18-19 November 2019, The Hotel, Brussels, Belgium

Conference Agenda

Monday 18 November

Conference Day 1

09:00-10:00 Registration

Grand Ballroom Foyer

10:00-11:20 Plenary Keynote Session

Grand Ballroom

10:00 Conference Keynote Presentation (P10a) Despina Spanou, Director, Digital Society, Trust and Cybersecurity, European Commission, Cyprus

11:20-12:00 Networking Break in Exhibits

Grand Ballroom Foyer

12:00-13:00 Track Sessions

Panel Discussion (Ballroom 1&2)

12:00 Panel Discussion TBA (P11a) [60 Minutes]

Industry Alignment (Ballroom 3)

12:00 Presentation TBA (A11a) Speaker TBA

12:30 Lessons Learnt in the Commercial Use of Security Certification—From Setting Standards to an Innovator’s Perspective (A11b) Boris Balacheff, HP Fellow & VP, Chief Technologist for Security Research and Innovation, HP Labs Security Lab, France

13:00-14:00 Lunch in Exhibits

Grand Ballroom Foyer

14:00-16:00 Track Sessions

Public Policy (Ballroom 1&2)

14:00 Update on ENISA Operations and CSA Implementation (B12a) Slawomir Górniak,  Security Tools and Architecture Expert, European Union Agency for Network and Information Security (ENISA), Greece

14:30 Update on DG Connect Operations (B12b) Aristotelis Tzafalias, Policy Officer, Cybersecurity and Digital Privacy, European Commission, Belgium

15:00 ECSO’s Outlook on the EU Cybersecurity Act (B12c) Luigi Rebuffi, Secretary General, ECSO, Belgium

15:30 Security Needs to be Consistent—The Role of Process in the Cybersecurity Act (B12d) David Martin, Head of International Assurance, NCSC, United Kingdom

Industry Alignment (Ballroom 3)

14:30 ISCI WG (International Smartcard Initiative) Who Are We? What Do We Do? How Do We Do It? And How Do We Contribute to The EU Cyber Act? (A12b) Rachel Menda-Shabat, Director of Security Solution Certification Division, ISCI WG sub-chair, Winbond, Israel

15:00 Update on The EU Cybersecurity Act: Is The Feared Balkanization of Common Criteria Being Reversed? (A12c) Martin Chapman, Senior Director, Standards Strategy and Policy EMEA, Oracle, Ireland

15:30 The Certification Landscape and What Industry Needs (A12d) John Boggie, Director Head of Certification, NXP Semiconductors UK, United Kingdom

16:00-16:30 Networking Break in Exhibits

Grand Ballroom Foyer

16:30-18:00 Track Sessions

Standards for Success (Ballroom 1&2)

16:30 CEN-CENELEC JTC13 WG3 Security Evaluation Standardization Initiatives (S13a) Miguel Bañon, Global Technology Leader for Cybersecurity, Epoche and Espri (a DEKRA company), Spain

17:00 Comparing National Lightweight Methodologies around Europe (S13b) Javier Tallon, CoFounder and COO, jtsec Beyond IT Security SL, Spain

17:30 Implementing and Maintaining a Cybersecurity Program—The Role of Standards (S13c) Raymond Romero, Deputy Director, Board of Governors of the Federal Reserve Systems, United States

Cloud and GDPR Frameworks (Ballroom 3)

16:30 Toward the European Cloud Security Certification Scheme: The CSPCERT Final Public-Private Recommendation (C13a) The European Cloud Service Provider Certification Working Group, Saurabh Ghelani, EMEA Strategic Trust Leader, Google Cloud, et al.

17:00 The EU-SEC Framework (C13b) Lefteris Skoutaris, Research Analyst, Cloud Security Alliance, Greece

17:30 Addressing GDPR Requirements Using the ISO 27552 Standard. Is the CSA Looking At It? (C13c) Willy Fabritius, Global Portfolio Champion for Information Resiliency, BSI Group, United States

18:00 Adjourn

18:45 Optional Dine-Around Brussels Event. Join your colleagues for an informal networking dinner at one of Brussels’ finest restaurants (through 21:00).

Tuesday 19 November

Conference Day 2

08:00-09:00 Coffee

Grand Ballroom Foyer

09:00-11:00 TRACK SESSIONS

IoT Challenges (Ballroom 1&2)

10:00 EUROSMART IoT Security Certifiction Scheme (eIoT SCS) (I20c) Roland Atoui, Managing Director, Red Alert Labs/EUROSMART, France

10:30 X-Gateway as a Modular Part of IoT (I20d) Markus Bartsch, Business Development, TUViT, Germany

Industrial Strategies (Ballroom 3)

09:30 Beyond the Theory of the Cybersecurity Act (T20b) Stefano Bracco, Knowledge Manager, European Union Agency for the Cooperation of Energy Regulators, Italy

10:00 IEC62443 and NIS Directive: Needs and Opportunities (T20c) Maria Fravventura, Security Evaluator, Brightsight, Netherlands

10:30 NIS Directive and the CSA (T20d) Speaker TBA

11:00-11:30 NETWORKING BREAK IN EXHIBITS

Grand Ballroom Foyer

11:30-12:30 Track Sessions

IoT Challenges (Ballroom 1&2)

11:30 Common Criteria as Backbone of IoT Security Certification (I21a) Georg Stütz, Principal Security Certification Expert, NXP Semiconductors, Austria

12:00 OWASP IoT Project: A Great Ally for the IoT Candidate Schemes (I21b) Jose Alejandro Rivas Vidal, Security Lab Manager, Applus+ Laboratories, Spain

Panel Discussion (Ballroom 3)

12:00 Panel Discussion TBA (P21a) [60 Minutes]

12:30-13:30 Lunch in Exhibits

Grand Ballroom Foyer

13:30-15:30 Track Sessions

Outlook/Opportunities (Ballroom 1&2)

13:30 SOGIS View on the Cybersecurity Act (L22a) Bernd Kowalski, Chairman, SOG-IS, Germany

14:30 BSI View on the EU Cybersecurity Act (L22c) Speaker TBA, BSI, Germany

15:00 The ROI of Security Evaluations (L22d) Dirk-Jan Out, CEO, Brightsight

Innovations in Assurance (Ballroom 3)

13:30 Addressing the Continuity of Software Security for Embedded Devices (N22a) Jasmina Omic, Product Manager Services, Riscure, Netherlands

14:00 Updating Certified Products (N22b) Gabor Hornyak, CTO, CCLab, Hungary

14:30 Agile Assurance: Modernizing IT Product Certification (N22c) Lachlan Turner, Director Consulting, Lightship Security, Canada

15:00 Making Evaluation Schemes Scale Up: the Tensegrity of Process and Product (N22d) Tony Boswell, Senior Principal Consultant, DNV GL Technical Assurance Laboratory, United Kingdom

15:30-16:00 Networking Break

Grand Ballroom Foyer

16:00-17:00 Closing Presentation, Summary Panel Discussion

16:00 Summary Panel Discussion (P23a)

17:00 Adjourn