OT Cybersecurity Summit

The ISA OT Cybersecurity Summit, held in Brussels from June 18-21, 2025, focuses on securing operational technology (OT) through intelligent innovation and strategic cybersecurity. The event features keynotes, workshops and sessions on threat intelligence, supply chain security and aligning with the ISA/IEC 62443 standard. Attendees, including professionals from industries like energy and manufacturing, can network, learn about the latest cybersecurity trends and earn professional development hours.

47 Rue du Fossé-aux-Loups, 1000
Brussels, Belgium

The ISA group block is limited and discounted room rates will be available on a first-come, first-served basis. The reservation cutoff for this group block is Wednesday, 7 May 2025.

The ISA OT Cybersecurity Summit offers industrial cybersecurity training based on ISA/IEC 62443 standards. Two main courses are available:

1. Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32): Focuses on securing control systems, including the differences between IT and SCADA security. It’s a preparatory course for the ISA/IEC 62443 Cybersecurity Certificate Program.
   
2. Assessing the Cybersecurity of New or Existing IACS Systems (IC33): Teaches how to assess cybersecurity in new and existing systems, including vulnerability assessments and creating a Cybersecurity Requirements Specification (CRS).

Both courses are in-person, offering CEUs and certification.

Tickets are only sold at https://otcs.isa.org/

• ISA Member: 762.00 €
• Non-Member: 990.00 €

• Cybersecurity Escape Room: 60 €
• Incident Command System for Industrial Control Systems (ICS4ICS) Workshop: 149 €

• Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) | Dates: 20-21 June 2025; 08:00-16:00 daily
• Assessing the Cybersecurity of New or Existing IACS Systems (IC33) | Dates: 20-21 June 2025; 08:00-16:00 daily

Fees:

• Member: 1650.00 €
• Non-Member: 2050.00 €

Info: How do you create a workplace culture to get the job done quickly and make your team feel valued at work? In this workshop, we’ll identify barriers, break down strategies for creating an inclusive workplace culture, give tips on recognizing and leveraging unique skills, discuss methods to empower and upskill future leaders and talk about how to foster a culture of recognition. Lauren Neal will lead the group into the above topics, which are key pieces to her best-selling book.

This session will help attendees network and learn from each other in breakout sessions while showcasing the tools for a productive and empowered workforce.

Info: In this session, Lauren will explore practical strategies to protect capital assets in the energy sector from cyberattacks, with a focus on preventing disruptions to energy supply.

Using real-world examples, including the Colonial Pipeline attack, she will discuss key threats facing the sector, such as ransomware, phishing and insider risks. Participants will learn how to:

Develop a defense-in-depth cybersecurity strategy tailored to the energy sector.
Implement practical measures such as employee training, network segmentation and incident response planning.
Evaluate vulnerabilities and take immediate action to enhance security.

Info: Traditional honeypots, designed to attract adversaries and gather intelligence, are increasingly evaded by skilled attackers using anti-honeypot techniques. In this presentation, Sam will discuss an innovative obfuscation strategy that configures real programmable logic controllers (PLCs) to appear as honeypots, tricking adversaries into believing they are interacting with genuine systems when, in fact, they are decoys.

This proposed obfuscation strategy goes beyond traditional defenses by actively misleading attackers while simultaneously gathering valuable threat intelligence. This dual-purpose approach enhances system resilience and equips organizations with detailed intelligence to counter emerging threats. By utilizing software-defined networking (SDN), the system dynamically reroutes and monitors traffic without disrupting the PLC's operation while maintaining operational integrity. It is designed for seamless integration with security operations centers (SOCs) and existing...

Info: Wireless networks are everywhere, and organizations are increasingly reliant on them for both information technology (IT) and operational technology (OT) environments. In this technical session, Lennart will discuss the fundamentals of Wi-Fi security, highlight common vulnerabilities, explain how attackers exploit these weaknesses and outline effective methods for detecting malicious activity. Drawing from his personal experiences developing the free and open-source, nzyme Network Defense System—some of which have been integrated into the MITRE ATT&CK framework—Lennart aims to provide attendees with practical insights for identifying and mitigating threats in modern Wi-Fi environments.

