Preparing for the EU’s Digital Operational Resilience Act
Join the Business Resilience Council (BRC) for key findings from a recent white paper that aligns the Operational Resilience Framework (ORF) and compliance with the EU’s Digital Operational Resilience Act (DORA), going into effect January 17, 2025.
The white paper covers how the ORF can help establish a comprehensive resilience strategy that strengthens an organization and its critical vendors. This integrated ORF/DORA approach will also help organizations navigate future regulatory requirements beyond January 2025.
Participants in the BRC’s operational resilience tabletop exercise on December 11 may also wish to attend this meeting in preparation for that event.
Cyber & Physical Activity Targeting the U.S. Election & Major Geopolitical Events
Join the Business Resilience Council and analysts from RANE Network for presentations on violent activism and extremism surrounding the U.S. presidential election and the transfer of power. Additionally, analysts will cover hacktivism and malicious cyber activity by state actors and their proxies around the election and other current geopolitical events.
Speakers:
Sam Lichtenstein, Director of Analysis at RANE
Ali Plucinski, Cyber Analyst at RANE
Chris Denning, BRC Program Director and CSO at GRF
Brian Katula, Director of Operational Resilience at GRF
OT Security Training Program
Join us to learn more about how to secure your OT environment. Attendance is free, as are the associated training, tools and resources.
Dragos OT-CERT and MFG-ISAC have teamed up to provide free training and resources for your organization.
MITRE Presents Tools to Defend Critical Infrastructure
Join the Business Resilience Council and MITRE’s Center for Threat-Informed Defense as we apply MITRE ATT&CK® techniques to operational technology (OT) environments. We will share:
A collection of unique adversary behaviors from MITRE ATT&CK® for Enterprise and ATT&CK for ICS
A reference architecture and practical examples to assess vulnerabilities, helping you to design secure IT/OT hybrid systems.
Methodologies and tabletop exercises for testing OT defenses.
Attendees will gain practical insights into using ATT&CK to make informed decisions when defending hybrid IT/OT infrastructures against cyber threats.
OT Security Training Program
Join us to learn more about how to secure your OT environment. Attendance is free, as are the associated training, tools and resources.
Dragos OT-CERT and MFG-ISAC have teamed up to provide free training and resources for your organization.
Middle East Geopolitical Threat Webinar
The BRC will host a briefing on turmoil in the Middle East, as well as the potential for extremism and terrorism in the United States. The briefing will be followed by a tutorial on the Operational Resilience Framework (ORF), to prepare participants for the upcoming complimentary multi-sector ORF tabletop exercise on September 12, 2024.
The Google Cloud Threat Horizons Report
Join the GRF Business Resilience Council on July 31 for a presentation by Google on their Cloud Threat Horizons report. Google's Crystal Lister will cover major categories from the report including:
Cryptomining as Consequence
Countering Ransomware Attacks and Data Theft
Shining Lights with Logs
APT Actors in the Cloud
Boosting Supplier Security - Free Training for your Direct Suppliers
Small and medium-sized suppliers make up the backbone of the manufacturing supply chain. While they are an indispensable part of that supply chain, and the manufacturing ecosystem as a whole, they often suffer from a lack cybersecurity, especially as it pertains to their operational network environments. This can lead to significant operational and business risk to the larger upstream manufacturers.
Dragos Operational Technology Cyber Emergency Readiness Team (OT-CERT) and the Manufacturing Information Sharing and Analysis Center (MFG-ISAC) have teamed up to provide free training and resources for these small and medium-sized suppliers. Join the webinar to learn more about how your organization can connect your suppliers to the security help they need. Attendance is free, as are the training and resources the partnership offers.
Strategic Defense: How Senior Leaders Plan for Operational Resilience
Dan Devroye Managing Director, Head of Control, Strategy & Innovation for Global Security at JPMorgan
Chase Brian Geffert former Global CISO, current Principal - Cybersecurity Services at KPMG
David LaFalce Managing Director - Strategy, Planning & Transformation at Wells Fargo
Trey Maust Chairman at Lewis & Clark Bancorp
Cybersecurity and operational resilience leaders from banking and professional services discussed risk, security, and resilience and how understanding of business and customer needs reduces the potential for cascading impacts.
Watch the full 2024 Business Resilience Council Virtual Summit at https://www.grfbrc.org/brc-summit-on-resilience-security
Shifting Geopolitical Patterns: Navigating a Multipolar World
Rodger Baker Executive Director, Stratfor Center for Applied Geopolitics at RANE
Understanding the shifting geopolitical landscape is critical to identify risk (and opportunity) for internationally engaged enterprises. A multipolar world is a more fractured world, one where regulations, political and economic alignment, and security dynamics can change rapidly. Rodger Baker discussed ways to identify geopolitically-driven risk, implications for international business, and ways to anticipate and adapt to an increasingly volatile international arena.
