|Connect Security World||Smart Security Week Innovation Live|
PLENARY GRAND OPENING
Keynotes & panels addressing transversal topics of the Smart Security Week conferences
|Track1: Secure Technologies
||Track 2: Secure IoT Implementation
|360° Views on IoT Security|
|Embedded Security Frameworks Advances||IoT in the Entreprise:
|Crypto Advances in IoT Context||IoT Certification & Trust Frameworks
(Jointly with Identity & CyberSecurity Innovation World)
|End-to-end security for IoT Networks|
|Blockchain for IoT Security|
|AI for Cybersecurity
(Jointly with Predictive Security World)
Common to the co-located conferences forming Smart Security Week, the Grand Opening will be addressing the global move to put the consumer and citizen back in control of their data at multiple levels (citizen ID, customer ID, IoT devices ID, social network ID etc.).
This non-technical plenary session will explore both the latest privacy and data protection initiatives –policies, regulations, standards…– and their related societal and economic challenges.
On stage, several keynotes from high-level representatives of the EU, US, international organizations and other countries, as well as private sector representatives.
● Service providers perspective of helping customers deliver privacy and compliance in the cloud
● The mechanisms AWS offers its customers to help with their compliance programs and the GDPR
● Digital Sovereignty- as answer to the behavior of China and US
● Security Certification (in reflection of the Cybersecurity Act)
● Role of ENISA
● Further Harmonization in EEA
● Incident Shaping and Reporting
● Encryption – cooperation with law enforcement
|Smart Security Week Innovation Live
2.00pm: Exhibition Opening
• Emerging security challenges, such as compromised IoT devices or malicious actors attempting to manipulate the flow of information
• Three step approach for IoT Security that can be easily implemented, maintained and upgraded
• Turnkey device to cloud solution
• IoT Security requires a variety of approaches to be successful
• IoT Security is also not a “one and done” approach, it requires active, long-term security lifecycle management
• Holistic approach to IoT security that includes security design and evaluation, a robustsecurity technology foundation and an ongoing security lifecycle management approach to protect IoT investments
• IoT certification to provide some assurance that a product’s security is sufficient starts from a blank page, with limited incentives, no dedicated schemes, and a large number of high-level recommendations that are in many cases quite useless in practice.
• Review of some incentives, including regulation with the EU Cybersecurity Act and its limitations, business requirements with the Charter of Trust
• Guidelines and assessment packages, like the one provided by the IoT Security Foundation, and to standards like IEC62443
• Approaches for building certification of complex products and services, such as ECSO’s proposed meta-scheme
• Today’s digital IoT landscape and the challenges it faces due to the level of new players, devices and cloud platforms.
• The roles service providers, IoT device makers and cloud platform providers need to play for the IoT landscape to reach its full potential
• Why GlobalPlatform is calling on industry stakeholders to collaborate on their efforts to secure the IoT ecosystem
• Lightweight Software Security solution for internet-facing embedded devices
• Lightweight OTA secure firmware update
• Increased reliability, security and maintainability of embedded software
• Limited impact on memory footprint and performances
• Overcoming the discrepancy between the technical complexity of the devices and their security features and the technical expertise of the connected device developer
• Using the notion of Root of Trust as abstraction of the security features
• Extending the Root of Trust to the notion of IoT Platform,
• How this layered approach allows us to organize a security supply chain with a clear definition of responsibility between stakeholders, enabling efficient development and certification for connected devices.
• Physical security a major problem, but physical security awareness is even bigger
• The typical employer/employee security awareness relationship is a quarterly “date night” at maximum.
