Internet Security Days 2023 - Tickets buchen
Agenda for Thursday, 21 September
Please note: The conference language is German
09:00 a.m.
Registration & Networking
09:45 a.m. @ Backup Stage
Opening & Welcome
Content of presentation
Speaker
Prof. Dr. Norbert Pohlmann
eco Association
10:00 a.m. @ Backup Stage
Keynote: Digital Sovereignty: Political Buzzword or Basis for Action?
Content of presentation
“Digital sovereignty is currently on everyone's lips and is thus increasingly at risk of devolving into a buzzword. In times of growing cyber crime, however, the claim behind this concept should also be the guideline for our actions in the digital and analogue world.”
Speaker
Wilfried Karl was born on 4 October 1965 in Lampertheim (Hesse). After graduating from high school and completing his military service, he took up studies in electrical engineering at the University of Erlangen-Nuremberg, graduating with a degree in engineering.
From 1993 to 2017, Mr Karl was assigned to various tasks within the Technical Intelligence Division of the German Federal Intelligence Service (BND), latterly as acting Head of Division.
In May 2017, he moved to the division of the German Federal Ministry of the Interior (BMI) and has since been responsible as President for the development of the Central Office for Information Technology in the Security Field (ZiTIS).
Wilfried Karl
ZiTIS - Central Office for Information Technology in the Security Field
10:30 a.m. @ Backup Stage - sponsored by SySS GmbH
Keynote: Live Hacking: Intriguing Attacks Demonstrated Live and Vividly
Content of presentation
Sebastian Schreiber, Founder and Managing Director of the IT security company SySS GmbH in Tübingen, will demonstrate in a live hacking session how IT networks can be taken over, passwords cracked and data stolen. Among other things, he demonstrates how prices can be manipulated in web shops and how SMS senders can be faked. With attacks against USB, wireless keyboards, mouses and presenters as well as anti-virus programmes, he draws attention to the vulnerability of IT in everyday use.
Speaker
Sebastian Schreiber, born in 1972, studied computer science, physics, mathematics and business administration at the University of Tübingen. While he was still a student, he founded the IT security company SySS GmbH in Tübingen in 1998, which carries out security audits for a large number of companies. Sebastian Schreiber regularly appears at trade fairs and congresses in Germany and abroad as a live hacker and demonstrates vividly how IT networks can be taken over, passwords cracked and data stolen. He is also a popular IT security expert in print media, radio and television, for example on Tagesthemen, ZDF heute, Plusminus, hr m€x or SWR aktuell.
Sebastian Schreiber
SySS GmbH
11:00 a.m. - 11:30 a.m.
Coffee Break & Networking
11:30 a.m. @ Backup Stage - sponsored by Cloudflare GmbH
Keynote: Finding the Needle WITH the Haystack: Tracking Down Unknown Threats
Content of presentation
The more advanced and prolific the attackers become, the more our traditional defences reach their limits. All it then takes is one variation of a malicious payload to get through the web application firewall. A single undetected phishing email to introduce ransomware into a corporate network. Or one line modified in a third-party script to send credit card information to the dark web.
To adapt to this new situation, we need to augment our defences with adaptive blocking methods. In this presentation, you will learn how to find and block these unknown threats using machine learning models trained on actual attack data.
Speaker
Scott Boyd has spent nearly 30 years as a network engineer in the IT and telco industry and has seen many trends and technologies come and go in that time. Since 2022, he has been working as a Senior Solutions Engineer at Cloudflare in Germany, supporting his customers in German-speaking countries with solutions to protect not only their web infrastructure and their networks, but also their employees from cyber attacks.
Scott Boyd
Cloudflare GmbH
12:00 noon - 1:00 p.m.
Backup Stage
Current Topics & Insides of the IT Security Industry
Thematic background
12:00 noon - 12:30 p.m.: Presentation
Making Software More Secure with Source Code Annotations
Daniel Haak
Augsburg University of Applied Sciences – Institute for Agile Software Development (HSA_ias)
Content of presentation
For many SMEs, the costs and time required to implement IT security comprehensively in their projects are too high. However, there are a variety of available tools, they are often not used due to their complexity. The HITSSSE project has therefore developed the lightweight concept of security annotation, with which security-relevant areas can be marked in the source code in a low-threshold way. This enables them to be observed and any changes occurring in the course of the project can be tracked. The presentation introduces both the concept and an open-source development tool that can be used for it.
