Optional 1/2 Day Operational Security Course Program

Good Operational Security: The Integration of Technology, Policy, and Controls November 1, 2011 Westin Houston Memorial City 12:00 pm – 5:00 pm Facilitators/Presenters: Annie McIntyre (President, Ardua Strategies Inc.) Morgan Henrie, (President, MH Consulting Services inc.) Presenters: Zach Tudor, (Program Director, SRI International) Jacquelynne Hernandez, (Member of Technical Staff, Sandia National Labs) Eric Cornelius, (Chief Technical Analyst, Dept of Homeland Security) Abstract: These are dynamic times for critical infrastructure providers, particularly oil and gas. Evolving threats to operational environments require dynamic security. Technology is being driven toward more standard structure and implementation, and we see a shift toward more cloud computing, social networking and outsourcing. Not all security risks can be mitigated by technology alone. Human interaction with technology and how core operational processes are conducted play an important role in the security culture. Changing policy and regulatory environments add complexities. Merging the human factor, technology, policy, procedures and regulatory environment is essential for a holistic security system. In this session, we will discuss the role of technology and policy in a holistic approach to operational security. We will identify key technical research findings, discuss assessment approaches, and present a path forward to establishing good operational security. Agenda: I. Introductions II. Overview of Session/Objectives III. Top Technical Risks and Implementation Issues a. “Evolving Risks and Opportunities in Holistic Operational Security” i. Emerging Threats ii. Recent Research Findings iii. Approaches b. Discussion IV. Technology Example a. “Cyber Security Implications of SIS Integration with Control Networks, the LOGIIC Project” b. Discussion V. Policy Example a. “Energy Policy - Operating at a Time of Uncertainty” i. Pending Regulations and Standards ii. Cyber Commons b. Discussion VI. Actions/Assessments a. “DHS CSSP Assessment Approaches” b. Discussion VII. Path Forward a. “A Model for Good Operational Security” b. People, Processes, Technology VIII. Wrap-up