Agenda

Day 1 - Tuesday, June 16, 2026

Theme: Foundations & Threat Landscape

9:00 – 9:30 am
Opening Keynote Address
Contextualizing OT security in an era of decentralized infrastructure (growth in number of endpoints, need to connect via IoT, and the impracticality of air gapping)

9:30 – 10:30 am
Session 1: ICS/SCADA Security Basics – What Makes OT Different?
A primer on industrial control systems, their architecture, and why traditional IT security models don’t directly apply.

• Key ICS/SCADA components (PLCs, RTUs, HMIs, historians)

• OT vs. IT priorities and constraints

• Terminology clarity

• Common ICS protocols and legacy design assumptions

• Real-world safety and reliability impacts

• Convergence of OT/IoT Technologies: Security of the Airgap – becoming non-existent

10:30 – 11:00 am
Networking Coffee Break

11:00 am – 12:30 pm
Session 2: Threat Landscape & Notable ICS Incidents -- The Impact of AI
An exploration of past and present attacks on industrial systems and the adversaries behind them.

• Recent OT case studies (ransomware attacks, DOS, etc.)

• New levels of instability in networks of OT systems leading to system-wide collapse

• Nation-state, criminal, and insider threats

• Impact of AI / ML in transforming the threat landscape: A threat tool as well as a robust part of the toolkit in addressing breaches

• Common attack vectors bridging IT and OT

• Use of physics attacks that are not addressed by traditional OT security systems

• Emerging risks in cloud-connected and remote-access-heavy environments

12:30 – 1:30 pm
Lunch

1:30 – 2:45 pm
Session 3: ICS Risk Assessment & Threat Modeling
How to identify, quantify, and prioritize risks in complex industrial control environments.

• Mapping critical assets and “crown jewels”

• OT threat modeling (attack trees, kill chains)

• Leveraging AI and machine learning

• Agentic AI

• MITRE attack framework for ICS and ATLAS

• Integrating safety and cyber risk

• Communicating OT risk to executives and operations leaders

2:45 – 3:15 pm
Networking Coffee Break

3:15 – 4:15 pm
Roundtable discussions
Three main challenges, small group discussions of solutions, and reporting back to larger group

4:15 – 5:15 pm
Session 4: Network Architectures & Segmentation for ICS
Design patterns to limit lateral movement and contain incidents across IT/OT boundaries.

• Zero-trust security for OT (how to administer, enforce, etc.)

• Encryption – resilience in a post-quantum future

• Purdue model relevance and alternatives

• Network zoning and conduits: DMZs, data diodes, jump hosts

• Secure remote access for vendors and maintenance teams: making sure updates are secure via mutually attestable communications

• Balancing segmentation with uptime and reliability

• Continuing forward some discussion from Session 2 and opening keynote

5:15 - 6:30 pm
Reception

Day 2 - Wednesday, June 17, 2026

Theme: Detection, Response & Resilience

9:00 – 9:15 am
Day 2 Kickoff & Recap

• Review of Day 1’s key takeaways

• Overview of Day 2’s themes

9:15 – 10:30 am
Session 5: ICS Monitoring, Anomaly Detection & Logging
Techniques to detect malicious or anomalous activity without disrupting sensitive systems.

• CIP 14

• Passive monitoring and traffic capture approaches

• ICS-aware IDS/IPS and protocol-deep inspection

• Logging strategies for constrained OT networks

• Behavioral baselining and anomaly detection

10:30 – 11:00 am
Networking Coffee Break

11:00 am – 12:30 pm
Session 6: Incident Response in ICS Environments
Adapting IR to preserve safety and uptime in industrial operations.

• Unique IR challenges in OT

• OT-specific containment strategies

• Coordination with plant operations and engineering

• Evidence collection and post-incident reviews

• Operating in a compromised environment – redundancy and defense-in-depth

12:30 – 1:30 pm
Lunch

1:30 – 3:00 pm
Session 7: Secure Engineering, Patch Management & Lifecycle Security
Embedding security into design, procurement, and asset lifecycle management.

• Security-by-design for new and legacy systems

• Cyber-informed engineering (applicable across a number of sessions in this Symposium)

• What is the fail-safe / fail over scenario

• Patch/vulnerability management with limited downtime

• Secure configurations for controllers, HMIs, and historian systems

• Working with vendors: SLAs, procurement language, SBOMs

3:00 – 3:30 pm
Networking Coffee Break

3:30 – 5:00 pm
Session 8: Building a Long-Term OT Security Program
Strategic frameworks and governance models for sustained ICS security maturity.

• NIST 800-82, ISA/IEC 62443, NERC CIP

• Governance roles and ownership in OT security

• Training and cultural alignment between IT and OT

• Roadmap planning and maturity measurement

Day 3 - Thursday, June 18, 2026

Masterclass / Workshop: The Influence of AI and ML Agents on ICS Cybersecurity in the Electric Sector

9:00 - 10:15 am
- The use of agentic actors in complex energy systems
- Integrity of data used to train models

10:15 - 10:45 am
Networking Coffee Break

10:45 - 12:00 pm
- Compromise of agentic actors: Reliably identifying and authenticating actors
- Building independent skills regardless of the data the model is trained on

12:00 - 1:00 pm
Lunch

1:00 - 2:15 pm
- Developing acceptable guiderails for what an agent is allowed to see: Output guiderails for checking what is produced before it is put live
- Best practices as infrastructure becomes more decentralized and millions of end points interoperate with the grid

2:15 - 2:45 pm
Networking Coffee Break

2:45 - 4:00 pm
- Identifying particular work flows for specific use cases
- Guard rails for agents that operate without human interaction