Speaker
Daniel Haak studied Business Informatics at the Ingolstadt University of Applied Sciences from 2015 to 2018 and obtained his Master’s degree in Computer Science with a focus on Software Engineering at the Augsburg University of Applied Sciences in 2019-2021. As a Research Assistant at the Institute for Agile Software Development (HSA_ias), he develops tools and aids for programmers as part of the HITSSSE research project.
12:30 p.m. - 1:00 pm: Panel discussion
Email Authentication: Can Email Be Secure?
Speaker
Experts
- Patrick Ben Koetter, sys4 AG
- Peer Heinlin, Heinlein Support GmbH
- Sebastian Kluth, Certified Senders Alliance
Moderator
- Michael Weirich, eco
Content of presentation
Email is one of the most widespread forms of communication on the Internet, but also one of the most vulnerable aspects to attacks such as spoofing, phishing or spam. To ensure the security and trustworthiness of emails, there are various standards and techniques known as email authentication.
Email authentication is not only important for private individuals, but also for companies that want to protect their brand and reputation. If an email domain is hacked, it can lead to loss of trust, customer attrition or legal consequences. Email encryption can therefore be a competitive advantage for companies that want to present themselves as reputable, secure and customer-focused.
Let's discuss the present and future of email and how trust in email can be warranted in the future.
12:00 noon - 13:00 p.m.
Restore Stage
Focus: Digital Supply Chain Security
Thematic background
Supply chain security is essential for companies – not only on analogue! How can the “digital pathways” be protected?
12:00 noon - 12:30 p.m.: Presentation
AI Knows What You Did Last Summer – Applications of AI in the Context of Data Protection and Trade Secrets
Patrick Grihn
nextindex GmbH & Co. KG
Content of presentation
Who do people ask the most private things? Whether illness, relationship problems, fears, the next holiday destinations or secret wishes? Google. And it’s not just Google that knows what you were looking for last summer...
The increasing and low-threshold use of AI systems like ChatGPT leads to new challenges in companies: Employees check which activities can be outsourced; companies themselves check the optimisation of processes; developers use Copilot to develop software and components; security experts analyse anomalies in the network.
Currently, however, there are few to no regulations in companies on how to handle such systems, especially with regard to data protection (privacy) and IT security (security) or business confidential.
This presentation gives an overview of the legal basis and the status quo in companies. It also highlights scenarios that can quickly become critical for companies.
Speaker
Patrick Grihn is Managing Partner of compentum GmbH & Co. KG and an expert in digital security, a certified Data Protection Auditor and a certified Data Protection Officer. With his team, he advises companies and corporations in the areas of data protection and information security. His special expertise lies in complex and mostly digital structures and the review of data protection processes. He holds mandates as Data Protection Officer in several large companies and corporations as well as in the German Bundesliga. He is also a Member of the Committee Data Protection Officer Audit Tasks and a Board Member of the IT Association networker NRW.
12:30 p.m. - 1:00 p.m.: Presentation
IT Security Law in the Supply Chain Before and After the CRA
Dr. Lutz Martin Keppeler
Heuking Kühn Lüer Wojtek
Content of presentation
tba
Speaker
tba
1:00 p.m. - 2:00 p.m.
Lunch Break & Networking
14:00 Uhr - 17:30 Uhr
Backup Stage
Focus: Achieving the State of the Art (Overview)
Thematic background
How does my company achieve and maintain state-of-the-art IT security? How do companies react professionally to incidents and attacks on their own digital infrastructure?
This focus provides an overview of fundamental measures. Please also note our “Deep Dive” on the topic on the second day of the conference.
2:00 p.m. - 2:30 p.m.: Presentation
Title will be available soon
n.n.
n.n.
Content of presentation
tba
Speaker
tba
2:30 p.m. - 3:00 p.m.: Presentation
Malware Development with ChatGPT
Olaf Pursche
SITS Germany Holding GmbH
Content of presentation
With the help of large language models (LLM) such as ChatGPT, not only can very realistic texts be generated, but also code in various programming languages.
In his presentation, Olaf Pursche shows how such models can also be exploited to write phishing emails and explores the question: Can I use ChatGPT with minimal prior knowledge to write malware?
