Towards an Internet of Secure Things

2020 edition of the INTERSCT. Conference on Cybersecurity of Internet-of-Things

October 14-15, 2020

organized by

During the 2020 edition of the INTERSCT. Conference on Cyber Security of Internet-of-things we addressed the “Problems” related to the Cyber Security of Internet-of-Things, possible (directions for) “Solutions” and the related R&D and (technological) innovation performed in the context of the INTERSECT project.

Problem

With the Internet-of-Things (IoT) we are seamlessly connecting the cyber and the physical worlds extending the risk area to safety requiring a broader perspective on security. IoT is turning out to be one of the weakest spots in our infrastructure. With billions and in the near future potentially trillions of devices, the security risks are growing at great rates. Our economic and societal forces are creating a perfect storm, a pervasive infrastructure of trillions of IoT devices which on one hand will oversee our lives and economy, and on the other hand will be completely unmanageable from a security perspective. To compound the risk, IoT systems are often devised and engineered in places where we have no control on, and unless we want to basically surrender our digital sovereignty by only relying on foreign solutions for our national cyber security, we need to find a way to secure them regardless of provenance and built-in malicious intents.

Solutions

We cannot secure something we cannot manage, we need to re-think the security paradigm, delegating part of the security management to the system that needs to autonomously adapt to the changing environment, while remaining under our supervision, and re-think accordingly all our security technologies. We need to be able to design, develop and manufacture IoT systems-of-systems in a fundamentally different way enabling the overall system to become robust, resilient and trustworthy, even in the presence of individual IoT devices that are insecure or even compromised in a Zero-trust environment and providing the right ecosystem for their wide adoption within industry. We actually need to be able to design, develop and manufacture new types of IoT devices with security-by-design, security-by-default, robustness and resilience in mind; while continuously preserving all safety requirements, these devices must pro-actively manage their security, actively respond to attacks, recover from attacks, resume and restore themselves to a predefined level of operation following an attack etc.,

Project

The INTERSECT public private partnership sees it as its mission to produce a paradigm shift in the engineering of Secure IoT systems, by introducing autonomously adaptive security as a new evidence-driven paradigm for system design, development, and maintenance. We will develop a new system life cycle model and relevant enabling systems that allows professionals to effectively and efficiently design, develop and manufacture such devices (robust and resilient and trustworthy in a Zero-trust environment). We will provide industry with the incentives and instruments to adopt these new methods and manufacture IoT systems accordingly, so that governments and citizens can adopt them, thereby enabling the birth and the growth of an Internet of Secure Things. This will eventually have a profound societal impact.

Program

Schedule 

14 October 2020

from 12:30 until 17:30 CET

12:30 - 12:45 Opening by Mr. Robert-Jan Smits
12:45 - 13:15 Introduction by prof. dr. Sandro Etalle

TitleTowards and INTERnet of SECure Things

Summary – During this presentation he will introduce the INTERSECT project.He will discuss the problem of securing the Internet-of-Things in some of its facets and he will touch on the approach followed in the project and provide a brief “spoiler” regarding one of the research directions. 

13:30 - 14:30 Invited Talk by Dr. Allan Friedman

TitleWhat’s in the box: Software Bill of Materials for Devices

Summary – Devices are often seen as opaque, but we need better insight into the software components that make up the embedded systems on which we depend. This talk will present the emerging industry consensus around a “software bill of materials” that provides transparency around the underlying software components that are used to build modern, software-based devices. This “SBOM” can help developers deliver a more secure product, help buyers understand what they are acquiring, and operators understand the risks of what is on their networks over time. Transparency into the software supply chain further enables a host of further use cases around supply chain risk management and software assurance.

14:45 - 15:15 Invited Talk by Mrs. Nelly Ghaoui

Title Roadmap Digital Secure Hardware and Software

Summary – The cyber security of digital products and services and especially Internet-of-Things is lacking. We cannot expect consumers to become cyber security specialists to fix the problem. As a professional cyber security community from industry, research and government it’s up to us to come together to raise the bar in society. I will go into the Dutch national Roadmap on hard- and software security, the policy strategy of the Dutch government containing a broad mix measures ranging from awareness campaigns and public-private partnerships to EU certification and mandatory minimum requirements.

