IoT & Device Security logo

Munich, Germany
5-6 December 2017
#IoTDS

Agenda

Please find the IoT & Device Security conference programme below

08:00-09:00

Registration & Refreshments
09:00-09:10
Chairman’s Opening Remarks

Chairman TBC

Keynotes
 

 

09:10-09:40

Opening Keynote: IoT- What Does it Mean When Considering Security?

We are now in the era of the Internet of Things, where digitally connected devices are influencing every aspect of our lives, including our homes, offices, cars and even our bodies. The opportunities that IoT have developed are huge and without precedent. But it is becoming an increasingly attractive target for cybercriminals.
More connected devices mean more attack vectors and more possibilities for hackers to target us, thus we need to move fast to address this rising security concern. But how do we do it?
Several measures are already being taken to fill security holes and prevent security breaches at the device level, new regulations have been proposed and innovative technologies implemented.
Join us to hear analysis of the unstoppable growth of IoT and the necessity for organisations to take appropriate measures to protect their networks.

Speaker:
Matthias Brose, Vice President Corporate & Information Security and CISO, Schaeffler AG

 

 

09:40-10:10

Keynote: Going Digital? For Sure, but with Assurance Please! A Holistic CIO Perspective on the Necessary Risk Assurance Towards Going Digital

The world of IT and OT is coming together, with many large companies wanting to go digital to increase their business opportunities through new innovative digital technologies that have become available. And all of that should be implemented faster and faster and faster.
But, at the same time, in order to really increase value by going digital, this strategy absolutely needs to be guaranteed by the necessary assurance towards board and executive management regarding IT Risk.
This presentation tackles the CIO perspective on this challenge and will focus on the why and how of going digital. Why the necessary risk assurance is increasing the value of the digital roadmap. And how to best tackle this IT risk challenge with a whole framework of best practice IT security measures like security policies, awareness sessions, leakage prevention, device registration (802.1x), data classification and IAM techniques amongst many others.

Speaker:
Luc Verhelst, CIO, Metallo Group

 

 

 

10:10-10:40

Who’s Who Keynote Panel: Who Should Own IoT & Device Security Within Your Organisation

Organisations need to reassess how they approach IoT security. It’s no longer something apart from the business; it is a real business issue. Breaches can have a substantial impact on customer confidence and the bottom line. However confusion of who owns security within the development, testing and implementation process remains in question. The organisational functions most responsible for mobile and IoT security very often reside outside the security function. Being a business issue also means that IoT security is not just a technical challenge for the Chief Information Officer, Chief Technology Officer, or Chief Security Officer, it’s under the purview of all the corporate officers and the board.

Moderator:
TBC

Panelists:
Dietmar Bettio, Vice President Information Technoloy & CIO, Vetter Pharma
Dr Rolf Reinema, Head of Technology Field IT Security, Siemens AG
Matthias Brose, Vice President Corporate & Information Security and CISO, Schaeffler AG

10:40-11:00
Networking & Refreshment break

 

 

11:00-11:30

Regulatory Panel: The Inescapable Rise of Regulation – GDPR as a Step to Create Trust?

In May 2018, the European General Data Protection Regulation becomes enforceable. The regulation concerns all electronic communications. The GDPR is strengthening the rights of individuals whose personal data is being processed mainly by requiring consents. Not easy at all, depending on context and use case. The new regulation is making it even more important for companies to set up measures to prevent privacy violation. In case of a breach, the GDPR requires administrative fines of up to 4% of global turnover for companies responsible for the incident. Companies therefore need to prove compliance with GDPR, in turn creating the chance to create trust in their IoT ecosystem.

So how are you preparing? Who can advise you on the specific risks regarding IoT and related technologies?

Moderator:
TBC

Panelists:
Michael Kiometzis, Referat IV, Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Achim Klabunde, Data Protection Officer, EDPS

 

 

11:30-12:00

Presentation: Holistically Securing the Internet of Things – Beyond IT and OT

The Internet of Things is bringing IT and OT security together, thereby creating much larger attack vectors and global threats. This talk highlights some of the findings from recent research in this domain.

  • Why is it so difficult to tackle the problem holistically?
  • What does it take?
  • What are the current focus areas?

