Pre-Program – Connect Security World 2018
Connect Security World - Embedding Trust in IoT Systems and Connected Hardware | September 24-26, 2018 – Marseille, France

Pre-Program

This version is continuously updated and enriched with additional speakers: keep posted!
Update: August 1, 2018

DAY 1 - Monday September 24 Afternoon

2.00pm – 6.30pm: Opening Session | 3.50pm – 4.30pm: Coffee & Refreshment Break – Networking – Exhibition

PLENARY GRAND OPENING
Connecting the World with the New Privacy Reality
Heaven or Hell?
(Agenda preview: keep posted on updates)

Common to the co-located conferences forming Smart Security Week, the Grand Opening will be addressing the global move to put the consumer and citizen back in control of their data at multiple levels (citizen ID, customer ID, IoT devices ID, social network ID etc.).

This non-technical plenary session will explore both the latest privacy and data protection initiatives –policies, regulations, standards…– and their related societal and economic challenges.

On stage, several keynotes from high-level representatives of the EU, US, international organizations and other countries, as well as private sector representatives.

Day 1
24 Sep 2018
Jon Shamah

Welcome and Introduction

Part 1 – The Impact on the Citizen and Digital Society

● The end of “Nothing for Something”, how the Information Economy may start to pay its bills

● Consenting Adults? Weighing up the $ benefits of privacy

Day 1
24 Sep 2018

PANEL: Is it the end of the information-based “mega $ corporate”?

Mark Lizar, CEO & Founder, Open Consent, UK
Despina Spanou, Director for Digital Society, Trust and Cybersecurity, European Commission
With Mark Lizar, Despina Spanou (to be confirmed)
Mark Lizar
Despina Spanou

Part 2 – The Impact on Service Providers and Government

● The era of the lost devices, too many end-points?

● Privacy breaches in Public Sector – who pays?

Day 1
24 Sep 2018

PANEL: The eternal debate – privacy or security? CCTV, Cyberwars, Politics and GDPR

Donna Dodson, Chief Cybersecurity Advisor and Executive Director CCoE, US NIST
Dr. Steve Purser, Head of Core Operations, ENISA
Dr. Angelika Steinacker, CTO for Identity & Access Management, IBM Security Europe
With Donna Dodson (to be confirmed), Dr. Steve Purser (to be confirmed), Dr. Angelika Steinacker (to be confirmed)
Donna Dodson
Dr. Steve Purser
Dr. Angelika Steinacker

Smart Security Week Innovation Live
2.00pm: Exhibition Opening

DAY 2 - Tuesday September 25

9.00am - 1.00pm: Break-out Sessions | 10.50 - 11.20am: Coffee & Refreshments Break – Networking – Exhibition
Track 1: SECURE TECHNOLOGIES
Track 2: SECURE IOT IMPLEMENTATION
   

360° Views on IoT Security
Day 1
25 Sep 2018
Mikhail Gloukhovtsev

IoT Security: Challenges, Solutions & Future Prospects

• Overview of IoT security challenges, security requirements for IoT architecture, current security solutions and new evolving technologies
• Best practice recommendations to IoT security practitioners
• Current IoT security solutions and trends in their developments

Asaf Ashkenazi

Keeping IoT Secure: Preempting Emerging Cyber Attacks of Tomorrow

• Emerging security challenges, such as compromised IoT devices or malicious actors attempting to manipulate the flow of information
• Three step approach for IoT Security that can be easily implemented, maintained and upgraded
• Turnkey device to cloud solution

Christopher Schouten

IoT Security Foundations for Long-Term ROI

• IoT Security requires a variety of approaches to be successful
• IoT Security is also not a “one and done” approach, it requires active, long-term security lifecycle management
• Holistic approach to IoT security that includes security design and evaluation, a robustsecurity technology foundation and an ongoing security lifecycle management approach to protect IoT investments

Dr. Eric Vétillard

Different Paths to Security Certification for IoT

• IoT certification to provide some assurance that a product’s security is sufficient starts from a blank page, with limited incentives, no dedicated schemes, and a large number of high-level recommendations that are in many cases quite useless in practice.
• Review of some incentives, including regulation with the EU Cybersecurity Act and its limitations, business requirements with the Charter of Trust
• Guidelines and assessment packages, like the one provided by the IoT Security Foundation, and to standards like IEC62443
• Approaches for building certification of complex products and services, such as ECSO’s proposed meta-scheme

Embedded Security Frameworks Advances
Day 1
25 Sep 2018
Gil Bernabeu

Embedding Trust in IoT Systems and Connected Hardware

• Today’s digital IoT landscape and the challenges it faces due to the level of new players, devices and cloud platforms.
• The roles service providers, IoT device makers and cloud platform providers need to play for the IoT landscape to reach its full potential
• Why GlobalPlatform is calling on industry stakeholders to collaborate on their efforts to secure the IoT ecosystem

