Towards an Internet of Secure Things

2020 edition of the INTERSCT. Conference on Cybersecurity of Internet-of-Things

October 14-15, 2020

Reserve your seat

The 2020 edition of the INTERSCT. Conference on Cyber Security of Internet-of-Things will be a virtual conference. Participation in this conference is free of charge. The number of available seats is limited. Reserve your seat as soon as possible at your earliest convenience.

organized by

During the 2020 edition of the INTERSCT. Conference on Cyber Security of Internet-of-things we will address the “Problems” related to the Cyber Security of Internet-of-Things, possible (directions for) “Solutions” and the related R&D and (technological) innovation performed in the context of the INTERSECT project.

Problem

With the Internet-of-Things (IoT) we are seamlessly connecting the cyber and the physical worlds extending the risk area to safety requiring a broader perspective on security. IoT is turning out to be one of the weakest spots in our infrastructure. With billions and in the near future potentially trillions of devices, the security risks are growing at great rates. Our economic and societal forces are creating a perfect storm, a pervasive infrastructure of trillions of IoT devices which on one hand will oversee our lives and economy, and on the other hand will be completely unmanageable from a security perspective. To compound the risk, IoT systems are often devised and engineered in places where we have no control on, and unless we want to basically surrender our digital sovereignty by only relying on foreign solutions for our national cyber security, we need to find a way to secure them regardless of provenance and built-in malicious intents.

Solutions

We cannot secure something we cannot manage, we need to re-think the security paradigm, delegating part of the security management to the system that needs to autonomously adapt to the changing environment, while remaining under our supervision, and re-think accordingly all our security technologies. We need to be able to design, develop and manufacture IoT systems-of-systems in a fundamentally different way enabling the overall system to become robust, resilient and trustworthy, even in the presence of individual IoT devices that are insecure or even compromised in a Zero-trust environment and providing the right ecosystem for their wide adoption within industry. We actually need to be able to design, develop and manufacture new types of IoT devices with security-by-design, security-by-default, robustness and resilience in mind; while continuously preserving all safety requirements, these devices must pro-actively manage their security, actively respond to attacks, recover from attacks, resume and restore themselves to a predefined level of operation following an attack etc.,

Project

The INTERSECT public private partnership sees it as its mission to produce a paradigm shift in the engineering of Secure IoT systems, by introducing autonomously adaptive security as a new evidence-driven paradigm for system design, development, and maintenance. We will develop a new system life cycle model and relevant enabling systems that allows professionals to effectively and efficiently design, develop and manufacture such devices (robust and resilient and trustworthy in a Zero-trust environment). We will provide industry with the incentives and instruments to adopt these new methods and manufacture IoT systems accordingly, so that governments and citizens can adopt them, thereby enabling the birth and the growth of an Internet of Secure Things. This will eventually have a profound societal impact.

Program

Schedule 

14 October 2020

from 12:30 until 17:30 CET

12:30 - 12:45 Opening by Mr. Robert-Jan Smits

Summary – 

12:45 - 13:15 Introduction by prof. dr. Sandro Etalle

Title – …

Summary – …

13:30 - 14:30 Invited Talk by Dr. Allan Friedman

TitleWhat’s in the box: Software Bill of Materials for Devices

Summary – Devices are often seen as opaque, but we need better insight into the software components that make up the embedded systems on which we depend. This talk will present the emerging industry consensus around a “software bill of materials” that provides transparency around the underlying software components that are used to build modern, software-based devices. This “SBOM” can help developers deliver a more secure product, help buyers understand what they are acquiring, and operators understand the risks of what is on their networks over time. Transparency into the software supply chain further enables a host of further use cases around supply chain risk management and software assurance.

14:45 - 15:15 Invited Talk by Mrs. Nelly Ghaoui

Title Roadmap Digital Secure Hardware and Software

Summary – The cyber security of digital products and services and especially Internet-of-Things is lacking. We cannot expect consumers to become cyber security specialists to fix the problem. As a professional cyber security community from industry, research and government it’s up to us to come together to raise the bar in society. I will go into the Dutch national Roadmap on hard- and software security, the policy strategy of the Dutch government containing a broad mix measures ranging from awareness campaigns and public-private partnerships to EU certification and mandatory minimum requirements.

15:15 - 15:45 Invited Talk by prof. dr. Aiko Pras

TitleDDOS and Internet-of-Things

Summary – DDoS is still one of the important security challenges we are confronted with. For example, early September the NCSC published a news item that many ISPs and vital infrastructures (such as DNS) were target of attacks twice as strong as last year (2020: 250Gbps, 2019: 124Gbps). Unfortunately the massive introduction of insecure Internet-of-Things devices will make things worse. In this talk we will provide an overview of how current attacks look like, and the impact that Internet-of-Things may have on the attack landscape. Fortunately some new DDoS defence approaches are being developed, so the talk will hopefully conclude with some positive news.