15:15 - 15:45 Invited Talk by prof. dr. Aiko Pras

TitleDDOS and Internet-of-Things

Summary – DDoS is still one of the important security challenges we are confronted with. For example, early September the NCSC published a news item that many ISPs and vital infrastructures (such as DNS) were target of attacks twice as strong as last year (2020: 250Gbps, 2019: 124Gbps). Unfortunately the massive introduction of insecure Internet-of-Things devices will make things worse. In this talk we will provide an overview of how current attacks look like, and the impact that Internet-of-Things may have on the attack landscape. Fortunately some new DDoS defence approaches are being developed, so the talk will hopefully conclude with some positive news.

16:00 - 17:00 Parallel sessions for Work Packages

Summary – The INTERSECT project has six R&D related Work Packages and five of these reflect the pillars of the Dutch National Cyber Security Research Agenda (NCSRA III): Design, Defence, Attacks, Governance and Privacy.

This session on WP2 is related to Design and is coordinated by dr. Erik Poll who will present the R&D and (technological) innovation envisioned in this Work Package.

WP2 on Design, aims to eventually provide a better methodology for designing, building, and testing or certifying secure solutions, and to get an understanding of the drivers behind current bad practices & obstacles to introducing better ones in industrial practice. During the first part of the session, relevant researchers will brielfy pitch their planned R&D and (technological) innovation, including dr. Tobias Fiebig (TUD), professor dr. Nirvana Meratnia & dr. Tanir Ozcelebi (TU/e), Ronald Begeer, dr. Behnam Asadi Khashooei & Alexandr Vasenev (TNO), and dr. Erik Poll (RU).

This session on WP3 is related to Defence and is coordinated by dr. Jerry den Hartog who will present the R&D and (technological) innovation envisioned in this Work Package.

In this session we will consider different aspects of defense of Internet-of-Things systems as envisioned in INTERSECT by means of a series of short presentations by Jerry den Hartog (TU/e), Roland van Rijswijk (UT), Frank Fransen (TNO) and João Ceron (SIDN) followed by a discussion on how collaborative monitoring and selection and application of security measures is needed to defend such Internet-of-Things systems.

This session in WP4 is related to Attacks and is coordinated by dr. Cristiano Giuffrida who will present the R&D and (technological) innovation envisioned in this Work Package.

In this session we will explain how WP4 aims to first investigate the way modern attacks operate in order to automatically find suitable remedies for discovered security vulnerabilities. In particular, the first goal of this work package is to understand the attacks and attackers themselves, as well as their modus operandi and the important vulnerabilities and systems on which to focus—with an eye on developing new attack prediction models and then to develop techniques for automated vulnerability finding, exploit generation, and patch generation for Internet-of-Things devices. This session will consist of a number of short presentations by researchers involved in the work package (VUA, NSCR, and TNO in particular).

17:00- 17:30 Invited Talk by dr. ir. Kees van der Klauw

TitleIoT – commoditization of functions, differentiation by non-functionalities

Summary – For many years have digital innovations been equivalent to adding functionalities or extending functional performance to digital platforms. More pixels and more inches on displays, more channels on audio and  video streaming devices, more bits per second connections, more (virtual) buttons on tablets and mobiles controlling ever more app’s. Those functions and features were the main competitive value drivers for companies but for many the result has been a rapid commoditization and shortening of lifetimes of those innovations, with decreasing added value, but strongly contributing to the value and power of the platforms they run on, generally owned by other (non-European) companies. Internet-of-Things is no exception to this. At the same time, non-functional aspects such as privacy, security, upgradeability, portability etc. were often compromised. With the increasing awareness and EU attention for those aspects, the new sustainable competitive value driver for companies may be in those non-functionalities and building trust with end-users.  But it will require a shift to more consistent, longer term strategies than many companies are used to.

