×
Register About Education Travel Product Showcase Sign Up for Updates Download 2018 Brochure
MENU
May 1-2, 2019  
Orlando, FL
Secure Rail Sessions

Secure Rail Education

View All Speakers CEUs

2018 Schedule

/

Tuesday April 24

8:00 AM – 9:00 AM
Passenger Screening for Rail Agencies

Due to the threat of terrorism all over the world, transit agencies have become targets of terrorists to cause mass casualty. This panel will discuss ways to secure systems for mass casualty weapons such as bombs and guns with minimal interference to the ridership flow through the system. The ultimate goal of this panel discussion will be how to make our transit systems in the US safer with the potential threats.

 Presented by:
Alfredo Perez, President Perez Consulting LLC

 Learning Objectives:
1. Present a passenger screening technology and concept of operations for a rail system
2. Discuss how to make rail operations more efficient in protecting against mass casualty weapons such as bombs and guns
3. Understand how to create a more secure system without impacting the traffic flow of the ridership
4. Learn how to involve the public in the passenger screening process

 Audience:

 CEU: 0.1

View session: Passenger Screening for Rail Agencies

9:00 AM – 9:30 AM
Tactical Hazmat Operations in Surface Transportation

In response to the growing need for training that bridges the gap between tactical and hazardous materials operations, SERTC has developed programs that help Tactical Law Enforcement officers operate safely and successfully in a unique Tactical HazMat/ WMD environment. This session will expand upon the training needed when responding to a tactical Incident involving passenger rail transportation in the Hazmat/WMD area

 Presented by:
Steve McDowell, Instructor Security and Emergency Response Training Center (SERTC)

 Learning Objectives:
1. Identify skillsets and provide training when responding to a tactical incident involving passenger rail transportation in the Hazmat/WMD area
2. Identify training deficiencies through past incidents and provide lessons learned on the changes to conventional approach
3. Give the appropriate utilization of tactical decontamination
4. Discuss unique challenges posed by passenger rail transportation

 Audience:

 CEU: 0.1

View session: Tactical Hazmat Operations in Surface Transportation

9:30 AM – 10:00 AM
Cybersecurity Standards for Rail Transit Vehicles

This presentation will go into the present threat profile for Rail Transit Vehicles, and how the Control and Communications Security Working Group (CCSWG) of the American Public Transportation Association (APTA) is evolving consensus standards to meet these threats with representatives from transit agencies, consultants, and car builders.

 Presented by:
David Teumim, President Teumim Technical, LLC

 Learning Objectives:
1. How modern rail car communications offer an increased attack surface for intruders.
2. What rail cybersecurity standards have already been published by the CCSWG Working Group
3. CCSWG philosophy on improving rail car cyber defenses
4. The role of the NIST Cybersecurity Framework in creating new CCSWG standards

 Audience:

 CEU: 0.1

View session: Cybersecurity Standards for Rail Transit Vehicles

10:30 AM – 11:00 AM
There’s Better Security in the Cloud, But Are You Using It Securely?

In this session, learn how to take on the top concerns for cloud adoption regarding security and data protection for all applications and workloads. Hear how successful organizations large and small have implemented and manage consistent security policies to identify threats with automation, analytics, and intelligent technologies across the hybrid data center. Watch a demonstration of Oracle Identity Security Operations Center (Oracle Identity SOC) capabilities that help organizations prevent, detect, respond to, and predict today’s innovative security threats.

 Presented by:
Troy Kitch, Sr. Director of Product Marketing and GTM, Security Cloud Business Group Oracle

 Learning Objectives:
1. Discuss the shared security responsibility model
2. Identify top cloud threats facing organizations
3. Learn to prevent, detect, respond and predict today's innovative threats

 Audience:

 CEU: 0.1

View session: There’s Better Security in the Cloud, But Are You Using It Securely?

