For more information on our events policy, see https://isaca-gwdc.org/event-policies/
- This event has passed.
Internet of Things Security Conference
December 6, 2018 @ 8:00 am - 4:30 pm ESTGWDC Member - $105, Other ISACA Member - $135, Non-ISACA Member: $150
The Internet of Things is growing at a phenomenal rate and impacting all of our lives and businesses. Around 29 billion connected devices are forecast by 2022, of which around 18 billion will be related to IoT. In 2018, mobile phones are expected to be surpassed in numbers by IoT devices, which include connected cars, machines, meters, wearables and other electronics.
The ISACA GWDC Internet of Things Security Conference will feature speakers from Microsoft, NIST, ZingBox and other leading thought leaders in the IT, OT, IoT and Cyber Security space. The sessions will discuss the future role of security in the interconnected and smart world of the Enterprise Internet of Things.
Attendees of this one-day conference will learn about how the Internet of Things are being leveraged and it's impact on security and privacy. Additionally, attendees will be able to prepare their business for the unknown by anticipating enterprise risks and closing security gaps created by new devices that are being connected to their network.
Control Systems - IoT's Weaker Link Than IoT Itself? - Daryl Haegley
Every day we depend upon many Control Systems (CS); most now networked and potentially easily exploitable, i.e. utility, water, wastewater, natural gas, facility lighting, petroleum systems, smart meters, building heating and air conditioning equipment, research and development equipment, medical devices, vehicles and fire and life safety systems. Damage to or compromise of any control system may be a business or mission disabler as disruption of a computerized chiller controller could adversely impact network or data-base servers. Perhaps more concerning and debilitating would be when the control system is used as a gateway into the organization's information system or the organization's broader global information networks. All rely on control systems 24 x 7 x 365; yet identifying those responsible for cyber securing those networks remains a challenge by policy, standards and technical expertise. Facility Managers, Engineers and Public Works representatives should know the fundamentals and relevance of how automated networks of sensors, actuators and controllers require unique cyber intelligence and security requirements from those used to secure traditional information systems (such as email systems) and insight to how DoD and businesses are addressing the challenges to assure the security of operations, critical infrastructure and mission continuity. They cannot afford to hope that someone else is cyber securing the networks they manage every day.
Consider who in your organization would be responsible for the following real-world circumstances:
-A conference room thermostat converted into a microphone
-Fish tank connectivity enabled access to casino internal network
-245 is the average number of days adversaries go undetected in your network
-Default passwords discovered across 370 products from 80 vendors
Securing Healthcare IoT Powered by Real-world Data and Research - Paul Plofchan
The rapid adoption of connected IoT medical devices has both enhanced the quality of care and increased the vulnerability of healthcare organizations. Although it’s been over a year since WannaCry first disrupted the industry, many organizations continue to struggle to implement a comprehensive security plan against such attacks. Reliable real-world data of Connected Medical Devices from the perspective of cyber security, simply did not exist. This session will provide insights and statistics based on analysis of tens of thousands connected medical devices deployed in real-world environments and offer details of the latest cyber threat research. Recent findings resulting in various Common Vulnerabilities and Exposures (CVEs) will be shared. Learn strategies to augment medical device security based on industry research data and analysis of latest cyber threats.
Securing Data in Smart Cities - Shamlan Siddiqi
NTT Group, one of the biggest information and communication technology companies in the world that encompasses NTT Data, NTT Communications and Dimension Data, believes smart cities are the natural evolution in public safety that should make full use of next-generation sensors, ultra-high definition cameras and other forward-reaching technologies. This session covers the smart city solution is built on NTT Group’s Cognitive Foundation architecture.
IoT Device Fingerprinting - Interpreting the IoT Communication Without Deciphering It - Dmitry Cousin
The plethora of interconnected ‘Things’ that are flooding our everyday lives are offering features that enhance human experiences, and our lives in general. The very same devices often pose cybersecurity threats that may overshadow the benefits. A series of DDoS attacks against Dyn LLC in the fall of 2016 demonstrated how high is the security risk and revealed the tsunami effect of such attack originated by unsecure, compromised IoT devices. Current presentation will introduce our research focused on analyzing IoT network traffic generated in the NIST IoT Lab. The analysis employs statistical- and cognitive-based methods to 'fingerprint' IoT devices with dedicated functionality. We will discuss features selection, consideration of various ANN models and their selection criteria for IoT traffic analysis, and device fingerprinting using the aforementioned models. The presentation will conclude with a brief discussion of our future research focused on leveraging the IoT device fingerprinting approach to identify malicious behavior or deviations from normal behavior that may raise security concerns.