Speaker
Olaf Pursche is Head of Communications at Swiss IT Security Deutschland GmbH . Since 2015, he has been responsible for the communication, press relations and marketing of the AV-TEST Institute. He is a member of advisory boards of public authorities such as the Cybersecurity Expert Council of the Federal Office for Information Security (BSI), the IoT Advisory Board and the Security Competence Group of the eco Association, consultant in the IoT Expert Group of the German Insurance Association (GDV) and other professional organisations.
3:00 p.m. - 3:30 p.m.: Presentation @ Backup Stage - sponsored by Myra Security
DDoS Emergency Onboarding: What to do when a fire breaks out?
Thomas Wagner
Myra Security
Content of presentation
tba
Speaker
tba
3:30 p.m. - 4:00 p.m.: Presentation
Cybersecurity on the Internet – what should I do if my company website has been hacked?
Anne Hennig
Karlsruhe Institute of Technology (KIT), Institute for Applied Informatics and Formal Description Methods (AIFB)
Content of presentation
Imagine your website has been hacked – and you haven’t noticed it. Unknown persons have gained access to your web space. How can this be? How can you identify if your website is affected? And how do you get the harmful content off the website? As part of the INSPECTION research project funded by the German Federal Ministry of Education and Research, we find websites that redirect to fake shops. These redirects are an indication that third parties have gained unauthorised access to the file system of a website via a security vulnerability. This presentation will address this problem, the motivation of the attackers, and provide a method for identifying hacking attempts. Based on the results of the forensic analysis of hacked websites, we have developed a workflow that explains step by step which measures help to address the hacking and effectively protect oneself effectively in the future.
Speaker
The research project INSPECTION deals with the automated identification of hacked websites by searching the German-language Internet and classifying the sites with artificial intelligence methods. The consortium of the project comprises mindUpWeb & Intelligence GmbH, BDO Wirtschaftsprüfungsgesellschaft AG and the Security – Usability - Society (SECUSO) research group of the Karlsruhe Institute of Technology (KIT). This presentation will be delivered by Anne Hennig. Anne Hennig has been a Research Assistant in Prof. Melanie Volkamer’s SECUSO research group since January 2021. She completed her Master’s degree (M.A.) in Science Communication at the Karlsruhe Institute of Technology (KIT) in 2020. Anne Hennig works on the communication of security and privacy issues and is responsible for the areas of communication with affected persons and the development of awareness materials in the INSPECTION project.
4:00 p.m. - 4:30 p.m.
Coffee Break & Networking
4:30 p.m. - 5:00 p.m.: Presentation
Relaxed Awareness Through Gamification and Storytelling
Nikolai Hutzler
BSH Hausgeräte GmbH
Content of presentation
The presentation is a field report with practical elements from BSH Hausgeräte. It will illustrate which approaches we are successfully pursuing to create a positive safety culture for 60,000 employees.
The focus lies on live events, gamification measures, and target group-oriented activities with sophisticated storytelling. All this lies under the motto “relaxed awareness”. Relaxed awareness takes away the employees’ fear of the topic and the fear of making mistakes.
I show how awareness goes beyond the actual transfer of knowledge and how the CISO Office can win over employees as well as management through positive, completely transparent and fear-free communication – Awareness as a marketing department for the CISO Office!
A blueprint for other companies cannot be provided in 25 minutes, but effective strategies and suggestions for creating relaxed awareness can be adapted to one’s own company.
Speaker
Nicolai Hutzler has been Information Security Manager at BSH Hausgeräte GmbH since 2017. He develops security awareness campaigns for over 60,000 employees, conducts cybersecurity training and creates the group-wide digital security strategy. Previously, he worked at UniCredit Bank AG and was responsible for security awareness, IT audits and compliance.
5:00 p.m. - 5:30 p.m.: Presentation
Title will be available soon
n.n.
n.n.
Content of presentation
tba
Speaker
tba
2:00 p.m. - 5:30 p.m.
Restore Stage
Current Topics & Insides of the IT Security Industry (Deep Dives)
Thematic background
2:00 p.m. - 2:30 p.m.: Presentation
IT Security as Sustainability Governance in the Company
Caroline Krohn
AG Nachhaltige Digitalisierung
Content of presentation
State of the art starts in the conception as well as in the strategy. Two of the core demands of the Sustainable Digitalisation WG are security-by-design and privacy-by-design. These are key principles that apply not only to the design of technology but, above all to the strategic orientation and structuring of a company. Everything is derived from these principles.
