Critical Infrastructure Summit
Virtual Summit November 17 - 18, 2022
We are excited to announce the launch of the ISMG Critical Infrastructure Summit, which will be taking place November 1st, marking the start of Infrastructure Security Month in November. Critical Infrastructure is where security hits home- we are so dependent on our infrastructure for so many facets of our daily lives. Critical functions of our societal dependencies such as water, power, transportation and financial services all are a part of critical infrastructure, and last year we saw first-hand through the Colonial Pipeline incident the strength of this dependency. Originally, operational technology and informational technology were separate, however, progressively there has been a greater interconnection between the two as the internet has evolved over time. Bridging the gap is pertinent for the future of both industries alike, despite its history of being seemingly separate entities. Bringing people together to talk about best strategies for keeping sectors secure is paramount, and our expert group of speakers will take this one step further by providing true, tangible takeaways for optimal cyber resiliency. We’re honored that you have taken the time to join us for this pivotal event, so that you can configure, maintain and sustain your systems for both cyber and, ultimately, the nation’s security. Letter from the Chair Grant Schneider
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Jeremy Grant
Managing Director, Technology Business Strategy
Venable LLP
Ari Redbord
Head of Legal and Government Affairs
TRM Labs
Lisa Sotto
Partner
Hunton Andrews Kurth LLP
Troy Leach
Chief Strategy Officer
Cloud Security Alliance
John Kindervag
Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow
ON2IT Cybersecurity
David Pollino
Former CISO
PNC Bank
Grant Schneider
Senior Director for Cybersecurity Services
Venable LLP
Tom Field
Senior Vice President of Editorial
ISMG
Grant Schneider
Senior Director for Cybersecurity Services
Venable LLP
Prior to Venable, Schneider served as the U.S. deputy federal CISO and the U.S. federal CISO and as senior director for cybersecurity policy on the White House National Security Council. Before that, he served for seven years as chief information...
Mike Manrod
CISO
Grand Canyon Education, Inc.
Elvis Chan
Asst. Special Agent in Charge San Francisco Division, Cyber Branch
FBI
Chan manages a squad responsible for investigating national security cyber matters. He is a decorated agent who is recognized within the Intelligence Community as a cyberterrorism expert. SSA Chan was the lead agent on significant cyber investigations and managed joint...
Cherilyn Pascoe
Senior Technology Policy Advisor
National Institute of Standards and Technology (NIST)
Cherilyn Pascoe is Senior Technology Policy Advisor at the National Institute of Standards and Technology (NIST), U.S. Department of Commerce. She advises NIST leadership on technology policy and strategy, including cybersecurity, privacy, and artificial intelligence. She also leads the NIST...
Anna Delaney
Director of Productions
ISMG
Manny Cancel
SVP and CEO
E-ISAC
Cancel became NERC senior vice president and chief executive officer of the Electricity Information Sharing and Analysis Center (E-ISAC) in January 2020. He is responsible for the management and oversight of the E-ISAC and leads security operations and information sharing,...
Erik Decker
Assistant Vice President
Intermountain Healthcare
Erik Decker is the Assistant Vice President – Chief Information Security Officer at Intermountain Healthcare. Previously Erik was the Chief Security and Privacy Officer for the University of Chicago Medicine, where he was responsible for its Cybersecurity, Identity and Access...
Jerry Cochran
Deputy CIO – Cybersecurity & DigitalOps
Pacific Northwest National Laboratory
Cochran serves as Pacific Northwest National Laboratory’s deputy chief information officer and division director of the Cybersecurity and DigitalOps Division, Computing and IT Directorate. He oversees cybersecurity, the office of the CISO, enterprise IT engineering and operations. Cochran also leads...
Howard Grimes
CEO
Cybersecurity Manufacturing Innovation Institute (CyManII)
Dr. Howard Grimes is a noted research scientist and author with 25 years of success in directing complex university and National Laboratory research programs and entrepreneurial start-up initiatives. Currently, Dr. Grimes serves as the Chief Executive Officer for the Cybersecurity...
Roger Caslow
CISO
Hampton Roads Sanitation District
Roger Caslow has worked in the security field for over 20 years. He has insider threat/counterintelligence, ICS, physical, operational, and cybersecurity expertise. He is proficient at working with cross-functional teams in developing and building technical, governance, compliance, and risk assessment...
Cody Hussey
Solutions Engineer
Yubico Inc.
John Kindervag
Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow
ON2IT Cybersecurity
John Kindervag is the "Father of Zero Trust," who as an analyst at Forrester invented the term and defined the reference architecture for a network whose five basic principles defined the notion of Zero Trust. He is also the co-founder...
Craig Barrett
Kinder Morgan, Inc.
VP Cybersecurity
Nick Parham, JD
Marine Transportation System Cybersecurity Coordinator
United States Coast Guard Atlantic Area Command
Mr. Nick Parham currently serves as the Marine Transportation System (MTS) Cybersecurity Coordinator responsible for development and execution of Coast Guard cybersecurity regulations and policies impacting MTS stakeholders operating in the Atlantic Area. The area of responsibility encompasses all inland...
View Agenda
Cybersecurity Framework 2.0: Current State and Potential Changes?
Cherilyn Pascoe, Senior Technology Policy Advisor, National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology is updating the Cybersecurity Framework to keep pace with the evolving cybersecurity risks, standards, and technology landscape.  The NIST Cybersecurity Framework, originally developed for critical infrastructure sectors, is now viewed as foundational to securing organizations of all sectors and sizes around the world.  Join this session to learn about the update process, including areas of focus, for the Cybersecurity Framework 2.0, as well as share your feedback about the use and potential improvements to the Framework. 

