Program

Keynote speakers


Dr. Marnix Dekker

Prof. David M. Nicol

Prof. Awais Rashid

Keynote speaker presentations


Dr. Marnix Dekker,
Cybersecurity expert, at ENISA, the EU Agency for Cybersecurity


Cybersecurity breach reporting in the EU

Marnix Dekker works at ENISA, the EU agency for Cybersecurity, as NIS Directive coordinator and breach reporting team lead. Marnix will speak about cyber security breach reporting, a cornerstone of EU cybersecurity legislation. He will explain the approach, processes, tooling and experiences from 9 years of breach reporting in the telecom sector and discuss challenges and pitfalls. He will also discuss the new breach reporting under the NIS Directive and discuss some of the opportunities and challenges here.


Prof. David M. Nicol,
Director, Information Trust Institute Franklin W. Woeltge Professor of
Electrical and Computer Engineering
University of Illinois at Urbana-Champaign

Challenges in Quantifying An Adversary's Cyber Access to Critical Infrastructures

Critical infrastructures such as the power grid, up and down stream components of oil and gas production, communication network, transportation networks and so on are now all controlled by devices with CPUs and memory that communicate over both wireline and wireless channels. Quantitative assessment of risk to the controlled infrastructure depends both on models and analysis of the infrastructure under attack, and of the adversary's ability to mount those attacks. To quantitatively assess the risk to the critical infrastructure of cyber-mischief we have to be able to quantitatively assess that component of the risk which depends on the adversary's cyber access to devices which measure and manipulate the physical system. There are myriad challenges in this subproblem, which derive from the adversary's learning by moving laterally through the network, on the state of knowledge and lack of knowledge about means by which the adversary can make those movements, on quantifying the difficulty of exploiting vulnerabilities as that lateral movement is made. This talk highlights the challenges as we see them after working on this and related problems for several years.


Prof. Awais Rashid,
Professor of Cyber Security,
University of Bristol

Everything is Awesome! Or is it? Cyber Security Risks in Critical Infrastructure

Industrial Control Systems play an important role in the monitoring, control, and automation of critical infrastructure such as water, gas, oil, and electricity. Recent years have seen a number of high profile cyber attacks on such infrastructure exemplified by Stuxnet and the Ukrainian Power Grid attacks. This naturally begs the question: how should we manage cyber security risks in such infrastructure on which the day-to-day functioning of our society relies? What are the complexities of managing security in a landscape shaped by the often competing demands of a variety of stakeholders, e.g., managers, control engineers, enterprise IT personnel and field site operators? What are the challenges posed by the convergence of IoT and critical infrastructure through the so-called Industrial Internet of Things? And will frameworks such as the EU NIS directive help mitigate the cyber security risks to critical infrastructure? This talk will discuss insights from a multi-year programme of research investigating these issues and the challenges to addressing them.