• The mere physical presence of employees in an office means instant firewall bypass
• Empowering your headcount with security knowledge tailored to their level of understanding is some of the most important training an organization can provide
• IoT customers are often unsure of the security measures implemented for their solution
• GSMA developed a free-to-use IoT security assessment scheme
• The scheme can help expose weak links in IoT solutions
• The scheme can also be used to measure the security of IoT services
• Standardisation activities in Germany on Home IoT Devices
• Regulatory aspects
• Certification issues and labelling for IoT devices
• Growing concerns for security of IoT and smart home devices of consumers
• Recent advancements in IoT technology enabling new smart home functions
• How new devices can be added into an ecosystem with legacy, backwards-compatible devices in a secure way
• First automated testbench on security assessment for the communication channels on
• First offer in the mainstream for security (self-) assessment
• First use case applied to the smart home connected products
• Available demonstration on a HUE lamp (known vulnerabilities)
• Memory based attacks are on the rise because they offer criminals the most ROI
• Learn two of the most relevant, common ways memory attacks occur
• Learn how the exact techniques to be better protected against memory attacks immediately
• PKI is one of the fundamental technologies for IT security
• PKI can be applied with existing best practices to IoT
• PKI assist in securing the whole IoT product lifecycle, including…
• Secure supply chain, bootstrapping, operations and software updates
• A disruptive symmetric encryption algorithm based on provable security and not using a crypto algorithm
• Attractive for the low-end IoT devices who might not be able to afford crypto-hardware to run AES or other crypto algorithms
• A method adding to security where ‘normal’ crypto wouldn’t be applicable anyway
• New standardized mechanism for access control using strong and advanced cryptography, namely Attributed-Based Encryption (ABE)
• Presentation of IoT4CPS and SECREDAS National and H2020 projects dealing with cyber security in the IoT and CPS domain
• Where are those ABE mechanisms most useful?
• Security of ‘simple’ iot devices explained
• Assuring the security of iot devices
• How to develop secure iot devices
• Mobile security by software
• ETSI CYBER role
• The example of cloud-based payment
• The example of FIDO
• How to make data secure in Internet of Things
• Freedombox an open source server operating system use case in accessing IoT devices even without internet
• Overview on 5G services (massive IoT, low latency, ultra-high bandwidth, …)
• Opportunities for new Security Solutions with 5G
• Assessment of the Attack Surface with 5G Networks
• Authentication and Evolution of the SIM with 5G
• For the connected era to succeed priority must be given to securing the edge
• Security has traditionally focused on protecting data center infrastructure: that approach needs to change to deliver a holistic approach, from the data centre to the edge.
• Ultimately, applications and data are what we need to protect. Applications are the new focus and alignment with application teams to deploy containers and DevOps will fuel this model
• End to end data protection from device to industrial applications, leveraging on low power network, targeting compliance with GDPR
• Evaluation done in collaboration with the City of Antibes and Juan-les-Pins, on their water distribution network, and SIGFOX
• Distributed ledgers in systems with limited performance.
• Distributed ledgers as platforms for alternatives to PKI
• Advancements required for the technology to become a viable platform
• Discussion regarding the possibilities of creating a fully decentralized certificate authority using smart contracts
● How do users make decisions that can expose them to cyber-threats?
● Deep dive into the human and psychological factors of the insider threat.
● Detecting cognitive biases in human cybersecurity behavior: user behavior analytics.
● Can cognitive learning applications help online users to self-regulate their cybersecurity behavior?
● Breached identity information is changing the nature of global cybercrime
● Merchant-specific trends in global cybercrime
● Different approaches to protect against identity abuse and fraud attacks.
● Infrastructures of the financial sector are increasingly vulnerable to security attacks
● FINSEC EU project: Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures
● Introducing a novel standards-based reference architecture for integrated (cyber & physical) security
● Concept of “Goldilocks Zone” and “Ensuring Good”
● Difference to the established security solutions
● VMware AppDefense solution based on Hypervisor technology
● Usecases with NFV, IoT and EdgeComputing
• Artificial intelligence and machine learning are everywhere, but overused and misunderstood
• Learn about the history and subfields of AI and ML and how the tech applies to various industries
• AI is imperative to solving IoT scalability challenges from worker shortages and overwhelming malware creation