Info: Since the inception of the Center for Cybersecurity Belgium, the national cybersecurity agency, just under 10 years ago, we've seen a marked increase in the level of cybersecurity in Belgium. Isn't our ambition to make Belgium one of the least cyber-vulnerable countries in Europe?

In this session, we'll explain how a small country like Belgium approaches cybersecurity. We’ll describe some of our most significant achievements for our different target audiences while also highlighting that cybersecurity is everybody's business and that without strong collaboration, both nationally and
internationally, we can't fulfill our ambition.

Info: Panel Discussion: Securing Operations and Building Resilience in Critical Infrastructure.
The connectivity of systems and products has created an intertwined ecosystem involving various stakeholders, including product suppliers, asset operators, asset owners and system integrators.

This panel will explore the important transition from being "secure by design" to becoming "secure by operations" in order to enhance cybersecurity resilience in critical infrastructure. We will also discuss how this concept aligns with the ISA/IEC 62443 standard.

Info: Many OT security programs fail to sustain their progress because they lack a strong foundation. This presentation will focus on seven steps owners and operators should take to ensure that their programs achieve engagement from their organizations.

1. Admit that you have a problem
2. Hire an OT expert
3. Understand the critical business and OT processes
4. Map your OT environment
5. Add value
6. Make it real
7. Implement a governance program

Info: Advancements in cybersecurity technologies, operational processes and talent development have significantly enhanced the protection of operating facilities. However, cyber threats are also evolving rapidly, outpacing traditional security measures based on people, process and technology. Cyber attackers continue to develop sophisticated tools and techniques, often staying ahead of cybersecurity vendors, solution providers and end-users. This presentation will provide an overview of End-Point Protection and delve into innovative ideas that address the fundamental shifts required in future technologies, talent and processes to achieve a level of protection that transcends traditional end-point security. Hosted by: Dr. Soloman Almadi , Principal Scientist, Process & Control Systems Department , Saudi Aramco

Info: ICS4ICS combines OT/ICS, incident command, and cybersecurity work into one framework to improve cyber incident response capabilities at companies and organizations. ICS4ICS leverages external resources including FEMA (Federal Emergency Management Admin) Incident Command System, DHS (Department of Homeland Security) CISA cyber incident response materials, and the NIST (National Institute for Science and Technology) Computer Incident Response Guide. ICS4ICS uniquely separates technical cyber incident response work from incident management and administrative activities so the right people are working on the right tasks.

The ICS4ICS Program provides guides for each role to help people understand their role(s). Templates enable companies to quickly deploy processes for ransomware, government reporting, IT/OT tasks, and other activities that support ICS4ICS and cyber incident response.

Info: As the interconnectivity between operational technology (OT) and information technology (IT) environments increases, OT networks are facing greater scrutiny regarding cybersecurity. While it's essential to address these concerns, we must consider whether we should adopt the same security measures used in IT networks, which are currently experiencing record-breaking rates of cyber incidents. Are we truly ready to define success as shutting down our facilities weekly to apply patches, or is there a more effective way to move forward?

In this keynote, we will share firsthand lessons learned from defending critical infrastructure, such as fuel terminals and other essential systems, against cyber threats. We will discuss how zero-day vulnerabilities can be leveraged to your advantage, explain why patching may not always be the solution, and explore security testing within operational technology (OT) networks.

Info: Operational technology (OT) connects the physical and cyber realms in critical sectors. As a result, it is understandable that asset owners seek assurance regarding their OT security. A typical method for ensuring IT security is penetration testing, which aims to replicate the tactics, techniques and procedures (TTPs) used by real adversaries. However, like many OT security measures, penetration testing cannot be directly applied from IT to OT.