Stéphane Di Vito

Software Isolation Solution Protects IoT Devices

• Lightweight Software Security solution for internet-facing embedded devices
• Lightweight OTA secure firmware update
• Increased reliability, security and maintainability of embedded software
• Limited impact on memory footprint and performances

Dr. Eric Vétillard

The Root of Trust as Abstraction for Device Security

• Overcoming the discrepancy between the technical complexity of the devices and their security features and the technical expertise of the connected device developer
• Using the notion of Root of Trust as abstraction of the security features
• Extending the Root of Trust to the notion of IoT Platform,
• How this layered approach allows us to organize a security supply chain with a clear definition of responsibility between stakeholders, enabling efficient development and certification for connected devices.

IoT in the Entreprise: Best Practices
Day 1
25 Sep 2018
Piotr Ciepiela

Title TBC

Caleb Crable

“I Social-Engineered a Screwdriver”

• Physical security a major problem, but physical security awareness is even bigger
• The typical employer/employee security awareness relationship is a quarterly “date night” at maximum.
• The mere physical presence of employees in an office means instant firewall bypass
• Empowering your headcount with security knowledge tailored to their level of understanding is some of the most important training an organization can provide

Mona Mustapha

Is your IoT Solution Secure End-to-End?

• IoT customers are often unsure of the security measures implemented for their solution
• GSMA developed a free-to-use IoT security assessment scheme
• The scheme can help expose weak links in IoT solutions
• The scheme can also be used to measure the security of IoT services

Kabir Barday

Operationalise Accountability and Privacy by Design: What to Automate in Your Privacy Programme

• How to best implement efficient and effective data handling practices in the face of new privacy regulation requirements
• Learn how to use PIAs and data maps to document and track new initiatives and demonstrate compliance
• Practical tips for how privacy practitioners assess current practices to determine what can and cannot be automated

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 6.45pm: Break-out Sessions | 3.50 – 4.30pm: Coffee & Refreshments Break – Networking – Exhibition

Home & Consumer IoT Devices Security
Day 1
25 Sep 2018
Dr. Gisela Meister

Minimal Security Requirements for Home IoT Devices- Is a Standard possible for Europe?

• Standardisation  activities in Germany on Home  IoT Devices
• Regulatory aspects
• Certification  issues and labelling for IoT devices

Jakob Buron

Security of the Context-Aware IoT

• Growing concerns for security of IoT and smart home devices of consumers
• Recent advancements in IoT technology enabling new smart home functions
• How new devices can be added into an ecosystem with legacy, backwards-compatible devices in a secure way

Marion Andrillat

First Automated Tool of Security Assessment on IoT Products: Application to the Smart Home

• First automated testbench on security assessment for the communication channels on
connected devices
• First offer in the mainstream for security (self-) assessment
• First use case applied to the smart home connected products
• Available demonstration on a HUE lamp (known vulnerabilities)

Josh Fu

Memory-Based Attacks and AI for Evil: What You Should Know

• Memory based attacks are on the rise because they offer criminals the most ROI
• Learn two of the most relevant, common ways memory attacks occur
• Learn how the exact techniques to be better protected against memory attacks immediately

Salvatore Francomacaro

Standards: IoT interoperability and collaboration (Title TBC)

Crypto Advances in IoT Context
Day 1
25 Sep 2018
Tomas Gustavsson

Using Best Practice PKI to Secure IoT Solutions

• PKI is one of the fundamental technologies for IT security
• PKI can be applied with existing best practices to IoT
• PKI assist in securing the whole IoT product lifecycle, including…
• Secure supply chain, bootstrapping, operations and software updates

Helmut Scherzer

BitFlip symmetrical encryption method

• A disruptive symmetric encryption algorithm based on provable security and not using a crypto algorithm
• Attractive for the low-end IoT devices who might not be able to afford crypto-hardware to run AES or other crypto algorithms
• A method adding to security where ‘normal’ crypto wouldn’t be applicable anyway

Derek Atkins

End-to-End IoT Authentication Leveraging Quantum-Resistant Techniques

• How to use public-key techniques to add end-to-end authentication into constrained devices
• Hear about small code size, fast-running, quantum-resistant public-key authentication for IoT
• Learn how to incorporate low-resource cryptography into your own IoT devices
• Find the fun in interesting math challenges and the inner workings of standards processes

IoT Certification & Trust Frameworks
(Jointly with Identity & CyberSecurity Innovation World)
Session Chair: Dr. Eric Vétillard, Head of Future Certifications, NXP Semiconductors
Day 1
25 Sep 2018
Stefane Mouille

KEYNOTE Cybersecurity Act and the Impact for the European Smart – Security Industry

Ernst Bovelander

Assessing the Security of ‘Simple’ IoT Devices

• Security of ‘simple’ iot devices explained
• Assuring the security of iot devices
• How to develop secure iot devices

