DSS ITSEC 2017: CYBERCRIME AND EU GDPR LABYRINTH

THE LARGEST CYBER SECURITY EVENT IN BALTICS

OCTOBER 19, RIGA, LATVIA

Topics

Topics

The conference is about cyber security only. Event annually covers a broad set of topics including current and future trends of cyber threats, modern market developments and strategies. It discusses and introduces newest laws and regulas, international compliance standards and cooperation, as well as technological solutions for Cloud, Data, Mobility, Network, Application, Endpoint, Identity & Access, and Security Governance.

Live Video Stream

Live Video Stream

In 21st Century travelling isn’t always mandatory to get the access to the information. You can watch LIVE video content exploring all 9+ parallel sessions in our YouTube channel or via our media partners like LMT Straume and various internet portals. In 2016 there were thousands of online live video stream viewers from all over the world.

Expo & Workshops

Expo & Workshops

DSS ITSEC 2017 expo area typically provides at least 40+ expo stands with selected innovative technologies where on-site visitors can meet with industry professionals, learn, workshop, address the most important topics and receive advises from industry experts from all of the world. Conference and expo is about sharing knowledge, experience and contacts via business networking.

Delegates & Guests

Delegates & Guests

Besides international cyber security star speakers event annually on-site brings together more than 700 high-level ICT professionals from local, regional, and international businesses, governments and government agencies, tech communities, national and public sectors. If You are CEO, CFO, CSO, CISO, CIO, legal and audit officer, or responsible for Business & IT risks / compliance, or administering systems, developing apps this event for You is a mandatory to attend.

Online Stream

Speakers

Featured this years speakers.

Holger Spohn

Holger Spohn
CIS Security Supervisor at NATO

Johan Rambi

Johan Rambi
Corporate Privacy & Security advisor

Mikko Hypponen

Mikko Hypponen
CRO at F-Secure

Tamara Dull

Tamara Dull
Director of Emerging Technologies at SAS Best Practices

Agenda

This years featured agenda

See full agenda

"Hacking democracies, the latest issue of the 21st century"

A presentation following the overall interest in how a democracy might be hacked, how vulnerable we are and what potential issues are evolving without being on the forefront of the press, elections campaigns and other media outlets. This also follows the recent information out of BH/DefCon Las Vegas, hacking voting machines is not the only problem which has to be considered. In the meantime, there are a lot of attack vectors and vulnerabilities which can be exploited when talking about the potential attack on a democratic government. This is also not really new, in the past smaller events have shown what might be coming, but the bigger picture was not understood, or maybe not yet visible. Hacking a key industry was the start, then came the potential for holding an entity hostage, which right now is expanding as we bring more and more things online. Hackback and other issues can also be mentioned here, as they raise interesting questions for the governing bodies, whatever they might be.

General Session (Ziedoņa hall) - (09:10 - 09:40)

"Privacy and Security Are Two Sides of the Same Coin: An Individual’s Perspective"

Technology has advanced so rapidly in the last 20 years—from the internet to “big” data to the more recent Internet of Things. This evolution is forcing us to address some very difficult questions about protecting and securing personal information – including yours, mine, and ours. This discussion can no longer be relegated to the privacy freaks and security geeks in the back room. We must all engage. In this session, we’ll take a look at some of these privacy and security questions from the perspective of an individual – such as a consumer, citizen, or employee. We will walk through the six-stage data lifecycle (create, store, use, share, archive, and destroy) to help put this discussion into context. And finally, we’ll discuss what we can do as individuals to protect not only ourselves but also those with which we live, love, and serve. Note: There is a second session called “Privacy and Security Are Two Sides of the Same Coin: An Organization’s Perspective.” You are welcome to attend one or both sessions.

General Session (Ziedoņa hall) - (10:40 - 11:10)

"When your own security products betray you"

There are many security products on the market some of which are excellent and some of which are awful; telling the two apart can be very hard. This is especially true when selecting a security technology to include into a larger system. Our research group specialises in the analysis of such security products and the claims they make. In this talk I'll give a number of examples of our work, in which we have found that incorporating a weak security component into a larger product as lead to entire systems being insecure. Examples will include weak cryptography used in rail control systems, pacemakers and cars; bad security APIs used in leading banking apps and backdoors inserted by third party developers.

Critical Infrastructure, Data Protection & Threats - (11:30 - 12:00)

"Hacking SCADA HMI Applications"

SCADA systems of Ukrainian regional electric power companies and left approximately 225,000 customers without power. Threat actors spend their effort on discovering vulnerabilities on HMI (Human-machine Interface) applications as it is main part for managing and controling of the SCADA system. The talk is about SCADA HMI vulnerabilities and exploiting. We will detail out some vulnerabilities discovered in HMI applications created by well-known SCADA vendors including Schneider Electric , CoDeSys, Progea and more. We will also answer some specific questions about SCADA vulnerabilities with technical details. These questions are; – Why are SCADA applications swiss cheese for hackers? – What is the status and impact of the threat? – How do researchers or hackers discover these vulnerabilities? - What to do for prevention?

