Conference Description
Key Takeaways
- Fifteenth edition of a summit dedicated to cybersecurity for critical infrastructure sectors including energy, utilities, water, and transportation
- Addresses IT/OT convergence, industrial control systems security, and the expanding attack surface facing essential services
- Designed for CISOs, security architects, and senior cybersecurity leaders from asset-owning organisations
- Explores AI applications in cybersecurity, secure remote access, vulnerability management, and disaster recovery
- Features keynotes, panel discussions, roundtables, and structured networking at the Marriott Marquis Houston
Introduction
The CS4CA USA Summit returns for its fifteenth edition, bringing together senior cybersecurity professionals responsible for protecting the systems that underpin American critical infrastructure. As operational technology environments become increasingly connected and geopolitical tensions reshape the threat landscape, the summit provides a forum for security leaders from oil and gas, energy, utilities, water, mining, chemical, and transportation sectors to exchange knowledge and develop practical strategies for defending essential services.
The two-day event takes place at the Marriott Marquis Houston and is structured around executive-level engagement, combining keynote presentations with panel discussions, roundtable sessions, and dedicated networking opportunities. Its focus on peer-to-peer learning distinguishes it from vendor-dominated conferences, creating an environment where practitioners can discuss real-world challenges with counterparts facing similar operational realities.
The Convergence of IT and OT Security
One of the central themes running through the summit is the ongoing convergence of information technology and operational technology environments. Historically, industrial control systems operated in isolation, separated from corporate networks and the broader internet by physical and logical boundaries. That separation has eroded significantly as organisations pursue digital transformation initiatives, implement remote monitoring capabilities, and integrate cloud-based analytics into their operational workflows.
This convergence creates substantial security challenges. OT systems were often designed decades ago with availability and safety as primary concerns, not cybersecurity. Many legacy programmable logic controllers, distributed control systems, and supervisory control and data acquisition platforms lack basic security features that IT professionals take for granted. When these systems become network-accessible, they inherit vulnerabilities that their original designers never anticipated.
The summit addresses these challenges by examining both technical controls and governance frameworks that can help organisations manage risk across converged environments. Sessions explore how security teams can gain visibility into OT assets, implement network segmentation strategies, and establish monitoring capabilities without disrupting the operational processes that these systems support.
Industrial Control Systems and the Expanding Attack Surface
Industrial control systems security represents a specialised discipline that requires understanding both cybersecurity principles and the operational constraints of industrial environments. Unlike enterprise IT systems, where patches can typically be deployed during scheduled maintenance windows, ICS environments often run continuously with minimal tolerance for downtime. A security update that causes unexpected behaviour in a process control system could have safety implications far beyond data loss or service interruption.
The summit examines vulnerability management approaches suited to these constraints, exploring how organisations can prioritise remediation efforts based on asset criticality and exposure while maintaining operational continuity. Discussions also address the challenge of securing remote access, which has become increasingly important as organisations seek to enable remote operations and reduce the need for on-site personnel at distributed facilities.
Secure remote access solutions must balance operational flexibility with robust authentication, access controls, and session monitoring. The event provides opportunities to examine different architectural approaches and learn from organisations that have implemented these capabilities at scale.
Artificial Intelligence in Critical Infrastructure Defence
The application of artificial intelligence to cybersecurity represents both an opportunity and a challenge for critical infrastructure operators. AI-powered tools can help security teams detect anomalies in network traffic, identify potential threats more quickly, and automate routine analysis tasks that would otherwise consume significant analyst time. In environments where security teams are often understaffed relative to the scope of assets they must protect, these capabilities can meaningfully improve defensive posture.
However, AI also introduces new considerations. Machine learning models require training data that accurately represents normal operational behaviour, and false positives in an OT environment can trigger unnecessary operational responses. The summit explores how organisations are implementing AI-based security tools in industrial settings, examining both the benefits achieved and the practical challenges encountered during deployment.
Incident Response and Disaster Recovery Planning
The increasing frequency and sophistication of attacks targeting critical infrastructure has elevated the importance of incident response and disaster recovery planning. High-profile incidents affecting pipeline operations, water treatment facilities, and power generation have demonstrated that even well-resourced organisations can find themselves responding to significant security events.
Effective incident response in OT environments requires coordination between cybersecurity teams, operations personnel, and often external stakeholders including regulators and law enforcement. The summit addresses how organisations can develop and test response plans that account for the unique characteristics of industrial environments, where the priority during an incident may be maintaining safe operations rather than immediately containing a threat.
Disaster recovery discussions examine how organisations can ensure they can restore critical systems following a significant incident, including considerations around backup integrity, recovery time objectives, and the challenge of rebuilding trust in systems that may have been compromised.
Regulatory Landscape and Compliance Considerations
Critical infrastructure operators face an evolving regulatory environment that increasingly mandates specific cybersecurity practices. Requirements vary by sector, with energy utilities subject to different frameworks than water systems or transportation operators. Navigating these requirements while maintaining operational efficiency presents an ongoing challenge for security leaders.
The summit provides context on regulatory developments and examines how organisations are aligning their security programmes with compliance obligations. Rather than treating compliance as a checkbox exercise, discussions focus on how regulatory requirements can be integrated into broader risk management strategies that deliver genuine security improvements.
Who Should Attend
The CS4CA USA Summit is designed for senior cybersecurity professionals with responsibility for protecting critical infrastructure assets. This includes chief information security officers, directors of IT and OT security, security architects, and cybersecurity engineers working within asset-owning organisations. The event is particularly relevant for professionals navigating the challenges of securing converged IT/OT environments or developing security strategies for industrial control systems.
Solution providers serving the critical infrastructure market also participate, though the event maintains an end-user focus that prioritises practitioner perspectives over commercial presentations. This structure creates opportunities for meaningful dialogue between organisations facing similar challenges and vendors developing solutions to address them.
Industry Participation and Knowledge Exchange
The summit draws participation from organisations including Black & Veatch, Rockwell Automation, Cisco, Honeywell, Fortinet, ServiceNow, Waterfall Security, Darktrace, Claroty, Nozomi Networks, and numerous other technology providers and consultancies active in the critical infrastructure security space. This breadth of participation reflects the ecosystem of capabilities required to secure complex industrial environments, from network segmentation and monitoring to identity management and threat intelligence.
The emphasis on peer-to-peer learning creates opportunities for attendees to discuss challenges candidly with counterparts from other organisations, gaining insights that may not emerge in more formal conference settings. Roundtable sessions and structured networking facilitate these conversations, helping security leaders build relationships that extend beyond the event itself.
Conclusion
As critical infrastructure systems continue their transition from isolated analogue operations to connected digital environments, the security challenges facing these sectors will only intensify. The CS4CA USA Summit provides a dedicated forum for the professionals responsible for addressing these challenges to share knowledge, examine emerging approaches, and develop the strategies necessary to protect the essential services that modern society depends upon.