16:00 - 17:00 Parallel sessions for Work Packages

Summary – The INTERSECT project has six R&D related Work Packages and five of these reflect the pillars of the Dutch National Cyber Security Research Agenda (NCSRA III): Design, Defense, Attack, Governance and Privacy.

WP2 is related to Design and is coordinated by dr. Erik Poll who will present the R&D and (technological) innovation envisioned in this Work Package.

WP3 is related to Defense and is coordinated by dr. Jerry den Hartog who will present the R&D and (technological) innovation envisioned in this Work Package.

WP4 is related to Attack and is coordinated by prof. dr. Herbert Bos who will present the R&D and (technological) innovation envisioned in this Work Package.

 

WP2, WP3 and WP4 will be presented on 14 October.

17:00- 17:30 Invited Talk by dr. ir. Kees van der Klauw

TitleIoT – commoditization of functions, differentiation by non-functionalities

Summary – For many years have digital innovations been equivalent to adding functionalities or extending functional performance to digital platforms. More pixels and more inches on displays, more channels on audio and  video streaming devices, more bits per second connections, more (virtual) buttons on tablets and mobiles controlling ever more app’s. Those functions and features were the main competitive value drivers for companies but for many the result has been a rapid commoditization and shortening of lifetimes of those innovations, with decreasing added value, but strongly contributing to the value and power of the platforms they run on, generally owned by other (non-European) companies. Internet-of-Things is no exception to this. At the same time, non-functional aspects such as privacy, security, upgradeability, portability etc. were often compromised. With the increasing awareness and EU attention for those aspects, the new sustainable competitive value driver for companies may be in those non-functionalities and building trust with end-users.  But it will require a shift to more consistent, longer term strategies than many companies are used to.

17:30 Closing by prof. dr. Sandro Etalle

Summary – 

15 October 2020

from 12:30 until 17:30 CET

12:30 - 12:45 Opening by prof. dr. Sandro Etalle

Summary – …

12:45 - 13:15 Invited Talk by prof. dr. Michel van Eeten

Title – Mopping Up While the Tap is Still Running: Cleaning Up the Internet of Evil Things

Summary – We know poorly secured Internet-of-Things devices are flooding our markets. And we know they get compromised at scale. Now what? What can we do while we wait for secure-by-design Internet-of-Things to become the default? Various stakeholders can play a role. Think of manufacturers, retailers, network operators, consumers. Who is competent to act? And more controversially: Who actually has an incentive to act? We will explore surprising new research and industry experiences in combatting the rise of the Internet-of-Evil-Things.

13:30 - 14:00 Invited Talk by prof. dr. Herbert Bos

Title – Your Threat Model Is Wrong and You Should Feel Bad 

Summary – This presentation will explain how to create bad threat models (just keep doing what you’re doing), why abstractions are the work of the devil (and a necessary evil), and what happens when processor flaws meet traditional software exploitation (nothing good). 

14:00 - 14:30 Invited Talk by prof. dr. M. Hildebrandt

Title – …

Summary – In this keynote she will address upcoming developments regarding private law liability in Internet-of-Things settings, for instance of software developers, hardware manufacturers, those who put AI applications on the market, platforms that integrate service provision both vertical and horizontal, providers of infrastructure (telecom providers, cloud providers, providers of cyber-physical infrastructure, or smart grid providers).

14:45 - 15:45 Panel moderated by prof. dr. Bart Jacobs

Summary …

16:00 - 17:00 Parallel sessions for Work Packages

Summary – The INTERSECT project has six R&D related Work Packages and five of these reflect the pillars of the Dutch National Cyber Security Research Agenda (NCSRA III): Design, Defense, Attack, Governance and Privacy.

WP5 is related to Governance and is coordinated by prof. dr. Michel van Eeten who will present the R&D and (technological) innovation envisioned in this Work Package.

WP6 is related to Privacy and is coordinated by prof. dr. Ronald Leenes who will present the R&D and (technological) innovation envisioned in this Work Package.

WP7 is related to a Federated Lab facility coordinated by dr. Luca Allodi who will present the strategic goals of the Federated Lab as well as the R&D and (technological) innovation envisioned in this Work Package.

WP5, WP6, and WP7 will be presented on 15 October.

