Presentation during Projekt BMS 2022

Pałac i Folwark Łochów, Poland, 24.11.2022

Modern Smart Buildings are complex ecosystems able to reach the network complexity of a banking system. The severity of a potential breach of a Smart Building operation can range from supplying too much or too little heat, insufficient lighting to people trapped in lifts or not being able to leave the building due to locked doors.

The lecture addresses such important questions relating to the functioning of a Smart Building as:

• Does each vulnerability pose a threat to the continuity of system operation?
• How to assess the risk associated with a vulnerability?
• How to plan the device update process?
• How to make a conscious decision about the security patch priority?

Presentation at Swiss Cyber Storm 2022

Bern, Switzerland, 25.10.2022

According to European legislation 80% of the electricity meters rolled out to consumers by 2024 are required to be smart meters, as a part of the ‘smart grid’ concept. While the deployment of the electrical ‘smart grid’ infrastructure increases its functionality, at the same time the risk associated with its operation increases i.e. through substantial extension of potential cyberattack surface.
The presentation goes through cybersecurity control mechanisms that act as a countermeasure for most common and critical misconfigurations and vulnerabilities in Advanced Metering Infrastructure.

Presentation during The Hack Summit 2022

Online & PGE Narodowy, Warsaw, Poland, 13/14.10.2022

Once again, Józef is a member of the program board of The Hack Summit, the largest and most recognizable Polish Cyber Security conference where he also presents the best cybersecurity methods for updating Operational Technology environments,

The project is organized by the Academic Partners Foundation, whose team, in cooperation with IT communities, is responsible for organising a number of leading Polish IT / data science conferences.

Presentation during International Cyber Expo 2022

Olympia, London, 27.09.2022

The presentation guides the audience through a complete ICS/ OT attack vector aimed at compromising critical infrastructure operator organisation.
It leverages a thorough case study of attacks on smart meters and advanced metering infrastructure and shows how in a course of security research engagements a team of security analysts, leveraging the security bill of material related methods and tools identified zero days in smart devices and vulnerabilities in other components of Advanced Metering Infrastructure solutions and leveraged those to simulate a comprehensive cyber-attack scenario.

Presentation during the Cybersecurity Conference for the Energy Sector

Warsaw, Poland, 22.06.2022

The presentation guides discuss the use of Software and Hardware Bill of Materials in the context of an ICS attack surface and its practical implementation for enhancing its cybersecurity posture

Presentation during The International Conference on the EU Cybersecurity Act

Brussels, Belgium, 24.05.2022

The presentation outlines a complete ICS attack vector aimed at compromising building automation controllers resulting in taking control over the smart building’s vital functions and key takeaways for smart building owners and managers.

A webinar hosted by Tech Data and Amazon Web Services (AWS)

online, 19.05.2022

The webinar presents a number of regulations related to data processing in the cloud, in particular encryption. Based on a few examples of implementation problems, the possibilities of reconciling the architecture with the encryption requirements using leading cryptographic solutions such as HSM devices will be presented.

A webinar hosted by Tech Data and Amazon Web Services (AWS)

online, 17.03.2022

InfraSEC Forum – Lecture at InfraSEC Forum 2020
18.02.2020

As their name suggests, PLCs are programmable. Logic errors may lead to installations running incorrectly. To protect ourselves from errors, we can conduct factory acceptance testing (FAT) as well as site acceptance testing (SAT). However, we need to be aware that there are aspects of PLC security which are not controlled or audited – code quality and code structure. Why are these elements important and why should we pay attention to them? We will offer an explanation and present tips on how to deal with this issue in the presentation.