Hacking and Tech Demo Workshops - (11:30 - 12:00)

"Trust in 5G Networks"

5G networks will bring increased diversity in applications, and new business models, requiring the collaboration of multiple parties to deliver services. As a result, no single stakeholder will be able to secure a 5G network against all threats, so each stakeholder must trust others to ensure end-to-end security. Since trust is a response to risk, our trust model is defined in terms of threats to 5G networks. These are analysed to find dependencies between stakeholders affected by each threat, and stakeholders who are in a position to address the threat.

5G, Satellites & Cyber Awareness - (11:30 - 12:00)

"SMONT - an Ontology for crime solving through Social Media"

There are numerous social networks such as Facebook, LinkedIn, Google Plus and Twitter whose data sources are becoming larger every day holding an abundance of valuable information. Among these data, digital crime evidence can be collected from on-line social networks (OSNs) for crime detection and further analysis. This presentation describes the SMONT ontology which has been developed to give support to the process of crime investigation and prevention. The SMONT ontology covers specific data about the crime, digital evidence obtained from OSNs, information archived from police entities, and also details related to people or events which may bring the authorities closer to crime case solving. It is possible to benefit from the ontology in different ways like: intelligence gathering; reasoning over the data; smarter searches and comparisons; open data publication purposes; and for the overall management of the crime solving and prevention process.

Critical Infrastructure, Data Protection & Threats - (12:30 - 13:00)

"7 Months to Go – Are you on track with your GDPR program?"

The clock is ticking away and stakeholders are more and more anxiously looking at their calendars. Where should you be by now, what should your GDPR program already look like, how can you check its effectiveness already at an early stage and – most importantly – what can you do if you just are not there yet?

EU GDPR, Lawyers & Business - (14:30 - 15:00)

"Malware and the effects on NATO"

A presentation on how malware has affected NATO (Allied Command Operations, our area of responsibility) in the recent past, and what effects it could have in a worst case scenario. This is especially interesting as Cyberspace is now an operational domain for NATO, while many nations still work on the consequences of this decision. It will also include the information on sharing of data with partners, as this is key for fighting malware, or in general, cyber issues. On the underlying issue, malware is malware, if it turns into a malicious tool to harm an operation or if it turns into commercial malware does not really matter for us, we need to understand the basic information and prepare ourselves, the partners and nations as best as we can. Partnerships include of course nations, industry, academia and NGO’s, for example the EU, Europol, and many others, also depending on the tasking and our goals for static or deployed use. And in addition to malware, a big issue we have is the insider threat, which can be augmented by the malware problem, as seen in industry when employees either take data or leave time bombs behind.

Critical Infrastructure, Data Protection & Threats - (15:00 - 15:30)

"Artificial Intelligence (AI) on the Horizon of Cyber Security"

Multiple intelligent technologies, such as Machine Learning (ML), Neural Networks, Data Mining, Natural Language Processing (NLP) and many others have given rise to solutions that we call Artificial Intelligence (AI), which is essentially a way to augment our devices, software and services to achieve overall improvements in the way we think and perform. There are many fantastic examples of how these solutions have changed technology in general, and even the field of cyber security has seen and will continue to see drastic changes, as AI capabilities become more prevalent. On one hand, we are seeing more complex malware, phishing campaigns and targeted attacks, enhanced by AI. On the other hand, everything that the adversary uses, can also be useful to the defender, especially so in the case of offensive security. Therefore we have a wide range of augmented security solutions for penetration testing, reverse engineering and analysis of malware, malware detection, network intrusion detection and prevention and many more. While exploring the current state of AI in technology and security, in this talk I will also briefly touch on what makes AI capabilities suitable for cybersecurity solutions, what problems are yet to be solved and whether or not they ‘can’ be solved, using the capabilities offered by AI technologies.

Network Security Innovations 2 - (15:00 - 15:30)

"The Digitalization of Crime"

We are living in a world where cyber attacks have become the norm. New kinds of attackers appear, with new targets, new motivations and new methods. To understand and to fight the attacks, we need to understand who the attackers are. Security expert Mikko Hypponen will look at the latest big hacking cases and reveal what really went on.

General Session (Ziedoņa hall) - (16:20 - 17:00)
''

Sponsors

Meet this years Sponsors and Supporters.

General Partners

Platinum Partners

Participant registration

Free of charge registration to the event.

Participation Type
I agree to receive Marketing information
I agree to the Terms and Conditions *
National Library of Latvia, Mūkusalas iela 3, Rīga, Latvia LV-1423