Cybersecurity Track

Supply Chain Security, Protection Against Ransomware Attacks, and Safety and Integrity of Automated Systems

In today’s interconnected world, the aerospace, automotive and maritime industries increasingly rely on automation to drive efficiency and innovation. With this increased connectivity comes new cybersecurity risks. Explore the unique challenges and best practices for securing automation in these critical sectors with insightful sessions that cover supply chain security, protection against ransomware attacks and ensuring the safety and integrity of automated systems.

Cyber Track icon - dive-ase

DIVE deeper into secure-by-design principles and explore effective strategies for conveying cybersecurity requirements to vendors.

Cyber track icon - explore-ase

EXPLORE the cybersecurity challenges posed by the digitalization of the maritime industry and the critical role of cybersecurity experts in developing risk mitigation strategies to ensure safe and secure operations at sea and in port.

Cyber track icon - unlock-ase

UNLOCK the latest advancements in machine learning and generative AI, including their applications in automotive part production, aerospace manufacturing, supply chain, international port security and cybersecurity threat tracking.

Wednesday, 2 October

08:30-09:15
Keynote - Beyond the Stars: How Digital Transformation is Shaping the Future of Space Exploration
Houston Green - 100x100Carolina Ballroom | Francis Marion Hotel
Houston Green,
Space Exploration Engineer, The Aerospace Corporation, NASA Johnson Space Center
 
 


 Houston Green is the Human Surface Mobility and Extravehicular Activity Program Technical Leader for reduced gravity environments at NASA Johnson Space Center (JSC). He manages cost, schedule, and upgrades for the Active Response Gravity Offload System (ARGOS) Project used in testing of the Lunar Terrain Vehicle (LTV) and space suits associated with the xEVAS contract and is currently writing system requirements for a host of new and innovative gravity offload capabilities to be used for testing and training of Astronauts within upcoming Artemis missions. Houston was previously a Designer and Operator on the ARGOS Project, where his team designed and are currently assembling the Next Generation ARGOS (AX3S) in the Building 9 Highbay at JSC.
09:15-09:30
Break
09:30-10:00
Technology Demonstration 

Presented by  Fortinet-logo-350

Rod Locke - 100x10010Carolina Ballroom | Francis Marion Hotel
Presenter:
Rod Locke, Director, Product Management, Operational Technology

In the face of continually evolving cyber threats, industrial organizations are compelled to adopt automated analysis, orchestration, and response technologies, including the capabilities brought by Machine Learning (ML) and Generative AI. Integrating AI into security operations reduces alert fatigue and enables more efficient analysis and response to incidents. Leveraging AI integrated into a security platform enhances threat detection, incident response, and compliance assurance while lowering the total cost of ownership for SecOps infrastructure. 


 Rod Locke has been in the OT security industry for over 15 years, working in vulnerability testing, OT-specific network security, and embedded product security in past roles at Wurldtech, GE Digital and Sierra Wireless. Rod is a Director of Product Management at Fortinet, focused on OT threat protection.
10:00-10:30
Beyond the Defense in Depth: The Artificial Intelligence Role in ICS Defense

Felipe Costa - 100pxCarolina Ballroom |  Francis Marion Hotel
Presenter: Felipe Costa, Sr. Product Marketing Manager, Moxa

Amidst the swift advancement of cyber threats, adopting Artificial Intelligence (AI) and Machine Learning (ML) within cybersecurity measures has transitioned from a mere advantage to an absolute necessity. This presentation will provide some of the current challenges and innovative solutions in the realm of industrial cybersecurity. Anchored on critical updates and insights from the latest industry trends and standards, this presentation emphasizes proactive defense mechanisms and effective incident response, with ISA/IEC 62443 as a foundational framework. The session will explore how AI and ML revolutionize threat detection and response.
 

