Two parallel thematic tracks full of presentations, discussions and networking on the topic of cyber security: From 16 to 17 September 2021, over 150 security experts and more than 60 speakers met at the second digital ISD in the event tool talque.
How can we increase cyber security in an increasingly connected world? The Internet Security Days (ISDs) were once again the meeting place for top security experts on 16 and 17 September. For the second year in a row, the ISDs took place as a purely online event in the conference tool talque, instead of in Phantasialand near Cologne as in previous years. The focus on cyber security remained the same: in over 40 online sessions, experts presented strategies for more IT security in our increasingly connected world. The ISDs 2021 were made possible by the kind support of DomiNIC, Huawei Technologies Germany and numerous other partners and sponsors.
The two daily parallel thematic tracks were opened by top-class keynotes, for example, by the German Federal Commissioner for Data Protection, Prof. Ulrich Kelber. The organisers – eco – Association of the Internet Industry and heise Events – welcomed around 150 participants to the panels and lectures. In the panel discussions on four topic blocks on two days and during the numerous lectures, everyone had the chance to deliver questions and join in the discussion. As in previous years, the agenda also offered numerous networking opportunities. During the numerous breaks, the networking platform SpatialChat invited the participants to visit different rooms, exchange ideas and make new contacts privately.
Before the first day of the event, on 15 September, the registered participants already had the chance to practice IT security on practical examples in optional workshops. The participants of the IT Forensics Readiness Workshop, for example, were “On the trail of attackers in hiding”. This was followed by the workshop “Cyber Risks in Transition – Designing New Working Environments Securely” and a workshop on analysing security messages in manufacturing networks.
Security is subjectively perceived to be stronger than it actually is
At the official start of ISD 2021 on Thursday, 16 September, Prof. Norbert Pohlmann, eco Board Member for IT Security, welcomed the participants: “In our connected world, IT security risks for companies and organisations are increasing,” he said and called for a sovereign European ecosystem for identity data. “Self Sovereign Identities can become the digitalisation accelerator for our society,” he gave as a consideration.
The second keynote of the day was given by Walter Haas, CTO of Platinum Partner Huawei. He spoke about Standardisation for a Secure World and the role of 5G technology for critical applications, for example autonomous driving, and called for a common approach to security in critical infrastructures.
Well-equipped against cybercrime
“Well-equipped against cybercrime” was the title of the first topic track on Thursday. Under the title “Cybercrime, a criminal service industry threatens the economy”, Carsten Meywirth from the German Federal Criminal Police Office (BKA) spoke about current attack scenarios and how companies protect themselves against them. Helmut Brechtken and Chris Lichtenthäler took a look behind the scenes of ransomware.
In the panel discussion that followed, Stefan Becker from the BSI ( German Federal Office for Information Security), Andreas Marx from the AV-TEST Institute and Stefan Möller from Certified Security Operation Center GmbH spoke about the threats of the present and how they can be countered under the title “On the road to cyber Armageddon”.
Dr Haya Shulman said in her keynote after the break: “With the increasing digitalisation of society, cybercrime and cyber espionage are also growing: what is digitalised can potentially be attacked.” “IT security concept – hot or junk?” then asked Thomas Günther from suresecure. Phishing, spam emails and drive-by downloads were then the focus. How can the top 3 dangers from the Internet be prevented? This was asked by Clemens Alexander Schulz from Rohde & Schwarz Cybersecurity.
Smart World – Secure World
The second topic track on Thursday was entitled “Smart World – Secure World”. Here, Alexander Kehl from IoT Inspector spoke about vulnerabilities in interwoven IoT supply chains. His presentation was entitled “The devil lurks in the supply chain – successfully securing (I)IoT supply chains”. In the subsequent panel discussion, Camille Bouly, Patrick Ben Koetter and Sven-Holger Wabnitz spoke about secure infrastructures for IoT.
The discussion continued with “Secure Bits and Atoms: IoT in the area of conflict between cyber and physical security” by Dr Christian Zenger from PHYSEC GmbH. Marvin Schirrmacher from grandcendrix then spoke about the risks and challenges of Narrowband IoT (NB-IoT). In the panel “Standards for more security in the IoT”, Graziano Galante from Microsoft, Michael Lemke from Huawei and Olaf Pursche from the AV-TEST Institute discussed which methods we can use to achieve more security in the Internet of Things.
New working worlds, but secure!
Friday started with security issues from the healthcare sector. In the keynote “Healthy with security – DNS infrastructures in healthcare”, Sven-Holger Wabnitz from ISD Platinum Partner DomiNIC showed the need for special protection of patient data, for example by embedding the DNS for data transmission in a certified security management system.
The next topic was the role of the Chief Information Security Officer (CISO): Florian Jörgens from Vorwerk shed light on challenges in the first weeks of a CISO. “Where to put the CISO? Targeted identification of optimal security organisations” was the topic of the presentation by Sebastian Kurowski from Fraunhofer IAO.
An all-female panel discussed the “human factor”. What does the new normal look like, and how can the balancing act between mobile and stationary work be achieved sustainably? Katja Holzer from SpaceNet AG, Charline Kappes from SoSafe, Christina Lekati from Cyber Risk and Carolin Desirée Töpfer gave safety tips for the balancing act between mobile and stationary work.
After the break, it continued with the keynote speech by Prof. Ulrich Kelber, the German Federal Commissioner for Data Protection, with the keynote “IT security: data protection from the beginning”. Here he showed why companies should think about data protection right from the start when developing new products and services. Dr Niklas Hellemann from SoSafe also gave an insight into a multi-layer approach to cyber security awareness.
Towards the end of the day, Judith Winter and Markus Müller from Deutsche Telekom showed security from the outset using the example of Gaia-X.
Learning from experience – securely into the future
The second track on Day 2 got off to an exciting start with the presentation “Delivering Data Protection from Head to Toe”. Stefanie Köhl from eGov Consulting und Management GmbH mentioned methods and tools for organisers and managers.
Stefan Hessel from Reusch Rechtsanwaltsgesellschaft mbh then shed light on the possible legal consequences of IT security incidents and which legal requirements must be observed in incident response. Around noon, Sebastian Barchnicki from the Competence Centre for Cyber Security in the Economy in NRW and Heinz Krippel took part in the “IT security for SMEs” topic table. They discussed with other conference participants how SMEs can be supported in a targeted manner.
State Trojans as a point of contention: After the break, Hauke Gierow from G DATA, Peer Heinlein from Heinlein Support GmbH and Lena Rohrbach from Amnesty International had a lively discussion in the panel “State Trojans – Tension between state mandate in the digital age & IT security”. Keeping vulnerabilities secret endangers citizens, companies and state institutions themselves. On the other hand, corresponding software helps intelligence services and law enforcement agencies to fulfil their tasks.
The second track on Friday also ended with a presentation by Stefan Kühl and Elmar Küper from AVERDIS. In their presentation “Penetration Test/Red Teaming – How? Where? What? Why?” they showed what you can, should or even must expect from a penetration test or red teaming.
At the end of the second ISDs in the online tool talque, Cornelia Schildt, Senior Project Manager IT Security, and Markus Schaffrin, Head of Member Services in the eco Association, thanked all participants. Both had sovereignly moderated the topic tracks on both days of the event and expertly guided through the programme. The participants said goodbye in the certainty that they had also exchanged valuable know-how in the digital space and made numerous new contacts.