Cherilyn Pascoe
  • 09:00 AM
  • 09:29 AM
Biden Administration's Priorities for Critical Infrastructure and Financial Services

In 2021, the Biden administration issued the most comprehensive cybersecurity executive order in history. How is the order being enforced to protect critical infrastructure and financial services? And how fares the administration's battle against ransomware?

In this exclusive keynote, Carole House, the director of cybersecurity and secure digital innovation within the NSC, discusses:

  • The state of critical infrastructure protection;
  • The war on ransomware;
  • Zero Trust security and the focus on identity.
  • 09:30 AM
  • 09:59 AM
Critical Infrastructure Security: Protecting the Electrical Grid

It's among the critical infrastructures one thinks of first re: a cybersecurity incident. The North American power grid has been described as "the world's largest connected computer." But how does it function, and what are some of the glaring myths and surprising realities about its cybersecurity capabilities and vulnerabilities? This expert panel discusses:

  • The grid's role as a critical infrastructure
  • Top threats and risks
  • The roles of threat intelligence, information sharing and incident response planning in grid security
  • 10:00 AM
  • 10:29 AM
Digital Supply Chain Security: It’s a Matter of Trust

After the SolarWinds attack, how can an entity ever trust that any vendor’s security incident won’t become their own next crisis? Healthcare sector entities in particular deal with a complex digital supply chain that range from critical IT vendors to suppliers of life-saving network-connected patient gear, and all the other players – known and maybe unknown – in-between. Our panel will discuss:

  • Digital supply chain challenges spotlighted during COVID-19;
  • Healthcare sector lessons emerging from the SolarWinds and other major vendor attacks;
  • Lessons from the Urgent/11 IPnet vulnerabilities;
  • Cloud vendors and change management issues;
  • Vetting and trusting third-parties – including their software patches.
  • 10:30 AM
  • 10:59 AM
U.S. Senator Angus King on US Cybersecurity Defense

He co-chaired the US Cyberspace Solarium Commission, and he's been one of the nation's most informed and outspoken advocates of improving national cyber defense. In this exclusive interview, U.S. Senator Angus King (I-Maine) discusses:

  • The U.S. 'State of Cybersecurity' – and what's wrong with it
  • What more needs to be done to secure U.S. critical infrastructure
  • The congressional appetite to tackle hot-button issues such as software security and establishing an "NTSB for cybersecurity incidents"
  • 11:00 AM
  • 11:29 AM
Ransomware: Reading Between the Headlines?

Ransomware – it's been in all the news this year. But what's happening between the lines? What are the stories within the stories, and how should security leaders interpret them? Former banking CISO David Pollino dissects the year's ransomware news with an eye toward:

  • Critical infrastructure disruption
  • How to learn from others' mistakes
  • How to avoid being the next victim
  • 11:30 AM
  • 11:59 AM
First Responders and the Response to Cybersecurity Concerns

Washington State was the first U.S. epicenter of the COVID-19 pandemic, and as CISO of UW Medicine Cris Ewell was supporting the first responders. How is his security organization most different today than it was a year ago? Hear his approach to:

  • Work from anywhere
  • Supply chain risk
  • Medical device security
  • 12:00 PM
  • 12:29 PM
CISA on Ransomware, Bad Practices and Fulfilling the Executive Order