11:00 AM – 11:30 AM
Real-World Monitoring & Security Strategies from Alaska Railroad

You absoutely have to secure your remote technology and facilities. But how do you start? What direction will improve your bottom line, and what will doom you to failure? Learn how to establish 7x24 situational awareness over all of your remote telecom assets. See how this has paid dividends for Alaska Railroad and how you can achieve similar gains. Brian explains the strategies that he has used to build an intelligent monitoring infrastructure at his company. He'll show you how to choose what you need to monitor and what kinds of equipment will get the job done.

 Presented by:
Andrew Erickson, Applications Engineer DPS Telecom
Brian Studinski, Telecommunications Manager Alaska Railroad

 Learning Objectives:
1. Learn how to boost security by maintaining 7x24 remote visibility of technology at unmanned facilities
2. Explain how to conquer challenging environments including extreme cold that takes equipment offline and sites that are virtually inaccessible for much of the year
3. Find out how your security goals can drive bottom-line improvements throughout the company stopping not only expensive security breaches but also service downtime and equipment damage
4. Learn how to correctly navigating a few early decisions will lead you to a flexible, customized and resilient monitoring infrastructure

 Audience:

 CEU: 0.1

View session: Real-World Monitoring & Security Strategies from Alaska Railroad

11:30 AM – 12:30 PM
Tuesday Lunch and Exhibits

 Presented by:
TBA ,

 Learning Objectives:

 Audience:

 CEU: 0.1

View session: Tuesday Lunch and Exhibits

12:30 PM – 1:30 PM
What Happens After the Assessment? A Case Study

Recently, a regional commuter carrier rail service had improvements made to their overall physical and cybersecurity after undergoing a vulnerability assessment performed by RPI Group. The assessment is based on NIST framework and previous DoD experience. Getting to this successful result required an identified need, funding for the project and the ability to implement the required changes. This case study will be presented from three different perspectives: risk mitigation, management and implementation. Representatives from RPI Group will discuss how participants working together led the team to success with this type of project, plus touch on the problems faced and how such problems were overcome for a successful result.

 Presented by:
Jeff Watts, Director of Cybersecurity RPI Group, Inc.
Craig Hartburg, Director of Operations RPI Group, Inc.

 Learning Objectives:
1. Define vulnerability assessments
2. Learn the process behind security improvements
3. Explain the problems faced and how such problems were met with solutions
4. Discuss what happens after a vulnerability assessment is performed

 Audience:

 CEU: 0.1

View session: What Happens After the Assessment? A Case Study

1:30 PM – 2:00 PM
AI Transforms Current Passive Rail Security Model to Active Defense

Physical security needs more than mere monitoring with latent human response wherein the consequences of an attack have already occurred. Artificial Intelligence can enable rail carriers to meet physical security requirements via advanced technologies using intelligent sensors and cameras, high-speed network communications, and to detect and respond with non-lethal deterrents. In this session, you'll learn how AI can be an active security defense.

 Presented by:
Al Eline, Sr. Sales Support Engineer PacStar Communications
Charles Butler, CEO The Security Oracle, Inc.

 Learning Objectives:
1. Understand that physical threats, vulnerabilities and potential consequences of attacks on rail infrastructure is real and growing
2. Learn how AI security systems defeat adversaries in real time by disrupting their OODA loops
3. Disucss the basic design considerations of AI driven railway security systems equipped with non-lethal counter measures for use in safely neutralizing attacks
4. Identify artificial intelligence driven processing and communication design considerations and requirements

 Audience:

 CEU: 0.1

View session: AI Transforms Current Passive Rail Security Model to Active Defense

2:00 PM – 2:30 PM
Railroad Worker Protection and a Reliable Rail Network is No Balancing Act

Railroad worker protection and a reliable, safe rail network is not necessarily a balancing act. Both go together. New technologies like video inspection of track and automated overhead wire inspection enable to execute inspections in an office environment, improving safety of railroad workers and quality of the rail network.

