Take action : Cyberprotection of Operational Technologies
March 24, 2021
From 8:30 am to 5 pm
Content produced in collaboration with Accenture Security, Cyber-eco, Deloitte, In-Sec-M and Prompt Innov.
Networks, infrastructures, factories, buildings… They are now all interconnected.
Immense risks and vulnerabilities surround Operational Technology (OT) environments :
With the IIOT (Industrial Internet of Things), SCADA Systems (real-time data acquisition and control system), used in distribution – water, electricity, gas – risk factors are increasing and the repercussions of a breach could affect up to the entire population.
Take action now for the safety of your industrial environments and critical infrastructures!
Who is currently responsible for it in your company?
What are the best practices to protect operational environments? Can we be trained in them?
Rencontres de génie : to be in control of your cyber protection
Rencontres de génie : to be in control of your cyber protection Open the doors of knowledge that will make you and your business leaders in OT cybersecurity!
Chairman BlueVoyant (International), former director of GCHQ
Co-founder and CEO of Cygenta
Chief Innovator for Quebec Innovation Council
Luc Sirois holds a bachelor's degree in electrical engineering from McGill University and an MBA from Harvard University. Recognized in Canada and around the world for his creative approach to innovation, M. Sirois is a leader and entrepreneur in digital technology, with investments in numerous startups and non-profit organizations focused on youth, health, science and education. He co-founded the health innovation movement Hacking Health as well as its digital health accelerator and pre-seed fund. He is co-founder of Resonant Medical, now Elekta Canada, a leading manufacturer in the field of radiation oncology and image-guided treatments. He has also served as Vice President of Consumer Health at TELUS Health, Telesystem and Nightingale, and as Manager at McKinsey & Company with offices in Montreal, Toronto, Zurich and Paris. Until recently, he was Managing Director of Prompt, a not-for-profit organization that facilitates R&D partnerships between the industry and research institutions to improve the competitiveness of companies in the ICT, artificial intelligence and other digital technology markets. Mr. Sirois is also strategic advisor to the Minister of the Economy and Innovation of the Quebec government. As such, he currently works on deploying new tech transfer models, on the culture of innovation in institutions, on issues of business creation and scientific entrepreneurship, as well as on the transfer of social innovations and their adoption in society. In December 2020, he was appointed Chief Innovator of Quebec and Director General of the newly created Quebec Innovation Council.
Over the past year ransomware attacks and supply chain cyber attacks have interrupted operations in many countries. Based on the Cybersecurity industrial IOT report, Robert Hannigan, former head of GCHQ, will provide an overview of how threats to critical national infrastructures have been handled. Are current cybersecurity practices adequate? How should we look at the future for this major issue?
Chairman BlueVoyant (International) and former director of GCHQ
Robert Hannigan was Director of GCHQ, the UK’s largest technical and cyber security agency, from 2014-17. Robert established the UK National Cyber Security Centre in 2016, and was responsible for the UK’s first cyber strategy in 2009. Robert is now Chairman of BlueVoyant International, a cyber security services company, and a Senior Adviser to McKinsey & Co. He is a Senior Fellow at the Belfer Center, Harvard, Fellow of the Institution of Engineering and Technology, London, and Honorary Fellow at Oxford University. Robert writes and speaks regularly on cyber issues in the Financial Times, BBC and elsewhere. He recently published with Professor Sadie Creese of Oxford University a 'review of cybersecurity for the industrial internet of things'.
Traditionally OT environments have been isolated, and obfuscated by a variety of challenges including different management paradigms, but also technological challenges. However, with the advent of technology, connectivity, and the proliferation of IT technology being infused into operations or infrastructure this has been an Occam’s razor. Generally, you hear a ton of horror stories about how you can’t patch or secure these environments, and there are some truths, but they are largely myths.
Directeur of cybersecurity, Verve Industrial Protection
Ron is a Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that specialises in holistic services and products that work well across IT and OT environments for effective cyber security, controls and management. He has over 12 years of ICS/OT embedded experience, integrations and reviews in a variety of domains (pharma, consumer packaged goods, oil & gas, energy), systems engineering, vulnerability research, and was recently recognized as a top 40 engineering leader under the age of 40.