The 2020 presidential election was a major security challenge for the federal Cybersecurity and Infrastructure Security Agency. Yet, it was only a prelude to SolarWinds, Colonial Pipeline, Kaseya and the other major incidents of 2021. In this exclusive session, Brandon Wales, CISA's acting director, discusses:

  • The fight against ransomware
  • Fulfilling President Biden's cybersecurity executive order
  • The role of collective defense in improving critical infrastructure security
  • 12:30 PM
  • 12:59 PM
Congressman Jim Langevin on US Cybersecurity Defense

He served on the US Cyberspace Solarium Commission, and he co-sponsored the so-called Cyber Diplomacy Act, which would create a new Bureau of International Cyberspace Policy at the State Department. U.S. Rep. Jim Langevin (D-RI) is among the most outspoken congressional leaders on cybersecurity issues, and in this exclusive session he discusses the:

  • Impact of President Biden’s cybersecurity executive order
  • Concerning state of critical infrastructure defense
  • Appetite of the current congress to pass new cybersecurity legislation
  • 01:00 PM
  • 01:29 PM
Zero Trust, the Department of Defense ... and You

Zero trust, supply chain security and DevSecOps. These are the three 2021 priorities for Katie Arrington, CISO for Acquisition and Sustainment within the U.S. Department of Defense. In this exclusive keynote, she details the Cybersecurity Maturity Model Certification that will forever change the relationship between government agencies and private sector suppliers.

  • 01:30 PM
  • 01:59 PM
Insider Risk in the Era of ‘Work from Anywhere'

The old risk models no longer work. Today you have employees permanently assigned to home offices, under stress, in conditions that are ripe for malicious insiders who want to cause harm, as well as well-intentioned employees who make costly mistakes. How do you mitigate your new insider risks? Join this panel for a discussion of:

  • Monitoring employee behavior
  • Warning signs of malicious and accidental insider threat
  • Insider risk education that really works
  • 02:00 PM
  • 02:29 PM
Disrupting Emotet: Europol's Lessons Learned for Combating Ransomware

Europol recently coordinated the disruption of the notorious Emotet botnet operation and cybercrime service. In the wake of that effort, what lessons might be applied to disrupt the ongoing damage being wrought by ransomware? And are stronger measures required, such as requiring ransom payments to be declared to authorities - or even banned - or hacking gangs’ infrastructure?

  • 02:30 PM
  • 02:59 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, August 31st. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

We are excited to announce the launch of the ISMG Critical Infrastructure Summit, which will be taking place November 1st, marking the start of Infrastructure Security Month in November. Critical Infrastructure is where security hits home- we are so dependent on our infrastructure for so many facets of our daily lives. Critical functions of our societal dependencies such as water, power, transportation and financial services all are a part of critical infrastructure, and last year we saw first-hand through the Colonial Pipeline incident the strength of this dependency. Originally, operational technology and informational technology were separate, however, progressively there has been a greater interconnection between the two as the internet has evolved over time. Bridging the gap is pertinent for the future of both industries alike, despite its history of being seemingly separate entities. Bringing people together to talk about best strategies for keeping sectors secure is paramount, and our expert group of speakers will take this one step further by providing true, tangible takeaways for optimal cyber resiliency. We’re honored that you have taken the time to join us for this pivotal event, so that you can configure, maintain and sustain your systems for both cyber and, ultimately, the nation’s security. Letter from the Chair Grant Schneider
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Jeremy Grant
Managing Director, Technology Business Strategy
Venable LLP
Ari Redbord
Head of Legal and Government Affairs
TRM Labs
Lisa Sotto
Partner
Hunton Andrews Kurth LLP
Troy Leach
Chief Strategy Officer
Cloud Security Alliance
John Kindervag
Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow
ON2IT Cybersecurity
David Pollino
Former CISO
PNC Bank
Grant Schneider
Senior Director for Cybersecurity Services
Venable LLP