17:00 - 17:30 Invited Talk by dr. M. Bodlaender

TitleCyber security that works for regulated environments like healthcare

Summary – In this invited talk, he will explain some of the challenges that arise from the need to secure heavily regulated environments like healthcare, and how INTERSCT may contribute to address these challenges.

17:30 Closing by prof. dr. Sandro Etalle

Summary – 

Speakers

Robert-Jan Smits

Robert-Jan Smits

President of Executive Board of Eindhoven University of Technology

Robert-Jan Smits is the President of the Eindhoven University of Technology. Prior to this, he was from 2018-2019 the Open Access Envoy of the European Commission, based at the European political Strategy Centre (EPSC) of the European Commission. In this capacity, he developed policy recommendations (Plan S) to ensure that all publicly funded scientific publications will be available in Open Access. Before this, he was from 2010-2018 the Director-General of DG Research and Innovation (RTD) at the European Commission. In this capacity, he was responsible for defining and implementing the EU policy and programmes in the field of research and innovation (average annual budget 8 billion euro): Horizon 2020

Mr. Smits has received several recognitions and awards for his contribution to European science and innovation. He is an honorary member of Academia Europaea and of the Koninklijke Hollandsche Maatschappij der Wetenschappen. He has degrees from Utrecht University in The Netherlands, Institut Universitaire d’Hautes Etudes Internationales in Switzerland and Fletcher School of Law & Diplomacy in the United States of America.

» Read more

Prof. dr. Sandro Etalle

Prof. dr. Sandro Etalle

Professor Cyber Security at Eindhoven University of Technology

Sandro Etalle is full professor and head of the Security group at Eindhoven University of Technology. He earned his MSc degree at the University of Padova and his PhD at the University of Amsterdam. His research focuses mainly on usable security monitoring, a topic that he researched both in the academic and in the enterprise setting. Before switching to the academic career, he was co-founder of two Italian technology companies: TecLogic and ICON.  In 2009, Etalle founded SecurityMatters together with PhD students D. Bolzoni and E. Zambon. At SecurityMatters Etalle served as CEO  for over 4 years and as Chairman of the Board until the exit.

» Read more

Dr. Allan Friedman

Dr. Allan Friedman

Director of Cybersecurity Initiatives, NTIA

Dr. Allan Friedman is Director of Cybersecurity Initiatives at the National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA’s multistakeholder processes on cybersecurity, focusing on addressing vulnerabilities in connected systems and across the software world. Prior to joining the Federal Government, Friedman spent over 15 years as a noted cybersecurity and tech policy scholar at Harvard’s Computer Science Department, the Brookings Institution and George Washington University’s Engineering School. He is the co-author of the popular text ‘Cybersecurity and Cyberwar: What Everyone Needs to Know,’ has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University.
Mrs. Nelly Ghaoui

Mrs. Nelly Ghaoui

Senior Policy Advisor at Dutch Ministry of Economic Affairs and Climate

Nelly Ghaoui is a senior policy coordinator on cybersecurity at the Dutch Ministry of Economic Affairs and Climate Policy. She has over a decade of experience in national security, crisis management, critical infrastructure protection and cybersecurity also at the ministry of Justice and Security. She is currently responsible for the implementation of the Dutch roadmap to improve the security of hard- and software and the Internet of Things. She has a Master’s degree in Public Administration and an Executive Master’s degree in cybersecurity from Leiden University.

Mr. Kees Verhoeven

Mr. Kees Verhoeven

Member of Parliament

Mr. Kees Verhoeven is …

 

» Read More

dr. ir. C.L.M. (Kees) van der Klauw

dr. ir. C.L.M. (Kees) van der Klauw

Strategist at National AI Coalition

Kees van der Klauw graduated from the department of Electronics Engineering of Delft University of Technology in the Netherlands and received a Ph.D. in the area of semiconductor devices (CCD’s) in 1987. During his professional career, he has contributed to and has led several digital transformations and innovations inside and outside Philips. He joined Philips Research in 1987 where he worked several years on the design and characterization of CMOS devices and processes in the analogue to digital transition in microelectronics. In 1992 he moved to Philips’ Flat Panel Displays where he held positions in project management, engineering-, operations- and general management of Philips LCD activities and was involved in the establishment of Philips’ LCD joint ventures in Japan and Korea. Subsequently he worked for nearly 10 years in Philips Consumer Electronics as development manager and CTO for Philips Television, Monitors and Professional Display Business during which period TV’s and business transformed to ‘flat, digital, high speed and on-line’. He joined Philips Lighting in 2009, where he was the Chief Architect and the R&D Manager for Professional Lighting Solutions driving the transition to LED lighting and Internet-of-Things. From October 2013, he has been the Head of the Research for Philips Lighting and he played a key role in the split off of Philips Lighting, now Signify.
During this period Kees was also a driving force in the establishment of the Alliance for Internet of Things Innovation (AIOTI) and he was the first elected chairman. 