 Presented by:
Ellen Linnenkamp , Managing Director Strukton Rail North America

 Learning Objectives:
1. Identify how to work securely and safely
2. Dicuss how to use new technology to minimize (unnecessary) worker’s time in track, thus minimize potential accidents/collisions
3. Highlight how to minimize the animosity between Operations and Maintenance of Way and improve track worker and passenger safety
4. Understand how to optimally secure assets

 Audience:

 CEU: 0.1

View session: Railroad Worker Protection and a Reliable Rail Network is No Balancing Act

2:30 PM – 3:30 PM
Executive Decision Making in an Elevated Threat Environment: How DOD and DHS Approved Technologies Help Rail Executives

The elevated threat landscape has changed the way rail executives approach planning and operations. This panel will discuss the impacts of the elevated threats on the industry, and how DHS and DOD approved Modeling & Simulation and Executive Dashboard technologies are being implemented to support executives make risk informed decisions during the planning process and during real-time operations.

 Presented by:
Jeff Brown, Senior Vice President ARES Security Corporation
Jake Breechen, Founder/CTO Confluence Security Group
Scott Carns, Vice President of Operations Duos Technologies, Inc.
Alfredo Perez, President Perez Consulting LLC

 Learning Objectives:
1. Provide an overview of the threats facing the industry and how they impact long term planning and day to day operations
2. Understand how DOD and DHS approved modeling and simulation technology is being used to support risk informed decision making during the planning process by rail executives
3. Discuss how DHS approved executive dashboard technology is being used to support real-time risk informed decision making during day to day operations by rail executives
4. Explain the adoption of modeling and simulation and executive dashboard technologies will reduce risk and enhance operational efficiency for the industry

 Audience:

 CEU: 0.1

View session: Executive Decision Making in an Elevated Threat Environment: How DOD and DHS Approved Technologies Help Rail Executives

4:00 PM – 4:30 PM
Atlanta Streetcar Safety & Security - Certification Approach

To comply with new security regulations, transit agencies are taking steps to protect their systems from terrorist attacks utilizing integrated, risk-informed, performance-based systems approaches to managing vulnerabilities. This presentation deatils Security-Oriented Design Methodologies and principles being implemented on the Atlanta Streetcar to meet 21st Century Security Challenges.

 Presented by:
Frank Chavez, Project Manager Atlanta Streetcar
Rickey Green, Senior Project Manager HNTB INC.

 Learning Objectives:
1. Review federal safety and security regulatory policy
2. Describe the strategy and implementation of security oriented design methodologies
3. Highlight security-oriented design principals
4. Detail threat and vulnerability assessments

 Audience:

 CEU: 0.1

View session: Atlanta Streetcar Safety & Security - Certification Approach

4:30 PM – 5:00 PM
Enhancing the First Line of Defense: Uni-Directional Communication Security

Critical infrastructure asset owners have been putting excessive trust on traditional perimeter protection with firewalls as a single line of defense. Recent events and modern threats require us to advance that concept. There are concrete examples that show one-way gateway approach is a proven and reliable solution that improves the traditional first line of defense and provides additional protection to rail automation applications and other critical infrastructure assets.

 Presented by:
Leandro Pfleger de Aguiar, Senior Key Expert - Cyber Security Siemens Corporation

 Learning Objectives:
1. Present an alternative and trustworthy solution utilizing a one-way gateway
2. Highlight the defense-in-depth strategy
3. Discuss the trend of using firewalls as a single line of defense

 Audience:

 CEU: 0.1

View session: Enhancing the First Line of Defense: Uni-Directional Communication Security

5:00 PM – 5:30 PM
Hazardous Materials Security at Home and On The Road or Rails

Our civilization as we know it, would not be possible without the use of hazardous materials. Nitrates improve our soils, hydrocarbons fuel our automobiles, create structural materials and warm our homes. Today, people that seek to harm others can use hazardous materials as weapons, potentially injuring many. A rented truck can create a terrorist event, injuring and killing innocent people. Add a trailer or railcar of chemicals and the event is multiplied exponentially, with effects reaching well beyond the point of initiation. This presentation will introduce the audience to methods that reduce the likelihood your HM shipments will be compromised.