In the context of sustainability, one speaks of the “licence to operate”, which a company must define for itself and for the increasingly important stakeholder group of the public. Similarly, a digitalising company must initially establish its raison d'être and legitimacy within a digitalising market environment. This is not what’s actually happening today, which is why our technical activities endanger the freedom, dignity and self-determination of future generations on a daily basis.
Speaker
Caroline Krohn is the Founder and Spokesperson of the Sustainable Digitalisation Working Group. This initiative has set itself the goal of focusing on the protection of future generations in times of increasing digitalisation. She is particularly working with the GovTechCampus on a sustainability audit for public sector digitalisation projects.
She is involved in multiple areas, including entrepreneurship in IT security, IT expert recruitment, and sustainable business management. Additionally, she actively engages in digital policy with Bündnis90/The Greens, for which she ran for the Hesse state parliament in 2018 and the Bundestag in 2021. In addition, she plays a significant role in civil policy, including as a Board Member of the LOAD e.V. – Association for Liberal Internet Policy. Caroline Krohn is highly sought-after speaker, publicist, and interview partner, frequently engaging in extensive discussions on current political topics as well as fundamental issues.
2:30 p.m. - 3:00 p.m.: Vortrag
Monitoring Strategies
Robert Macioszek
GasLINE GmbH & Co. KG
Content of presentation
The presentation shows general monitoring strategies with examples from practice as well as their advantages and disadvantages – without any product presentations!
- What is monitoring anyway? Who and what should I monitor and why?
- Basics like baselining, logfiles, active vs passive, top down vs bottom up, reactive vs proactive, APM
- Reporting
- Alerting -> Interfaces (Event / Incident) esp. Service Mgmt -> Example ITIL
- Protocols
- General structure -> IT infrastructure / IT architecture
- Phys. vs. virt. Systems
- Core functions such as discovery, visualisation, roout cause analysis, automation
- Selection process -> make or buy, single vs multi vendor, service partner, locations, tender, evaluation -> matrix
- Software Good practice, best of breed, commercial vs. open source software, umbrella systems, data collectors
Speaker
Robert Macioszek has worked in the field of IT administration and IT infrastructure for over 25 years. His focus is on operations, monitoring, security and processes.
After studying business informatics, he graduated in 2018 with a Master of Science in applied informatics.
Since 2016, Robert Macioszek has worked as an IT architect and CISO at GasLINE.
3:00 p.m. - 3:30 p.m.: Presentation
RaiseSec: Improving SME Information Security Through Automation and Standards
Dr. Stefan Meier
Meier Computersysteme GmbH
Content of presentation
Information security in small businesses has been a challenge for both businesses and academia for decades. However, the progress achieved so far across the board has been marginal. We have therefore developed a new methodology to address the problem of lack of information security in SMEs. During the presentation, this methodology, which is essentially based on ISO 27001, will be introduced. In addition, experiences from the use of the methodology in practice will be presented.
Speaker
Stefan Meier studied Business Informatics at the University of Regensburg until 2012. He then worked as a Research Assistant at the Chair of Business Informatics I – Information Systems at the University of Regensburg from 2012 to 2017. His research focus was digital forensics in companies. He also received his doctorate on this topic in 2016.
Dr Stefan Meier joined Meier Computersysteme GmbH full-time in 2017 and has since been working on improving information security for SMEs.
3:30 p.m. - 4:00 p.m.: Presentation
Implementation of Whistleblower Systems and Data Protection – a Field of Tension
Dr. Ralf Heine
Aulinger Attorney-at-law
Content of presentation
Since 2 July 2023, the German Whistleblower Protection Act obliges companies to set up a whistleblower system and at the same time to protect whistleblowers. Data protection concerns play an important role in the implementation of such systems and definitely cause tensions.
The presentation not only briefly outlines the requirements of the Whistleblower Protection Act, but also addresses the associated data protection law requirements. Possible solutions for practice will also be presented in order to ensure that whistleblower systems are operated in compliance with the law.
Speaker
Dr. Ralf Heine is a partner at the commercial law firm “Aulinger Rechtsanwälte”, where he is responsible for IT and data protection law. As a specialist lawyer for labour and information technology law, he advises clients primarily on IT and data protection law issues, but also focuses on employee data protection. As a certified data protection auditor and officer, he also provides practical support to companies in fulfilling the obligation to appoint a data protection officer.
4:00 p.m. - 4:30 p.m.
Coffee Break & Networking
4:30 p.m. - 5:30 p.m.: Panel discussion
Artificial Intelligence - Gamechanger for Cybersecurity?
