18-19 November 2019, The Hotel, Brussels, Belgium

Presentations by Track

Cloud and GDPR Frameworks
Industrial Strategies
Industry Alignment
Innovations in Assurance
IoT Challenges
Plenary Presentations
Public Policy
Standards for Success

Toward the European Cloud Security Certification Scheme: The CSPCERT Final Public-Private Recommendation

A final recommendation by CSPCERT to the European Commission was accomplished at the Amsterdam Plenary of the Digital Single Market. Co-Authored by the speaker, this presentation will focus on the...
Read More
Thomas Niessen
Aurelien Leteinturier
Saurabh Ghelani
William Ochs

The EU-SEC Framework

The project “European Security Certification Framework” (EU-SEC)* aims to create a European framework for certification schemes and evaluation concepts to secure cloud infrastructures. Within this framework, existing national and international...
Read More
Lefteris Skoutaris

Addressing GDPR Requirements Using the ISO 27552 Standard. Is the CSA Looking At It?

With GDPR being the law now for 18 month and privacy legislation emerging in more jurisdictions, organizations are seeking to utilize a common framework to demonstrate their commitment to PII...
Read More
Willy Fabritius

Foundations and Perspectives of the EU’s 2019 Cybersecurity Act Certification Legislation for the Industrial Automation and Control Systems

When the Joint Research Centre’s IACS cybersecurity certification Thematic Group started in 2014, it was quickly obvious that IACS components would be the right object to certify in the near...
Read More
Paul Theron

Beyond the Theory of the Cybersecurity Act

The Cybersecurity Act was one of the most debated legal packages under the Juncker’s Commission. Its adoption has requested a number of compromises and months of discussions by hundreds of...
Read More
Stefano Bracco

IEC62443 and NIS Directive: Needs and Opportunities

Under the NIS directive, industrial components belonging to the definition of critical infrastructure need are identified as high-risk assets. The Cyber Security Act (CSA) could make the certification of certain...
Read More
Maria Fravventura

NIS Directive and the CSA

Description to come.

Lessons Learnt in the Commercial Use of Security Certification—From Setting Standards to an Innovator’s Perspective

This presentation will share experiences in the use of existing security certification frameworks for commercial mass-market products, both from the perspective of chairing the Trusted Computing Group’s certification program for...
Read More
Boris Balacheff

SIMs, eSIMs and Secure Elements: Providing a Roadmap to Dynamic Security and Flexible Control for Connected Devices

Today, SIMs & Secure Elements (SEs) are well proven hardware components, enabling various devices to be connected and trusted across many different applications such as payment, travel and authentication for...
Read More
Remy Cricco

ISCI WG (International Smartcard Initiative) Who Are We? What Do We Do? How Do We Do It? And How Do We Contribute to The EU Cyber Act?

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the...
Read More
Rachel Menda-Shabat

Update on The EU Cybersecurity Act: Is The Feared Balkanization of Common Criteria Being Reversed?

At the ICMC conference in 2018, Oracle presented concerns that the EU’s Cybersecurity Act could balkanize Common Criteria and its community. Now that the Act has come into force this...
Read More
Martin Chapman

The Certification Landscape and What Industry Needs

This session will look at what is required to ensure that the connected world is secure. Specifically it will look at third party certification and what we need to do...
Read More
John Boggie

Addressing the Continuity of Software Security for Embedded Devices

Modern feature-oriented development requires fast release cycles for SW of connected devices already deployed in the field. For IoT sectors such as critical infrastructures as well as industrial IoT, the...
Read More
Jasmina Omic

Updating Certified Products

This presentation will look at the processes to be applied if an already-certified product needs to be updated. The problem is known: Every product needs to be updated from time...
Read More
Gabor Hornyak

Agile Assurance: Modernizing IT Product Certification

Can modern product assurance programs be designed to keep pace with agile development? Yes! Not only is it possible, but a shift to “agile assurance” is a necessary step towards...
Read More
Lachlan Turner

Making Evaluation Schemes Scale Up: the Tensegrity of Process and Product

There is an increasing awareness of the need for CyberSecurity as a hygiene factor for cyber products in general, as well as for more specialised security applications. That means we...
Read More
Tony Boswell

Embedded Systems for IOT Products: What is the Current Certification Offer ?

The IOT certification landscape is huge and it is probably an area where regulation is more than desirable as certification schemes are heterogeneous in so many ways. To conduct our...
Read More
Dr. Claire Loiseaux

SESIP: A Practical, Operational Light-Weight CC Methodology

SESIP (Security Evaluation Standard for IoT Platforms) is a light-weight standard and methodology to apply Common Criteria to IoT Platforms. From the experience of the already running operational scheme, this...
Read More
Wouter Slegers

EUROSMART IoT Security Certifiction Scheme (eIoT SCS)

Millions of IoT devices are expected to be granted security certifications with a Substantial security assurance level as defined by the Cybersecurity Act. At this level of assurance, the requirements...
Read More
Roland Atoui

X-Gateway as a Modular Part of IoT

How high-secure Technologies support IoT devices on level “basic“ and “substantial.“ The question of how to secure the Internet-of-Things in a simple way is not easy to answer. It is...
Read More
Markus Bartsch

Common Criteria as Backbone of IoT Security Certification

With a great variety of devices, new attack schemes, complex software, and limited security awareness, IoT represents a challenge for security certification. Traditional approaches remain suitable for the roots of...
Read More
Georg Stütz

OWASP IoT Project: A Great Ally for the IoT Candidate Schemes

The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to...
Read More
Jose Alejandro Rivas Vidal

SOGIS View on the Cybersecurity Act

Description to come.
Bernd Kowalski

The ROI of Security Evaluations

With the introduction of the European Cyber Security Act (CSA), there is a lot of attention on the nature of mandatory versus optional product certification. This presentation will explore the...
Read More
Dirk-Jan Out

Update on ENISA Operations and CSA Implementation

Description to come.
Sławomir Górniak

Update on DG Connect Operations

Description to come.
Aristotelis Tzafalias

ECSO’s Outlook on the EU Cybersecurity Act

Description to come.
Luigi Rebuffi

Security Needs to be Consistent—The Role of Process in the Cybersecurity Act

The certification related parts of the Cybersecurity act generally refer to ‘products, processes, and services’. This presentation will show how these elements interact to provide meaningful confidence of cybersecurity. It...
Read More
David Martin

Comparing National Lightweight Methodologies Around Europe

Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the...
Read More
Javier Tallón

Implementing and Maintaining a Cybersecurity Program—The Role of Standards

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as...
Read More
Raymond Romero