Speaker:
Knud Lasse Lüth, Founder, Managing Director, IoT Analytics GmbH

 

12:00– 12:30

Privacy Perspective: Building Protection to Reduce Vulnerability and Privacy Concerns  

The inescapable introduction of sensors and devices into currently intimate spaces poses particular challenges for IT security and privacy. As physical objects in our everyday lives increasingly monitor their environment and their usage, consumers justifiably have privacy concerns. Thus, IT security and privacy issues for any IoT solution need to be addressed from the start.
We will look at how introducing security and privacy by design in the early life cycle of the IoT solution can reduce vulnerability and privacy concerns.

Speaker:
Dr Michael Kiometzis, Referat IV, Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

 

 

12:30-13:00

Presentation: Embedding IoT Device Security – Some Lessons Learned

Dr. Heyszyl will give an overview of an embedded System Security in various Areas as autonomous Driving, Healthcare, Smart Grids, Industrie 4.0 and explain the new challenges of Hacking and the new needs in corporate Security Strategies.
The Focus of the presentation is the necessary working together of Hardware and Software components. He also will show how  Cryptographics and secure key storage should look like in order to avoid additional shut down costs of Cyber Attacks.

Speaker:
Dr Johann Heyszl, Head of Hardware Security Department, Fraunhofer – Institute for Applied and Integrated Security (AISEC)

13:00-14:00
Lunch & Networking
Stream A: Network Security
Stream B: IoT Device Security
 

 

14:00-14:30

Prevention Workshop: Detecting and Automatically Blocking Ransomware

Malware and more specifically ransomware has been the most effective way for attackers to reach targets globally. This only proves the need for better, and faster ransomware protection methods. Of course you want to block ransomware before it has a chance to encrypt your network data stores. But keeping up with the pace of ransomware innovation can be a challenge.
During the workshop we will talk about costs and prevention of ransomware attacks by analysing deception technology and generic  techniques.

Speaker:
Martin Overton, Head of Cyber Risks EMEA, AIG

Presentation: OEMs’ Perspective on IoT Security for Smart Home

OEMs play the key role in smart home security since they are responsible for installing security software onto the devices. However very often they give the responsibility for the security of the device to the operating system vendor.
Everyone involved in the development and deployment of the device plays an important role.

Speaker:
TBC

 

 

 

14:30-15:00

Data Management Workshop: From Storage to Analyses

As data flows increase, not only organisations must have enough space to store information, but they must also make sure data is easily accessible and stored in a safe manner. IoT data comes from vastly different environments in different formats using different languages and users face a serious challenge in compiling these disparities into a safe and common language and storage solution.
Many solutions are now available that simplify the collection and storage of IoT data from disparate systems but are those solutions also taking security into account?

Join the workshop to address this and many other questions around IoT data management in a safe environment.

Speaker:
TBC

Interactive Session: Industry 4.0

Industry 4.0 incorporates and extends the IoT within the context of the physical world and it’s used to digitalise the business operation. But security implications of compromised IoT devices include production downtime, damage to equipment or facilities and much more.
IoT device manufacturers have a responsibility to produce IoT devices that are naturally more secure and hardened.

Speaker:
Dietmar Bettio, Vice President Information Technoloy & CIO, Vetter Pharma

15:00- 15:30
Networking & Refreshment Break
 

 

15:30– 16:00

Case Study:  The New VDE/FNN Rule “Kaskade4140” and it’s Impacts on Smart Energy Processing & Security

Optimising the End to End Supply Chain in the Energy sector and avoiding Blackouts and financial losses is the aim of the new” Kaskade-Rule” which has to be implemented from January 30 2019 in each Company.
This presentation highlights the organisational impacts for all market sectors including Renewable Energy Generators, Energy Transmission and Local Distributors, Gateway Administrators & Smart Metering Providers.

Speaker:
Peter Breuning, Head of Grid Control, Stadtwerke Schwäbisch Hall GmbH

Case Study: Ensuring IoT Security in Smart Cars

Over the past few years, automotive security threats have become a reality. Even though technology exists to solve many of security problems, the challenges of deploying such technology in cars are way bigger that for tradition IT services.
The automobile manufacturing process needs to be very precise and meet the highest quality standards to put a car on the road. The safety of everyone on the road depends upon the quality of vehicles being manufactured and sold.
This session will cover the risks and best practices to manage security in the Automotive industry.

