Europe is driving global OT Security Regulation with NIS2 and CRA, and the S4x26 agenda reflects this. We don’t have sessions explaining what these regulations are, with one exception, because most of the S4 attendees know this. Instead the focus is on the future. What will be the impact of regulation on OT cyber risk? How should asset owners and vendors, and consultants, prepare and deal with OT security regulation in the next 1 to 3 years.
Here are the regulatory sessions you’ll see at S4x26.
The Impact Of Regulation On Multinational Companies
Main Stage on Thursday
It’s hard enough dealing with OT cybersecurity regulation in one country. How do you address it if you sell in or have OT operations globally. You need to deal with US, Europe, Singapore, Japan, Brazil, … each with different requirements and reporting.
Dale Peterson will talk with Trevor Rudolph of Schneider Electric and Ryan Rathbun of Dupont. Schneider Electric sells OT solutions globally. Dupont owns and operate OT systems globally. These two gentlemen have key roles in addressing OT cyber regulatory risk.
The Great Debate: Impact Of CRA In 3 Years
Main Stage on Tuesday
This is a classic debate with opening statements, rebuttals, and debates questioning each other. The issue is:
Resolved: In 3 years CRA will have significantly increased the OT security posture and reduced OT cyber risk in the EU countries.
See the best pro and con arguments on this topic.
Emerging Countries’ OT Security Regulation & Policy
Stage 3 on Tuesday
With most of the focus being on European regulation, and the stall in US regulation, it’s important for multinationals to realize there are other approaches in emerging markets. This session gives you a tour of what’s happening in Brazil, India, Indonesia, and Saudi Arabia.
EU CRA Terms and Terminology … What They Mean For Compliance
Stage 3 on Tuesday
This is the session if you want to understand what the terms in CRA mean from a compliance perspective.
Current and Predicted Market Impact of the US Cyber Trust Mark
Main Stage on Wednesday
The Trust Mark isn’t regulatory, but it is a government certification program. It’s noteworthy that no US OT cyber regulation sessions are on the agenda. This indicates US regulation is unlikely to have a large national or global impact in the next 1 to 3 years, beyond the existing NERC CIP.