Our Agenda
  Day 1
8:00am  Registration 
9:00am  Welcome address
Transportation networks require multiple partners to work together, frequently passing across borders and numerous jurisdictions. Security is only as strong as the weakest link in the chain and breaches can have serious knock on effects for all partners. Yet for most sectors there is no set framework or standard for organizations to work towards. This session will bring together leaders in both policy and business to discuss the regulatory landscape and how government and industry can work together to tackle security threats.
 9:25am Transportation, a sitting duck?
• The evolving threat from criminals, terrorists, and hostile states
• Why attackers are focusing on transportation more than ever before
• How is transportation vulnerable to attack?

Michael Lowder, Director, Office of Intelligence, Security & Emergency Response, USDOT

Setting the frameworks, standards, and policies for secure transportation infrastructure
• An overview of current security requirements
• How do the needs of different modes of transportation vary?
• Working with key stakeholders to identify where standards are needed

Eddie D. Mayenschein, Assistant Administrator, Office of Security Policy and Industry Engagement, TSA

 9:55am  Panel discussion: What can different transportation sectors learn from each other?
• What can different transportation modes learn from each other?
• How can we incentivize information sharing, even with competitors?
• What are the barriers to reporting security incidents and how can we overcome them?
• Are new standards and frameworks needed for the evolving transportation security landscape?

Michael Lowder, Director, Office of Intelligence, Security & Emergency Response, USDOT
Eddie D. Mayenschein, Assistant Administrator, Office of Security Policy and Industry Engagement, TSA
Networking coffee break 

Transportation infrastructure is becoming increasingly digitalized, and with it comes benefits for operational efficiency and customer service. And yet with growing numbers of connected devices, there are far more potentially vulnerable entry points that transportation operators must secure.
11:25am Evolving security risks in a rapidly digitalizing transportation landscape
• The benefits of digitalization for transportation organizations
• How is digital capability outstripping investment in security?
• Big Data: useful for business, valuable and vulnerable to hackers
Ray Secrest, Sr. Manager, Information Security, Tampa International Airport
11:40am  Case study: Piloting connected vehicle technology to improve safety and travel reliability

• Challenges posed by congested highways and extreme weather
• Facilitating V2V, V2I, and I2V communications with advanced dedicated short-range communication technology.
• Delivering more accurate real-time travel information.
Kebin Haller, Colonel, Wyoming Highway Patrol

 11:55am  Case study: Smart cities: surviving in a connected world
• The risks posed by an interconnected network of operators and stakeholders
• How could hijacking of sensors and smart objects cause major service disruption?
• The need for collaboration to combat security threats
12:10am  Is your supply chain secure? Working with vendors to foolproof digital assets
• How rigorous is your vendor’s cyber security policy?
• Ensuring off-the-shelf software and devices are manufactured and installed securely
• Does your vendor have security support or emergency response teams?

Panel discussion: Opportunities and threats of the internet of things
• Overcoming challenges with legacy technology
• Future proofing for new technological developments
• Baancing security of hardware and software
• Collaborating with stakeholders from vendors and partners to customers


Kebin Haller, Colonel, Wyoming Highway Patrol
Mike Bousliman
, Chief Information Officer, Montana Department of Transportation
Ray Secrest, Sr. Manager, Information Security, Tampa International Airport

