Join public power thought leaders at a Cybersecurity Summit to learn the latest in cybersecurity practices, trends, and technologies. See what other utilities are doing to manage cyber risk and share your insights and feedback on the importance and impact of cybersecurity for public power.
Who Should Participate
- General managers and CEOs
- Senior utility executives
- Senior operations executives
- IT/OT managers
- Cybersecurity professionals
- Governing boards (elected and appointed)
- City council members
- Other utility managers and future leaders responsible for policy and strategy
- Industry partners, including strategic thinkers and subject matter experts
- Public communications personnel
2018 Cybersecurity Summit Co-host
Tuesday, November 13
Noon – 1 p.m.
1 – 1:30 p.m.
Welcome and Introductions
Mike Hyland, Senior Vice President, Engineering Services, American Public Power Association
Khalil Shalabi, Vice President of Strategy, Technology, and Markets Operations, Austin Energy, Texas
1:30 – 2:30 p.m.
High Tech, High Threat: Next Generation Cyber Challenges
Today, almost any device with an on-and-off switch can be connected to the Internet and to other devices. By 2020, there could be more than twenty-six billion connected devices. As this Internet of Things and other technologies evolve, so do threats to the electric grid. Today, cyber attackers are targeting more than laptops and servers. They are looking to break in at the operations, distribution, and even consumer level. Learn about new cyber vulnerabilities and how you can protect against them. Review the risks that emanate from the use of drones, robots, artificial intelligence, autonomous systems, AMI, and more. Learn how to mitigate the risks so you can leverage technologies of the future to provide safe, reliable service.
Peter Morin, Director, Cyber Security Services, KPMG, Halifax, Nova Scotia, Canada
2:30 - 2:45 p.m.
2:45 – 4 p.m.
Know Your Enemy: Active Defense & Penetration Testing for Utilities
Understanding your adversaries and how they operate is crucial to cyber defense. This intelligence can lead to more effective prioritization of controls and improved detections for organizations “hunting for evil” in their networks. This knowledge of adversary capabilities can also be leveraged to simulate real-world attack scenarios on infrastructure during Penetration testing efforts and reveal the risk remediation that matters most. Hear from two public power utilities that have used Active Defense and Penetration testing to better protect their IT/OT systems.
Dan Gunter, Principal Threat Analyst, Dragos Inc., San Antonio, Texas; Brent Heyen and Mark Johnson-Barbier, Senior Principle Analysts, Cyber Security Architecture, SRP, Phoenix, Arizona; and Jessica Matlock, Director, Government Relations, External Affairs and Strategic Accounts, Snohomish County PUD, Everett, Washington
4 – 4:15 p.m.
4:15 – 5:30 p.m.
Assessments Made Simple: The New Cybersecurity Scorecard
The new Cybersecurity Scorecard from the American Public Power Association is being used by a growing number of public power utilities to assess cybersecurity risks and build up defenses. Based on the DOE’s Electricity Subsector Cybersecurity Capability Maturity Model, the scorecard — at a basic level — allows your utility to start assessing your cyber risks and vulnerabilities by completing a self-assessment comprising 14 questions. Based on the score, you get customized recommendations you can use to build a cybersecurity action plan. Learn how other utilities have benefited from using the scorecard to issue a wake-up call to management and get buy-in from policymakers to invest in cybersecurity. You can sign up for the scorecard platform at no charge at the end of the session.
Carter Manucy, Cyber Security Manager, Florida Municipal Power Agency, Orlando, Florida; and Chad Schow, IT Manager, Franklin PUD, Pasco, Washington
5:30 – 6:30 p.m.
Wednesday, November 14
8 – 8:30 a.m.
Registration & Coffee
8:30 – 9 a.m.
DOE Opening Address
9 - 10:15 a.m.
Better Informed Is Better Prepared: Threat Alerts and Analysis
An essential component of your cyber defense system is to monitor industry-wide and cross-sector threat alerts so you’ll know what you should be prepared for. Two trusted sources for threat information and analysis are the E-ISAC and MS-ISAC. E-ISAC offers situational awareness on security threats, remediation, task force reviews, and other resources. MS-ISAC, operated by the nonprofit Center for Internet Security, is the go-to resource for cyber threat prevention and recovery for U.S. state, local, tribal, and territorial government entities. Hear from both entities about the threat monitoring and analysis services they offer. Learn from the experience of a public power utility that has used both portals to stay aware of threats. Find out how you can participate in these portals, distill the information, and plan your responses and action plan.
