Recorded: The Power of Regulation Versus Well-Oiled Industry Standards

    It has become an ongoing debate – does government or self-regulation work better to secure an industry? The power industry is currently on NERC CIP Version 6 of its regulatory requirements with future regulations expected on supply chain security. Oil & Gas (O&G) has no such regulatory regime, but does have standards that it uses to reduce cybersecurity risk, such as NIST 800-82 and IEC 62443. For O&G, compliance is an internally generated activity.

    Which of these two different drivers for industrial control system (ICS) cybersecurity is better? Who is more prepared for the ever-evolving threat landscape facing today’s critical infrastructure? Please join us to hear two industry veterans – one from Power and one from O&G – debate the merits of both approaches. Is O&G nimbler in responding to state-sponsored and insider threats? What does success look like having a government partner in Power? How do both industries fare in light of the growing specter of ransomware? What are common best practices that both industries can recommend to secure industrial control systems?

    Learn from their experience working within their respective areas and what companies must do to secure process control networks. David Batz will share his policy perspective based on years working within the electric power industry. Mr. Batz is the current senior director for Edison Electric Institute, a trade association representing investor-owned utilities that are responsible for 70% of U.S. power generation. For the O&G perspective, Jason Howard-Grau will share lessons learned from the front lines of securing energy production facilities. Mr. Howard-Grau is the chief information security officer (CISO) at PAS and is the former CISO at MOL Group, a major oil and gas firm with operations in 36 European countries.


Register to View the Recorded Event