Felipe Costa is the Cybersecurity Director and an official ISA/IEC 62443 industrial cybersecurity instructor at ISA (International Society of Automation) and EC Council (world's largest cyber security technical certification body). Additionally, he is a Sr. Product Marketing Manager at Moxa Americas, responsible for networking and cybersecurity in the US, Canada, and LATAM. He is also an international speaker, technical article writer, and SME (subject matter expert) in cybersecurity and artificial intelligence (AI). 
10:30-10:45
Break
10:45-11:15
Cyber Simulation in a Nuclear Power Plant

Victor Alvarez - 100x100Carolina Ballroom | Francis Marion Hotel
Presenter: Victor Alvarez, Information Security Analyst, TI Safe

The Xphir4 project is a sophisticated cyber-physical simulator developed by TI Safe Lab, designed to replicate the operational and security aspects of a nuclear power plant. Based on a Pressurized Water Reactor (PWR) model, the Xphir4 simulator integrates various hardware components, including Siemens PLCs (S7-1200), Scalance switches (XC208), and Fortigate firewalls (F60), utilizing communication protocols such as S7-COMM and Profinet. The project adheres to the ISA/IEC 62443 standards for securing Industrial Automation and Control Systems (IACS), ensuring that all phases of the plant's lifecycle—from design to operation—are covered under stringent cybersecurity measures. 
 

 Victor Alvarez is a Computer Engineer and Industrial Automation Technician, specializing in automation processes for robotic systems and cybersecurity development.
11:15-11:30
Break
11:30-12:00
Fireside Chat: Crowdstrike Breach: Lessons Learned (OT focus)

Carolina Ballroom | Francis Marion Hotel

The crowdstrike breach has significantly impacted businesses worldwide, highlighting the importance of robust cybersecurity measures and operational resilience. Our presenters will cover lessons learned from the breach and its implications for operational technology (OT). It will cover critical lessons learned, including the need for business continuity plans, testing and deployment within the OT environment and critical systems affected.

Moderator:

Sunil Doddi - 100px Sunil Doddi, Senior Principal Process Controls Engineer, Air Products and Chemicals, Inc.,

 

 

Presenters:

Patrick Obrien - 100pxPatrick O' Brien, Cybersecurity Lead, exida

 

 

generic head shot iconChris Choquette, Senior Cyber Security Consultant, FM Global

 

 


Patrick O'Brien is a Cybersecurity Team Lead at exida, LLC, where he drives cybersecurity certification and assessment services for service providers and industrial asset owners. He has led cybersecurity risk assessments, training courses, and other lifecycle activities for many different applications, including oil and gas, specialty chemical, machinery, and robotics. In addition to his cybersecurity role, he also provides consulting services in the areas of process safety, functional safety, and machine safety.

12:00-13:00
Lunch and State of the Society Address
Carolina Ballroom | Francis Marion Hotel
13:00-14:00
Panel: Connecting Intelligence with Technology

Carolina Ballroom | Francis Marion Hotel

Moderator:

David Shultz - 100pxDavid Schultz, Senior Consultant, Spruik Technologies

 

 

Panelists:

Jeffrey Schroeder - 100x1007Jeffrey Schroeder, Product Manager, HighByte

 
 
 
Russell Gregg - 100x10011Russell Gregg, Director of Manufacturing Solutions, Canary Labs

 
 
 
Robert Graves - 100x100Robert Graves, Technical Solutions Program Manager, Sales Engineering, Inductive Automation

 
 
 
Dan White - 100x1005Dan White, Director of Technical Marketing, Opto 22

 
 
 
Josh Schadel - 100x100Josh Schadel, General Manager & CTO, Signalfire

 


Arlen Nipper - 100x1002Arlen Nipper, President & CTO, Cirrus Link

13:45-14:00
Break
14:00-14:30
Technology Demonstration

Carolina Ballroom | Francis Marion Hotel
Presenter: TBA

14:30-15:00
Does AI Dream of Electric Substations? Generative AI and the Frontiers of AI Safety Principles for Critical Infrastructure Systems

 

Jessa Davis 100x100Carolina Ballroom | Francis Marion Hotel
Presenter: Jessa Davis, Security Consulting Manager, Accenture Security

As the use of artificial intelligence (AI) in industry increases, technology and cybersecurity professionals must focus on engineering intrinsically safe and inherently secure AI systems—especially when used in operational technology (OT) environments, where a system failure or cybersecurity incident could result in serious injury and loss of life, environmental harm, or the interruption of critical infrastructure services. From this context, three core principles of AI safety engineering adapted to IEC 61508 and ISA/IEC 62443 standards will be presented to address the unique needs of OT processes—prioritizing both safety and reliability in operations—with use cases highlighting the ethical, cybersecurity and risk management challenges of implementing AI within electric utilities’ OT networks.