Speaker
- n.n.
- n.n.
- n.n.
- n.n.
- n.n.
Content of presentation
Artificial intelligence is seen as an important technology of the future. Generative AI systems like ChatGPT show that the use of AI will greatly change our society, economy and research. Due to the speed of developments, the debate on the regulation of AI systems is dominated by concerns. Questions about cybersecurity are also increasingly arising. Where are we right now in the development of AI systems and what threats to cybersecurity are already emerging or will arise in the future? Can the level of security be increased through the use of AI systems? And is the regulatory framework in Germany and Europe sufficiently prepared for the emergence of AI systems? These and other questions will be discussed with guests from business and public administration.
from 6:30 p.m.
Internet Security Night 2023
With the Internet Security Night 2023, ISD visitors can look forward to a truly special networking event. The STOCK’s location in Phantasialand combines industrial style with a touch of vintage.
With fine food and drinks, the open lounge atmosphere offers all participants plenty of space for networking and exchanging experiences after the first day of the conference. A DJ and dance floor also invite you to party and dance.
Agenda for Friday, 22 September
Please note: The conference language is German
09:00 a.m.
Registration & Networking
10:00 Uhr @ Backup Stage
Keynote
Content of the presentation
tba
Speaker
Dr Alexander Schellong has been Vice President Cybersecurity at Schwarz Dienstleistungen since the beginning of August 2022. In this role, he works closely with the two companies belonging to the Schwarz Group, XM Cyber and Cyber Observer. Earlier, Schellong was Vice President Global Business & Director Marketing at IT security consultant Infodas. The cybersecurity expert brings further experience in the IT security sector from previous positions at Rhode & Schwarz, DXC Technology and General Dynamics Information Technology.
Dr. Alexander Schellong
Schwarz Group
10:30 a.m. - 1:00 p.m.
Backup Stage
Achieving the State of the Art (Deep Dives)
Thematic background
How does my company achieve and maintain state-of-the-art IT security? How do companies react professionally to incidents and attacks on their own digital infrastructure?
This focus provides an overview of advanced measures. Please also note our “Overview” of the topic on the first day of the conference.
10:30 a.m. - 11:00 a.m.: Presentation
KRITIS in Cyberspace
Manuel Atug
HiSolutions GmbH
Content of the presentation
In this presentation, Manuel 'HonkHase' Atug will address and discuss various issues and perspectives on critical infrastructure in cyberspace.
These will include the following:
- What is "KRITIS" in Germany and why is it so critical?
- Is there a cyber war? And if so, what is it and how does it work?
- What does Putin's war of aggression against Ukraine mean for us?
- What cyber physical effects can exist?
- What do cyber-type incidents look like and what are the threats?
- Cyber resilience as a solution. How do we become resilient to events?
- How do we gain sustainability via security in digitalisation?
Speaker
Manuel Atug is Senior Manager at HiSolutions AG and has been working in information security for over 23 years. His focus is on the topic of critical infrastructures (KRITIS), for which he is the lead advisor to the German Federal Office for Information Security (BSI) for Section 8a of the BSIG. Mr. Atug accompanies KRITIS operators in the implementation of the requirements for ISMS, sector-specific state of the art, emergency and continuity management from the IT-SiG, the BSI Act and the BSI Criticality Ordinance. He has extensive experience and expertise in this area and is always up to date with the latest developments and challenges.
11:00 a.m. - 11:30 a.m.: Panel discussion
Resilience and Security of Critical Infrastructures (abbreviated in German as “KRITIS”) and Basic Service Networks: How Can We Protect Our Infrastructure?
Speaker
Experts
- Stephan Bock (Cloudflare)
- Marina Krotofil (European Network for Cyber Security)
- Emma Wehrwein (Gaia-X)
- Caroline Krohn (Sustainable digitalization working group)
Moderation
- Ulrich Plate (nGENn GmbH)
Content of the presentation
In view of the increasing threats to our society, the protection and resilience of critical infrastructures and basic supply networks is becoming more and more important. A holistic security strategy is required to develop effective prevention measures, to detect vulnerabilities at an early stage and to ensure coordinated crisis management. Investments in modern technologies and the targeted training of specialised personnel are crucial to guarantee the resilience of these vital systems and to effectively protect our infrastructure.
11:30 a.m. - 12:00 a.m.