A recent study involving practitioners and procurers of operational technology (OT) services highlighted the current methods used for OT penetration testing. We will outline these approaches, identify the challenges associated with penetration testing in an OT environment, and discuss common flaws in existing methods, especially when compared to modern OT attacks.

A significant limitation in OT penetration testing is the failure to replicate real OT attacks, particularly the crucial tactic of process comprehension. Many OT penetration tests co

Info: This session will provide an overview of vulnerabilities identified in the TETRA: BURST system related to the TETRA-trunked radio standard and the implications for operational technologies (OT). TETRA is a radio communication standard used globally by law enforcement and critical infrastructure for voice communications in locations such as harbors and airports. Additionally, it plays a role in supervisory control and data acquisition (SCADA) for telecontrol tasks in sectors such as oil rigs, pipelines, transportation and utilities for electricity and water.

The TETRA: BURST vulnerabilities uncovered by Midnight Blue stem from the first public examination of the standard's proprietary cryptography. This analysis revealed both passive and active attack scenarios that could allow for interception, manipulation and injection of network traffic. This poses significant concerns for TETRA users in critical infrastructure. In these cases, radio-based SCADA wide area networks (WANs), which uti

Info: Strategic state-sponsored cyber operations are increasingly being moved under military command. This brings a unique challenge to predominantly civilian defenders who are not familiar with the art of military-conceived operations, including strategic preparations such as reconnaissance and capabilities positioning. In the past decade, industrial organizations have witnessed an exponential rise in cyber attacks, including those against their subcontractors, service providers and vendors. At the same time, it remains challenging to pragmatically evaluate the potential consequences of these attacks and the required defenses without much knowledge of the threat actor’s end goal.

This talk will focus on cyber-physical attacks, which can result in significant financial losses due to production loss, equipment damage, loss of essential services or possibly human casualties. Through a historical analysis of previous related operations, it will be shown that the belief in the potential of cyb

Info: Healthcare delivery organizations (HDOs) such as hospitals are often targeted by ransomware and other cyber threats. HDOs depend on connected medical devices, such as the Internet of Medical Things (IoMT), to deliver patient care. These devices often have legacy security, run for decades and are not easy to patch, making them ideal targets. While most attackers are after patient data and financial gain, the possibility of taking more life-threatening action and causing harm does exist. Even when IoMT devices are not targeted directly, spillover effects can be life-threatening, like delayed surgeries and slower or stalled patient care.

Daniel will discuss the research on IoMT security performed over the past five years in this presentation. It includes vulnerabilities found on medical devices and their supply chains (e.g., software components and remote management solutions), risks observed on real HDO networks, devices exposed online and attacks observed on dedicated honeypots.

Info: The convergence of information technology (IT) and operational technology (OT) presents both opportunities and challenges. Our expert panelists will explore the key aspects of IT/OT convergence, discussing its implications for efficiency, security and productivity in manufacturing environments.

Topics covered will include:

The role of Industry 4.0 and the Industrial Internet of Things (IIoT) play in driving IT/OT convergence.
Strategies for bridging the gap between IT and OT teams to foster collaboration and data-driven decision-making.
A discussion of real-world examples of successful IT/OT convergence in industrial settings.
The potential of emerging technologies, such as AI and edge computing, to further advance the convergence of IT and OT systems.

Info: In today's rapidly evolving digital landscape, staying up-to-date with legal and regulatory cybersecurity requirements has become a critical aspect of doing business.

This expert panel will explore the role of standards like ISA/IEC 62443 and best practices in streamlining compliance efforts. The discussion will include a focus on key regulations such as NIS2, the Radio Equipment Directive, the Machinery Act and the Cybersecurity Act (CRA).

Event Venue & Nearby Stays

Radisson Collection Hotel, Grand Place Brussels, 47 Rue du Fossé aux Loups, Brussels, Belgium