Networking lunch 

While transportation operators are eager to adopt new digital technologies, frequently cyber security is not taken seriously enough. This is particularly worrying due to the economically significant and potentially dangerous assets that transportation companies operate. This session will bring together cyber security experts to discuss how transportation operators must defend themselves in the new digital arena.
 2:10pm Cyber security audits: how secure is your network?
• What are the major weaknesses of digitized transportation networks?
• Why practical, externally organized testing is crucial to ensuring cyber security effectiveness
• Coordinating an effective cyber security exercise
Senior representative, Rockwell Collins
 2:25pm Separating back-end and externally-facing systems
• The proliferation of customer infotainment systems and portable devices for operations
• How have the lines between mission critical and externally facing networks been blurred by digitalization?
• Creating a barrier between networks based on risk and priority
Senior representative, Waterfall
 2:40pm Blockchain technology as a cyber security game changer for transportation
• What is blockchain and how does it work?
• Ensuring transparency, trust, and security in transactions across a complex value chain
• Reducing reliance on centralized infrastructure
 2:55pm  Cyber security; more than just an IT issue
• Standards and processes for good cyber hygiene
• Technology to reduce the chances and impact of human error
• Insider threats: do you have the right processes in place to counter them?
Vito de Santis, Director ICS/PCI Security, Risk & Compliance, MTA New York City Transit
3:10pm  Panel discussion: Adapting to an evolving cyber security threat landscape
• What are the biggest risks to cyber security?
• Which prevention and detection technologies are worth investing in?
• How can CISOs engage other silos in the organization over security measures?
• How are cyber security threats likely to develop in future?

Deborah Wheeler
, Cheif Information Security Officer, Delta Airlines
Vito de Santis,
Director ICS/PCI Security, Risk & Compliance, MTA New York City Transit
Senior representative, Rockwell Collins
Senior representative, Waterfall
Networking coffee break

Operational staff are key to providing the first line of defense against safety and security incidents. Digital monitoring and data analysis can provide the first signs that an incident will occur, while communications infrastructure is crucial for keeping the transportation network moving during a crisis. This session will bring operations leaders together to discuss how safety and security affect them.
4:25pm  Operating both effectively as well as safely and securely
• Minimizing disruption to service when introducing new security technologies, standards, and procedures
• Operating during emergencies: what is the minimum acceptable level of service?
• What’s your back up plan when things go wrong?
 4:40pm  Strengthening digital infrastructure as the basis for effective safety and security operations
• How do remote sensors help operators identify risks efficiently?
• Communications infrastructure needed for smarter operations
• Accessing data in a timely manner to impact decision making capabilities
April Danos, Director of Information Technology, Greater Lafourche Port Commission, LA
4:55pm   Implementing a safety management system
Dave Goeres, Chief Safety, Security, and Technology Officer, Utah Transit Authority

Security as a global threat
• The challenges caused by the international nature of transportation.
• An overview of different major jurisdictions and their approaches to security regulation.
• How can transportation providers and international governing bodies work together to build a security framework?
David Wilt, Board Member, Transported Asset Protection Association
Scott Cornell,
Board Member, Transported Asset Protection Association


Panel discussion: Operational effectiveness for safety and security
• How can security awareness become business as usual?
• How can data analytics increase efficiency?
• What is the potential of 5G communications technology?
• Gaining the best ROI by balancing technological with traditional solutions

April Danos, Director of Information Technology, Greater Lafourche Port Commission, LA
Dave Goeres, 
Chief Safety, Security, and Technology Officer, Utah Transit Authority
David Wilt, 
Board Member, Transported Asset Protection Association
Scott Cornell, 
Board Member, Transported Asset Protection Association


Networking drinks reception 

  Day 2

Security threats are becoming more numerous and more complex, and high profile cases of companies being hacked are becoming daily news features. Transportation leaders are waking up to the reality that security breaches have the potential to cause billions of dollars in lost revenue, damage trust and reputation, and cause major loss of life among staff and the general public. This session will bring together leaders from multiple modes of transportation to discuss how to make safety and security priority from the top down.
8:30am  Taking security seriously: why it’s not just the CISO’s responsibility
• Measuring financial impact of safety and security incidents
• Justifying spend on security measures: demonstrating ROI
• Taking security into account in and procurement and stakeholder relationships
 8:45am Engaging with employees to build an effective company-wide security and safety culture
• Do employees take security as seriously as they should?
• How can the senior leadership team lead from the top?
• Internal training, technology, and processes