Jessa Davis (she/her) is a Security Consulting Manager at Accenture, specializing in cyber-physical systems (CPS) and operational technology (OT) cybersecurity for electric utilities clients. Before joining Accenture, Jessa worked as an industrial controls system engineer in the oil and gas industry and as a blockchain software developer with the United Nations Office for Project Services in Kathmandu, Nepal. Her research interests include resolving EV charging infrastructure and vehicle-to-grid (V2G) cybersecurity challenges and supporting cyber resilience strategies for the smart grid. She lives in Seattle, WA.

15:00-15:15
Break
15:15-15:45
62443 Application Differences: Brownfield v. Greenfield Facilities

Chris Monchinski - 100pxCarolina Ballroom | Francis Marion Hotel
Presenter:
Chris Monchinski, CTO, InflexionPoint

This presentation will explore the key similarities, differences and lessons learned in applying the ISA/IEC 62443 standard within greenfield and brownfield industrial environments. In greenfield (new) projects, where systems can be designed from the ground up, there is a unique opportunity to integrate cybersecurity measures into the architecture from the earliest stages. Chris will discuss strategies for leveraging this opportunity, including best practices for designing a secure infrastructure, selecting compatible technologies, and ensuring seamless integration of security controls. Conversely, brownfield (existing) projects present distinct challenges, particularly when dealing with legacy systems that were not originally designed with cybersecurity in mind. The presentation will address these challenges, offering practical approaches to retrofitting existing systems with modern security measures, managing vulnerabilities inherent in outdated technologies, and balancing operational continuity with the need for enhanced security.

 


Chris Monchinski is CTO at InflexionPoint where he provides is 30+ years of experience to clients through thought leadership, strategy, design and implementation involving Digital Transformation. Chris is chair of the ISA 95 committee on Enterprise-to-Control System Integration, convenor of IEC/ISO JWG5 and past Vice President of the ISA S&P board (2019-20). Chris is chair of the MESA Knowledge Committee. Chris holds a BSEE and an MSCS.

Thursday, 3 October

08:30-09:15
Keynote - Data Security in Generating Renewable Energy

James Clark - 100pxCarolina Ballroom / Francis Marion Hotel
James Clark,
Vice President, Information Technology, South Jersey Industries Information Security 

Jamie will present a success story on delivering a secure solution allowing data to traverse OT to IT to gain central visibility across our entire portfolio of farms generating renewable energy.  It is a very challenging project designed from the ground up, emphasizing cyber security for safety and compliance.


With 22 years of experience leading IT teams and 15 years in building cybersecurity programs across the chemical, medical, and utility industries, Jamie Clark is a visionary technologist who bridges the gap between security, IT, SCADA, and business teams. Currently, Jamie leads the Information Security (IT/OT) & GRC programs for South Jersey Industries (SJI), where he also manages the OT Solution Services Team. SJI is a leader in delivering safe, reliable, and affordable energy solutions. Jamie holds a BS in Computer Information Systems (CIS), an MBA, and certifications including Certified Information Systems Security Professional (CISSP) and Global Industrial Cyber Security Professional (GISCP).

09:15-09:30
Break
09:30-10:00
Technology Demonstration

Carolina Ballroom | Francis Marion Hotel
Presenter: TBA


10:00-10:30
Case Study Example of ISA/IEC 62443 in the Manufacturing Environment

Eddie Baur - 100x100Carolina Ballroom | Francis Marion Hotel
Presenter:
Edgar Baur, Manager—Engineering Digitalization, Robert Bosch LLC

This presentation will focus on a real-world case study of applying the ISA/IEC 62443 standard in a manufacturing environment. The ISA/IEC 62443 is a comprehensive framework that provides guidelines and best practices for securing industrial automation and control systems (IACS).
 
The presentation will address the challenges encountered by Bosch USA plants, as well as worldwide, and how the adoption of ISA/IEC 62443 helped mitigate these issues. It will explore how this comprehensive approach effectively addresses cybersecurity challenges, ensuring business continuity and achieving strategic business objectives, particularly when dealing with heterogeneous manufacturing and IT environments, both regionally and globally.
 