17:30 Closing by prof. dr. Sandro Etalle

Summary – 

15 October 2020

from 12:30 until 17:30 CET

12:30 - 12:45 Opening by dr. Jeanet Bruil, MBA
12:45 - 13:15 Invited Talk by prof. dr. Michel van Eeten

Title – Mopping Up While the Tap is Still Running: Cleaning Up the Internet of Evil Things

Summary – We know poorly secured Internet-of-Things devices are flooding our markets. And we know they get compromised at scale. Now what? What can we do while we wait for secure-by-design Internet-of-Things to become the default? Various stakeholders can play a role. Think of manufacturers, retailers, network operators, consumers. Who is competent to act? And more controversially: Who actually has an incentive to act? We will explore surprising new research and industry experiences in combatting the rise of the Internet-of-Evil-Things.

13:30 - 14:00 Invited Talk by prof. dr. Herbert Bos

Title – Your Threat Model Is Wrong and You Should Feel Bad 

Summary – This presentation will explain how to create bad threat models (just keep doing what you’re doing), why abstractions are the work of the devil (and a necessary evil), and what happens when processor flaws meet traditional software exploitation (nothing good). 

14:00 - 14:30 Invited Talk by prof. dr. M. Hildebrandt

Title – …

Summary – In this keynote she will address upcoming developments regarding private law liability in Internet-of-Things settings, for instance of software developers, hardware manufacturers, those who put AI applications on the market, platforms that integrate service provision both vertical and horizontal, providers of infrastructure (telecom providers, cloud providers, providers of cyber-physical infrastructure, or smart grid providers).

14:45 - 15:45 Panel moderated by prof. dr. Bart Jacobs

The panelists are:

  • Mr. Kees Verhoeven
  • professor dr. Mireille Hildebrandt
  • professor dr. Herbert Bos
  • professor dr. Sandro Etalle
  • dr. Maarten Bodlaender
16:00 - 17:00 Parallel sessions for Work Packages

Summary – The INTERSECT project has six R&D related Work Packages and five of these reflect the pillars of the Dutch National Cyber Security Research Agenda (NCSRA III): Design, Defence, Attacks, Governance and Privacy.

WP5 is related to Governance and is coordinated by prof. dr. Michel van Eeten and WP6 is related to Privacy and is coordinated by prof. dr. Ronald Leenes. This session will cover the R&D and (technological) innovation envisioned in these two Work Packages.

Eelco Vriezekolk from the Agentschap Telecom (Radiocommunications Agency) will kick off this combined session by sharing the agency’s views on the governance of Internet-of-Things security. This presentation will be complemented by a talk from Irene Kamara (TiU). She will address questions around certification and liability as legal governance mechanisms for IoT security. Next, Pieter Wolters (RU) will discuss the legal obligations to provide cyber secure Internet-of-Things devices. In particular, he will focus on the obligations to secure personal data. Finally, Ronald Leenes (TiU) will outline the possibilities and challenges of privacy by design in Internet-of-Things. After these four (brief) talks, we will open up the discussion with the attendees.

This session on WP7 is related to a Federated Lab facility coordinated by dr. Luca Allodi who will present the strategic goals of the Federated Lab as well as the R&D and (technological) innovation envisioned in this Work Package.

The objective of this session on WP7 is to bootstrap the design and development of the INTERSECT Federated Laboratory. During the first part of the session a number of INTERSECT partners will highlight their ambitions and contributions to this Federated Lab, including Radboud University, TNO, Qbit Cyber Security, Secura, Fontys and Hogeschool van Leiden.The second part of the session will be used to engage with the audience to start outlining the main design principles and objectives of the Federated Lab.

This session on a specific part of WP8 is related to the Impact Plan, which plays a central role in the INTERSECT project.

The Impact Plan, positioned as part of WP8, it is an approach stimulated by the Dutch Research Council (NWO) to increase the potential impact of R&D and (technological) innovation projects that are part of their commitments towards the implementation of the National Science Agenda. Using an Impact Plan based on the concepts of Theory of Change, Pathways to Innovation, and Productive Interactions we defined a better method for planning and monitoring the impact of (the results of) our work in the context of this project. For a maximal effect, an effective Impact Plan needs maximum stakeholder engagement (“co-design” and “co-creation”) and during this session we will explain the various concepts and ambitions and also provide a platform for participants from industry, government, academia, and civil society to provide their input for the next version of the Impact Plan as well as how they could become part of the INTERSCT. stakeholder engagement network to regularly assist us in re-aligning the strategic R&D and Innovation agenda to ensure maximal results during and after the project. This session is facilitated by Harold Weffers.