Coffee Break & Networking
12:00 noon - 12:30 p.m.: Presentation@ Backup Stage - sponsored by plusserver GmbH
Digitalisation, Data Sovereignty and the Cloud – Your Chance, Surely and Securely!
Tarek Nemri
plusserver GmbH
Content of the presentation
Public cloud offerings and cloud native platforms support the IT modernisation of companies right through to full digital transformation. However, the advantages of the cloud, such as automation, standardisation and managed services, are offset by increased complexity, challenges with compliance and data sovereignty, and a persistent shortage of skilled workers. In addition, there is the need to reconsider IT security in the course of digitalisation. Topics such as the IT Security Act 2.0, the NIS2 Directive, supply chain security or the loss of transparency due to a multi-cloud infrastructure make it necessary to no longer view IT security as a cost centre but as a business enabler.
Learn in this presentation how you can meet these challenges and the role that a Security Operations Centre plays in this.
Speaker
Tarek Nemri has been working at plusserver gmbh since 2016 and, in his role as IT Security Consultant, advises clients on IT security solutions and the associated processes. In particular, his work focuses on the planning and integration of use cases in the Security Operations Center. He also supports the partner companies in adapting the solutions to the requirements of their end customers.
12:30 p.m. - 1:00 p.m.: Presentation
Radicalisation and Internal Perpetrators
Jörg Peine-Paulsen
Ministry of the Interior Lower Saxony
Content of the presentation
According to the latest GDV study, internal perpetrators are responsible for 63 percent of white-collar crime cases (75 per cent of the damage caused). Every year, 5-10 percent of German companies are defrauded by their own employees.
The transition from a loyal colleague to internal perpetrator is not predetermined but can be influenced by many factors. This transition can be compared to political radicalisation. The aim is to prevent espionage and sabotage by internal perpetrators through early prevention.
Counterespionage and counter-sabotage is a task of the offices for the protection of the constitution. Economic protection is the preventive department within the office for the protection of the constitution, which provides information on counterintelligence and counter-sabotage. Dealing with this topic has become even more relevant due to the crises and wars of recent times.
To be presented:
- Offender profiles
- Possibilities of detection
- Hints for prevention
- Dealing with suspected cases
- Case studies
Speaker
Jörg Peine-Paulsen is a graduate engineer (FH) in communications engineering and has gained approximately 25 years of experience, working in various IT roles within different public authorities. The main professional aspects are the management of an IT department and extensive software engineering activities.
Over the last few years, Mr Peine-Paulsen has focused 100 per cent on security as an Information Security Officer and then as a Consultant in Economic Protection. Mr Peine-Paulsen currently works at the Lower Saxony Ministry of the Interior and Sport, Department 5, as an Officer for the Protection of the Constitution. His expertise lies in the field of economic protection (preventive counterintelligence).
In addition, Mr Peine-Paulsen works as an external university lecturer in the areas of IT governance, management and compliance / IT risk and IT security management / ITIL, big data and computational trust.
10:30 a.m. - 12:30 p.m.
Restore Stage
Focus: Connected Security
Thematic background
10:30 a.m.- 11:00 a.m.: Presentation
Are Traditional Firewalls Still Useful?
Gregor Chroner
GTT
Content of the presentation
This presentation will first introduce the traditional firewall in its basic version and later the “next-generation” firewall, which is mostly fitted into data centres or at sites.
Later we will look at the “cloud” approach to firewalls, the new method of protecting our users and data (SASE) that is increasingly moving to the cloud, and the new method of consuming firewalls.
Speaker
Gregor Chroner is a recognised expert on the topic of telecommunications and SD-WAN. Since 2015, he has been advising companies of all sizes and industries on the modernisation, migration and implementation of software-defined networks.
11:00 a.m. - 11:30 a.m.: Presentation
6G in the Mesh Networks: “Cybersecurity by Design” Using a Concrete Example
Hans Wenner
VDE Association for Electrical, Electronic & Information Technologies
Content of the presentation
The integration of distributed systems and services can offer significant benefits, such as increased efficiency and optimised workflows. This provides enormous potential for optimising patient care.
However, in order to realise connected, digital healthcare, one needs powerful and, above all, (cyber-)secure wireless communication technology that seamlessly integrates applications and networks. This means in addition to the technical challenges, the risks of cyberattacks have to be considered. Right from the beginning – and that is why it is best to start with this in the design of the technology itself!