Tom Field
Senior Vice President of Editorial
ISMG
Grant Schneider
Senior Director for Cybersecurity Services
Venable LLP
Prior to Venable, Schneider served as the U.S. deputy federal CISO and the U.S. federal CISO and as senior director for cybersecurity policy on the White House National Security Council. Before that, he served for seven years as chief information...
Mike Manrod
CISO
Grand Canyon Education, Inc.
Elvis Chan
Asst. Special Agent in Charge San Francisco Division, Cyber Branch
FBI
Chan manages a squad responsible for investigating national security cyber matters. He is a decorated agent who is recognized within the Intelligence Community as a cyberterrorism expert. SSA Chan was the lead agent on significant cyber investigations and managed joint...
Cherilyn Pascoe
Senior Technology Policy Advisor
National Institute of Standards and Technology (NIST)
Cherilyn Pascoe is Senior Technology Policy Advisor at the National Institute of Standards and Technology (NIST), U.S. Department of Commerce. She advises NIST leadership on technology policy and strategy, including cybersecurity, privacy, and artificial intelligence. She also leads the NIST...
Anna Delaney
Director of Productions
ISMG
Manny Cancel
SVP and CEO
E-ISAC
Cancel became NERC senior vice president and chief executive officer of the Electricity Information Sharing and Analysis Center (E-ISAC) in January 2020. He is responsible for the management and oversight of the E-ISAC and leads security operations and information sharing,...
Erik Decker
Assistant Vice President
Intermountain Healthcare
Erik Decker is the Assistant Vice President – Chief Information Security Officer at Intermountain Healthcare. Previously Erik was the Chief Security and Privacy Officer for the University of Chicago Medicine, where he was responsible for its Cybersecurity, Identity and Access...
Jerry Cochran
Deputy CIO – Cybersecurity & DigitalOps
Pacific Northwest National Laboratory
Cochran serves as Pacific Northwest National Laboratory’s deputy chief information officer and division director of the Cybersecurity and DigitalOps Division, Computing and IT Directorate. He oversees cybersecurity, the office of the CISO, enterprise IT engineering and operations. Cochran also leads...
Howard Grimes
CEO
Cybersecurity Manufacturing Innovation Institute (CyManII)
Dr. Howard Grimes is a noted research scientist and author with 25 years of success in directing complex university and National Laboratory research programs and entrepreneurial start-up initiatives. Currently, Dr. Grimes serves as the Chief Executive Officer for the Cybersecurity...
Roger Caslow
CISO
Hampton Roads Sanitation District
Roger Caslow has worked in the security field for over 20 years. He has insider threat/counterintelligence, ICS, physical, operational, and cybersecurity expertise. He is proficient at working with cross-functional teams in developing and building technical, governance, compliance, and risk assessment...
Cody Hussey
Solutions Engineer
Yubico Inc.
John Kindervag
Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow
ON2IT Cybersecurity
John Kindervag is the "Father of Zero Trust," who as an analyst at Forrester invented the term and defined the reference architecture for a network whose five basic principles defined the notion of Zero Trust. He is also the co-founder...
Craig Barrett
Kinder Morgan, Inc.
VP Cybersecurity
Nick Parham, JD
Marine Transportation System Cybersecurity Coordinator
United States Coast Guard Atlantic Area Command
Mr. Nick Parham currently serves as the Marine Transportation System (MTS) Cybersecurity Coordinator responsible for development and execution of Coast Guard cybersecurity regulations and policies impacting MTS stakeholders operating in the Atlantic Area. The area of responsibility encompasses all inland...

View Agenda
Cybersecurity Framework 2.0: Current State and Potential Changes?
Cherilyn Pascoe, Senior Technology Policy Advisor, National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology is updating the Cybersecurity Framework to keep pace with the evolving cybersecurity risks, standards, and technology landscape.  The NIST Cybersecurity Framework, originally developed for critical infrastructure sectors, is now viewed as foundational to securing organizations of all sectors and sizes around the world.  Join this session to learn about the update process, including areas of focus, for the Cybersecurity Framework 2.0, as well as share your feedback about the use and potential improvements to the Framework. 

Cherilyn Pascoe
  • 09:00 AM
  • 09:29 AM
Biden Administration's Priorities for Critical Infrastructure and Financial Services

In 2021, the Biden administration issued the most comprehensive cybersecurity executive order in history. How is the order being enforced to protect critical infrastructure and financial services? And how fares the administration's battle against ransomware?

In this exclusive keynote, Carole House, the director of cybersecurity and secure digital innovation within the NSC, discusses:

  • The state of critical infrastructure protection;
  • The war on ransomware;
  • Zero Trust security and the focus on identity.
  • 09:30 AM
  • 09:59 AM
Critical Infrastructure Security: Protecting the Electrical Grid

It's among the critical infrastructures one thinks of first re: a cybersecurity incident. The North American power grid has been described as "the world's largest connected computer." But how does it function, and what are some of the glaring myths and surprising realities about its cybersecurity capabilities and vulnerabilities? This expert panel discusses:

  • The grid's role as a critical infrastructure
  • Top threats and risks
  • The roles of threat intelligence, information sharing and incident response planning in grid security
  • 10:00 AM
  • 10:29 AM
Digital Supply Chain Security: It’s a Matter of Trust