17:00 - 17:30 Invited Talk by dr. M. Bodlaender

TitleCyber security that works for regulated environments like healthcare

Summary – In this invited talk, he will explain some of the challenges that arise from the need to secure heavily regulated environments like healthcare, and how INTERSCT may contribute to address these challenges.

17:30 Closing by prof. dr. Sandro Etalle

Summary – 

Speakers

Robert-Jan Smits

Robert-Jan Smits

President of Executive Board of Eindhoven University of Technology

Robert-Jan Smits is the President of the Eindhoven University of Technology. Prior to this, he was from 2018-2019 the Open Access Envoy of the European Commission, based at the European political Strategy Centre (EPSC) of the European Commission. In this capacity, he developed policy recommendations (Plan S) to ensure that all publicly funded scientific publications will be available in Open Access. Before this, he was from 2010-2018 the Director-General of DG Research and Innovation (RTD) at the European Commission. In this capacity, he was responsible for defining and implementing the EU policy and programmes in the field of research and innovation (average annual budget 8 billion euro): Horizon 2020

Mr. Smits has received several recognitions and awards for his contribution to European science and innovation. He is an honorary member of Academia Europaea and of the Koninklijke Hollandsche Maatschappij der Wetenschappen. He has degrees from Utrecht University in The Netherlands, Institut Universitaire d’Hautes Etudes Internationales in Switzerland and Fletcher School of Law & Diplomacy in the United States of America.

» Read more

Prof. dr. Sandro Etalle

Prof. dr. Sandro Etalle

Professor Cyber Security at Eindhoven University of Technology

Sandro Etalle is full professor and head of the Security group at Eindhoven University of Technology. He earned his MSc degree at the University of Padova and his PhD at the University of Amsterdam. His research focuses mainly on usable security monitoring, a topic that he researched both in the academic and in the enterprise setting. Before switching to the academic career, he was co-founder of two Italian technology companies: TecLogic and ICON.  In 2009, Etalle founded SecurityMatters (now Forescout Technologies) together with PhD students D. Bolzoni and E. Zambon. At SecurityMatters Etalle served as CEO  for over 4 years and as Chairman of the Board until the exit.

» Read more

Dr. Allan Friedman

Dr. Allan Friedman

Director of Cybersecurity Initiatives, NTIA

Dr. Allan Friedman is Director of Cybersecurity Initiatives at the National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA’s multistakeholder processes on cybersecurity, focusing on addressing vulnerabilities in connected systems and across the software world. Prior to joining the Federal Government, Friedman spent over 15 years as a noted cybersecurity and tech policy scholar at Harvard’s Computer Science Department, the Brookings Institution and George Washington University’s Engineering School. He is the co-author of the popular text ‘Cybersecurity and Cyberwar: What Everyone Needs to Know,’ has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University.
Mrs. Nelly Ghaoui

Mrs. Nelly Ghaoui

Senior Policy Advisor at Dutch Ministry of Economic Affairs and Climate

Nelly Ghaoui is a senior policy coordinator on cybersecurity at the Dutch Ministry of Economic Affairs and Climate Policy. She has over a decade of experience in national security, crisis management, critical infrastructure protection and cybersecurity also at the ministry of Justice and Security. She is currently responsible for the implementation of the Dutch roadmap to improve the security of hard- and software and the Internet of Things. She has a Master’s degree in Public Administration and an Executive Master’s degree in cybersecurity from Leiden University.

prof. dr. Aiko Pras

prof. dr. Aiko Pras

Professor at University of Twente

Aiko Pras is full professor Internet Security at the Faculty of Electrical Engineering, Mathematics and Computer Science of University of Twente, the Netherlands. He is member of the Design and Analysis of Communication Systems Group (DACS). In 1995 he received a Ph.D. degree from the same university for his thesis titled “Network Management Architectures” and in 2013 he was appointed as full professor. In 2016 he has been honoured with the IFIP/IEEE “Salah Aidarous Memorial Award” for providing unremitting service and dedication to the IT and Telecommunications Network Operations and Management community. He is interested in questions like Digital Independence and Internet security, with a research focus on DDoS attacks and DNS security. His approach is usually based on measurements.