 Presented by:
Wendy Buckley, President & Founder Specialty Transportation and Regulatory Services (STARS)

 Learning Objectives:
1. Discuss regulatory compliance
2. Highlight asset protection, personnel protection and public safety
3. Introduce methods that reduce the likelihood your HM shipments will be compromised

 Audience:

 CEU: 0.1

View session: Hazardous Materials Security at Home and On The Road or Rails

5:30 PM – 6:30 PM
Networking Reception

 Presented by:
TBA ,

 Learning Objectives:

 Audience:

 CEU: 0.1

View session: Networking Reception

/

Wednesday April 25

8:00 AM – 8:30 AM
Security Risk Tolerance

Agency's should understand their approach to security risk and how it reflects their security risk tolerance. Security assessments should reflect an Agency's risk tolerance, rather than the risk tolerance of individuals within the Agency or the consultants that support the Agency. Establishing this requires input and support from top management. Risk tolerance is established by reviewing Agency priorities, community expectations, political considerations and cultural norms.

 Presented by:
Lurae Stuart, Manager, System Safety and Security, Transit & Rail WSP

 Learning Objectives:
1. Identify how to assess an agency's risk tolerance
2. Understand a risk based approach to Security
3. Discuss security risk tolerance

 Audience:

 CEU: 0.1

View session: Security Risk Tolerance

8:30 AM – 9:00 AM
Cybersecurity for Rail - A Case Study

RazorSecure is one of the leaders in the EU protecting passengers and trains from a cyber attack. The EU has introduced new cyber regulations for rail that have fines of up to 4% of global annual revenues. The case study is how one of the leading train operating companies in the EU has chosen the RazorSecure cyber solution for their digital trains. The case study will expand on the procurement process, the integration with the mobile comms gateway suppliers, Icomera, and the challenges of pen testing, trials, and the results of the additional protection. Applicable to freight and passenger trains.

 Presented by:
Alex Cowan, Founder Razor Secure Ltd

 Learning Objectives:
1. Identify ways to protect people from cyber attacks
2. Present a case study with a leading rail operator in the UK
3. Understand the impact of the new EU cyber regulations for rail
4. Discuss how to protect the train and the on-train systems

 Audience:

 CEU: 0.1

View session: Cybersecurity for Rail - A Case Study

9:00 AM – 9:30 AM
Cybersecurity Monitoring in Modern Transit

Ten years ago, the Internet of Things (IoT) had little meaning within the offices of transportation authorities around the world. By 2020 the IoT will be a 20 billion-device monster growing exponentially. As will the cyber vulnerabilities from being constantly connected to the outside world. Every agency faces the same overwhelming question: How do we secure our operations?

Many cybersecurity vendors are saying they have the solution with their next-gen monitoring tool. Unfortunately, due to the ever-evolving nature of the IoT and threats to it, it’s not that simple. We have to fully grasp the risks involved and the consequences to continuity of operations and safety of life. There are already plenty of examples in various critical infrastructure industries to draw from, including rail.

Do we truly understand the challenges of securing rail operations today? What methods and data are available to secure modern transit networks? What does cybersecurity monitoring really mean? What data is collected? How can it be correlated? How can it be used to track and eliminate threats?

 Presented by:
Justin Smith, Sr. Manager, Cybersecurity Engineering Rockwell Collins

 Learning Objectives:
1. Explain the three levels of data which can be monitored for cyber-indicators within a industrial control or safety environment
2. Discuss how to correlate data from the three different levels together to reconstruct an attack and trace its path
3. Understand how data can be received from field/SCADA devices (PLC's, RTU's and etc.), cybersecurity devices (firewalls, IPS/IDS, SIEM) and computer systems to better an organization's chances of recognizing indicators of compromise (IOCs)

 Audience:

 CEU: 0.1

View session: Cybersecurity Monitoring in Modern Transit

10:00 AM – 10:30 AM
Handling Workplace Violence Risks in the Railway Sector

All organizations face the threat of workplace violence. In the transport sector, robberies—and the aggression accompanies them—make transport employees more likely victims of workplace violence than workers in other sectors. Railway employees face an especially high threat because of the number of public-facing roles they perform, the extended length of time they may spend with customers, and their roles in safekeeping cash as well as passengers who can become hostages. Industry-wide cost-cutting measures also play a role in workplace violence risks in the railway sector.