Starting in 2018, Kees now runs his own Innovation Consultancy Company, InnoAdds and is engaged with digital innovation in various areas. He is currently leading the Netherlands AI Coalition NL AIC, engaging over 400 parties from business, government, education and science and society, building a national artificial intelligence ecosystem.

dr. Maarten Bodlaender

dr. Maarten Bodlaender

Head of Philips Security Technologies

Maarten Bodlaender got his Masters in computer science at Utrecht University in 1994, PhD. in computer science at Eindhoven University of Technology in 1999, MBA at RSM Erasmus in 2007, and became a Dutch patent attorney in 2014.

He is currently head of the security technologies department in Philips, responsible for the global rollout of medical cyber security services by Philips.

prof. dr. Mireille Hildebrandt

prof. dr. Mireille Hildebrandt

Professor at Vrije Universiteit Brussel

Mireille Hildebrandt is a Research Professor on ‘Interfacing Law and Technology’ at Vrije Universiteit Brussels (VUB), appointed by the VUB Research Council. She is co-Director of the Research Group on Law Science Technology and Society studies (LSTS) at the Faculty of Law and Criminology.

She also holds the part-time Chair of Smart Environments, Data Protection and the Rule of Law at the Science Faculty, at the Institute for Computing and Information Sciences (iCIS) at Radboud University Nijmegen.

 

» Read More

prof. dr. R.E. (Ronald) Leenes

prof. dr. R.E. (Ronald) Leenes

Professor at Tilburg University

prof.dr. Ronald Leenes is full professor in regulation by technology at the Tilburg Institute for Law, Technology, and Society (TILT), Tilburg University, the Netherlands. He is currently Head of the Department for Law, Technology, Markets, and Society (LTMS), the home of TILT and TILEC. His primary research interests are techno-regulation, privacy, both conceptual as well as applied, data analytics, and robotics and human enhancement. Currently his research focuses on accountability and transparency in AI and Data Science and on regulatory failure in technology regulation. He has a background in Public Administration and Public Policy (University of Twente) and has extensive research experience in the fields of Artificial Intelligence and Law, E-Government and since he joined TILT, technology (primarily ICTs) and law. He has contributed to several EU projects, such as PRIME, PRIMELIFE, ENDORSE, Robolaw, A4Cloud µMole. He has edited multiple volumes of the Computers, Privacy and Data Protection (CPDP) series published at Springer and Hart.

 

» Read More

Prof. dr. Herbert Bos

Prof. dr. Herbert Bos

Professor at Vrije Universiteit Amsterdam

Herbert Bos is full professor at Vrije Universiteit Amsterdam where  he co-leads the VUSec Systems Security group. He is very proud of his current and former students whose research results have found their way into all major operating systems, all browsers and all Intel CPUs. 

 

Prof. dr. Bart Jacobs

Prof. dr. Bart Jacobs

Professor at Radboud University Nijmegen

Bart Jacobs is a professor of computer security, privacy and identity at Radboud University Nijmegen, The Netherlands. His work covers both theoretical computer science and more practical, multidisciplinary work, especially in computer security and privacy. He is a member of the Academia Europaea and of the Royal Netherlands Academy of Arts and Sciences (KNAW), and a recipient of an ERC Advanced Grant. He is an active participant in societal debates about security and privacy, in the media and in various advice roles e.g. for government and parliament. He chairs a non-profit spin-off on attribute-based identity management (see irma.app) and is co-founder of Nijmegen’s interdisciplinary hub on security, privacy and data governance.

 

» Read More

dr. Erik Poll

dr. Erik Poll

Associate professor at Radboud University Nijmegen

Erik Poll is associate professor in the Digital Security Group at Radboud University in Nijmegen, where he specialises in software security, smartcards, and formal methods.  Over the years he has worked on formal specification and verification of software, on formal techniques for security testing, and on more applied research into the security of various systems, for instance payment systems and smart grids.

» Read More

prof. dr. Michel van Eeten

prof. dr. Michel van Eeten

Professor at Delft University of Technology

Michel van Eeten is professor at Delft University of Technology and his chair focuses on the Governance of Cybersecurity. He studies the interplay between technological design and economic incentives in Internet security. His team analyses large-scale Internet measurement and incident data to identify how the markets for Internet services deal with security risks. He has conducted empirical studies funded by NWO, the ITU, the OECD, the Department of Homeland Security, the European Commission, the Dutch National Police, the General Intelligence and Security Service, Fox-IT, banks, and various ministries within the Dutch government. Topics range from botnet mitigation, threat intelligence and abuse reporting, network measurements, information sharing, security metrics, to cybercrime markets.