At a time when companies are more and more aware of the OT security issues, a contrasting reality is emerging in relation to the stated ambitions. But already, has it become a key objective for all companies? How do they adapt to recruit a skilled workforce? Who are the right profiles and how do you attract and retain them? Why is cybersecurity more masculine today? How to truly develop a workforce that responds to these challenges? How to keep pace with technological developments and find training adapted to a constantly changing reality? So many questions to which this expert panel will provide concrete and documented answers!
Liaison Officer, Centre Canadien pour la Cybersécurité
Véronique has worked at the Communications Security Establishment / Canadian Center for Cyber Security for over 14 years and has held positions there as Data and Requirements Analyst, Technical Project Coordination, Compliance Management and now liaison officer. As the focal point for the Center for Cyber Security, her role is to partner with key infrastructure operators for Canada, and help them meet cybersecurity challenges, so that the public can continue to benefit from critical services despite the constant cyber threats against Canadian systems.
Mourad Debbabi is Full Professor at the Concordia Institute of Information Systems Engineering and Acting Dean of the Gina Cody School of Engineering and Computer Science. He holds the CRSNG / Hydro-Québec Thales senior industrial research chair in smart grid security and the Concordia level I research chair in information systems security. He is also President of the National Cyber Forensics and Training Alliance (NCFTA) Canada and a member of the Cybercrime Advisory Council of CATAAlliance. He is the founder and one of the directors of the Security Research Center at Concordia University. Mr. Debbabi has published 6 books and over 300 peer-reviewed research articles in international journals and conferences on cyber security, cyber forensics, privacy, cryptographic protocols, threat intelligence generation, l malware analysis, smart power grid security, reverse engineering, critical system security specification and verification, programming languages and type theory.
Headhunter specialized in cybersecurity
People are at the center of her methodology, as head hunter, as manager of a team of consultants and of course in the relationship she develops with her clients. It is essential to understand the Client's needs and the Candidate's expectations in order to optimize professional and human expectations, for it to work! The job of a headhunter according to Sophie, of course, means having the skills and the network to find the best person for the right job who must meet the values, technological challenges and the personality of the candidate. She joined COFOMO in 2020, an IT consulting firm. At the same time, she became involved with ASIMM (Association de la Sécurité de l'Information du Montréal Métropolitain) and became Vice-President of the Board of Directors, whose mission was to raise awareness, inform and train the public in Cyber security.
Strategy and Consulting Services Director, Infrastructures, SNC-Lavalin
Mr. Sabbagh has held various positions over the past ten years in the electrical industry. His knowledge covers large-scale energy projects in the fields of renewable energy, hydroelectricity, nuclear, transmission and distribution, as well as communications networks and cybersecurity both in North America and the international. Mr. Sabbagh holds a bachelor's degree in electrical engineering from McGill University and a master's degree in business administration from the Schulich School of Business at York University. He currently works as Director of Strategy and Consulting Services for SNC-Lavalin's Intelligent Grids and Cybersecurity group where he supports power companies in making strategic and tactical decisions as well as digitizing their power grid.
Lawyer in data protection and information security law
Vanessa specializes in data protection and information security law. She advises organizations on the operationalization of related concepts such as privacy and security by design. She is a Certified Data Protection Officer (CDPO) with proven experience in assisting organizations with data protection legislation, such as the General Data Protection Regulation, and other standards affecting entities operating on a data-driven market. Vanessa helps organizations, in particular in the sector of emerging technologies, to manage legal risks relating to data in a preventive manner, allowing organizations to build trust with their customers and acquire a competitive edge. Vanessa holds a Master of Law (LLM) from McGill University on the topic of cyberespionage and teaches Corporate Cybersecurity Practices at St Thomas University (Florida, USA).