Kenneth Carnes, Chief Information Security Officer, New York Power Authority, White Plains, New York; Bill Lawrence,Vice President and Chief Security Officer, E-ISAC, Washington, D.C.; and Ryan Spelman, Senior Director, Center for Internet Security, Albany, New York
10:15 – 10:30 a.m.
10:30 – 11:45 a.m.
An Unclassified Threat Briefing
The U.S. faces a complex global cyber threat. The Intelligence Community World Wide Threat Assessment notes that the leading state intelligence threats to US interests will continue to be Russia and China. Other adversaries will pose local and regional cyber threats to U.S. interests. Adding to these threats is the clear targeting of the energy sector. Get information to help your organization understand threat actors and discuss options for enhancing energy security and resilience.
Karen Evans, Assistant Secretary for Cybersecurity, Energy Security, and Emergency Response, Department of Energy, Washington, D.C.
11:45 a.m. – 1 p.m.
Tim Roxey, Chief Cyber Security Officer for the North American Electric Reliability Corporation (NERC), Washington, D.C.
1 - 1:15 p.m.
1:15 – 2:45 p.m.
Building a Cybersecurity Culture: Tips and Tricks
Humans are the weakest link in the cybersecurity chain. Changing the leadership and staff culture to be more aware is often harder than putting the right hardware and software in place. Yet without the culture change, no cyber plan can be effective. Hear from an organizational change expert as well as public power utility officials on how you can motivate and train everyone on your team to practice good cyber hygiene and secure the frontiers of your utility against attackers.
Randy Black, IT Manager, Norwich Public Utilities, Connecticut; Joshua Cox, Senior System Administrator, City of Westerville Electric Division, Ohio; and Chris Kelley, Vice President, Beam Reach Consulting Group, Severna Park, Maryland
2:45 – 3 p.m.
3 – 4:30 p.m.
Cybersecurity Innovations: From Research to Rally
The Department of Energy’s National Laboratories have served as leaders of scientific innovation for more than seventy years. They address large scale, complex research and development challenges with a multidisciplinary approach that places an emphasis on translating basic science to innovation. Learn more about what the National Labs are doing on the cybersecurity front and how they translate cyber threat information into actionable programs. See how you can work with the labs and what resources you can get from collaborating with DOE.
David Manz, PhD, Senior Cyber Security Scientist, National Security Directorate/ Cyber Security Group, Pacific Northwest National Laboratory, Richland, Washington; and Wayne Austad, Technical Director, Cybercore Integration Center, Idaho National Laboratory
4:30 – 5 p.m.
Closing Discussion: Next Steps
Join Association staff and your utility peers at a roundtable discussion on the issues addressed throughout the summit. Discuss your challenges and questions with your peers. Plan next steps and see how public power can work together to secure the grid against cyber attacks.
- $645 before Oct. 15
- $695 after Oct. 15
- $1,290 before Oct. 15
- $1,340 after Oct. 15
Not a member? Join today and save $645 on your conference registration. Call Member Services at 202-467-2926 to learn more.
The following food functions/meals are included in the registration fee (all other meals are on your own):
- Reception (Tuesday)
- Lunch (Wednesday)
- Beverage breaks (Tuesday afternoon/Wednesday morning & afternoon)
The attire for the 2018 Cybersecurity Summit is business casual. Since meeting room temperatures vary, please prepare to dress for cool conditions. Temperatures in Austin, Texas for the summit dates range from an average high of 72 degrees to an average low of 56 degrees.
The InterContinental Stephen F. Austin is located approximately 10 miles from the Austin-Bergstrom International Airport.
Travel Cost Policy
Travel arrangements and costs are the responsibility of the meeting participants. The Association will not reimburse for changes in travel expenditures regardless of the cause, including the cancellation of a course, meeting or workshop.
Registrants who cancel in writing on or before November 5, 2018, are entitled to a refund of their registration fee, minus a $50 cancellation fee. Registrants who cancel after November 5 will not receive a refund, but attendee substitutions will be allowed for the 2018 Cybersecurity Summit. Registrants and no-shows who do not cancel before or on November 5 are responsible for the full registration fee and are not entitled to a refund of their registration fee. Cancellations must be made in writing and mailed or e-mailed to [email protected].