Speaker:
TBC

 

 

 

 

16:00– 16:50

Working Groups: Securing New Business Opportunities

The IoT will transform most existing industries and enable a multitude of new business opportunities.  However, as it extends further and further into the physical world, the associated security challenges get tougher and appear to multiply exponentially.

During this interactive session we will look at the different ways of IoT security deployment based on verticals, what are the best IoT security to use, competitive advantages and much more.
Choose your vertical and extrapolate the capabilities necessary to protect your ecosystem!
During the last 10 minutes a representative of each group will discuss with the entire audience the outcome of their discussion.

  • Smart Meter/Grid
  • Smart Home
  • Smart Cities
  • Smart Energy, Peter Breuning, Head of Grid Control, Stadtwerke Schwäbisch Hall GmbH
  • Smart Cars
  • Smart Healthcare

Facilitator:
TBC

16:50– 17:00
Chairman’s Day 1 Recap
17:00-19:00
Evening Drinks Reception

08:30-09:00

Registration & Refreshments
09:00- 09:10
Chairman’s Welcome & Day One Recap
Keynotes
 

9:10-9:40

Keynote Presentation: The Usual Insecurity of Things

While the Internet of Things is used to describe a host of new lightweight technologies, when it comes to security it pays to focus less on the novelty of IoT, and more on what IoT applications have in common with previous technologies that have learned about security the hard way (by first getting it wrong). It’s time to go back to basics, and reflect on what security means in cyberspace. Only once this is understood, can we hope to secure any type of application that resides there.

Speaker:
Prof. Keith Martin, Information Security Group, Royal Holloway, University of London

 

 

09:40-10:10

CISOs Point of View: What is the Cost of a Data Breach?

The IoT budget will reach $547 million by 2018, according to a Gartner report. But it’s still challenging for a CISO to get budget for IoT Security, since the board of directors wants to spend that IT money on projects and solutions that will expand the business and bring in more revenue. But the cost of a data breach is composed of several things, including the cost of acting to reduce the impact, the loss of brand reputation and consumer trust, and even the cost of litigation.
So how do you show that there is value in investing in IoT Security and justify a proper security budget?

Speaker:
Mr. Sebastian Hess, Cyber Risk Engineer, D/A/CH AIG Europe Limited

10:10- 10:30
Session reserved for Kaspersky
 

 

10:30-11:00

Interactive Discussion: Security Patching: Making the Patch Process an Ally not a Foe ?

The biggest problem with many IoT devices is that they are un-patchable, and if they cannot be patched, they cannot be made secure. An IoT device is not a standalone product; it is highly dependent on the services it receives over the Internet, from the technical, organisation and policy services. Therefore, how can IoT software be updated?
The discussion will help us capture the current best practices in the IoT industry relative to software updates.

Moderator:
TBC

 Panellists:
Dr. Apostolos Malatras, Officer Network and Information Security, ENISA

11:00-11:30
Networking & Refreshment break

11:30-12:00

From Security to Trust Debate: Building Trust in your Supply Chain

The digital revolution is totally affecting our lives and changing the ways in which we collaborate. New potential breaches need to be considered before developing or implementing new devices. But all IoT devices are embedded systems. Trust in embedded security refers to an expectation of integrity that a system is operating as designed.
The session will cover the system’s root-of-trust as the point where authentication starts and then extends through each software layer.

Speaker:
TBC

 

12:00-12:30

Governance, Risk and Compliance Keynote: Fitting in with Guidelines and Standards

Corporate IT and within IoT can be complex environment, with ongoing regulatory and compliance challenges likely to grow in importance. Understanding the risks, opportunities and challenges for the complex Corporate IT Architecture is the first critical step towards effective and secure Processes & Control Measurements. This presentation focusses  on Actions & Measurements in Finance, It compliance, Risks and Security of an innovative Energy Company. It will show, how Business Processes & IT Applications are permanently challenged.

Speaker:
TBC

 

12:30-13:00

Presentation: Already Thinking about API Protocols?

There are security protocols already in place to improve IoT security, but with the continued rise of IoT device use, business leaders must make sure API management is a central part of their security strategies in order to protect the safety and security of their organisation’s connected devices and customers’ data.
Our expert will show several steps that organisations can follow in order to maintain device security through APIs.

Speaker:
TBC

13:00-14:00
Lunch & Networking
 

 

14:00-14:30

Presentation: Prevent our IoT Attack!