DEVICOM was founded in 1989 with the recognition of the growing need for large industries to obtain very specific computer technology services. The main mission of the company: to provide strategic support to customers and to offer innovative technological solutions. For its part, Prompt's objective is to increase the competitive advantage of Quebec companies in the information and communications technology (ICT) sector through R&D partnerships with the institutional research community. Prompt wants to offer companies the opportunity to complete their internal team and benefit from the theoretical and practical knowledge of the institutions to facilitate and accelerate R&D. During this conference, you will learn more about Prompt’s cybersecurity innovation programs, notably through the testimony of DEVICOM, now the benchmark in technology engineering.
General Manager, DEVICOM
Vice-President and General Manager of DEVICOM since 1989, France advocates a corporate culture where innovation reigns while putting people at the forefront of priorities. In 1995, it was with a daring vision that she founded the Internet café Le Cybernaute, aimed at putting communities at the heart of technology. In 2015, it innovated once again by implementing management 4.0, a philosophy in which talent management is the guideline and the collaborative spirit is the driving force. Based on harmony, it adapts the business management model to better meet the aspirations of new generations. France has always been very involved in the community: she has chaired several boards of directors for recognized business groups and humanitarian organizations. Her exceptional contribution and her ability to transfer knowledge to young entrepreneurs as a mentor-leader for the Saguenay mentoring unit has been recognized on several occasions.
Manager of Quebec Cybersecurity Innovation Program, Prompt
Nicolas is the manager of the Quebec Cybersecurity Innovation Program, a program representing an investment of $ 68 million from the government of Quebec and its partners. A real catalyst for economic and technological development in a sector with excellent growth prospects and many challenges, it could lead over the next three years to the creation of nearly 400 jobs.
The New Critical Infrastructure Cybersecurity Innovation Zone (ZIIE). In a unique place, the various players in the ecosystem will be able to work together to achieve these three objectives: develop a world-class workforce, position Quebec among the three best global exporters of cybersecurity solutions and strengthen resilience of critical infrastructures. The innovation zone is available to the entire cybersecurity ecosystem in greater Montreal to support small and large businesses in securing their infrastructure.
Business Development Director, co-head of the cybersecurity sector, Montréal International
Within Montreal International, Gwenaelle is responsible for attracting and retaining foreign investments in Greater Montreal, for France and Belgium. Since January 2019, she has been co-responsible for the attractiveness of Greater Montreal in the cybersecurity sector. Over the past few months, many solid relationships and collaboration between the different ecosystem players have been created and dozens of cybersecurity jobs have been created in Greater Montreal through the establishment and expansion of various foreign companies. Before joining Montreal International, Gwenaelle completed an MBA at HEC Montreal. She has also represented leading companies in labor and employment law for several years, working for the law firms of Norton Rose Fulbright and Heenan Blaikie.
President and General Manager, Cybereco
Marcel is a senior leader, strategic advisor with over 30 years of experience in cybersecurity, risk and compliance management, IT audit and internal audit. He has led cybersecurity transformation programs, defined security governance frameworks and advised several organizations on cybersecurity managed services and integrating cybersecurity into the various IT activities. He is highly recognized in the field of cybersecurity having worked there for more than twenty years, during which time he developed an approach focused on business needs. He has helped large and mid-sized companies develop and manage cybersecurity programs, establish governance frameworks, assess cybersecurity according to various reference frameworks (NIST, ISO 27002, etc.), assess and implement cybersecurity solutions, conduct security reviews and controls for systems in development and in use, and write and issue reports attesting to security levels.
The digital transformation, as well as the convergence between information (IT) and operational (TO) technologies are at the source of a large part of the cybersecurity challenges for the industrial sector. The human factor is one of major importance. From the early stages of their work program, it is essential to sensitize stakeholders to anticipate the integration of cybersecurity in their various responsibilities. These new challenges must now be understood by all levels; team managers, engineers, operators and technicians on site. The challenges are many, but many solutions are already available. This is what this conference will highlight through several case studies based on experience acquired in the field of industrial cybersecurity.
