founding partner at Midnight Blue, has provided consulting services to government agencies, grid operators and Fortune 500 companies around the world. He played a key role in the first-ever public analysis of the Terrestrial Trunked Radio (TETRA) radio standard, which is used by police and critical infrastructure globally, revealing several critical vulnerabilities.
His research involved reverse engineering, vulnerability research and exploit development across various domains, such as industrial systems, automotive technologies, IoT, networking equipment and deeply embedded systems on chips (SoCs). He discovered zero-day vulnerabilities across tech stacks, including bootloaders, real-time operating systems (RTOS) and proprietary protocol implementations.
Before founding Midnight Blue, Jos worked as a security researcher and reverse engineer at Forescout, where he developed advanced intrusion detection capabilities for operational technology (OT) environments. He is also an accomplished conference speaker, having presented at notable events such as Black Hat, DEF CON, Chaos Communication Congress (CCC), Usenix, Hack In The Box (HITB), OffensiveCon, ReCon, EkoParty and many others.
Panel Discussion: Red Flags on the Road: Cyber Threat Convergence Across Connected Transport Systems
This session brings together speakers from the maritime, rail, automation and aviation sectors to examine how cyber threats manifest across interconnected transport operations and where risks converge across industries. Panelists will share real-world perspectives on adversary tactics targeting operational technology (OT) and supporting information technology (IT) systems, including exploitation of remote connectivity, third-party access pathways, legacy and hard-to-patch assets and the cascading impacts of disruptions that move from one mode of transport to another. Attendees will gain a clearer understanding of common failure points, emerging threat trends and the operational consequences of cyber incidents in safety-critical settings.
This discussion will highlight practical, cross-sector strategies to improve resilience – including segmentation and access control patterns that work in the field, securing vendor and maintenance workflows, monitoring approaches suited to OT environments and incident response considerations when operations cannot simply “shut down and patch.”
Participants will leave with actionable takeaways to strengthen defenses, align stakeholders and reduce systemic risk across the connected transport ecosystem.
Presenters:
Topic(s): Cybersecurity Standards, Policy and Regulations Transportation Automotive Incident Response Risk Assessment & Management ISA/IEC 62443 Maritime/Marine Rail Aviation
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Scott Reynolds is the industrial security manager at Johns Manville and has more than 15 years of industrial engineering experience. He is an active participant in the operational technology (OT)/information technology (IT) community.
For over a decade, Scott has been involved with the International Society of Automation (ISA), where he has held various leadership roles, including serving as the 2025 ISA President. Scott holds a degree in electrical engineering technology from the University of Maine and an MBA from the University of South Dakota.
Jos, a co-founding partner at Midnight Blue, has provided consulting services to government agencies, grid operators and Fortune 500 companies around the world. He played a key role in the first-ever public analysis of the Terrestrial Trunked Radio (TETRA) radio standard, which is used by police and critical infrastructure globally, revealing several critical vulnerabilities.
His research involved reverse engineering, vulnerability research and exploit development across various domains, such as industrial systems, automotive technologies, IoT, networking equipment and deeply embedded systems on chips (SoCs). He discovered zero-day vulnerabilities across tech stacks, including bootloaders, real-time operating systems (RTOS) and proprietary protocol implementations.
Before founding Midnight Blue, Jos worked as a security researcher and reverse engineer at Forescout, where he developed advanced intrusion detection capabilities for operational technology (OT) environments. He is also an accomplished conference speaker, having presented at notable events such as Black Hat, DEF CON, Chaos Communication Congress (CCC), Usenix, Hack In The Box (HITB), OffensiveCon, ReCon, EkoParty and many others.
From Signals to Shutdowns: Tags, Transmitters and Trips in Cyber-Physical Systems
Presenter: Jalal Bouhdada
Topic(s): Cyber Physical Safety
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
AŽD Autonomous Railway: Insights from a Unique Autonomous Train Operation on an Open Railway Network
The autonomous railway operation developed by AŽD on the Kopidlnka line is the first European implementation of GoA3 passenger operation within conventional railway infrastructure, supervised by the European Train Control System (ETCS).
A central element of this project is the experimental autonomous vehicle "EDITA," which serves as a technological platform for validating advanced automatic train operation algorithms, interacting with trackside systems and integrating digital autonomous functions into real-world railway operations. EDITA enables comprehensive testing of autonomous behavior, communication interfaces with ETCS and responses to operational scenarios essential for the future deployment of autonomous trains in Europe.
