About the Event
Â
Hack the Capitol is a cybersecurity conference held annually in the Washington DC area, focused on the security of industrial control systems. The event provides policymakers, think tanks, and the media with an opportunity to listen to leading voices in ICS security and the broader world of cybersecurity and gain hands-on experience. It aims to connect technical experts with policy staffers — and vice versa.
Day 1
Morning
Check out the archived recordings of the event!
Day 2
Morning
Afternoon
Track I: Policy Panels and Presentations
Policy, strategy, and governance-focused panels and presentations, including keynotes and fireside chats by leading government officials.
Agenda: May 30, 2024
| 9:00 – 9:45 am | Doors open |
| 10:00 am | Conference Opening and Introduction Bryson Bort |
| 10:30 am | Fireside Chat Congressman Brad Finstad and Ron Gula, President and Founder of Gula Tech Adventures |
| 11:30 am | Operation Cyber Shield: Expanding Department of Defense Authorities to Safeguard U.S. Critical Infrastructure Moderator: Alison King, Forescout Panel: HON Lucian Niemeyer, former DOD Assistant Secretary of Defense, BuildingCybersecurity.org, RADM Mark Montgomery (Ret.), Foundation for Defense of Democracies, and Michael G. McLaughlin, co-leader of the Cybersecurity and Data Privacy Practice Group and Principal Policy Advisor at Buchanan Ingersoll & Rooney PC. |
| 12:30 pm | Lunch |
| 1:30 pm | Adversarial Technomics: Identifying and Mitigating Economic and Intellectual National Security Threats When Commercializing High Tech Innovations Moderator: Robert J. Shaughnessy, CEO, Psymetis, Inc. Panel: Jeff Jones, Psymetis, Inc., Jonathan Cook, Idaho National Laboratory, and David Aaron, Perkins Coie LLP. |
| 2:30 pm | The Evolving Threat Landscape for Critical Infrastructure Moderator: RADM Mark Montgomery (RET.), Senior Director of the Center on Cyber and Technology Innovation, Foundations for the Defense of Democracy Panel: Matt Hayden, Former Assistant Secretary of Homeland Security for Cyber, Infrastructure, Risk, and Resilience Policy, Audrey Adams, MITRE, Col. Gerald Mazur, Deputy Commander, 91st Cyber Division of the VA National Guard, and Alexandra Seymour, Staff Director, Cybersecurity and Infrastructure Protection subcommittee, House Homeland Security Committee. |
| 3:30 pm | Fireside Chat Deputy Homeland Security Advisor Caitlin Durkovich, National Security Council and Evan Wolff, Partner, Crowell LLP |
| 4:20 pm | Closing |
| 5:00 pm | Reception |
Agenda: May 31, 2024
| 9:00 – 9:45 am | Doors open |
| 10:00 am | Opening Remarks Bryson Bort |
| 10:20 am | Raise the drawbridge! Rethinking critical infrastructure cybersecurity in an unstable world Moderator: Steve Kelly, Institute for Security and Technology Panel: Chris Butera, Technical Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency, Kate Ledesma, Head of Public Policy & Government Affairs, Dragos, Bilyana Lilly, RAND researcher, Warsaw Security Forum cyber chair, and NightDragon advisor, Andrew Stewart, Senior National Security Strategist, Cisco Systems, and Virginia “Ginger” Wright, Department Manager for Research Accelerator and Cyber-Informed Engineering Program Manager, Idaho National Lab. |
| 11:30 am | NEXT STEPS – The Cybersecurity Posture of the United States Moderator: Alison King, Forescout Panel: Bishop Garrison, INSA, John Quigg, JHU APL, and Chris Reid, Elastic, and Brian Schultz, CyberAlphas. |
| 12:30 pm | Lunch |
| 1:30 pm | Press Views on Critical Infrastructure  Moderator: Sam Sabin, Axios Panel: Derek Johnson, CyberScoop, John Sakellariadis, Politico, and Sara Friedman, Inside Cybersecurity. |
| 2:30 pm | Panel |
| 3:30 pm | Hacking CNI Risks with VCs? Moderator: Pete Cooper, Former Deputy Cybersecurity at UK Cabinet Office Panel: Justin Label, Inner Loop Capital, and Dr. Emma Stewart, Idaho National Labs. |
