General session
Hacking & tech
Business & Industry
SOC – myth or reality?
Security vendors – data & network
Women In Cybersecurity

Venue: Ziedonis hall

Theme: General session

Moderator: Reinis Zitmanis

Venue: Conference hall A

Theme: Hacking & tech

Venue: Conference hall B

Theme: Business & Industry

Venue: Conference hall C

Theme: SOC – myth or reality?

Moderator: Zigmunds Vīķis

Venue: Conference hall D

Theme: Security vendors – data & network

Moderator: Irina Gutmane

Venue: Conference hall E

Theme: Women In Cybersecurity

09:00
Ziedonis hall

Apsveikumi – SM, VARAM, AizM, CERT, ECSO, FBI, LTRK, LIKTA

09:30
Ziedonis hall

The cybersecurity dimension of critical [energy] infrastructure

The advances in information and communications technologies have provided possibilities for new functions, features and efficiencies in remotely managing and controlling industrial processes and services essential to the national economy and well-being of our societies. Unfortunately for every new feature introduced by these wonderful enabling technologies there is a vulnerability that can cause an unintentional accident or be intentionally exploited by an adversary. This is well understood by specialists working in Information Technology (IT) and there are well established best practices for protecting computers, data, websites, and networks. However, in protecting critical infrastructure and the technologies used by Industrial Control Systems (ICS) or Operational Technology (OT) the IT security practices that are very good at protecting data and networks do not fully apply in protecting a physical process or preserving a desired process state. For example safely monitoring and controlling the physical processes in generating electricity at a nuclear power station (flow of coolant), insuring the right level of chemicals are added to drinking water, refining crude oil at a petrochemical plant, pumping liquid fuel or compressed gas down a pipeline or safely running a railway system. This presentation will point out the peculiarities and challenges faced by security practitioners in protecting the supporting ICS technologies of these complex systems that provide the technical foundation for modern economic life, insuring national security and well-being of society.

Vytautas Butrimas
10:10
Ziedonis hall

Evolution of risk – From endpoint ransomware to supply chain compromise

Managing risk well requires an understanding of the current threats you face while looking ahead to where threats may emerge tomorrow. This talk will cover the biggest threats facing organisations today, while sharing the trends we observe in our research labs and how they will likely affect what we will see tomorrow. As humans continue to get more involved in attacks, our approach to defence needs to adjust to the human element: unpredictability.

Chester Wisniewski
Principal Research Scientist
10:40
Ziedonis hall

Deep dive into cybersecurity: Why we must respond to technological cybersecurity challenges in an interdisciplinary way

Philipp Kalweit
CEO
11:10

Coffee break, Session Split

11:40
Ziedonis hall

Why Visibility Matters for Hunting for both OT and IT

Bryan will discuss real-world use cases tied to OT and IT that highlights what attackers do and how clients need to defend against them. His presentation will cover how visibility/detection is necessary with Real-World examples and will detail hunting and detection solutions to address these types of attacks.

Bryan Geraldo
12:10
Ziedonis hall

Hackers & Pirates (Cybersecurity at the High Seas)

In a world of global trade, many products are transported between different continents in ships. This means that sea transport forms an important link of the logistics chain for most physical product. The navigation and control of moderns hips rely increasingly on digital systems, and autonomous vessels are being tested in several areas, but ships are rarely considered part of the critical cyber infrastructure. This talk examines the cyber security of marine based installations, in particular ships. The presentation will present an overview of the attack surface of modern ships, identify different attack vectors and discuss different mitigation techniques.

Christian Damsgaard Jensen
Associate Professor, Head of Cyber Security Section
12:40
Ziedonis hall

International Regulation of Cybersecurity

In the recent years, cybersecurity became a “hot topic” not only in the field of technical implementation, but for legislators all throughout the world as well: Transnational operating hackers, national authorities, as well as NGOs may be involved in cybersecurity threats, and with that, they also promote the political discussion and the creation of new laws which are specialized in cybersecurity. The presentation will take into account the recent work of legislators of important states such as Germany, China, Russia, Israel and the new European Union Cybersecurity Act under a comparative point of view.