After the SolarWinds attack, how can an entity ever trust that any vendor’s security incident won’t become their own next crisis? Healthcare sector entities in particular deal with a complex digital supply chain that range from critical IT vendors to suppliers of life-saving network-connected patient gear, and all the other players – known and maybe unknown – in-between. Our panel will discuss:

  • Digital supply chain challenges spotlighted during COVID-19;
  • Healthcare sector lessons emerging from the SolarWinds and other major vendor attacks;
  • Lessons from the Urgent/11 IPnet vulnerabilities;
  • Cloud vendors and change management issues;
  • Vetting and trusting third-parties – including their software patches.
  • 10:30 AM
  • 10:59 AM
U.S. Senator Angus King on US Cybersecurity Defense

He co-chaired the US Cyberspace Solarium Commission, and he's been one of the nation's most informed and outspoken advocates of improving national cyber defense. In this exclusive interview, U.S. Senator Angus King (I-Maine) discusses:

  • The U.S. 'State of Cybersecurity' – and what's wrong with it
  • What more needs to be done to secure U.S. critical infrastructure
  • The congressional appetite to tackle hot-button issues such as software security and establishing an "NTSB for cybersecurity incidents"
  • 11:00 AM
  • 11:29 AM
Ransomware: Reading Between the Headlines?

Ransomware – it's been in all the news this year. But what's happening between the lines? What are the stories within the stories, and how should security leaders interpret them? Former banking CISO David Pollino dissects the year's ransomware news with an eye toward:

  • Critical infrastructure disruption
  • How to learn from others' mistakes
  • How to avoid being the next victim
  • 11:30 AM
  • 11:59 AM
First Responders and the Response to Cybersecurity Concerns

Washington State was the first U.S. epicenter of the COVID-19 pandemic, and as CISO of UW Medicine Cris Ewell was supporting the first responders. How is his security organization most different today than it was a year ago? Hear his approach to:

  • Work from anywhere
  • Supply chain risk
  • Medical device security
  • 12:00 PM
  • 12:29 PM
CISA on Ransomware, Bad Practices and Fulfilling the Executive Order

The 2020 presidential election was a major security challenge for the federal Cybersecurity and Infrastructure Security Agency. Yet, it was only a prelude to SolarWinds, Colonial Pipeline, Kaseya and the other major incidents of 2021. In this exclusive session, Brandon Wales, CISA's acting director, discusses:

  • The fight against ransomware
  • Fulfilling President Biden's cybersecurity executive order
  • The role of collective defense in improving critical infrastructure security
  • 12:30 PM
  • 12:59 PM
Congressman Jim Langevin on US Cybersecurity Defense

He served on the US Cyberspace Solarium Commission, and he co-sponsored the so-called Cyber Diplomacy Act, which would create a new Bureau of International Cyberspace Policy at the State Department. U.S. Rep. Jim Langevin (D-RI) is among the most outspoken congressional leaders on cybersecurity issues, and in this exclusive session he discusses the:

  • Impact of President Biden’s cybersecurity executive order
  • Concerning state of critical infrastructure defense
  • Appetite of the current congress to pass new cybersecurity legislation
  • 01:00 PM
  • 01:29 PM
Zero Trust, the Department of Defense ... and You

Zero trust, supply chain security and DevSecOps. These are the three 2021 priorities for Katie Arrington, CISO for Acquisition and Sustainment within the U.S. Department of Defense. In this exclusive keynote, she details the Cybersecurity Maturity Model Certification that will forever change the relationship between government agencies and private sector suppliers.

  • 01:30 PM
  • 01:59 PM
Insider Risk in the Era of ‘Work from Anywhere'

The old risk models no longer work. Today you have employees permanently assigned to home offices, under stress, in conditions that are ripe for malicious insiders who want to cause harm, as well as well-intentioned employees who make costly mistakes. How do you mitigate your new insider risks? Join this panel for a discussion of:

  • Monitoring employee behavior
  • Warning signs of malicious and accidental insider threat
  • Insider risk education that really works
  • 02:00 PM
  • 02:29 PM
Disrupting Emotet: Europol's Lessons Learned for Combating Ransomware

Europol recently coordinated the disruption of the notorious Emotet botnet operation and cybercrime service. In the wake of that effort, what lessons might be applied to disrupt the ongoing damage being wrought by ransomware? And are stronger measures required, such as requiring ransom payments to be declared to authorities - or even banned - or hacking gangs’ infrastructure?

  • 02:30 PM
  • 02:59 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, August 31st. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

Speaker Interviews

November 17 - 18, 2022

Critical Infrastructure Summit