| 4:30 pm | Closing remarks |
Track II: The Boardroom
A series of half-hour individual sessions, each of which will dive deep into leading issues in ICS security. Topics include the corporate, legal and regulatory environment, and specific technical or operational details.Â
Agenda: May 30, 2024
| 9:00 – 9:45 am | Doors open |
| 10:00 am | Global Humanitarian ISAC–Defending the Vulnerable on the Front Lines Mike Clauser, Ark |
| 10:30 am | Defensive Tensions in Critical Infrastructure Defense Joe Slowik, MITRE |
| 11:00 am | Respond! Recover! Understanding OT Cyber Incidents in Manufacturing Dr. Lynette F. Wilcox and Stephanie Saravia, NCCoE/MITRE |
| 11:30 am | The In(sights) and Out(comes) of OT Security Program Build Outs Jonathan Schoelwer, OT/ICS Cyber Security Analyst |
| 12:00 pm | How Hackers Send Input to Policymakers like the Pros Harley Geiger and Casey Ellis, Venable LLP |
| 12:30 pm | Lunch |
| 2:00 pm | Bridging the Cybersecurity Skills Gap: Empowering the Next Generation with ICS/OT Expertise Eric Belardo, RaĂces Cyber Org |
| 2:30 pm | Tales from the Front Lines: Ukraine, GPS, and The Struggle to Keep a Power Grid Resilient in a War Joe Marshall, Cisco Talos |
| 3:00 pm | After the Gates have Fallen: The Potential of a Cybersecurity Breach at a Wastewater Facility Andrew Krapf, Loudoun Water |
| 3:30 pm | Getting Started in Industrial (ICS/OT) Cyber Security Mike Holcomb, Fluor |
| 4:00 pm | Product Security or: How I Learned to Stop Worrying and Love the SBOM Kyle McMillian, Siemens AG |
| 4:30 pm | Stop Assessing, Start Addressing: Priorities for Critical Infrastructure Cybersecurity in 2024 Chuck Weissenborn, Dragos |
| 5:00 pm | Reception |
Agenda: May 31, 2024
| 9:00 – 9:45 am | Doors open |
| 10:00 am | Cooperation for the Flag: Innovating Cyber Exercise Approaches Flavio Costa, Inter-American Defense Board |
| 10:55 am | Critical Infrastructure Intelligence Challenges Chris Sledjeski, MITRE |
| 11:30 am | Achieving Memory Safety Now Joe Saunders, RunSafe Security |
| 12:30 pm | Lunch |
| 2:00 pm | Managing Cyber Risk in OT Networks Michael Frank, Boston Consulting Group / USMCR |
| 2:30 pm | Policy Hacking as Market Hacking: The Future of Product and OT Security Policy as a Case Study Dr. Amit Elazari, OpenPolicy |
| 3:00 pm | Cyber Threats from the Trenches: Ukraine’s experience Ihor Malchenyuk, Director of Cyber Defense Department, SSSCIP (State Service for Special Communications and Information Protection of Ukraine) |
Track III: Technical Talks
Also known as the Beer-ISAC, this featured series of half-hour individual sessions is dedicated to peer-to-peer information sharing.
Agenda: May 30, 2024
| 9:00 – 9:45 am | Doors open |
| 10:00 am | OT SecOps and Unveiling New Critical Developments in Our Critical Infrastructure Threat Landscape Adam Robbie, Palo Alto Networks |
| 10:30 am | Whose Role Is It Anyway? Public perceptions on CI defense Mark Bristow, MITRE |
| 11:00 am | Navigating the Maze: Prioritization and Reporting in Critical Infrastructure Cyber Recovery Paul Shaver, Mandiant | Google Cloud |
| 11:30 am | OT Asset Inventory Methodologies and Why it Matters Roya Gordon, Hexagon |
| 12:00 pm | Secure by Design, What it Means, and What It Takes Mehdi Tarrit Mirakhorli, University of Hawaii at Manoa |
| 12:30 pm | Lunch |
| 1:30 pm | The Power of AI-Enabled Defensive Documentation Jace Powell, Fortress Information Security |
| 2:00 pm | Glaring Vulnerabilities in the Automotive Ecosystem: Hacking Everything from a Car to a Country’s EV Infrastructure Ayyappan Rajesh, Zscaler |
| 2:30 pm | “Go Away or I Will Replace You with a Very Small Shell Script”: AI-assisted Cyber Targeting Sarah Freeman and Walker Dimon, MITRE |