Dennis-Kenji Kipker
Research Managing Director
13:10

Panel discussion

14:00
Ziedonis hall

SECURE US TO SECURE ME

Enterprises are not victims, they’re vectors. Security in an ecosystem-driven world is no longer about protecting oneself—it’s about protecting everyone. Leading businesses are recognizing that just as they already collaborate with entire ecosystems to deliver best-in-class products, services, and experiences, it’s time security joins that effort as well. During this session we will share the key insights from the Accenture Technology Vision 2019 highlighting the top security trends.

Sheldon Nailer
IS and Privacy Group Lead
Intars Garbovskis
Security practice lead
14:30
Ziedonis hall

360 degree Cyber – cyber security modelling beyond existing industry standards

Lars Hilse
Independant consultant
15:00
Ziedonis hall

CLOUD SECURITY AND PRIVACY: “Mitigating and Protecting with Cross-language Programming Technology”

Cloud computing is one of the computational infrastructure that has brought a new phase of data processing and management in the business of the 21st century, which of course has impacted positively in businesses. There is no doubt that its deep penetration and patronage by users is connected to the ready-made environment for different services provided by the platform. The key performance indicator (KPI) saving models of cloud computing demonstrated in terms of cost, time, quality, compliance, revenue and profitability indicate that the technology is a welcome development and has been embraced by all businesses so far. As the level of patronage for cloud computing grows deeper with no sign of decrease at sight, there are also growing concerns or challenges by both the providers and the users. These challenges and concerns primarily linked to the security and privacy of the rich and high volume of data which flow through the platform and those stored up there for future references. These include health data, financial information, flight, aviation, research and critical national security information, to mention but a few. This paper examines and explores the various security and privacy concerns along with a proposal on mitigating such concerns by the use of a cross-language programming technology.

Abass O. Olayinka
Associate Lecturer/Co-ordinator of Scientific and Technical Researches, Department of Computer Science Loral International Schools, Agbara, Ogun State Nigeria Head Of Department, School of Technology
15:30

Coffee break, Expo zone lotteries etc.

16:10
Ziedonis hall

Tales from a professional stalker (1st part)

Have you ever had a client who constantly clicks on the links, a CEO who opens all the attachments, or receptionists who reuses every single USB they’ve found? Do you blame them for the lack of security mindfulness? If you do, stop. Blaming the users is so 2018.

Taking a deep dive into the last 10 years of my professional career, we will walk through the hard lessons I have learned regarding human behaviour, how our brains work, and why humans do what they do. At the end of the day, being a cyber security expert is not bullying users into submission, it’s understanding who they are as beings and creating a safe, inclusive environment for them to learn.

Completion of this talk will include homework – so come prepared!

Zoë Rose
Ethical Hacker
16:40
Ziedonis hall

Tales from a professional stalker (2nd part)

Have you ever had a client who constantly clicks on the links, a CEO who opens all the attachments, or receptionists who reuses every single USB they’ve found? Do you blame them for the lack of security mindfulness? If you do, stop. Blaming the users is so 2018.

Taking a deep dive into the last 10 years of my professional career, we will walk through the hard lessons I have learned regarding human behaviour, how our brains work, and why humans do what they do. At the end of the day, being a cyber security expert is not bullying users into submission, it’s understanding who they are as beings and creating a safe, inclusive environment for them to learn.

Completion of this talk will include homework – so come prepared!

Zoë Rose
Ethical Hacker
17:10
Ziedonis hall

4G-5G Good for your health bad for security

In this talk we go farther in depth at RF communications and look at what 4G and 5G communications are and the vulnerabilities inherent in them

Grant Colgan
Technical Consultant
17:40

CLOSING REMARKS