18-19 November 2019, The Hotel, Brussels, Belgium

Conference Agenda

Monday 18 November

Conference Day 1

08:00-09:00 Registration

Grand Ballroom Foyer

09:00-10:30 Plenary Keynote Session

Grand Ballroom
09:00 Welcome and Introduction, Jose Ruiz, Program Director, 2019 International Conference on the EU Cybersecurity Act

09:10 Conference Plenary Keynote Address (P10a) Juhan Lepassaar, Executive Director, European Union Agency for Cybersecurity (ENISA)

10:30-11:20 Networking Break in Exhibits

Grand Ballroom Foyer

11:20-12:30 Track Sessions

Panel Discussion (Ballroom 1&2)
Panel Moderator: Jacques Kruse Brandao, Head of Advocacy Digital Trust Services, SGS Group, Germany

11:20 Panel Discussion: Certification for Critical Infrastructures (P11a) Panelists: John Boggie, Director, Head of Cybersecurity Certification NXP Semiconductors UK; Sudhir Ethiraj, Cyber Security Strategy, TÜV SÜD Sec IT GmbH, Germany; Sergio Lombán Lage, VP, Digital Trust Services, SGS Group, Spain; Julian Meyrick, Managing Partner & Vice President, Security Strategy Risk & Compliance, Security Services, IBM, United Kingdom; Eva Schultz-Kamm, Head of Global Government Affairs, Siemens, Germany [70 Minutes]

Industry Alignment (Ballroom 3)
Track Moderator: Garibaldi Conte, CEO, atsec information security S.r.l., Italy

11:20 ETSI Security Evaluation Standardization Initiatives (A11a) Sonia Compans, Technical Officer, ETSI, France

11:55 Lessons Learnt in the Commercial Use of Security Certification—From Setting Standards to an Innovator’s Perspective (A11b) Boris Balacheff, HP Fellow & VP, Chief Technologist for Security Research and Innovation, HP Labs Security Lab, France

12:30-13:50 Lunch in Exhibits

Grand Ballroom Foyer

13:50-16:00 Track Sessions

Public Policy (Ballroom 1&2)
Track Moderator: Jacques Kruse Brandao, Head of Advocacy Digital Trust Services, SGS Group, Germany

13:50 Update on ENISA Operations and CSA Implementation (B12a) Slawomir Górniak,  Security Tools and Architecture Expert, European Union Agency for Cybersecurity, (ENISA), Greece

14:25 European Cybersecurity Certification Framework, State of Play (B12b) Aristotelis Tzafalias, Policy Officer, Cybersecurity and Digital Privacy, European Commission, Belgium

15:00 ECSO’s Outlook on the EU Cybersecurity Act (B12c) Roberto Cascella, Senior Policy Manager, ECSO, Belgium

15:30 Security Needs to be Consistent—The Role of Process in the Cybersecurity Act (B12d) David Martin, Head of International Assurance, NCSC, United Kingdom

Industry Alignment (Ballroom 3)
Track Moderator: Garibaldi Conte, CEO, atsec information security S.r.l., Italy

13:50 Vendor Self-Assessment—The Good, The Bad, and the Ugly (A12a) Helmut Kurth, Chief Scientist and Laboratory Director, atsec information security, Germany

14:25 ISCI WG (International Smartcard Initiative) Who Are We? What Do We Do? How Do We Do It? And How Do We Contribute to The EU Cyber Act? (A12b) Rachel Menda-Shabat, Director of Security Solution Certification Division, ISCI WG sub-chair, Winbond, Israel

15:00 Update on The EU Cybersecurity Act: Is The Feared Balkanization of Common Criteria Being Reversed? (A12c) Martin Chapman, Senior Director, Standards Strategy and Policy EMEA, Oracle, Ireland

15:30 The Certification Landscape and What Industry Needs (A12d) John Boggie, Director, Head of Cybersecurity Certification NXP Semiconductors UK

16:00-16:30 Networking Break in Exhibits

Grand Ballroom Foyer

16:30-18:00 Track Sessions

Standards for Success (Ballroom 1&2)
Track Moderator: Matthias Intemann, Head of Section, BSI – Federal Office for Information Security, Germany

16:30 CEN-CENELEC JTC13 WG3 Security Evaluation Standardization Initiatives (S13a) Miguel Bañon, Global Technology Leader for Cybersecurity, Epoche and Espri (a DEKRA company), Spain

17:00 Comparing National Lightweight Methodologies around Europe (S13b) Javier Tallon, CoFounder and COO, jtsec Beyond IT Security SL, Spain

17:30 Implementing and Maintaining a Cybersecurity Program—The Role of Standards (S13c) Raymond Romero, Deputy Director, Board of Governors of the Federal Reserve Systems, United States

Cloud and GDPR Frameworks (Ballroom 3)
Track Moderator: David Martin, Head of International Assurance, NCSC, United Kingdom

16:30 Toward the European Cloud Security Certification Scheme: The CSPCERT Final Public-Private Recommendation (C13a) The European Cloud Service Provider Certification Working Group, Saurabh Ghelani, EMEA Strategic Trust Leader, Google Cloud, et al.