In this presentation, we will use the current BMBF-funded project “6G Health” to demonstrate the step-by-step procedure for taking cyber-risks into account in the context of complex technological requirements as early as the technology definition stage: “Cybersecurity by Design”.
Speaker
Hans Wenner is a graduate engineer in electrical engineering. After gaining experience in the industry, working at a notified body and being self-employed for over 20 years, he is currently involved with the practical implementation of regulatory and normative requirements for medical devices and software at the VDE.
He has been an active member of relevant national and international standardisation groups for many years and has published a wide variety of papers.
11:30 Uhr - 12:00 Uhr
Coffee Break & Networking
12:00 a.m. - 12:30 p.m.: Presentation @ Backup Stage - sponsored by plusserver GmbH
Digitization, data sovereignty and the cloud - your chance, but secure!
Tarek Nemri
plusserver GmbH
Content of the presentation
tba
Speaker
lorem ipsum
12:30 p.m. - 1:00 p.m.: Presentation
Testing the Secure Configuration of TLS Connections
Dr. Guido Frank
Federal Office for Information Security in Germany
Content of the presentation
The secure and interoperable design of communication links is essential for successful digitalisation. Accordingly, communication channels are often the target of cyberattacks and must be suitably protected. In contrast, the development of application-specific test environments for digitalisation projects is expensive, time-consuming and maintenance-intensive.
This paper presents a two-stage, modular test approach for communication protocols based on the TLS protocol, which can be easily and effectively integrated into applications according to the modular principle. With the technical guideline BSI TR-03116-TS, this consists of a generic test specification and a corresponding test tool that can be flexibly integrated and configured. In the following, it is shown how the generic test approach can be used efficiently in concrete digitalisation projects and how testing can be carried out with the tool.
Speaker
Guido Frank heads the “eID Structures for Digitalisation” unit at the Federal Office for Information Security in Germany. His main tasks include the conception and evaluation of eID technologies and eID infrastructures, the support of digitalisation projects in the area of electronic identities and the development of specifications for technical security devices for electronic recording systems. Earlier, he was involved for many years in the unit “eID Technologies and Chip Cards” with the conceptual further development of the German eID system and sovereign documents and, in particular, accompanied the German notification of the online ID function in the context of the European eIDAS Regulation. Guido Frank studied mathematics and computer science and received his doctorate in pure mathematics from the University of Wuppertal in 2008.
1:00 p.m. - 1:45 p.m.
Lunch Break & Networking
1:45 p.m. - 2:45 p.m.
Backup Stage
Focus: Future Security
Thematic background
How is IT security evolving in the environment of increasingly advanced connected systems? What steps do we need to take to establish technology-independent security for IT infrastructures?
1:45 p.m. - 2:15 p.m.: Presentation
Risky Quantum Computing: What can be done?
Dr. Heike Hagemeier
German Federal Office for Information Security (BSI)
Content of the presentation
The presentation discusses the necessity of migrating to quantum-safe cryptography. The results of a joint survey conducted by the BSI and KPMG will be presented, showing that awareness and implementation levels on this topic are not yet significantly pronounced in German companies. The presentation also goes into the recommendations of the BSI on quantum-safe cryptography, which developers should take into account during implementation.
Speaker
Dr. Heike Hagemeier holds a doctorate in mathematics. She has worked at the BSI since 2010. There she had been employed as a cryptologist for a long time, especially with post-quantum cryptography. Since the beginning of 2022, she has been an officer in the “Technology and Research Strategy” unit. Her work there continues to focus on quantum technologies and their impact on cybersecurity.
2:15 p.m. - 2:45 p.m.: Presentation
Advantages of Implemented AI-Based Tools to Support Security Awareness – A View from Human Resource and Information Security Perspective
Chris Lichtenthälerbr />
Esprit Europe GmbH
Benjamin Pieck
Esprit Europe GmbH
Content of the presentation
The technological leap achieved by ChatGPT or similar AI-assistant tools in recent months offers a multitude of opportunities to add significant value to companies’ IT security awareness programmes. This AI-generated content can be created quickly and efficiently as additional content to the actual awareness programme. If, for example, a new attack method becomes known, security teams can provide information in all forms, including presentations or explanatory videos. Compared to simple email texts, multimedia learning through a trainer or an AI moderator can significantly enhance learners’ comprehension and attention span. The advantages and challenges of using AI will be discussed from an HR and security perspective.