Panel Discussion – IoT is Connecting Devices at an Incredible Speed but is it also Separating Our Security Ecosystem at the Same Speed? - Angel Contreras, Moderator; Panelists - Joseph Facciponti and Maryam Rahmani
Organizations across all industries are racing to meet the needs of their customers, embedding connected sensors into the areas in which we work, live, learn and play. When trillion of things are expected to be connected in the upcoming years, how are we going to work together to secure those areas? The panel discussion will leverage the recently and first US IoT security law that was recently passed in California to begin unfolding the regulatory benefits and challenges. How can the IoT security law from California impact all of us today? Lastly, the panel discussion will be led in a manner that we’ll be “connected” in a similar manner that IoT has connected billion of devices to-date.
Managing IoT with AI for Central Power Plant Operations - Prasad Nair
Management of complex central power plants that generate steam, chilled water and electricity from multiple sources for campus-like facility environments is a challenge. Significant financial and performance benefits can be gained through application of machine learning AI to analyze and manage the large data stream available from IoT enabled devices within such facilities. Further, information for improvement of plant performance; operational and component maintenance can be extracted for predictive and on-condition monitoring of plant operations. Excluding plant consumables, a reasonably large central power plant would consume $70M annually in utility charges to support office buildings covering 20-30M sq.ft. So, in the current project, improved plant performance approaching 5% represents an annual cost reduction of $1.5M. However the initial challenge of machine aided AI technology is to intelligently analyze and apply optimizing rules while consuming a great number of observations per day from more than 10,000 IoT sensors (each reporting every second). The AI enabled software system must also be capable of incorporating increasingly higher fidelity system models, both in detail and complexity to support operational decisions.
This project is a collaboration between the Department of Computer Science, University of Maryland and Nair and Associates, LLC. The talk will describe the task of Central Power Plant data model definition, software simulation framework and issues involved in building a full scale machine learning simulation system. The results will be verified against 5-7 year historical database before the AI driven operational parameters can be introduced into the live environment.
As an application service provider, Nair and Associates, LLC., provides high integrity/high availability software for our customers. The software to be developed in this program will be integrated with our current services and made available to our customers. It will permit near real-time data measurement, tracking and verification of energy and fluids consumed by government and commercial facilities. Our business is an integrated service dependent upon IP-based network technologies while also extensively interconnected to our customers’ operational devices that are both legacy based and IoT enabled.
Deploying Your First IoT Device Using Azure IoT Hub - Jerry Rhoads
Azure IoT Hub allows you to securely connect, monitor, and manage billions of devices to develop Internet of Things (IoT) applications. IoT Hub is an open and flexible cloud platform as a service that supports open-source SDKs and multiple protocols.
This presentation will describe the Azure IoT service and how it can securely scale to billions of devices. The IoT DevKit will be demonstrated during the presentation.
Who should attend?
MEET THE PRESENTERS
Control Systems Cybersecurity Department of Defense
Mr. Daryl Haegley’s distinguished career includes military, federal, civilian and commercial consulting experience. He currently advises and oversees the strategic cybersecurity effort to protect the control systems and operational technology (OT) enabling the Department of Defense’s (DoD) critical infrastructure. For the past six years, Mr. Haegley has brought awareness to the ever-increasing cyber threat to unprotected connected OT devices and has led the government to make change. Specifically, he has successfully advocated to change laws, DoD policy and standards, and academic curricula while initiating the first comprehensive facilities related control systems cybersecurity program of its kind within the federal government.
A recognized innovator and thought leader, he’s a contributing author to NIST Special Publication 800-82 R2 “Guide to Industrial Control Systems Security,” Unified Facilities Criteria 4-010.06 “Cybersecurity of Facility Related Controls Systems” and ‘Governance and Assessment Strategies for Industrial Controls,’ Springer technical publication, “Cyber Security of SCADA and Other Industrial Control Systems.”
He maintains four certifications, three Masters’ degrees, two college tuitions and one patent.
Area Director, Zingbox
Paul Plofchan is an Area Director for Zingbox, helping health systems manage medical device security in the Southeast. His past experiences include positions as Vice President of Government & Regulatory Affairs and Chief Privacy Officer at ADT, and various corporate affairs and sales leadership roles at Pfizer, Inc. He is also the co-founder and past board member of Kind Hearts, Inc., a Nebraska company dedicated to helping seniors live independently in their communities. Paul is a graduate of both the University of Notre Dame and the University of Nebraska and is certified in data privacy through the International Association of Privacy Professionals (IAPP).
Paul’s civic involvement includes working with the FBI InfraGard Chapter of South Florida as both a board member and sector chief and prior experience as Chairman of bio Nebraska, a life sciences association.