He is research coordinator of the EU Concordia project, which is one of the four Cybersecurity Competence Networks within Europe.

» Read More

dr. Erik Poll

dr. Erik Poll

Associate professor at Radboud University Nijmegen

Erik Poll is associate professor in the Digital Security Group at Radboud University in Nijmegen, where he specialises in software security, smartcards, and formal methods.  Over the years he has worked on formal specification and verification of software, on formal techniques for security testing, and on more applied research into the security of various systems, for instance payment systems and smart grids.

» Read More

dr. Jerry den Hartog

dr. Jerry den Hartog

Assistant professor at Eindhoven University of Technology

Jerry den Hartog is assistant professor at Eindhoven University of Technology. He obtained his PhD at the Vrije Universiteit Amsterdam, in the area of formal methods.  His research covers different aspects of data protection for collaborative systems, particularly in areas such as critical infrastructure and industrial control systems, intelligent transport systems, smart buildings, and IoT in general.  This includes defending systems through network situational awareness and intrusion detection and designing secure systems through access control, trust management and formal verification.

 » Read More

ir. Frank Fransen

ir. Frank Fransen

TNO

Frank Fransen received a MSc in Information Technology at Eindhoven University of Technology in 1995. He is currently employed as a Senior Scientist in the Cyber Security & Robustness group of TNO. His work at TNO involves acquisition and execution of research projects on emerging security technologies, security of mobile communication systems (3G, 4G and 5G), information security and risk management, Security Operations, Cyber Threat intelligence, and cyber security of smart energy grids. Before joining TNO, he was security researcher for 7 years at KPN Research working on information security and smart card systems. He has been involved in several European research projects. He is currently the technical coordinator of H2020 project SOCCRATES. He was co-author of the 2nd Dutch National Cyber Security Research Agenda (NCSRA II, 2013), and member of the board of editors of NCSRA III (2018).

dr. Cristiano Giuffrida

dr. Cristiano Giuffrida

Assiociate professor at Vrije Universiteit Amsterdam

Cristiano Giuffrida is an Associate Professor in the Computer Science Department at the Vrije Universiteit Amsterdam. His research interests span across several aspects of Computer Systems, with a focus on systems security. He received a Ph.D. cum laude from the Vrije Universiteit Amsterdam in 2014. He was awarded the Roger Needham Award at EuroSys and the Dennis M. Ritchie Award at SOSP for the best PhD dissertation in Computer Systems in 2015 (Europe and worldwide). He was awarded a VENI grant (the Dutch Equivalent of a NSF CAREER Award, PhD+3) in 2017 and a VMware Early Career Faculty Award in 2020. He has published and served on the program committee of all the top systems and security venues, including SOSP, OSDI, S&P, CCS, NDSS, and USENIX Security.

» Read More

dr. ir. C.L.M. (Kees) van der Klauw

dr. ir. C.L.M. (Kees) van der Klauw

Strategist at National AI Coalition

Kees van der Klauw graduated from the department of Electronics Engineering of Delft University of Technology in the Netherlands and received a Ph.D. in the area of semiconductor devices (CCD’s) in 1987. During his professional career, he has contributed to and has led several digital transformations and innovations inside and outside Philips. He joined Philips Research in 1987 where he worked several years on the design and characterization of CMOS devices and processes in the analogue to digital transition in microelectronics. In 1992 he moved to Philips’ Flat Panel Displays where he held positions in project management, engineering-, operations- and general management of Philips LCD activities and was involved in the establishment of Philips’ LCD joint ventures in Japan and Korea. Subsequently he worked for nearly 10 years in Philips Consumer Electronics as development manager and CTO for Philips Television, Monitors and Professional Display Business during which period TV’s and business transformed to ‘flat, digital, high speed and on-line’. He joined Philips Lighting in 2009, where he was the Chief Architect and the R&D Manager for Professional Lighting Solutions driving the transition to LED lighting and Internet-of-Things. From October 2013, he has been the Head of the Research for Philips Lighting and he played a key role in the split off of Philips Lighting, now Signify.
During this period Kees was also a driving force in the establishment of the Alliance for Internet of Things Innovation (AIOTI) and he was the first elected chairman. 