Watch the full 2024 Business Resilience Council Virtual Summit at https://www.grfbrc.org/brc-summit-on-resilience-security
Fortifying Our Critical Infrastructure for a Digital World
Phil Venables VP at Google and Chief Information Security Officer at Google Cloud
Phil Venables discussed the shift from security to resilience, the recommendations on cyber-physical resilience from the President’s Council of Advisors on Science and Technology (PCAST), and organizational responsibilities to help fortify resilience of critical infrastructure and services. Download session slides
Watch the full 2024 Business Resilience Council Virtual Summit at https://www.grfbrc.org/brc-summit-on-resilience-security
Wiperware and Operational Resilience: What Have We Learned
Chris Denning Chief Security Officer at Global Resilience Federation
Brian Katula Technical Project Manager at Global Resilience Federation
Mark Orsi CEO at Global Resilience Federation
This spring GRF held two table top exercises to assess organizations’ resilience after a simulated wiperware incident. In addition to IT operations and risk, exercise components included media management, law enforcement and regulatory engagement, and an examination of operational prioritizations. With hundreds of participating organizations, the event helped inform on the state of incident management and operational resilience today. Join the GRF Business Resilience Council team for an examination of exercise findings and learn the takeaways that surprised GRF analysts.
Watch the full 2024 Business Resilience Council Virtual Summit at https://www.grfbrc.org/brc-summit-on-resilience-security
Fireside Chat with Former DHS Secretary Kirstjen Nielsen
Kirstjen Nielsen former U.S. Secretary of Homeland Security
Bill Nelson Chairman at Global Resilience Federation
GRF Chairman Bill Nelson hosted a fireside chat with former U.S. Secretary of Homeland Security Kirstjen Nielsen. The discussion included the evolution of threats in recent years, the current geopolitical climate, and how government and the private sector are working together and what more could be done.
Watch the full 2024 Business Resilience Council Virtual Summit at https://www.grfbrc.org/brc-summit-on-resilience-security
BRC Virtual Summit on Resilience & Security
Join GRF’s Business Resilience Council for our 1st Annual Summit on Resilience & Security. The online, multi-sector event will feature speakers discussing topics relevant to all-hazards threats.
Demystifying Segmentation: Real-World Solutions for Network Security
Join GRF and Zero Networks' Nicholas DiCola for a presentation on network segmentation.
The need for network segmentation has been punctuated by evolving regulatory and compliance requirements, and new zero trust guidance from the NSA and CISA. While network segmentation has historically been reserved for large and/or mature organizations due to complex and costly implementations, there are practical steps organizations of all sizes and maturity levels can take to secure their networks.
Join us for an actionable segmentation strategy session with real world examples of how organizations have effectively defended against ransomware and lateral movement, while satisfying compliance requirements.
This complimentary webinar is TLP: CLEAR
BRC Overview, Activities, and Resilience & Security Updates
Join the GRF Business Resilience Council (BRC) for an overview of the BRC, a discussion and call to action for upcoming activities and focus, and a presentation on the latest security, resilience and geopolitical threats.
This event is TLP: CLEAR
In addition to the above, we invite you to register for a free Payments Disruption Exercise examining the operational resilience of organizations when faced with a wiperware attack that disrupts payments processors.
Semiannual Ransomware Report & Geopolitical Updates
Join the GRF Business Resilience Council (BRC) for a briefing on the soon-to-be-released Semiannual Ransomware Report – GRF’s popular biannual report on ransomware gangs, successful sector attack statistics, and trend analysis pulled from open sources and closed criminal forums. Analysts will also provide geopolitical updates as time permits.
This event is TLP: CLEAR
Stop VPNs from becoming Virtual “Public” Networks
Join GRF and Zero Networks' Nicholas DiCola for a presentation on VPN security.
According to Top10VPN, in 2023 alone, 133 VPN vulnerabilities were disclosed and at least 20 are known to have been exploited – as evidenced by recent headlines involving Cisco, Ivanti, and others. The period from when these vulnerabilities are disclosed to the point they are patched (if at all), poses a major potential security risk for many organizations.
Join this webinar to:
• Better understand why VPNs are explicitly targeted.
• Consider several of the underlying flaws common to most VPNs.
• Discuss risk mitigation strategies and alternative solutions.
This complimentary webinar is TLP: CLEAR
Business Impacts From Civil Unrest, Activism and Extremism Entering the 2024 US Presidential Election Cycle
Join the BRC on January 24th at 2pm ET for a webinar on the potential for civil unrest, activism and extremism surrounding the 2024 US Presidential Election cycle.
Foresight Chief Analyst Harris Stephenson will provide a forecast on civil unrest, activism and extremism, as well as potential business implications. He'll cover how to monitor these threats and how to protect your organization and personnel. Stephenson will take questions at the end of his presentation.
In addition, BRC analysts will provide geopolitical analysis and present on an upcoming complimentary tabletop exercise examining operational resilience of business processes in the face of cyber disruption.
This webinar is TLP: CLEAR