| 3:00 pm | Liberty Eclipse: The Value of Immersive Cyber Defense Exercises Michael Toecker |
| 3:30 pm | How to Develop a CTF Kate Vajda, Dragos, and Kenny Warren, Grimm |
| 4:00 pm | Bridging the Gap: Enhancing OT Cybersecurity in Critical Infrastructure Aaron Crow, MorganFranklin Cyber |
| 4:30 pm | How Resilience Has Changed – Chaos Engineering for Critical Systems James Cabe, ZPE Systems |
| 5:00 pm | Close |
Agenda: May 31, 2024
| 9:00 – 9:45 am | Doors open |
| 10:00 am | Watts at Stake: Understanding Cybersecurity Risks to Virtual Power Plants Nik Urlaub, National Renewable Energy Laboratory |
| 10:30 am | ICS4ICS: Incident Response Program Overview Erik Peterson, Idaho National Lab and ICS4ICS |
| 11:30 am | The Mystical OT Security Budget and Where to Find It Dr. Tomomi Aoyama, Omny |
| 12:00 pm | Engineering-In Cyber Virginia “Ginger” Wright, Idaho National Laboratory |
| 12:30 pm | Lunch |
| 1:30 pm | MITRE EMB3D: Combating Threats to Critical Infrastructure Devices Jack Cyprus, MITRE |
| 2:00 pm | Threat Hunting Does Not Have to be Hard Don Weber, Cutaway Security, LLC |
| 2:30 pm | Simple Mental Models for Better Cybersecurity Policy and Comprehension Sounil Yu, Knostic |
| 3:00 pm | Secure PLC Coding – are we there yet? Vivek Ponnada, Nozomi Networks |
Featured speakers
Bryson Bort, ICS Village
Congressman Brad Finstad (MN-1)
Ron Gula, President and
Founder of Gula Tech Adventures
Alison King, Forescout
HON Lucian Niemeyer, former DOD Assistant Secretary of Defense, BuildingCybersecurity.org
Michael G. McLaughlin, co-leader of the Cybersecurity and Data Privacy Practice Group and Principal Policy Advisor at Buchanan Ingersoll & Rooney PC, and RADM
Mark Montgomery (Ret.), Foundation for Defense of Democracies
Robert J. Shaughnessy, CEO, Psymetis, Inc.
Jeff Jones, Psymetis, Inc.
Jonathan Cook, Idaho National Laboratory
David Aaron, Perkins Coie LLP
Steve Kelly, Institute for Security and TechnologyÂ
Chris Butera, Technical Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency
Kate Ledesma, Head of Public Policy & Government Affairs, Dragos
Bilyana Lilly, RAND researcher, Warsaw Security Forum cyber chair, and NightDragon advisor
Andrew Stewart, Senior National Security Strategist, Cisco Systems
Virginia “Ginger” Wright, Department Manager for Research Accelerator and Cyber-Informed Engineering Program Manager, Idaho National Lab
Sam Sabin, Axios
Derek Johnson, CyberScoop
John Sakellariadis, Politico
Sara Friedman, Inside Cybersecurity
Anjana Rajan, Assistant National Cyber Director for Technology Security The White House
Justin Label, Inner Loop Capital
Dr. Emma Stewart, Idaho National Labs.
Mike Clauser, Ark
Joe Slowik, MITRE
Dr. Lynette F. Wilcox and Stephanie Saravia, NCCoE/MITRE
Jonathan Schoelwer, OT/ICS Cyber Security Analyst
Harley Geiger and Casey Ellis, Venable LLP
Eric Belardo, RaĂces Cyber Org
Joe Marshall, Cisco Talos
Andrew Krapf, Loudoun Water
Mike Holcomb, Fluor
Kyle McMillian, Siemens AG
Chuck Weissenborn, Dragos
Flavio Costa, Inter-American Defense Board
Chris Sledjeski, MITRE
Joe Saunders, RunSafe Security
Michael Frank, Boston Consulting Group / USMCR
Dr. Amit Elazari, OpenPolicy
Adam Robbie, Palo Alto Networks
Mark Bristow, MITRE
Paul Shaver, Mandiant | Google Cloud
Roya Gordon, Hexagon
Mehdi Tarrit Mirakhorli, University of Hawaii at Manoa
Jace Powell, Fortress Information Security
Sarah Freeman and Walker Dimon, MITRE
Michael Toecker, Department of Energy
Kate Vajda, Dragos,
Kenny Warren, Grimm
Aaron Crow, MorganFranklin Cyber
James Cabe, ZPE Systems
Nik Urlaub, National Renewable Energy Laboratory
Erik Peterson, Idaho National Lab and ICS4ICS
Dr. Tomomi Aoyama, Omny I
Virginia “Ginger” Wright, Idaho National Laboratory
Jack Cyprus, MITRE
Don Weber, Cutaway Security, LLC
Sounil Yu, Knostic
Vivek Ponnada, Nozomi Networks
Â