17:00 The EU-SEC Framework (C13b) Lefteris Skoutaris, Research Analyst, Cloud Security Alliance, Greece

17:30 Addressing GDPR Requirements Using the ISO/IEC 27701 Standard. Is the CSA Looking At It? (C13c) Willy Fabritius, Global Portfolio Champion for Information Resiliency, BSI Group, United States

18:00 Adjourn

18:45 Optional Dine-Around Brussels Event. Join your colleagues for an informal networking dinner at one of Brussels’ finest restaurants (through 21:00). Sponsor:

Tuesday 19 November

Conference Day 2

08:00-09:00 Coffee

Grand Ballroom Foyer

09:00-11:00 TRACK SESSIONS

IoT Challenges (Ballroom 1&2)
Track Moderator: Martin Schaffer, Global Head of Secure Products & Systems, SGS SA, Switzerland

9:00 Embedded Systems for IoT Products: What is the Current Certification Offer? (I20a) Dr. Claire Loiseaux, CEO, Internet of Trust, France; Alexander Schasse, IT Security Consultant bei TÜV Informationstechnik GmbH – TÜViT, Germany

10:00 EUROSMART IoT Security Certification Scheme (eIoT SCS) (I20c) Roland Atoui, Managing Director, Red Alert Labs/EUROSMART, France; and Ayman Khalil COO & Managing Partner Red Alert Labs

10:30 X-Gateway as a Modular Part of IoT (I20d) Markus Bartsch, Business Development, TUViT, Germany

Industrial Strategies (Ballroom 3)
Track Moderator: Philippe Magnabosco-Caillat, Chargé de mission, ANSSI, France

09:30 Beyond the Theory of the Cybersecurity Act (T20b) Stefano Bracco, Knowledge Manager, European Union Agency for the Cooperation of Energy Regulators, Italy

10:30 Building Trust and Hope in 5G Instead of Selling Fear (T20d) Mika Lauhde, Global Vice-President, Cybersecurity & Privacy, Global Public Affairs, Huawei, China

11:00-11:30 NETWORKING BREAK IN EXHIBITS

Grand Ballroom Foyer

11:30-12:30 Track Sessions

IoT Challenges (Ballroom 1&2)
Track Moderator: Martin Schaffer, Global Head of Secure Products & Systems, SGS SA, Switzerland

11:30 Common Criteria as Backbone of IoT Security Certification (I21a) Thomas Billeau, Head of Certification, NXP, Germany

12:00 OWASP IoT Project: A Great Ally for the IoT Candidate Schemes (I21b) Jose Alejandro Rivas Vidal, Security Lab Manager, Applus+ Laboratories, Spain

Panel Discussion (Ballroom 3)
Panel Moderator: Miguel Banon, Global Technology Leader for Cybersecurity, Dekra, Spain

11:30 Standardization and the EU CSA (P21a) Discussion on standardization efforts under various national frameworks. Panelists: Sonia Compans, Technical Officer, ETSI, France; Helge Kreutzmann, Standardisation Expert, BSI; Philippe Magnabosco, Standardisation Expert, ANSSI, France; David Martin, Head of International Assurance, NCSC, United Kingdom [60 Minutes]

12:30-13:30 Lunch in Exhibits

Grand Ballroom Foyer

13:30-15:30 Track Sessions

Outlook/Opportunities (Ballroom 1&2)
Track Moderator: Petra Manche, Compliance Engineer, Cisco, United Kingdom

13:30 SOGIS View on the Cybersecurity Act (L22a) Bernd Kowalski, Chairman, SOG-IS, Germany

14:30 BSI View on the EU Cybersecurity Act (L22c) Matthias Intemann, Head of Section, BSI – Federal Office for Information Security, Germany

15:00 The ROI of Security Evaluations (L22d) Dirk-Jan Out, CEO, Brightsight

Innovations in Assurance (Ballroom 3)
Track Moderator: Martin Chapman, Director Standards Strategy and Policy EMEA, Oracle, Ireland

13:30 Addressing the Continuity of Software Security for Embedded Devices (N22a) Jasmina Omic, Product Manager Services, Riscure, Netherlands

14:00 Updating Certified Products (N22b) Gabor Hornyak, CTO, CCLab, Hungary

14:30 Agile Assurance: Modernizing IT Product Certification (N22c) Lachlan Turner, Director Consulting, Lightship Security, Canada

15:00 Making Evaluation Schemes Scale Up: the Tensegrity of Process and Product (N22d) Tony Boswell, Senior Principal Consultant, DNV GL Technical Assurance Laboratory, United Kingdom

15:30-16:00 Networking Break

Grand Ballroom Foyer

16:00-17:00 Closing Presentation, Summary Panel Discussion

Grand Ballroom

16:00 Panel Discussion: Looking Ahead to the Next Generation of Industry Assurance (P23a) Moderator: Chris Gow, Director, EU Public Policy, Government Affairs, Cisco, Belgium Panelists: Michael Cooper, Manager, Security Testing, Validation and Measurement Group, National Institute of Standards and Technology (NIST), United States; Slawomir Górniak, Security Tools and Architecture Expert, European Union Agency for Network and Information Security (ENISA), Greece; Jonathan Sage, Government and Regulatory Affairs, IBM, United Kingdom; Aristotelis Tzafalias, Policy Officer, Cybersecurity and Digital Privacy, European Commission, Belgium
[60 Minutes]

17:00 Adjourn