Agenda

Day 1 - Tuesday, June 16, 2026

Theme: Foundations & Threat Landscape

9:00 – 9:30 am
Opening Keynote Address
Contextualizing OT security in an era of decentralized infrastructure (growth in number of endpoints, need to connect via IoT, and the impracticality of air gapping)

9:30 – 10:30 am
Session 1: ICS/SCADA Security Basics – What Makes OT Different?
A primer on industrial control systems, their architecture, and why traditional IT security models don’t directly apply.

• Key ICS/SCADA components (PLCs, RTUs, HMIs, historians)

• OT vs. IT priorities and constraints

• Terminology clarity

• Common ICS protocols and legacy design assumptions

• Real-world safety and reliability impacts

• Convergence of OT/IoT Technologies: Security of the Airgap – becoming non-existent

10:30 – 11:00 am
Networking Coffee Break

11:00 am – 12:15 pm
Session 2: Threat Landscape & Notable ICS Incidents -- The Impact of AI
An exploration of past and present attacks on industrial systems and the adversaries behind them.

• Recent OT case studies (ransomware attacks, DOS, etc.)

• New levels of instability in networks of OT systems leading to system-wide collapse

• Nation-state, criminal, and insider threats

• Impact of AI / ML in transforming the threat landscape: A threat tool as well as a robust part of the toolkit in addressing breaches

• Common attack vectors bridging IT and OT

• Use of physics attacks that are not addressed by traditional OT security systems

• Emerging risks in cloud-connected and remote-access-heavy environments

12:15 – 1:15 pm
Lunch

1:15 – 1:45 pm
Session 3: Emulate Before You Operate: Building Predictable ICS/SCADA Resilience Against Cyber-Physical Attacks
Production ICS/SCADA environments are too critical to disrupt, but too important to leave untested. This session will show how high-fidelity cyber range emulation can create a safe digital mirror of industrial environments so operators can test, validate, and improve before touching production.

• Extending existing ICS/SCADA testing environments by connecting realistic networks, PLCs, HMIs, historians, engineering workstations, OT protocols, security tools, and operational workflows into a repeatable test environment

• Make change management, vulnerability management, and firmware updates more predictable by validating changes and rollback plans before production deployment

• Leveraging AI and machine learning

• Turn threat intelligence into live adversary scenarios that allow organizations to proactively optimize defenses, response, and operational resilience before cyber-physical attacks occur

1:45 – 3:00 pm
Session 4: ICS Risk Assessment & Threat Modeling
How to identify, quantify, and prioritize risks in complex industrial control environments.

• Mapping critical assets and “crown jewels”

• OT threat modeling (attack trees, kill chains)

• Leveraging AI and machine learning

• Agentic AI

• MITRE attack framework for ICS and ATLAS

• Integrating safety and cyber risk

• Communicating OT risk to executives and operations leaders

3:00 – 3:15 pm
Coffee Break

3:15 – 4:15 pm
Roundtable discussions
Three main challenges, small group discussions of solutions, and reporting back to larger group

4:15 – 5:15 pm
Session 5: Network Architectures & Segmentation for ICS
Design patterns to limit lateral movement and contain incidents across IT/OT boundaries.

• Zero-trust security for OT (how to administer, enforce, etc.)

• Encryption – resilience in a post-quantum future

• Purdue model relevance and alternatives

• Network zoning and conduits: DMZs, data diodes, jump hosts

• Secure remote access for vendors and maintenance teams: making sure updates are secure via mutually attestable communications

• Balancing segmentation with uptime and reliability

• Continuing forward some discussion from Session 2 and opening keynote

5:15 - 6:30 pm
Reception

Day 2 - Wednesday, June 17, 2026

Theme: Detection, Response & Resilience

9:00 – 9:15 am
Day 2 Kickoff & Recap

• Review of Day 1’s key takeaways

• Overview of Day 2’s themes

9:15 – 10:30 am
Session 6: ICS Monitoring, Anomaly Detection & Logging
Techniques to detect malicious or anomalous activity without disrupting sensitive systems.

• CIP 14

• Passive monitoring and traffic capture approaches

• ICS-aware IDS/IPS and protocol-deep inspection

• Logging strategies for constrained OT networks

• Behavioral baselining and anomaly detection

10:30 – 11:00 am
Networking Coffee Break

11:00 am – 12:15 pm
Session 7: Incident Response in ICS Environments
Adapting IR to preserve safety and uptime in industrial operations.

