Presentations by Track
Cloud and GDPR Frameworks
Industrial Strategies
Industry Alignment
Innovations in Assurance
IoT Challenges
Outlook/Opportunities
Plenary Presentations
Public Policy
Standards for Success
4:30 pm-5:00 pm
Ballroom 3
Toward the European Cloud Security Certification Scheme: The CSPCERT Final Public-Private Recommendation
A final recommendation by CSPCERT to the European Commission was accomplished at the Amsterdam Plenary of the Digital Single Market. Co-Authored by the speaker, this presentation will focus on the... Read More
Thomas Niessen
Aurelien Leteinturier
Saurabh Ghelani
William Ochs
Sławomir Górniak
The EU-SEC Framework
The project “European Security Certification Framework” (EU-SEC)* aims to create a European framework for certification schemes and evaluation concepts to secure cloud infrastructures. Within this framework, existing national and international... Read More
Lefteris Skoutaris
Addressing GDPR Requirements Using the ISO/IEC 27701 Standard. Is the CSA Looking At It?
With GDPR being the law now for 18 month and privacy legislation emerging in more jurisdictions, organizations are seeking to utilize a common framework to demonstrate their commitment to PII... Read More
Willy Fabritius
Foundations and Perspectives of the EU’s 2019 Cybersecurity Act Certification Legislation for the Industrial Automation and Control Systems
When the Joint Research Centre’s IACS cybersecurity certification Thematic Group started in 2014, it was quickly obvious that IACS components would be the right object to certify in the near... Read More
Paul Theron
Beyond the Theory of the Cybersecurity Act
The Cybersecurity Act was one of the most debated legal packages under the Juncker’s Commission. Its adoption has requested a number of compromises and months of discussions by hundreds of... Read More
Stefano Bracco
IEC 62443: From Industry Recognized Standard to Base for Security Certification
IEC 62443 has steadily developed into an internationally recognized standard for the security of connected products. Initially designed to serve the domain of Industrial Control Systems and Applications, IEC 62443... Read More
Razvan Venter
10:30 am-11:00 am
Ballroom 3
NIS Directive and the CSA
Description to come.
10:30 am - 11:00 am
Building Trust and Hope in 5G Instead of Selling Fear
5G is the safest and most up-to-date telecommunications system created by mankind. Why, after all this long-term innovation, collaboration, standardization, certification and testing do we see only negative headlines about... Read More
Mika Lauhde
Lessons Learnt in the Commercial Use of Security Certification—From Setting Standards to an Innovator’s Perspective
This presentation will share experiences in the use of existing security certification frameworks for commercial mass-market products, both from the perspective of chairing the Trusted Computing Group’s certification program for... Read More
Boris Balacheff
2:00 pm
Vendor Self-Assessment—The Good, The Bad, and the Ugly
A vendor self–assessment of the security of his IT products is in general a good idea – if it is done right. Generally vendors always do some kind fo self–assessment of their products for... Read More
Helmut Kurth
SIMs, eSIMs and Secure Elements: Providing a Roadmap to Dynamic Security and Flexible Control for Connected Devices
Today, SIMs & Secure Elements (SEs) are well proven hardware components, enabling various devices to be connected and trusted across many different applications such as payment, travel and authentication for... Read More
ISCI WG (International Smartcard Initiative) Who Are We? What Do We Do? How Do We Do It? And How Do We Contribute to The EU Cyber Act?
ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the... Read More
Rachel Menda-Shabat
Update on The EU Cybersecurity Act: Is The Feared Balkanization of Common Criteria Being Reversed?
At the ICMC conference in 2018, Oracle presented concerns that the EU’s Cybersecurity Act could balkanize Common Criteria and its community. Now that the Act has come into force this... Read More
Martin Chapman
The Certification Landscape and What Industry Needs
This session will look at what is required to ensure that the connected world is secure. Specifically it will look at third party certification and what we need to do... Read More
John Boggie
Addressing the Continuity of Software Security for Embedded Devices
Modern feature-oriented development requires fast release cycles for SW of connected devices already deployed in the field. For IoT sectors such as critical infrastructures as well as industrial IoT, the... Read More
Jasmina Omic
Updating Certified Products
This presentation will look at the processes to be applied if an already-certified product needs to be updated. The problem is known: Every product needs to be updated from time... Read More
Gabor Hornyak
Agile Assurance: Modernizing IT Product Certification
Can modern product assurance programs be designed to keep pace with agile development? Yes! Not only is it possible, but a shift to “agile assurance” is a necessary step towards... Read More
Lachlan Turner
Making Evaluation Schemes Scale Up: the Tensegrity of Process and Product
There is an increasing awareness of the need for CyberSecurity as a hygiene factor for cyber products in general, as well as for more specialised security applications. That means we... Read More
Tony Boswell
Looking Ahead to the Next Generation of Industry Assurance
The next generation of cybersecurity required for the digital economy will be led by a collective effort from ICT vendors, government agencies, and academia. Their collaboration in regulation and standardization,... Read More
Jonathan Sage
Michael Cooper
Chris Gow
Aristotelis Tzafalias
Sławomir Górniak
Embedded Systems for IOT Products: What is the Current Certification Offer?