Starting in 2018, Kees now runs his own Innovation Consultancy Company, InnoAdds and is engaged with digital innovation in various areas. He is currently leading the Netherlands AI Coalition NL AIC, engaging over 400 parties from business, government, education and science and society, building a national artificial intelligence ecosystem.

dr. Jeanet Bruil, MBA

dr. Jeanet Bruil, MBA

Head of NWO NWA

Jeanet Bruil is head of the Dutch Research Agenda (NWA) at the Dutch Research Council (NWO). After a research career at the University of Leiden and the Netherlands Organisation for applied scientific research TNO, she started to work in research funding. As head of the Public Health team at the Netherlands Organisation for health research and development (ZonMw), she worked with her team on stimulating research on the promotion and protection of health and prevention of disease. Nowadays she works as head of the Dutch Research Agenda at the Dutch Research council (NWO). Driving force in her work is to facilitate researchers and societal organisations to work together to answer research questions formulated by the society. Research funding has, in her opinion, an essential role to play in stimulating the scientific and societal impact of science, as an intermediary between science, policymakers and societal stakeholders. The ambition of the Dutch Research Agenda fits with the common theme in her work: “… to bridge the gap between various science, innovation and policy agendas and to facilitate collaboration between the various actors across the entire research and innovation chain”. 

prof. dr. Michel van Eeten

prof. dr. Michel van Eeten

Professor at Delft University of Technology

Michel van Eeten is professor at Delft University of Technology and his chair focuses on the Governance of Cybersecurity. He studies the interplay between technological design and economic incentives in Internet security. His team analyses large-scale Internet measurement and incident data to identify how the markets for Internet services deal with security risks. He has conducted empirical studies funded by NWO, the ITU, the OECD, the Department of Homeland Security, the European Commission, the Dutch National Police, the General Intelligence and Security Service, Fox-IT, banks, and various ministries within the Dutch government. Topics range from botnet mitigation, threat intelligence and abuse reporting, network measurements, information sharing, security metrics, to cybercrime markets.

He is also a member of the Cyber Security Council, an official advisory body of the Dutch government.

» Read More

Prof. dr. Herbert Bos

Prof. dr. Herbert Bos

Professor at Vrije Universiteit Amsterdam

Herbert Bos is full professor at Vrije Universiteit Amsterdam where  he co-leads the VUSec Systems Security group. He is very proud of his current and former students whose research results have found their way into all major operating systems, all browsers and all Intel CPUs. 

 

prof. dr. Mireille Hildebrandt

prof. dr. Mireille Hildebrandt

Professor at Vrije Universiteit Brussel

Mireille Hildebrandt is a Research Professor on ‘Interfacing Law and Technology’ at Vrije Universiteit Brussels (VUB), appointed by the VUB Research Council. She is co-Director of the Research Group on Law Science Technology and Society studies (LSTS) at the Faculty of Law and Criminology.

She also holds the part-time Chair of Smart Environments, Data Protection and the Rule of Law at the Science Faculty, at the Institute for Computing and Information Sciences (iCIS) at Radboud University Nijmegen.

 

» Read More

Prof. dr. Bart Jacobs

Prof. dr. Bart Jacobs

Professor at Radboud University Nijmegen

Bart Jacobs is a professor of computer security, privacy and identity at Radboud University Nijmegen, The Netherlands. His work covers both theoretical computer science and more practical, multidisciplinary work, especially in computer security and privacy. He is a member of the Academia Europaea and of the Royal Netherlands Academy of Arts and Sciences (KNAW), and a recipient of an ERC Advanced Grant. He is an active participant in societal debates about security and privacy, in the media and in various advice roles e.g. for government and parliament. He chairs a non-profit spin-off on attribute-based identity management (see irma.app) and is co-founder of Nijmegen’s interdisciplinary hub on security, privacy and data governance.