Edgar (Eddie) Baur has been deeply involved in digitalization, automation and transformation throughout his career at Robert Bosch GmbH. Currently serving as Manager in Digitalization and as IT/OT Security regional representative in the Americas for the Corporate division, he is based in South Carolina. With 28 years of experience at Bosch, starting in Corporate Research and the internal Automation and Manufacturing Special Machinery division, he has gained extensive expertise in the manufacturing domain, particularly in Automation, Advanced Manufacturing and the Information Technology sector.
 
Eddie is currently focused on supporting and guiding business units and plants in their preparation and deployment for Bosch's significant transformation journey, enhancing Data-Driven Operations, Smart Manufacturing, Digitalization, ERP system upgrades and promoting process standardization and harmonization, while also ensuring a secure and state-of-the-art IT/OT landscape.
10:30-10:45
Break
10:45-11:15
ISASecure ISA/IEC 62443 Site Assessment (ACSSA) Program - Industry Perspectives & Updates

Carolina Ballroom | Francis Marion Hotel

Learn the value of standardized cybersecurity assessments for automation managing equipment at asset owner sites. Since announcing the plans in Q2 2023 to establish an operating site cybersecurity assessment scheme aligned to ISA/IEC 62443, ISASecure has been hard at work developing the standard alongside key stakeholders from asset owners, certification bodies, and OT-specific industry stakeholders.
 
Join us for this exclusive panel to meet with the program managers, directors, and SMEs actually writing the standard to hear firsthand what the industry can expect, including release dates, preparation documents and upcoming training opportunities.
 
Moderator:

Sean Haynes100x100Sean Haynes, Chief Marketing Officer, SecurityGate.io

 

 

Panelists:

Brandon Price - 100x100Brandon Price, Sr. Principal, Industrial Cybersecurity, ExxonMobil Technology & Engineering Company

 

 

Kenny Mesker - 100x100Kenny Mesker, OT Cybersecurity Strategist, Chevron

 
 
 
Patrick Obrien - 100pxPatrick O'Brien, Cybersecurity Team Lead, exida
 
 
  
 

 Sean Haynes has over 30 years of experience in Technology, Marketing, and Product Design & Development roles in the Fin-tech, Insurance, healthcare, and education sectors from early-stage to mature organizations. In his current role as Marketing Lead at ISASecure, Haynes is focused on leading the development of strategies and operational plans that advocate for the global adoption of ISASecure and ISA/IEC 62443 family of standards to secure and certify automation in critical infrastructure.
 

Brandon Price is Senior Principal Engineer for ICS Cybersecurity at ExxonMobil with responsibility for sustaining ExxonMobil's ICS cybersecurity strategy for its Upstream, Downstream and Midstream businesses. He has over 20 years of experience in leadership, security and business controls for protecting information, information systems and operational technology. He graduated from the University of Alabama with a degree in Management Information Systems and holds a CISSP certification.


With over 25 years of experience in OT systems architecture, cybersecurity, software development, and engineering, Kenny Mesker is an accomplished operational technology leader with a proven track record in all facets of system design and implementation. As a Chevron Distinguished Engineer and the OT Cybersecurity Strategist, Kenny is responsible for developing the corporate OT cybersecurity technology strategy. He currently holds the positions of Vice Chair of the ISA Secure Compliance Institute board of directors and co-Vice Chair of the Association of Fuel and Petrochemical Manufacturers cybersecurity subcommittee. Kenny is an Electrical Engineering graduate of Texas A&M University with post-graduate research in fault tolerance and resilient engineering.


Patrick O'Brien is a Cybersecurity Team Lead at exida, LLC, where he drives cybersecurity certification and assessment services for service providers and industrial asset owners. He has led cybersecurity risk assessments, training courses, and other lifecycle activities for many different applications, including oil and gas, specialty chemical, machinery, and robotics. In addition to his cybersecurity role, he also provides consulting services in the areas of process safety, functional safety, and machine safety.
 