He is also a member of the Cyber Security Council, an official advisory body of the Dutch government.

» Read More

prof. dr. Aiko Pras

prof. dr. Aiko Pras

Professor at University of Twente

Aiko Pras is full professor Internet Security at the Faculty of Electrical Engineering, Mathematics and Computer Science of University of Twente, the Netherlands. He is member of the Design and Analysis of Communication Systems Group (DACS). In 1995 he received a Ph.D. degree from the same university for his thesis titled “Network Management Architectures” and in 2013 he was appointed as full professor. In 2016 he has been honoured with the IFIP/IEEE “Salah Aidarous Memorial Award” for providing unremitting service and dedication to the IT and Telecommunications Network Operations and Management community. He is interested in questions like Digital Independence and Internet security, with a research focus on DDoS attacks and DNS security. His approach is usually based on measurements.

He is research coordinator of the EU Concordia project, which is one of the four Cybersecurity Competence Networks within Europe.

» Read More

Dr.-Ing. Tobias Fiebig

Dr.-Ing. Tobias Fiebig

Assistant professor at Delft University of Technology

Dr.-Ing. Tobias Fiebig is an assistant professor in the Information and Communication Technology section at the faculty of Technology, Policy and Management of Delft University of Technology, focusing on identifying and mitigating human-factors based and preventable security issues in IT systems—like those all too common in the Internet of Things. For this, he uses qualitative research methods, but also develops new tools for the future-proof Internet scale assessment of vulnerabilities. His most recent publications include a significant contribution towards making the IPv6 Internet scanable, understanding and mitigating the impact of DNS misconfigurations in the DNS ecosystem, and the first study on system operators’ perspective on security misconfigurations.

» Read More

dr. Jerry den Hartog

dr. Jerry den Hartog

Assistant professor at Eindhoven University of Technology

Jerry den Hartog is assistant professor at Eindhoven University of Technology. He obtained his PhD at the Vrije Universiteit Amsterdam, in the area of formal methods.  His research covers different aspects of data protection for collaborative systems, particularly in areas such as critical infrastructure and industrial control systems, intelligent transport systems, smart buildings, and IoT in general.  This includes defending systems through network situational awareness and intrusion detection and designing secure systems through access control, trust management and formal verification.

 » Read More

dr. Luca Allodi

dr. Luca Allodi

Assistant professor at Eindhoven University of Technology

Luca Allodi is an assistant professor with the Security Group at Eindhoven University of Technology. His main research interests include economic and human aspects of information security, with a focus on attacker and cybercriminal operations. Allodi received a PhD in information security from the University of Trento, Italy, in 2015, for his thesis on software vulnerability risk. He has worked extensively on the definition of the Common Vulnerability Scoring System (CVSS) standard for vulnerability measurement, and participates in a number of joint academia/industry initiatives on cyber-risk.

» Read More

ir. Frank Fransen

ir. Frank Fransen

TNO

Frank Fransen received a MSc in Information Technology at Eindhoven University of Technology in 1995. He is currently employed as a Senior Scientist in the Cyber Security & Robustness group of TNO. His work at TNO involves acquisition and execution of research projects on emerging security technologies, security of mobile communication systems (3G, 4G and 5G), information security and risk management, Security Operations, Cyber Threat intelligence, and cyber security of smart energy grids. Before joining TNO, he was security researcher for 7 years at KPN Research working on information security and smart card systems. He has been involved in several European research projects. He is currently the technical coordinator of H2020 project SOCCRATES. He was co-author of the 2nd Dutch National Cyber Security Research Agenda (NCSRA II, 2013), and member of the board of editors of NCSRA III (2018).

Moderator

Chris van 't Hof

Chris van 't Hof

Tek Tok

Chris van ’t Hof is an independent researcher, writer and presenter in information technology. With his background in both electrical engineering and sociology, he analyses the interaction between human and electronic networks. His eight book: “Helpful Hackers. How the Dutch do Responsible Disclosure.” His company Tek Tok organises conferences, workshops and IT security training. As Secretary of the Dutch Institute for Vulnerability Disclosure, he helps ethical hackers to clean up the internet for free. He also has his own talk show: Hack Talk.

» Read More

Sponsors & Supporters

This event is made possible by the INTERSECT public private partnership funded by the Dutch National Research Council and the members of the INTERSECT-consortium.