Speaker
Chris Lichtenthäler joined Esprit in January 2023 as Director Information Security & Compliance. In this role, he has global responsibility for IT Security & IT Compliance. He also has more than 15 years of professional experience in the IT and IT security environment, including various roles at Deloitte, Grant Thornton and the German Armed Forces.
Benjamin Pieck joined Esprit in 2020 as Director Employee Experience. In this role, he is responsible for the implementation of training and development measures within the company. Earlier, after graduating in psychology, he founded the HR tech startup “matching box” and won the HR Excellence Awards in 2017.
1:45 p.m. - 2:45 p.m.
Restore Stage
Current Topics & Insides of the IT Security Industry
Thematic background
1:45 p.m. - 2:15 p.m.: Presentation
Zero Trust: Why Abolishing Trust Is a Mistake
Dr. Silvia Knittl
PwC GmbH WPG
Content of the presentation
Zero Trust is a hype topic that states that companies should have zero trust in networks, applications or devices that are inside or outside their perimeter. Instead, all activities should be authenticated and authorised, whether they originate from an internal or external user, device or network.
While Zero Trust is seen as a secure approach to information protection, there are also critical voices that argue that doing away with trust is a mistake. Some believe that such a radical shift is impractical and detracts from usability and productivity. Others fear that zero trust could lead to uncontrolled surveillance.
This talk will present the advantages and disadvantages of Zero Trust and discuss whether abolishing trust is really a mistake or whether it is a necessary step to improve IT security.
Speaker
Dr Silvia Knittl is a Director at PwC Germany in the Cyber & Privacy practice and leads the Enterprise Security Architects team.
She advises organisations on topics such as Zero Trust and Emerging Tech and supports clients in activating their cyber capabilities and manages security transformation projects. She has over 15 years of experience in the cyber field and started her career as an IAM developer. She completed her PhD at the Technical University of Munich in 2012 and studied computer science at the Ludwig-Maximilian University of Munich.
2:15 p.m. - 2:45 p.m.: Presentation
Continuous Security in the Cloud: Relevance in the Framework of the EU Cyber Resilience and Cybersecurity Acts
Christian Banse
Fraunhofer AISEC
Content of the presentation
With the EU Cyber Resilience and Cybersecurity Act, a new wave of EU regulations is heading towards European companies. The new certification standard EUCS (European Cybersecurity Certification Scheme for Cloud Services) of ENISA, which is referenced in both works, will be particularly relevant for providers of cloud services. On the one hand, it unifies national standards in Germany, such as the BSI C5 or SecNumCloud; on the other hand, it partly requires continuous compliance and auditing of cloud security. In this presentation, Christian Banse, Head of Department at Fraunhofer AISEC, will give an insight into the research topic of Continuous Cloud Assurance and show how companies can already prepare for these changes.
Speaker
From the University of Regensburg, Mr. Christian Banse holds a Master of Science in Business Informatics with a focus on IT security. He has been an employee at Fraunhofer AISEC since 2011. He was in charge of setting up a new type of network and cloud security laboratory and is currently taking over its management. A particular focus here is research into methods of automated and continuous certification of the IT security of cloud and container applications. Since mid-2018, Christian Banse has also been head of the Service and Application Security department with his research focus on privacy, data ecosystems and software security.
2:45 p.m. @ Backup Stage
Title tba
Content of the presentation
tba
Speaker
tba
Dr. Rachid El Bansarkhani
QuantiCor Security GmbH
3:15 p.m. - 3:45 p.m.: Panel discussion Future Security @ Backup Stage
How Will Quantum Computers and AI Change Our Security World?
Speaker
Experts
- Dr. Silvia Knittl (PWC)
- Mark Vinkovits (XUND Solutions)
- Dr. Rachid El Bansarkhani (QuantiCor Security)
- Jörg Peine-Paulsen (Federal Ministry of the Interior)
Moderation
- Fabian Landa (eco)
Content of the presentation
Moving into the future, quantum computers and artificial intelligence (AI) will undoubtedly revolutionise the world of security. The rapid development of quantum computers promises enormous computing power that could make conventional encryption techniques ineffective. At the same time, AI-powered security systems offer new possibilities for automated detection and defence against cyber threats. In the face of these challenges, we must proactively develop new security measures that address both the benefits and potential risks of these groundbreaking technologies.
Our Speakers 2023
Here you can find our overview of all confirmed experts for the Internet Security Days 2023. We are constantly adding to our speakers page.
All profiles in German language - English presentation directly in the agenda.