 Presented by:
Stacey Blau, Chief Operating Officer 5326 Consultants, Inc.

 Learning Objectives:
1. Understand the wide-ranging risks of workplace violence as well as the risks in the transport sector
2. Discuss workplace violence risks specific to the railway industry and railway employee
3. Identify best practices to prevent a workplace violence incident
4. List best practices to manage a workplace violence crisis

 Audience:

 CEU: 0.1

View session: Handling Workplace Violence Risks in the Railway Sector

10:30 AM – 11:00 AM
Evaluating the Effects of Cybersecurity Measures Using a Railroad Simulation Model

Today’s industrial systems are increasingly interconnected by advanced communication networks, cybersecurity of such systems are becoming a challenge to the industry. NIST has developed a testbed to study the effects of cybersecurity measures on industrial control systems. The metrics and measurement methodology will help the industry to evaluate the system performance when implementing cybersecurity measures.

In this presentation, we will present the framework we develop to integrate a railroad simulator and cybersecurity tools to perform evaluation on the railroad operation and the metrics we use to measure the operational impact.

We will also discuss the use of cybersecurity tools like behavioral anomaly detection tool and ICS application whitelisting tool in the industrial control system environment.

 Presented by:
CheeYee Tang, Electronics Engineer NIST

 Learning Objectives:
1. Explain NIST’s testbed to study the effects of cybersecurity measures on train operation
2. Present metrics and methodology to measure operational impacts when implementing cybersecurity measures
3. Discuss example cybersecurity tools like behavioral anomaly detection and ICS application whitelisting in industrial environment
4. Describe the NIST publication, “Cybersecurity Framework Manufacturing Profile”

 Audience:

 CEU: 0.1

View session: Evaluating the Effects of Cybersecurity Measures Using a Railroad Simulation Model

11:00 AM – 11:30 AM
Defense in Depth Analysis - Critical and Life Safety Transit Networks

This presents Defense-In-Depth as a recommended approach for securing rail communications and control systems, defines security zone classifications, and defines a minimum set of security controls for the most critical zones. We will discuss a survey of the various systems that constitute a typical control and communication network, methods of separation, conceptual architecture, migration strategy and a best practices investigation of other transit agencies.

 Presented by:
Jeff McCormack, AVP Technical Leader / Sr program Manager AECOM

 Learning Objectives:
1. Give a recommended approach for securing rail communications and control systems
2. Identify a minimum set of security controls for the most critical zones
3. List methods of separation, conceptual architecture and migration strategy

 Audience:

 CEU: 0.1

View session: Defense in Depth Analysis - Critical and Life Safety Transit Networks

11:30 AM – 1:00 PM
Wednesday Lunch and Exhibits

 Presented by:
TBA ,

 Learning Objectives:

 Audience:

 CEU: 0.1

View session: Wednesday Lunch and Exhibits

1:00 PM – 1:30 PM
Connected Operations: What to Consider

Operational environments are increasingly connected to traditional information technology systems. While the benefits can be substantial, combining physical and cyber worlds can bring severe safety and security risks. As operational environments become more IT-driven, organizations are encountering not just a technology challenge, but also a people challenge.

 Presented by:
Nick Percoco, Chief Security Officer Uptake
Joe Becker, Managing Director, Rail Uptake

 Learning Objectives:
1. Understand what is being connected to internet
2. Disucss the impact on safety, security and reliability

 Audience:

 CEU: 0.1

View session: Connected Operations: What to Consider

1:30 PM – 2:00 PM
Bridge Asset Management and Structural Evaluation Techniques

Bridge Asset Management, based on a degradation model, is a critical tool for entities responsible for the repair and rehabilitation of bridges within their jurisdiction. Bridges commonly show signs of distress due to aging, improper repair, rehabilitation, or lack of proper maintenance. Extending the useful service life of aging bridges is important both to the transportation industry and to governing bodies.