Mike Gorman has been in various engineering roles for 30 years. Most of that time was spent in data service engineering and management at Verizon Wireless where he engaged in a wide variety of solutions and systems internally and working with customers on interesting connectivity projects. In 2016, Mike joined NetFoundry as a newly formed startup. In 2018, he took the newly minted role of Head of Security and Compliance, and created a formal security program. In 2022, Mike added the leadership of the Operations team to his portfolio and took the title of CISO. Mike holds a CISSP and CCSP from ISC2, sits on the adivsory board for the cybersecurity program at UNCP, and volunteers with CyberPatriots, a middle and high school program of cybersecurity competition.
11:15-11:30
Break
11:30-12:00
Maritime Cybersecurity in the Supply Chain

Carolina Ballroom | Francis Marion Hotel
Presenter: South Carolina Port Authority

The maritime supply chain plays a critical role in global trade, yet its reliance on interconnected digital systems exposes it to various cyber threats. This presentation delves into the complexities of maritime cybersecurity and its impact on the supply chain. We will explore the unique challenges that maritime organizations face in safeguarding their digital assets, from vessels and ports to logistics and cargo management.

12:00-13:00
Lunch
Carolina Ballroom | Francis Marion Hotel
13:00-13:45
Plant Owner Perspective: Navigating Cybersecurity Challenges and Threats - Strategies for Effective and Efficient Mitigation

Carolina Ballroom | Francis Marion Hotel

Moderator: 

Patrick Obrien - 100pxPatrick O'Brien, Cybersecurity Lead, exida

 

 

Panelists: 

Chris DaCosta - 100x100Chris DaCosta, ICS Cybersecurity Director, Air Products and Chemicals, Inc.
 
 
 

Brandon Price - 100x100Brandon Price, Sr., Principal, Industrial Cybersecurity, ExxonMobil Technology & Engineering Company

 
 
 
Eddie Baur - 100x100Edgar Baur, Manager—Engineering Digitalization, Robert Bosch LLC

 

 


Patrick O’Brien is a Cybersecurity Team Lead at exida, LLC, where he drives cybersecurity certification and assessment services for service providers and industrial asset owners. He has led cybersecurity risk assessments, training courses, and other lifecycle activities for many different applications, including oil and gas, specialty chemical, machinery, and robotics. In addition to his cybersecurity role, he also provides consulting services in the areas of process safety, functional safety, and machine safety.


Chris DaCosta is currently the Director of Global OT Cybersecurity at Air Products & Chemicals, Inc. As a Air Products Distinguished Engineer, he has responsibility for developing corporate strategy and managing the cybersecurity lifecycle for all IACS of the company’s global fleet of over 600 facilities. He has well 25 years of experience deploying, maintaining and optimizing industrial automation systems and over 10 years in OT cybersecurity. He is a graduate of Brown University with a degree in Chemical Engineering and Masters Degree in Chemical Engineering from Villanova University. Chris is active in AIChE, American Chemistry Council (ChemITC) and as a voting member for ISA/IEC 62443.


Brandon Price is Senior Principal Engineer for ICS Cybersecurity at ExxonMobil with responsibility for sustaining ExxonMobil's ICS cybersecurity strategy for its Upstream, Downstream and Midstream businesses. He has over 20 years of experience in leadership, security and business controls for protecting information, information systems and operational technology. He is a graduate of The University of Alabama with a degree in Management Information Systems and holds a CISSP certification.


Edgar (Eddie) Baur has been deeply involved in digitalization, automation and transformation throughout his career at Robert Bosch GmbH. Currently serving as Manager in Digitalization and as IT/OT Security regional representative in the Americas for the Corporate division, he is based in South Carolina. With 28 years of experience at Bosch, starting in Corporate Research and the internal Automation and Manufacturing Special Machinery division, he has gained extensive expertise in the manufacturing domain, particularly in Automation, Advanced Manufacturing and the Information Technology sector.
 
Eddie is currently focused on supporting and guiding business units and plants in their preparation and deployment for Bosch's significant transformation journey, enhancing Data-Driven Operations, Smart Manufacturing, Digitalization, ERP system upgrades and promoting process standardization and harmonization, while also ensuring a secure and state-of-the-art IT/OT landscape.
13:45-14:00
Break
14:00-14:30
Technology Demonstration

Carolina Ballroom | Francis Marion Hotel
Presenter: TBA

14:30-15:00
Workforce Needs and Development in OT

Carolina Ballroom | Francis Marion Hotel
Presenters:

Sean McBride 100x100Sean McBride, Director, Informatics Research Institute, Idaho State University

 

 

Shane Stailey 100x100Shane Dale Stailey, Senior Industrial Control Systems Cybersecurity Professional, Idaho National Laboratory




As the demand for skilled professionals in operational technology (OT) continues to grow, organizations face significant challenges in recruiting, training, and retaining a competent workforce. This presentation will delve into the workforce needs and development strategies specific to the OT sector, focusing on addressing the skills gap and building a robust talent pipeline.
 
