Cyber Security 2024

Andreas specializes in IT-contracts and tech regulatory matters. He has several years of practical experience in advising on the drafting and negotiation of national and international IT agreements, as well as cybersecurity legislation and upcoming EU regulations within technology and innovation, including the Data Act and the AI Regulation.

Today, he will discuss the current state of the European Union’s cybersecurity legislation, including an overview of the forthcoming Norwegian Digital Security Act and the NIS 2 Directive. He will offer insights into the entities covered by these acts, outline the principal obligations, and explain the supervisory mechanisms involved.

Ulrik specializes in national security, focusing on empowering nations to protect their national security interests effectively. He collaborates closely with Norwegian enterprises that support fundamental national functions or critical societal functions, guiding them towards achieving a sustainable and holistic security posture.

In his presentation, Ulrik will delve into the strategies organizations providing essential societal services should adopt to comply with NIS/NIS2 directives and the Digital Security Act (Digitalsikkerhetsloven).

Paul Piotrowski is currently a Principal OT Cyber Security Engineer in Shell’s Global OT Security Discipline.  He consults on Global Capital Projects and supports Shell Operated and Non-Operated Assets across all business units.

Paul has spent over 22 years in Shell in various security roles including network operations, risk governance and compliance, audit, incident management, forensics, pen testing and project management.  He has traveled extensively for Shell allowing him the opportunity to work across diverse set of cultures and landscapes which have shaped his view of the world.

Espen Haagenrud has practiced IT-auditing, and Security Management in various industries for 25 years. In later years focused on Security governance from a corporate perspective, focusing measuring Security maturity and Security culture and awareness work.

In his presentation, supported by Kelsey Nutland, Head of TOMRA Security Governance, Espen will go through the publicly known cyber security event that struck TOMRA on 16 July 2023, the short- and long-term effect on IT and OT.

Ron Brash is a household name when it comes to ICS/OT cybersecurity and embedded vulnerability research. He was instrumental in creating the datasets for the S4 ICS Detection Challenges, received the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering, was an embedded developer at Tofino Security, advised several large asset owners in a variety of industries for OT security, and brought a number of products to market.

While IoT or IIoT is a major topic today, whether a product is new or old, history often repeats. This session will discuss the designs of many new industrial products, and some common embedded problems found in ICS and OT products – often due to extended life cycles, profitability, and the breakneck pace of technology.  Despite a push for security, some of the emerging «secure» design patterns have unintended effects and allow risks to go unnoticed (or unmanaged by Defenders).  Join us for a journey into Davy Jone’s firmware locker and a world of risk hiding beneath the surface.

I am working on making Phoenix Contact product offerings more secure, mainly by providing guidance and governance. I am also active in the security standardization and developing security concepts for Industrie 4.0.

The digital twin represented by the Asset Administration Shell is a very important concept in the Industrie 4.0. Use cases are product related data as for the Digital Product Passport 4.0 or operational data as in concepts for Collaborative Condition Monitoring. The Industrial Digital Twin Association (IDTA) is working on specifying the interoperable security mechanisms of the AAS.

Erlend Andreas Gjære has studied security and people for 15 years, including six years as a research scientist. In 2017, he became a tech-founder at Secure Practice, to help people with digital security at scale.

He is now on a cyber preparedness exercise tour across 20 cities in Norway with «Hele Norge øver», which is also a precursor to similar tours in several European countries

He will give the lecture together with Koen Fosse Matthys from Advisense

Ari works in the Automation Systems business line helping customers’ OT asset owners in risk management, countermeasure and threat monitoring implementation projects.

Production and process industry digitalization and connectivity to IT services and cloud introduces new threats in OT. Connectivity is also added because of OT threat visibility and IT counter measures. These connections and cloud managed xDRs tear down the ICS isolation myth. How OT is protected and what are the consequences of doing so?