Dr. Beatrice Peirani

Mobile Security with Software, Which Role for the Standards

• Mobile security by software
• ETSI CYBER role
• The example of cloud-based payment
• The example of FIDO

Abilash Rajasekaran

Internet of Things made secure with Freedombox using Decentralized Architecture

• How to make data secure in Internet of Things
• Freedombox an open source server operating system use case in accessing IoT devices even without internet

PANEL: EU IoT Trust label and Cybersecurity from critical infrastructures to IoT devices

Dr. Eric Vétillard, Head of Future Certifications, NXP Semiconductors
Panel moderated by Eric Vétillard
Dr. Eric Vétillard
Gala Dinner

DAY 3 - Wednesday September 26

9.00 – 10.50am: Break-out Sessions | 10.50 – 11.20am: Coffee & Refreshments Break – Networking – Exhibition | 11.20am – 1.00pm: Break-out Sessions

End-to-end Security for IoT Networks
Day 1
25 Sep 2018
Dr. Stephan Spitz

5G Security Considerations

• Overview on 5G services (massive IoT, low latency, ultra-high bandwidth, …)
• Opportunities for new Security Solutions with 5G
• Assessment of the Attack Surface with 5G Networks
• Authentication and Evolution of the SIM with 5G

Matthias Schorer

Securing the Edge: The Periphery of IoT

• For the connected era to succeed priority must be given to securing the edge
• Security has traditionally focused on protecting data center infrastructure: that approach needs to change to deliver a holistic approach, from the data centre to the edge.
• Ultimately, applications and data are what we need to protect. Applications are the new focus and alignment with application teams to deploy containers and DevOps will fuel this model

Danny Hughes

Securing the Industrial Internet of Things

• Billions of sensors … a security nightmare
• The building blocks for a secure Industrial IoT
• Best practices to secure your Industry 4.0 solutions

Laurent Gomez

Towards End-To-End Data Protection for Industry 4.0

• End to end data protection from device to industrial applications, leveraging on low power network, targeting compliance with GDPR
• Evaluation done in collaboration with the City of Antibes and Juan-les-Pins, on their water distribution network, and SIGFOX

Blockchain for IoT Security
Day 1
25 Sep 2018
Sebastian Magnusson

Evaluation of Decentralized Alternatives to PKI for IoT Devices

• Distributed ledgers in systems with limited performance.
• Distributed ledgers as platforms for alternatives to PKI
• Advancements required for the technology to become a viable platform
• Discussion regarding the possibilities of creating a fully decentralized certificate authority using smart contracts

Helmut Scherzer

Blockchain – Unchained

• The entire Blockchain idea has several system-immanent contradictions regarding its well-known promises
• A scientific reflection providing critical views on Blockchain open to discussion with the floor

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 4.30pm: Break-out Sessions

Session Chair: Dr. Ilesh Dattani, Director, Assentian, UK; advisor, e-forum – European Forum for e-Public Services
Day 1
25 Sep 2018
Ina Wanca

I, Human: Cognitive Cybercrime Prevention Tools in the Domain of Personal Digital Security

● How do users make decisions that can expose them to cyber-threats?
● Deep dive into the human and psychological factors of the insider threat.
● Detecting cognitive biases in human cybersecurity behavior: user behavior analytics.
● Can cognitive learning applications help online users to self-regulate their cybersecurity behavior?

Doug Lhotka

No Silver Bullets – Cybersecurity in the Cognitive Era

● How cognitive technology can help with security
● Threats landscape, the growing migration from compliance to risk-focused security
● How to incorporate cognitive technology to help secure your organization

Dr. Ilesh Dattani

FINSEC: Protection of Critical Financial Infrastructure from Emerging and Future Cyber Threats

● Infrastructures of the financial sector are increasingly vulnerable to security attacks
● FINSEC EU project: Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures
● Introducing a novel standards-based reference architecture for integrated (cyber & physical) security

Gerd Pflueger

VMware Appdefense – The Future of Application Security for Edge, Branch and DC

● Concept of “Goldilocks Zone” and “Ensuring Good”
● Difference to the established security solutions
● VMware AppDefense solution based on Hypervisor technology
● Usecases with NFV, IoT and EdgeComputing

Josh Fu

Artificial Intelligence: Impact on the World

• Artificial intelligence and machine learning are everywhere, but overused and misunderstood
• Learn about the history and subfields of AI and ML and how the tech applies to various industries
• AI is imperative to solving IoT scalability challenges from worker shortages and overwhelming malware creation

Priti Patil

Bridging Gap Between Security and IT Using Risk Aware IAM Analytics

• How risk aware IAM Analytics helps to bridge gap between SOC and IAM
• How machine learning and cognitive can give a full view of risks
• How machine learning and cognitive can provide intelligence to mitigate risk

End of the conference