We will examine the current state of the OT workforce, identifying critical skills and competencies required for various roles, including control system engineers, cybersecurity specialists, and system integrators. The presentation will also explore emerging trends and technologies, such as digital transformation, AI, Industry 4.0 and their impact on workforce requirements.
15:00-15:15
Break
15:15-15:45
Applying ISA/IEC 62443 to a Unified Name Space

Carolina Ballroom | Francis Marion Hotel

Presenters:

David Shultz - 100pxDavid Schultz, Senior Consultant, Spruik Technologies

 
 
 
generic head shot icon Mike Gorman, Head of Operations and CISO, NetFoundry
 
 
 
 
As industrial control systems (ICS) continue to evolve and integrate with information technology (IT) systems, ensuring their security becomes increasingly complex. A unified namespace (UNS) offers a single source of truth for data in the industrial Internet of Things (IIoT), providing opportunities to streamline operations and improve efficiency. However, securing a UNS requires a robust approach to cybersecurity.
 
This presentation will focus on applying the ISA/IEC 62443 standards to a UNS in order to enhance the security of ICS. We will begin by exploring the components of the UNS and the potential benefits it offers in terms of data management and system integration.
 

 David Schultz is a senior consultant with Spruik Technologies. He works with manufacturers to help them develop and execute strategies for their digital transformation and asset management initiatives. He has 25 over years of automation and process control experience across many market verticals, with a focus on continuous and batch processing. He is the Director for the SMIIoT Division of ISA and serves on several technical committees. He is also a member of the Society of Maintenance and Reliability Professionals (SMRP) and Project Management Institute (PMI).
 

Mike Gorman has been in various engineering roles for 30 years. Most of that time was spent in data service engineering and management at Verizon Wireless where he engaged in a wide variety of solutions and systems internally and working with customers on interesting connectivity projects. In 2016, Mike joined NetFoundry as a newly formed startup. In 2018, he took the newly minted role of Head of Security and Compliance and created a formal security program. In 2022, Mike added the leadership of the Operations team to his portfolio and took the title of CISO. Mike holds a CISSP and CCSP from ISC2, sits on the advisory board for the cybersecurity program at UNCP, and volunteers with CyberPatriots, a middle and high school program of cybersecurity competition.
15:45-16:00
Break
16:00-16:15
ISA Standards Overview
Charley Robinson - 100x1004

Carolina Ballroom | Francis Marion Hotel
Presenter: Charley Robinson, Director, Standards Administration, ISA

ISA’s international standards play a vital role in promoting safety, cybersecurity and efficiency across global industry. This workshop will provide an overview of ISA’s international standards program and its relationship to and collaboration with the International Electrotechnical Commission (IEC). A panel of experts representing standards stakeholders will then answer questions from the audience.

16:15-16:45
ISA Standards Panel

Carolina Ballroom | Francis Marion Hotel

This panel is an extension of the ISA Standards Overview and will have time for audience Q&A.

Moderator:

Scott Reynolds - 100x100Scott Reynolds, Security Engineering Manager - ITD, Johns Manville

 

Panelists:

Ed Manns - 100x100Ed Manns, Managing Director, External Relations, ISA

 

 

Charley Robinson - 100x1004Charley Robinson, Director, Standards Administration, ISA

 

 

David Lee - 100x1008Dave Lee, President, User Centered Design Services

 

 

Cybersecurity Track Program Committee

Patrick Obrien - 100px 
Patrick O'Brien, Chair

Felipe Costa - 100px
Felipe Costa

generic head shot icon
John Morrow

Chris Monchinski - 100px
Chris Monchinski

Sunil Doddi - 100px
Sunil Doddi

This program track is under development.

Subscribe to ISA event emails to get the latest updates.