Vice President and Chief Technology Officer for Public Sector, NTT DATA
Shamlan Siddiqi is Vice President and Chief Technology Officer for Public Sector at NTT DATA, a leading global IT and business services firm. He drives the firm’s technology vision, strategy and innovation. Previously, Mr. Siddiqi held executive roles including VP of Applications and VP of Digital where he led the development of award winning commercial solutions. Mr. Siddiqi has served on numerous industry working groups/ task forces on topics including blockchain, digital/ cloud and cyber security in addition to being a published writer/ contributor and speaker. Mr. Siddiqi is also actively supporting an internal organization called Women Inspiring NTT DATA (WIN) DC Chapter to support the identification, retention and development of women across NTT DATA. Mr. Siddiqi has served on the Board of Directors and is currently a Charter Member of an Entrepreneurship non-profit organization focusing on mentoring and guiding aspiring students and professionals on teamwork, career development and leadership. Mr. Siddiqi was recently awarded the Prominent Patriot award from George Mason University.
Dmitry Cousin is a specialist in the security automation and mechanisms group of cybersecurity division (CSD) in NIST. Dmitry has over 20 years of experience with building, analyzing and using connectionist models and other methods of artificial intelligence (AI) in various fields that include: speech recognition, automated securities analysis, and security automation among the others.
Senior Manager, Ernst & Young, LLP
Angel Contreras has over 10 years of experience in working with multiple system environments and enterprise wide applications. Angel’s extensive Federal experience includes audits and advisory engagements across the Department of Defense, Civilian agencies and the Intelligence Community.
Based on Angel’s audit and advisory experience, he has gained expertise in Federal IT audit methodologies (FISCAM) and reporting standards such as FISMA, Federal Managers Financial Integrity Act (FMFIA), Federal Financial Management Improvement Act (FFMIA), Office of Management and Budget (OMB) Circulars, DOD Directives, and National Institute of Standards and Technology (NIST) standards.
Angel is a Certified Information Systems Auditor (CISA), Certified Defense Financial Manager (CDFM), member of ISACA’s US policy working group and graduate from Marymount University.
Partner - Cybersecurity and White Collar, Murphy & McGonigle
Joseph Facciponti is a former cybercrime prosecutor at the U.S. Attorney’s Office for the Southern District of New York with experience in internal investigations, litigation, and regulatory matters concerning cybersecurity and financial crime. In private practice, Mr. Facciponti advises senior management and in-house counsel regarding data breaches and cybersecurity compliance and represents businesses and individuals in civil and criminal investigations and litigation concerning a wide range of financial crimes, intellectual property theft, and computer hacking. Mr. Facciponti serves on the Information Technology and Cyber Law Committee of the New York City Bar Association.
Global Partnership Officer, Global Cyber Alliance
Maryam Rahmani, CISSP, has 25 years of experience in technology sales, consulting and cybersecurity policy to provide value to GCA’s existing partner network and grow its partnership sphere across the Americas, Europe, the Middle East, and Africa.
Beyond her work with GCA, Ms. Rahmani serves as the Technical Co-Chair for the IEEE Women in Engineering (WIE) Forum East. She is an active member of the ISSA Women in Security (WIS) Security Interest Group (SIG) and previously served as a board member of the Society of High Performance Computing Professionals (SHPCP). She holds a Master of Science degree in Cybersecurity Policy from University of Maryland University College and a Bachelor of Science in Electrical Engineering from the University of Florida.
President, Nair and Associates, LLC
Since 1985 and until 2017, Mr. Nair has been president of Project Management Enterprises, Inc (PMEI), a Bethesda-based business focused on various areas of energy management and aviation data communications. Mr. Nair is now the President and CEO of Nair and Associates, LLC. an entity formed by re-organizing of the operations of (PMEI) with the purpose of focusing on the evolving energy monitoring and management sector. He has provided system integration, engineering and consulting services to Federal Government and the private sector, including Department of Energy, Federal Aviation Administration, National Aviation and Space Administration, General Services Administration, Library of Congress, Architect of the Capitol and a number of large and small commercial organizations. Nair is co-inventor of U.S. Patent 6,477,359 B2, Diversity Reception for Aeronautical Packet Data Communications Systems, and also is co-inventor identified on more than a dozen communication patent applications.
Cloud Security Architect, Microsoft
Jerry Rhoads is a Cloud Solutions Architect with Microsoft. Jerry has over 20 years IT experience in the areas of Software Development, IT Security and Cloud.
ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.
Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.
Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact Marvin Muhumuza, Programs Director, to discuss your needs, as soon as possible. We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.
SPONSOR THIS EVENT
Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE Distribution and Evaluation Survey
CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present the full day to receive full CPE credit.
- Prerequisites and Advance Preparation: N/A
- Program Knowledge Level: N/A
- Delivery Method: Live in person event