Currently, the greatest problem facing the transportation industry is the degradation of structural components of bridges resulting from both normal deterioration as well as natural disasters. The overuse of bridges beyond their useful service life coupled with improper bridge asset management has exacerbated the situation. This presentation will cover degradation models and demonstrate how the data can be used to develop life cycle models, failures can be directly correlated to changes over time in measurable structural parameters, thus enabling the extrapolation of data to predict when failure is likely to occur.

 Presented by:
Avinash Prasad, MTA-NYCT

 Learning Objectives:
1. Explain why Bridge Asset Management based on a degradation model is a critical tool for entities responsible for the repair and rehabilitation of bridges within their jurisdiction
2. Identify how to use degradation data to develop life cycle models
3. Discuss bridge inspections

 Audience:

 CEU: 0.1

View session: Bridge Asset Management and Structural Evaluation Techniques

2:00 PM – 2:30 PM
Alternative Methods to Railroad Trespass Abatement

Current approaches to trespassing are not working! Despite education, CARE events, twitter feeds, law enforcement blitzes, 411 trespassers died as of 8/2017. In Nevada, the use of alternative trespass abatement methods, such as law enforcement (LE) aviation, LE volunteer groups and the Civil Air Patrol shows promise in reducing trespassing.

 Presented by:
Rich Gent, President and Chief Executive Officer Hot Rail, LLC

 Learning Objectives:
1. Identify unconventional methods of trespass abatement
2. Discuss the process Nevada applied to introduce, implement, execute and evaluate these new and unique efforts to address the public rail safety and security problem
3. Review reporting procedures, management and how information can be reported to and integrated in a State Fusion Center
4. Determine if unconventional methods can be applied to the future of railroading

 Audience:

 CEU: 0.1

View session: Alternative Methods to Railroad Trespass Abatement

2:30 PM – 3:00 PM
Cybersecurity and the Transportation Industry: Avoiding Rocks and Whirlpools In The Cyberstream

In the age of Big Data, commerce relies increasingly upon a river of information that presents opportunities to provide improved services at reduced cost. Combining Big Data with predictive analytics, it is now possible to identify potential customers and customer needs, and to track services and service delivery, in near-to-real time, with an individuality, a precision and an ease that were hardly imaginable only a few years ago.

However the same systems that present the glowing opportunities for product and service improvements are also vulnerable to a wide range of hazards. The presentation will discuss how to exploit the opportunities and manage vulnerabilities in the world of Big Data, predictive analytics, logistics, automation and artificial intelligence. Drawing on real-world examples, this fast-paced presentation discusses various issues in greater detail

 Presented by:
Ken Bousfield, Partner Bereskin & Parr LLP
Catherine Lovrics, Partner & Co-Leader, Digital Media Bereskin & Parr LLP

 Learning Objectives:
1. Understand vulnerabilities and opportunities in providing enhanced services and knowing your legal obligations and exposure
2. Understand how to protect privacy, proprietary data and critical infrastructure in the digital age
3. Identify the dangers of reliance on data-intensive systems
4. Discuss how to establish key security precautions in the age of “Big Data,” predictive analytics, automation and artificial intelligence

 Audience:

 CEU: 0.1

View session: Cybersecurity and the Transportation Industry: Avoiding Rocks and Whirlpools In The Cyberstream

3:00 PM – 3:30 PM
IIoT and Transformation of Railways

With the emergence of IIoT, cloud, analytics, and cybersecurity, sensors and wireless communication devices are generating a large quantity of data, which can be leveraged for operations, maintenance and replacement planning. By connecting different systems and machines, suppliers and rail operators can become more efficient and effective at maintaining their machines, which will result in greater reliability for the end users. This presentation will highlight how emerging IIoT technologies and services that will revolutionize the railway industry and allow for confronting today’s challenges.

 Presented by:
Pranav Misal, Research Analyst ARC Advisory Group

 Learning Objectives:
1. Explain how suppliers and rail operations can become more efficient and effective at maintaining machines through IIOT
2. Discuss how digitization helps improves operational efficiency
3. Identify asset management services that assist rail operators with effective decision-making to ensure better visibility of the assets

 Audience:

 CEU: 0.1

View session: IIoT and Transformation of Railways