Shawn Wilson, Director, Louisiana Department of Transportation

9:00am  Dealing with media and public relations during a security or safety crisis
• The difficulty of keeping security and safety incidents out of the media
• How does bad PR add additional costs to the fallout from an incident?
• Problems caused by fake news and the spread of misinformation
9:15am  Setting solid risk management principles
• Accepting that risks are unpredictable and can never be fully mitigated
• Identifying priority areas to protect: what’s mission critical?
• Business continuity: planning for incidents and maintaining a high quality service when things go wrong

Panel discussion: Safety and security as a strategic priority
• How has ransomwear changed the nature of the security threat?
• Are shareholders and senior leadership teams aware of the financial costs of insufficient security?
• How can CISOs and CIOs engage others in the organization over security?
• Do all security incidents get reported? What is the right approach?

Shawn Wilson, Director, Louisiana Department of Transportation

Networking coffee break 

As transportation becomes digitized, the lines are becoming blurred between physical and digital threats. Transportation operators also have access to new technologies and techniques for conducting physical security monitoring more efficiently while keeping their networks moving.
 10:30am  Preparing for “hybrid attacks” – combined threats to digital and physical security
• Assets as cyber-physical hybrids becoming more vulnerable to security threats
• Cyber and physical safety: no longer separate concerns
• How can cyber breaches provide criminals and terrorists with the information they need to carry out physical attacks?
10:45am   Keeping transportation moving while bolstering safety and security measures
• The downsides of safety and security measures for efficiency in moving goods and people
• What levels of screening can be introduced on mass transit?
• Using technology to screen and monitor more thoroughly and efficiently
Christopher Trucillo, Chief of Police, New Jersey Transit
11:00am  Video analytics: becoming more proactive rather than reactive towards threats
• Current and future capabilities of video analytics
• The bandwidth and infrastructure needed to make video analytics a reality
• The opportunities of edge analytics for scalability and efficient decision making
Sean Ryan, Chief Security Officer, MTA Metro North Railroad
 11:15am Passenger behavior analysis in terminals, stations, and vehicles: predicting threats before they occur
• The increasing variety of threats and the need for smarter, risk based screening
• How could risk based screening improve transportation efficiency?
• Assessing behavioral indicators and identifying risks
11:30am  Panel discussion: Developing a more proactive approach to physical security
• How are physical threats evolving?
• Is screening possible across all modes of transportation?
• What are the new technologies to look out for?
• What is the answer beyond new technologies?

Christopher Trucillo, Chief of Police, New Jersey Transit
Sean Ryan,
Chief Security Officer, MTA Metro North Railroad
Networking lunch

Your staff and customers are both some of your weaknesses and greatest assets in protecting against safety and security risks. This session will enable you to discuss your mutually-shared challenges with like-minded colleagues to come up with solutions to the challenge of outreach and engagement, both internally and externally.

Finding the right cybersecurity expertise for your organization
• Who should you recruit? Know the expertise you need, and finding those professionals
• Cybersecurity as a team sport: Training and awareness for the workforce
• Thinking about the future: what should our children know about cybersecurity?
Lynne Clark, Chief, National Information Assurance Education and Training Program, NSA

 1:00pm Crisis management
• Preparing staff for emergency situations
• Having the communication links in place with authorities and first responders
• Investing in technology for effective crisis management
 1:15pm Public engagement: education, outreach, and technology for reducing safety and security incidents
• Outreach to increase public awareness of safety and security threats
• Making use of social media and customer communication channels for detection and emergency coordination
• Avoiding panic and misinformation
Stephen Covey, Chief of Police and Chief Security Officer, CN Railway
 1:30pm Panel discussion: The human factor of security
• What technologies can be used to monitor and identify at-risk staff members?
• What do staff struggle most with when it comes to security?
• How can security teams keep staff up to date with evolving threats?
• What are the best channels for engaging with staff and the general public?

Lynne Clark, Chief, National Information Assurance Education and Training Program, NSA
Stephen Covey, Chief of Police and Chief Security Officer, CN Railway



End of TSSX