Cybersecurity consultant, SNC-Lavalin
After obtaining her degree in engineering, Stephany began her career as a consultant at Deloitte cybersecurity. She had the opportunity to explore the various areas of cyber security, ranging from strategy and governance to the data protection and managements of identity and access. During her career, Stephany has participated in projects in various industrial sectors, including financial services, aeronautics, as well as public and rail transport. At SNC-Lavalin, she continues to develop her engineering experience by performing and delivering a variety of consulting work as part of ongoing multidisciplinary projects.
2 cases studies (French or English)
Increasingly, business needs are forcing TO environments to be less isolated and more and more at risk. Duplicating your IT cybersecurity strategy is not enough for the unique challenges associated with operational technologies. Through his lecture, Louis-Philippe will express the main TOs in the transport industry, and demonstrate how it is possible to define a suitable cybersecurity strategy that will generate value for the organization.
Head of Information Security, Société de Transport de Montréal
After leading the implementation of an industrial cybersecurity practice in one of the largest mining companies in the world and spending a few years advising companies from various industries as cybersecurity director of a large “Big 4” firm , Louis-Philippe Desjardins is currently Head of Information Security at the Société de Transport de Montréal. His technical experience as a software engineer combined with his understanding of business-related issues are essential assets that allow him to understand the real problems of companies, to help managers define their needs, to appreciate the technical constraints, to identify possible solutions and create value for organizations. Over the years, he has helped several companies operating in different sectors develop and implement strategies to effectively manage cybersecurity risks. Although passionate about everything related to risk management, he specializes in cybersecurity governance, the implementation of business continuity and IT succession plans as well as identity and access management.
Cyber incidents such as ransomware continue to rise against Industrial Control Systems, and when they are compromised, the impacts are significant and protracted. Often, companies are hit multiple times and fail to properly identify the real cyber threats before meaningful action is taken. Yet most companies know they need, or already have incident response plans. This talk focuses on lessons gained across hundreds of IR engagements. What companies should be doing to prepare, where to start, and what they should stop doing now if they want to be effective. Moreover, the best in class operations are those that leverage unique insight available through proactive and reactive IR activities to transform their business and evolve operations to be more efficient and resilient to cyber threats.
Principal Director, Security Innovation, Accenture Security Canada
Bryan Singer joined Accenture Security in January of 2020 as a Principal Director in Security Innovation, with specialization in adversarial services and incident response in OT environments. As an industry recognized leader and catalyst for over 20 years, Mr. Singer continues to research, innovate, and drive change across industrial control to create safe, resilient, and high performance industrial processes. His career began in the US Military Intelligence Corps, and has spanned both IT and OT across telecommunications, healthcare, defense, and critical infrastructure. His professional industrial cybersecurity experience spans over 4,000 plants globally and nearly every process type including oil and gas, power generation, transmission/distribution, nuclear, food and beverage, water, pharmaceutical, automotive, and others processes around the globe.
Case study or Discussion Area
The digital transformation of operational technologies implies new security challenges, in addition to IT skills, it is essential to have operational knowledge of TO. Through a pragmatic approach to the cybersecurity issues of TOs and concrete cases in the fields of energy or electricity production, Yannick will demonstrate the importance of convergence in security systems.
Vice President, Strategic Initiatives and CISO, Hitachi Systems Security
With more than twenty years of experience in the IT field, Yannick Berneron has specialized in information and technology security since 2003. Authorized auditor of the PCI DSS credit card standard, certified auditor information systems, certified professional in IT governance, risk management and information security and information systems, Yannick Berneron now acts as a cybersecurity advisor to organizations both governmental than private. His experience has been acquired throughout his mandates, both national and international (Canada, France, Maghreb and West Africa). He has worked in particular in large-scale IT and telecom security projects in Canada, Algeria, Morocco and Côte d'Ivoire. Its areas of intervention are mainly governance and audit, strategic advice and cybersecurity.
Discuss your cybersecurity issues and get answers to your questions in a privileged setting in the discussion area! The Rencontres de Génie offer the opportunity to interact with certain speakers or consultant via private virtual tables of up to 8 people.