Operations on the AŽD "Kopidlnka" line combine ATO GoA3, continuous train–track–control-center communication, remote operator supervision, and ETCS as an independent safety layer. Within this ecosystem, EDITA operates as a “living laboratory,” enabling real-time verification of cyber-physical interactions, safety-critical decision-making processes and resilience against cyber threats. The vehicle’s architecture incorporates robust safety and cybersecurity principles, including system segmentation, secure communication, controlled software updates, anomaly detection and continuous monitoring.
Kopidlnka thus serves as a unique testbed where AŽD validates the integration of autonomous train control, ETCS supervision and cybersecurity requirements under operational conditions. At the same time, it is used by other partners in Europe's Rail Research program. The experimental deployment of EDITA demonstrates technological readiness for autonomous railway operation and represents a significant step toward a safe, resilient and cyber-secure autonomous railway future in Europe.
Presenter: Vladimír Kampík, Ing.
Topic(s): Cybersecurity Transportation Threat Intelligence Rail
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
Beyond Detection: How AI and Digital Twins are Leading the Rise of Predictive OT Security
The growing complexity of today’s industrial environments has outgrown traditional reactive approaches to operational technology (OT) security. In this session, Mohamed will discuss how digital twins and artificial intelligence (AI) are transforming OT security from detection-based to predictive.
Digital twins, virtual replicas of physical systems, processes and assets, provide deep operational visibility. They enable real-time simulation, allowing security teams to test scenarios, such as cyberattacks or system failures, in a controlled environment. By modeling system behavior and responses, organizations can assess the impact of threats and refine mitigation strategies before real incidents occur.
AI, powered by advanced machine learning, complements this by enabling rapid analysis of large volumes of operational data. By learning from historical trends and system behavior, AI can identify weaknesses and predict future risks, enabling security teams to take preemptive action. This shift from reactive to predictive defense marks a new era in OT security, in which response occurs before incidents materialize, reducing risk and downtime.
This presentation maps digital twin and AI integration to the Purdue Enterprise Reference Architecture (PERA), detailing data flows across Levels 0–5 and the ingestion and aggregation of telemetry data. It defines the placement of the digital twin for real-time state mirroring and AI inference at higher compute levels (L4/L5). The model aligns with ISA/IEC 62443, demonstrating a secure design for zones and conduits that segment infrastructure, preserve OT boundaries and enforce defense-in-depth.
The session features real-world use cases and a demonstration video of a digital twin in action, highlighting operational views, simulated controls and predictive responses. Key benefits include improved threat detection, faster response and enhanced system resilience.
Participants will gain practical insight into implementing digital twins and AI to future-proof OT security in an increasingly complex, connected critical infrastructure landscape.
Presenter: Mohamed Hekal
Topic(s): Cyber Physical Safety Cybersecurity ISA/IEC 62443 Anomaly Detection Incident Response Industrial Control Systems (ICS) Risk Assessment & Management
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
Mohamed Hekal is an operational technology (OT)/industrail control system (ICS) cybersecurity leader with 20 years of experience securing critical infrastructure across power and water utilities, oil & gas and industrial sectors. As global director of OT security at ITSEC Group, he leads international initiatives to secure ICSs in OT environments. His mission is to bridge the gap between executive strategy and plant-floor realities, ensuring cybersecurity acts as an enabler of industrial resilience, not a barrier to operations.
Previously, Mohamed held engineering roles at SIEMENS, TOSHIBA Power and as a critical infrastructure system owner at TAQA Transmission in UAE, one of the region’s largest transmission utilities. He is a member of the ISA-99 committee and ISA UAE Section, contributing to standards-based cybersecurity approaches that balance operational continuity, safety and cyber resilience in an increasingly digital industrial world.
Session Sponsored by Fortinet: Cyber-Physical Security by Design: Aligning IT/OT, Cloud and Safety
Presenter: Cezary Zieliński
Topic(s): Cyber Physical Safety Cybersecurity
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
Cezary Zieliński is the operational technology (OT) security architect at Fortinet, with more than 12 years of experience in industrial control systems (ICS) environments, with a focus on design and cybersecurity.
At Fortinet, Cezary is architecting OT/ICS security solutions and developing security services, including OT risk assessment. Before Fortinet, Cezary was working for both asset owners and consulting companies. He has experience in OT/ICS security programs development, implementation and conducting OT/ICS security assessments in critical infrastructure environments.