A fictitious company will be presented: Business Model, threats and vulnerabilities. Defender Team will choose the right countermeasures to mitigate risk. Industries experts tackle the company with some imaginary scenarios. Countermeasures cost money, damages, too – winner team is with the best balance after 5 rounds!

Our Industry expert will tackle some imaginary hacking scenario and attendees will create a framework of actions to prevent and then react, which will be presented and shared with the other tables.

Speaker:
Herbert Dirnberger, Team Lead ICS Security, Cyber Security Austria

14:30-14:50

Reserved for Wisekey

 

 

14:50-15:20

Presentation: Big Data & IoT Security Analytics

The data generated from IoT is a valued commodity for hackers, as it can contain sensitive information such as personal information, payment card information or heath information. However new encryption technology has been released to protect IoT data.

Our expert speaker will present the new platform that graphically design and easily manage data flows in an IoT or back-end environments.

Speaker:
TBC

15:20-15:40
Networking & Refreshment break
Stream A: Network Security
Stream B: IoT Device Security
 

 

15:40-16:10

Case Study: Risk Awareness & Control as Public Private Partnership – Some Experiences from the MELANI Project in Switzerland

In this session, some recent Cases of the MELANI Security Network in Switzerland around critical Infrastructure will be presented.

The speaker will show how Regulatory Authorities and Companies are co-working to increase Risk Awareness and minimise financial losses.

Speaker:
Marc Henauer, Head of the Melani Program, Swiss Federal Intelligence

Presentation: From  Research Directions to Case Studies: IoT Security & Serious Games in Healthcare Sector

What to learn from current research, IT-Security games and case studies for future IoT scenarios? The presentation will present highlights from research on IT security for Critical Infrastructures and particularly the Health Care Sector that is applicable to future IoT scenarios: selected findings from a series of real cases, results and insights from the IT security game series “IT-Security Matchplays” and from the “Monitor” survey among IT security professionals.

Speaker:
Prof. Dr. Ulrike Lechner, University of “Bundeswehr”, Munich

 

 

16:10– 16:40

Case Study: Embedding IT Security in Industry Controlled Systems

When designing a system, it is important to understand the potential threats to that system, and add appropriate defences accordingly, as the system is designed and architected. To date, we have failed to embed security into each piece of data as it is created. All data should have embedded security, and the systems that consume, process and store this data must adhere to the security policies embedded therein.

We will analyse new business models based on design phase security, what solutions and what processes are needed.

Speaker:
Dr. Rolf Reinema, Head of Technology Field IT Security, Siemens AG

Real Cases: Baseline Security  Requirements for Iot  in Critical Information Infrastructures (CII)
  • Horizontal security measures for IoT across verticals
  • IoT in the context of smart Cars and Transport
  • Assets, threats, attack scenarios, security measures of Iot in CII
  • Recommendations for baseline security

Speaker:
Dr. Apostolos Malatras, Officer Network and Information Security, ENISA

 

 

16:40– 17:10

Presentation: Secure IoT Data Analysis in Manufacturing; Challenges in Hybrid Cloud Infrastructures

Although IoT Data Analyses offer various economic and strategic benefits to companies, the current degree of usage still lags far behind its expectations in the manufacturing industry. In general, processing the enormous amount of machine data calls for Cloud based approaches. However, the combination of IoT data with sensitive costumer data as well as special knowledge of the machines is necessary to unlock the potential of IoT Data Analysis. In many cases, companies strive against processing this information in the Cloud. The secure implementation of Hybrid Cloud infrastructures might be the key to success of IoT Data Analyses in manufacturing. In order to securely use Hybrid Cloud infrastructures, traditional mechanical engineering companies typically face various security challenges.

Speaker:
Dr. André Loske, Security Information Officer, Heidelberger Druckmaschinen AG

Virtualisation Best Practice: NFV as a Security Opportunity

As SDN and NFV becomes more widely adopted and there have been a multitude of SDN & NFV use cases, the challenge of securing IoT virtualisation is higher than before. New security models and controls need to be developed to accommodate NFV and new software-defined security tools.
The great news is that with the NFV infrastructure, all of the testing can be automated with the push of a button, but do we know how?

Speaker:
TBC

17:10
Closing Remarks from the Chair and End of Conference