2 cases studies (in French)
Identifying each device, preserving the confidentiality of sensitive information and securing data exchanges without compromising privacy are the challenges of intelligent transport systems (ITS). This will involve reconciling authentication, message integrity and pseudonymization preventing the tracking of intelligent vehicle journeys. Find out how Atos responds to these challenges with its C-ITS PKI solution to generate and distribute secure digital identities to C-ITS stations.
Business development manager, ATOS
Axel Sandot is Business Manager in charge of security and digital identity of Internet of Things (IoT) and Cooperative Intelligent Transport Systems (C-ITS, V2X). Member of the Atos Expert Community, he performs his duty inside the Digital ID entity of the Group for three years. Beforehand, Axel Sandot managed during more than 10 years the business development and technological projects of European companies in Latin America around identity, digital trust, dematerialization, and deployment of main infrastructure projects.
During this session, you will have a brief overview of cybersecurity in the Hydro-Quebec industry, with a new set of lenses. Moshe Toledano will introduce you to how the power grid is changing and what that means for cybersecurity risks, how the business is adapting and what are some of the disruptors that are anticipated. The speaker will then answer some key questions during an interactive question period.
CISO and director of cybersecurity, Hydro Quebec
Moshe Toledano is currently the CISO (Chief Information Security Officer) and director of cybersecurity for Hydro Québec. Moshe has been passionate about Cyber Security for over 20 years. During the last 7 years, Moshe was CISO of Bombardier and Domtar. Previously, Moshe spent 13 years as a Cyber Security consultant with Deloitte where he led several cybersecurity practices and advises clients across multiple industries. Moshe holds a master's in business administration from Concordia University.
Jessica delivers thought-provoking and engaging presentations across the world, at corporate events as well as practitioner and academic conferences. Known for her ability to engage everyone from senior executives to ethical hackers and creative workers, she brings energy, enthusiasm and fun to cyber security. Her speaking engagements are rooted in the work she does around the psychology and sociology of cyber security, particularly regarding cyber security threats, social engineering, how to effectively communicate cyber security messages, the psychology of fear and cyber security, and the language of cyber security. Her specialisms span cyber security awareness, behaviour and culture.
Co-founder and CEO, Cygenta
Dr Jessica Barker is a leader in the human side of cyber security, she has been named one of the top 20 most influential women in cyber security in the UK and awarded asone of the UK’s Tech Women 50 in 2017. She is the Chair of ClubCISO and a team leader for the Cyber Volunteers 19 Project (CV19). Equipped with years of experience running her own consultancy, she co-founded Cygenta, where she follows her passion of positively influencing cyber security awareness, behaviours and culture in organisations around the world. Her consultancy experience, technical knowledge and sociology background give her unique insight.
Discuss your cybersecurity issues and get answers to your questions in a privileged setting in the discussion area!
The Rencontres de Génie offer the opportunity to interact with certain speakers or consultant via private virtual tables of up to 8 people.
Please note: there will be no pre-registration. Those interested will be able to participate in a table depending on the places available and in a limited time in order to welcome new participants to the table as and when.
Rating from your peers : 4,3/5
« A rewarding and dynamic event »
« One of the best conference days on the energy transition. Congratulations to the whole team »
« Everything was perfect for learning, asking questions and above all share with colleagues »
« I really enjoyed my day! Very interesting and well organized »
RDG « Energy Innovations » - June 2019
« Good diversified panel, good progress in the choice of subjects. The speakers are of academic quality and respected in their community. Very informative and above all very useful in the daily professional. »
« Thank you, as I am 62 years old, I find it very important to be up to date with what is happening in this high tech world. »
« The organization was excellent and the speakers overall were very interesting. I really enjoyed this event and told several of my colleagues about it when I returned to the office; It opened our eyes to areas for improvement in our department. »
RDG « Engineering 4.0 » – February 2019
« Great event. I am very impressed by the quality of the speakers, by the choice of venue and by your environmental concern for the event. Wow! »
« Very nice event, hope to attend next year too. »
« Very good conference day with renowned and quality presenters. »
« Thank you for the opportunity of this event, I really appreciated. »
RDG « Build with genius » – February 2020
Ticketing closed: for informations please contact firstname.lastname@example.org