If you have questions about the meeting, please contact any of the staff listed below:
Phone: 202-467-2941; Fax: 202-495-7505; Email: [email protected]
Phone: 202-467-2941; Fax: 202-495-7505; Email: [email protected]
Phone: 202-467-2921; Email: [email protected]
Phone: 202-467-2967; Fax: 202-495-7467; Email: [email protected]
The Cybersecurity Summit will take place at the:
InterContinental Stephen F. Austin Hotel
701 Congress Avenue
Austin, TX 78701
- Main Telephone: 512-457-8800
- Group Rates: Single/Double $249 per night, plus 15% tax
- Reservation Cut-off Date: October 15, 2018
- Reservation Telephone: 1-800-235-4670
- Group Code: “JOQ” or “Power Forward”
- Online Reservation Link: Cybersecurity Summit
Check-in: 3 p.m. / Check-out: Noon
Parking Fee: Valet Parking Only: $42 per day, plus tax
In-Room Wireless: Complimentary standard wireless internet
About the Hotel
Originally built in 1924 as the city’s first high-rise hotel on Congress Avenue, the InterContinental Stephen F. Austin’s rich history and luxurious accommodations offer a truly unique hotel experience in the heart of downtown Austin. Step inside our golden doors and be greeted by friendly staff, a grand marble double staircase and plush seating in the lobby area. Unwind after a busy day in the city in one of the recently renovated rooms and suites, and stay active at the extensive Health Club, featuring state-of-the-art Cybex & Precor equipment, lap pool and Jacuzzi. Indulge in handmade cocktails, tasty cuisine and a breathtaking view of the State Capitol at Stephen F’s Bar & Terrace. Treat yourself to the Club Intercontinental Experience, where you can enjoy a deluxe breakfast buffet, daily champagne tea hour, and dedicated concierge services.
Hotel Reservations & Cancellation Policy
The cut-off date to receive the group rate (plus tax) is Monday, October 15, 2018. If rooms remain in the block after the cut-off date, the group rate will be honored. If not, you may be charged a higher rate. The room block may sell out before October 15, 2018, so early reservations are encouraged. For individual reservations call 1-800-235-4670 and reference “JOQ” or “Power Forward,” or make your reservation online. The InterContinental Stephen F. Austin should receive all reservations no later than October 15.
Cancelled reservations that are not resold may become a financial liability for the Association, so please make your reservations thoughtfully. If you require additional assistance with housing please contact Meeting Services at 202-467-2941 or [email protected]
Do NOT make hotel reservations through any third party that may contact you by phone or email. Use only the online reservation links, phone numbers, and discount codes available directly from the Association—in conference brochures and the website at www.PublicPower.org.
For assistance making your hotel arrangements, please contact Meeting Services at 202-467-2941 or [email protected].
Frequently Asked Questions
What educational credits are available?
Academy events include the following opportunities for educational credits:
- Continuing Education Units (CEUs) from the International Association for Continuing Education and Training (IACET)
- Professional Development Hours (PDHs) as established by the National Council of Examiners for Engineering and Surveying (NCEES)
- Continuing Professional Education (CPE) Ccedits from the National Association of State Boards of Accountancy (NASBA)
Is there international registration?
Online meeting registration is for U.S. and Canadian residents only. International registrants must provide a signed registration form — signed by the authorized cardholder — if paying with a credit card. Fax the completed registration form to 202-495-7484 or email it to [email protected].
Alternatively, you could send a check from a U.S. bank payable to American Public Power Association. Please mail completed form with full payment to our bank lock box:
American Public Power Association
P.O. Box 418617
Boston, MA 02241-8617
Are meals included?
The following food functions/meals are included in the registration fee:
- Tuesday - Coffee; Reception
- Wednesday - Coffee; Lunch
What is the conference dress code?
The attire for the conference is business casual. Meeting room temperatures vary, so prepare to dress for cool conditions.
How can I present at the conference?
We welcome your topic and speaker ideas for future conferences and events. To submit your idea for consideration, complete this form. Conference topics are generally determined 6-8 months before the event is held. Ideas will be kept on file for a full year, so if the agenda for the conference has already been determined, your ideas will be considered for the next year’s event, or in case any space opens up in the current year’s program. You will be contacted only if your idea is selected for an upcoming conference.