• Unique IR challenges in OT

• OT-specific containment strategies

• Coordination with plant operations and engineering

• Evidence collection and post-incident reviews

• Operating in a compromised environment – redundancy and defense-in-depth

12:15 – 1:15 pm
Lunch

1:15 – 1:45 pm
Session 8: Protect Your Infrastructure by Protecting Your Personnel
Designed for utility executives and senior security leaders, this discussion moves past basic cyber hygiene to explore what “total protection” looks like in practice: reducing digital exposure, becoming effectively unfindable, and safeguarding executives both inside and outside restrictive utility networks.

• Emerging threat vectors, practical implementation pathways, and actionable steps attendees can take immediately to reduce risk — for themselves, their leadership teams, and the critical infrastructure they’re responsible for protecting

• How executives should frame executive protection as a business risk (not just a personal one)

• Balancing transparency (regulatory/public reporting) with the need to limit sensitive public-facing information

• What policies should a utility put in place for BYOD (bring-your-own-device) and for executives who travel frequently?

1:45 – 3:00 pm
Session 9: Secure Engineering, Patch Management & Lifecycle Security
Embedding security into design, procurement, and asset lifecycle management.

• Security-by-design for new and legacy systems

• Cyber-informed engineering (applicable across a number of sessions in this Symposium)

• What is the fail-safe / fail over scenario

• Patch/vulnerability management with limited downtime

• Secure configurations for controllers, HMIs, and historian systems

• Working with vendors: SLAs, procurement language, SBOMs

3:00 – 3:30 pm
Networking Coffee Break

3:30 – 5:00 pm
Session 10: Building a Long-Term OT Security Program
Strategic frameworks and governance models for sustained ICS security maturity.

• NIST 800-82, ISA/IEC 62443, NERC CIP

• Governance roles and ownership in OT security

• Training and cultural alignment between IT and OT

• Roadmap planning and maturity measurement

Day 3 - Thursday, June 18, 2026

Masterclass / Workshop: The Influence of AI and ML Agents on ICS Cybersecurity in the Electric Sector

8:00 – 9:00 am
Welcome Coffee

9:00 – 10:15 am
Session 1: The Threat is Already Here
Making the case with evidence: what AI-enabled adversaries can now do to critical infrastructure, and why the current defender posture is insufficient. This is not an argument about future risk; it is a presentation of present capability.

• Glasswing and Claude Mythos Preview

• PNNL’s ALOHA (Agentic LLMs for Offensive Heuristic Automation) system

• AI's chained attack problem and patching the gap

• The Poland December 2025 event

• The aggregation problem specific to energy

10:15 – 10:45 am
Networking Coffee Break

10:45 – 12:00 pm
Session 2: The Adversary's Toolkit
How AI-enabled attacks on OT environments actually work: reconnaissance, chaining, protocol exploitation, and cyber-physical simulation as a testing environment. The aim is not to provide an attack tutorial but to give defenders a precise understanding of the attack surface they are working against. Practitioners cannot design effective guardrails without knowing what they are guarding against.

• AI-automated reconnaissance in OT environments

• The IT/OT boundary as the primary entry point

• Protocol-level vectors

• OCPP and distributed energy resources

• ALOHA in practice

12:00 – 1:00 pm
Lunch

1:00 – 2:15 pm
Session 3: The Integrity Stack -- Data, Models, Compute, and Provenance
A systematic examination of where the AI pipeline can be corrupted in OT deployments, and what that means for operators who are beginning to depend on AI-derived outputs for operational decisions.

• Data provenance and poisoning

• Model provenance and compute integrity

• Cascading failure modes in non-deterministic systems

• OCPP and distributed energy resources

• Building AI capability that degrades gracefully when training assumptions fail

2:15 – 2:45 pm
Networking Coffee Break

2:45 – 3:30 pm
Session 4: Guardrails, Governance, and Operational Practice
From architecture to action: governing AI agents in OT environments, and an open discussion of what practitioners are actually doing and what the hardest unsolved problems are.

• Identifying and authenticating AI agents operating within or adjacent to OT systems

• Input and output guardrails

• Governance frameworks

• Agents operating without human interaction

• Workforce implications: what skills operators need as AI becomes part of the OT stack

3:30 – 4:00 pm
Open Discussion
What the room is actually doing, what is not yet solved, and what the priorities are