 

» Read More

Mr. Kees Verhoeven

Mr. Kees Verhoeven

Member of Parliament

Mr. Kees Verhoeven is a member of the States-General, House of Representatives with a very strong interest in technology, in particular in (the privacy and security of) information and communication technologies. He was vice chairman of the Parliamentary Committee “Digital Future“. 

» Read More

prof. dr. R.E. (Ronald) Leenes

prof. dr. R.E. (Ronald) Leenes

Professor at Tilburg University

prof.dr. Ronald Leenes is full professor in regulation by technology at the Tilburg Institute for Law, Technology, and Society (TILT), Tilburg University, the Netherlands. He is currently Head of the Department for Law, Technology, Markets, and Society (LTMS), the home of TILT and TILEC. His primary research interests are techno-regulation, privacy, both conceptual as well as applied, data analytics, and robotics and human enhancement. Currently his research focuses on accountability and transparency in AI and Data Science and on regulatory failure in technology regulation. He has a background in Public Administration and Public Policy (University of Twente) and has extensive research experience in the fields of Artificial Intelligence and Law, E-Government and since he joined TILT, technology (primarily ICTs) and law. He has contributed to several EU projects, such as PRIME, PRIMELIFE, ENDORSE, Robolaw, A4Cloud µMole. He has edited multiple volumes of the Computers, Privacy and Data Protection (CPDP) series published at Springer and Hart.

 

» Read More

Dr.-Ing. Tobias Fiebig

Dr.-Ing. Tobias Fiebig

Assistant professor at Delft University of Technology

Dr.-Ing. Tobias Fiebig is an assistant professor in the Information and Communication Technology section at the faculty of Technology, Policy and Management of Delft University of Technology, focusing on identifying and mitigating human-factors based and preventable security issues in IT systems—like those all too common in the Internet of Things. For this, he uses qualitative research methods, but also develops new tools for the future-proof Internet scale assessment of vulnerabilities. His most recent publications include a significant contribution towards making the IPv6 Internet scanable, understanding and mitigating the impact of DNS misconfigurations in the DNS ecosystem, and the first study on system operators’ perspective on security misconfigurations.

» Read More

dr. Luca Allodi

dr. Luca Allodi

Assistant professor at Eindhoven University of Technology

Luca Allodi is an assistant professor with the Security Group at Eindhoven University of Technology. His main research interests include economic and human aspects of information security, with a focus on attacker and cybercriminal operations. Allodi received a PhD in information security from the University of Trento, Italy, in 2015, for his thesis on software vulnerability risk. He has worked extensively on the definition of the Common Vulnerability Scoring System (CVSS) standard for vulnerability measurement, and participates in a number of joint academia/industry initiatives on cyber-risk.

» Read More

dr. Maarten Bodlaender

dr. Maarten Bodlaender

Head of Philips Security Technologies

Maarten Bodlaender got his Masters in computer science at Utrecht University in 1994, PhD. in computer science at Eindhoven University of Technology in 1999, MBA at RSM Erasmus in 2007, and became a Dutch patent attorney in 2014.

He is currently head of the security technologies department in Philips, responsible for the global rollout of medical cyber security services by Philips.

Moderator

Chris van 't Hof

Chris van 't Hof

Tek Tok

Chris van ’t Hof is an independent researcher, writer and presenter in information technology. With his background in both electrical engineering and sociology, he analyses the interaction between human and electronic networks. His eight book: “Helpful Hackers. How the Dutch do Responsible Disclosure.” His company Tek Tok organises conferences, workshops and IT security training. As Secretary of the Dutch Institute for Vulnerability Disclosure, he helps ethical hackers to clean up the internet for free. He also has his own talk show: Hack Talk.

» Read More

Sponsors & Supporters

This event is made possible by the INTERSECT public private partnership funded by the Dutch National Research Council and the members of the INTERSECT-consortium.

Supported by

Techwatch BV

Cre8John

Mike Attinger Studios