The IOT certification landscape is huge and it is probably an area where regulation is more than desirable as certification schemes are heterogeneous in so many ways. To conduct our... Read More
Alexander Schasse
Dr. Claire Loiseaux
SESIP: A Practical, Operational Light-Weight CC Methodology
SESIP (Security Evaluation Standard for IoT Platforms) is a light-weight standard and methodology to apply Common Criteria to IoT Platforms. From the experience of the already running operational scheme, this... Read More
Wouter Slegers
EUROSMART IoT Security Certification Scheme (eIoT SCS)
Millions of IoT devices are expected to be granted security certifications with a Substantial security assurance level as defined by the Cybersecurity Act. At this level of assurance, the requirements... Read More
Ayman Khalil
Roland Atoui
X-Gateway as a Modular Part of IoT
How high-secure Technologies support IoT devices on level “basic“ and “substantial.“ The question of how to secure the Internet-of-Things in a simple way is not easy to answer. It is... Read More
Markus Bartsch
Common Criteria as Backbone of IoT Security Certification
With a great variety of devices, new attack schemes, complex software, and limited security awareness, IoT represents a challenge for security certification. Traditional approaches remain suitable for the roots of... Read More
Thomas Billeau
OWASP IoT Project: A Great Ally for the IoT Candidate Schemes
The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to... Read More
Jose Alejandro Rivas Vidal
The ROI of Security Evaluations
With the introduction of the European Cyber Security Act (CSA), there is a lot of attention on the nature of mandatory versus optional product certification. This presentation will explore the... Read More
Dirk-Jan Out
Conference Plenary Keynote Address
Juhan Lepassaar
Conference Welcome Presentation: The Cybersecurity Act is Here, But What Does This Mean?
Description to come.
Sergio Lombán Lage
11:30 am-12:30 pm
Grand Ballroom 3
Standardization and the EU CSA
Discussion on standardization efforts under various national frameworks.
Helge Kreutzmann
Philippe Magnabosco
Sonia Compans
Miguel Bañon
David Martin
Looking Ahead to the Next Generation of Industry Assurance
The next generation of cybersecurity required for the digital economy will be led by a collective effort from ICT vendors, government agencies, and academia. Their collaboration in regulation and standardization,... Read More
Jonathan Sage
Michael Cooper
Chris Gow
Aristotelis Tzafalias
Sławomir Górniak
Panel Discussion: Certification for Critical Infrastructures and Solutions
This panel, featuring founding and contributing partners to the Charter of Trust, will discuss some of Key Principles of the Charter: (Principle 2) Responsibility throughout the digital supply chain, and... Read More
Sudhir Ethiraj
Eva Schulz-Kamm
Julian Meyrick
Jacques Kruse Brandao
Sergio Lombán Lage
John Boggie
Update on ENISA Operations and CSA Implementation
Securing network and information systems in the European Union has been deemed as a key objective in an effort to keep the EU online economy functional and secure. The purpose... Read More
Sławomir Górniak
European Cybersecurity Certification Framework, State of Play
Description to come.
Aristotelis Tzafalias
Security Needs to be Consistent—The Role of Process in the Cybersecurity Act
The certification related parts of the Cybersecurity act generally refer to ‘products, processes, and services’. This presentation will show how these elements interact to provide meaningful confidence of cybersecurity. It... Read More
David Martin
CEN-CENELEC JTC13 WG3 Security Evaluation Standardization Initiatives
Description to come.
Miguel Bañon
Comparing National Lightweight Methodologies Around Europe
Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the... Read More
Javier Tallón
Implementing and Maintaining a Cybersecurity Program—The Role of Standards
As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as... Read More
Raymond Romero
11:30 am-12:30 pm
Grand Ballroom 3
Standardization and the EU CSA
Discussion on standardization efforts under various national frameworks.
Helge Kreutzmann
Philippe Magnabosco
Sonia Compans
Miguel Bañon
David Martin