Cyber Security Operational Integration Robot Artificial Intelligent (CsiBot AI)
CsiBoT AI provides methods, devices and program logic based on artificial intelligence (AI) and machine learning (ML) to address the current manual and ad hoc implementation and maintenance of plant cybersecurity operations. The technology is a disruptive new concept for automating cybersecurity operations in industrial facilities. It is based on my invention and is a candidate for commercialization in a market space exceeding 2 billion USD by 2030, according to a third-party study.
Presenter: Dr. Soloman Almadi
Topic(s): Cybersecurity
Track(s): OT Security and Industrial Safety: Managing Cyber-Physical Security - Track 2
Dr. Soloman Almadi holds a PhD in simulation and computing and is currently a professional engineering principal scientist in operational technology (OT) cybersecurity, process control systems, digital transformation (DT) programs and open process automation at Saudi Aramco. As an inventor, he is credited with over 25 inventions and a technology game-changer, for which he received various regional/international awards and recognitions. He has also published over 50 technical papers.
Dr. Almadi was elevated to the prestigious rank of Fellow by the International Society of Automation (ISA) in 2024 for his significant contributions to the fields of automation and cybersecurity. He currently serves as an officer on the ISA executive board. Additionally, Dr. Almadi is an adjunct professor and research advisor at the King Fahad University of Petroleum Engineering, where he teaches graduate courses in cybersecurity, Industrial Internet of Things (IIoT) and DT.
Validated, Not Just Compliant: The Real-World Challenges of ISA/IEC 62443 in Pharmaceutical OT Environments
The pharmaceutical sector is making significant progress in adopting ISA/IEC 62443 as a structured framework to improve operational technology (OT) cybersecurity. Many organizations have already initiated maturity assessments, strengthened OT governance, reviewed remote access practices, improved network segmentation concepts and started aligning technical and procedural controls with both cybersecurity and regulatory expectations. Yet implementation in pharmaceutical manufacturing remains uniquely challenging because cybersecurity improvements must coexist with good manufacturing practice (GMP) and good (pharma) practice (GxP) requirements, validated system states, strict change control and the need to protect product quality and production continuity.
This presentation examines the practical challenges of implementing ISA/IEC 62443 in regulated pharmaceutical OT environments, where security decisions often directly affect validation, quality assurance, operational acceptance and audit readiness. It will discuss the current state of progress typically seen in the sector, including greater visibility into industrial assets, increased formalization of responsibilities, stronger governance of remote access and more structured risk assessments. At the same time, it will address persistent obstacles such as patching limitations, reliance on legacy systems, vendor-controlled components and the tension between security hardening and validated operation.
This session will provide valuable insights for organizations seeking to apply ISA/IEC 62443 effectively and in a way that is operationally acceptable in the pharma industry. Special attention will be given to compensating controls, evidence-based compliance, segregation strategies that work in validated environments and the coordination required between engineering, quality, CSV, operations and cybersecurity teams. Attendees will leave with a realistic view of how ISA/IEC 62443 can support resilience in pharmaceutical OT without becoming a purely theoretical compliance exercise.
Presenter: Tamas Buzgo
Topic(s): ISA/IEC 62443
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
The North Star: The Future of ISA Standards
Presenters:
Topic(s): Cybersecurity Standards, Policy and Regulations Threat Intelligence ISA/IEC 62443
Track(s): OT Threat Intelligence and ICS Supply Chain Security - Track 1
SZ Lin has over 15 years of experience in industrial cybersecurity. He currently serves as the president of ISA Taiwan Section and is an official ISA instructor. He actively contributes to the development of the ISA/IEC 62443 standards and the ISASecure certification program. With extensive expertise in power and energy, transportation, semiconductor and factory automation, he has led numerous cybersecurity initiatives across critical infrastructure sectors.
As an active member of ISAGCA, SZ Lin is dedicated to advancing global operational technology (OT) cybersecurity frameworks and certification programs, ensuring industrial systems meet rigorous security standards. Additionally, he is a Debian developer for major open source projects and holds multiple industry-recognized certifications, including CISSP, ISSAP, CSSLP, CISM, CISA and GICSP (Gold).
President, au2mation
President, Infragard Houston
Industrial Networking/Cybersecurity PreSales, Siemens
.jpg?width=100&height=100&name=Lukasz%20kister%20(1).jpg)
Cybersecurity Director, Global Product Security, Honeywell
Principal Consultant, Cyber Security, Ricardo
Senior Expert, Robert Bosch GmbH
Sr. OT/IoT Cybersecurity Consultant, Saudi Arabia
