If we have the consent, you can find presentation slides and links to speakers' contributions on our main webpage (click here).

 

Information about the workshops on November 11, 2020

The following interesting workshops are being held during the CODE 2020 workshop session:

  • Workshop 1 - 5G Cyber Security in the EU - a Joint Effort
  • Workshop 2 - Cyber Resilience of Critical Infrastructures
  • Workshop 3 - Quantum Technology
  • Workshop 4 - Cyber Security Through Formal Software Verification 
  • Workshop 5 - Taking the “I” in CIDS HQ seriously
  • Workshop 6 - Cyber Security from a Policy Perspective
  • Workshop 7 - Convergence of Space and Cyber to achieve Multi-Domain Resiliency
 
 Workshop 1 - 5G Cyber Security in the EU - a joint Effort

Across Europe operators are preparing to roll out 5G. Cybersecurity of 5G networks is crucial and in 2019 the Commission triggered an EU-wide collaboration between the different national cybersecurity authorities in the NIS Cooperation group. This collaboration resulted in 3 milestones in 2019: A common EU-wide risk assessment for 5G networks, an ENISA 5G threat landscape, and a Union toolbox of measures to mitigate 5G cybersecurity risks. ENISA has worked closely with the different member states to deliver these milestones. This session will give some insights into the details of the collaboration that took place in 2019, discuss the ongoing activities in 2020 and look ahead to 2021.

Topics:

  • EU collaboration on 5G cybersecurity
  • Cybersecurity threats in the 5G rollout
  • EU cybersecurity certification for 5G

Agenda:

  • Welcome, current status of the EU cybersecurity certification framework and the relevance for 5G - Steve Purser, Head of Core Operations ENISA
  • The EU process around 5G cybersecurity - Marnix Dekker, ENISA
  • The ENISA 5G Threat landscape - Marco Lourenco, ENISA
  • Debate with the audience
 Workshop 2 - Cyber Resilience of Critical Infrastructures

Thinking about a resilient world, one fundamental stream is the aspect of cyber resilience in a broader sense. This means to look beyond evolved fields of research such as IT-security, software engineering or even psychology and to investigate contextual relationships within the respective trinity of people, processes and technology.

As this trinity itself spans a universe of domains, we want to focus on 3 aspects which are – in our opinion – crucial drivers in this century:
  1. Everything is software
  2. Everything is connected
  3. Everything lacks in resources

As these drivers open new opportunities, they also increase our vulnerability and create novel challenges like the increasing dependence on digital infrastructures. National and international threats, such as COVID-19, create the external framework conditions. To be called “resilient”, however, affected systems must be designed that their fundamental tasks and abilities can be maintained during external disruptions as well as in case of internal failures.

Such considerations will be especially discussed in the context of selected critical infrastructures and how they can be used to build a more resilient society.

This workshop is conducted by Kevin Mallinger (SBA Research) and Dr. Mario Drobics (Head of Competence Unit Cooperative Digital Technologies, Austrian Institute of Technology).

Agenda:

KEYNOTE: Nature & Machines: Making AI work for People & the Planet - Victor Galaz, Stockholm Resilience Center

Block 1 – Cyber resilience:
  • Introduction to systemic resilience & resilience in cybersecurity - Kevin Mallinger, SBA Research
  • State-wide operational and coordinating structures for cyber incidents using the example of the cyber security incident in the Austrian Foreign Ministry 2020 - Gernot Goluch, Federal Ministry of Internal Affairs
  • How to strengthen resilience in a digital world - Martin Latzenhofer, Austrian Institute of Technology
  • Cyber-resilience in complex operational scenarios: an actionable solution approach - Sebastian Thölert, Bundeswehr, Referent Cyber Awareness/Andreas Klein, Kdo Lw/Gernot Schwierz, IABGmbH

Block 2 – Complex Networks
  • Artificial Intelligence Combined with the Internet of Things - Corinna Schmitt, Research Institute CODE
  • Resilience and trustworthiness in complex IoT environments - Mario Drobics, Austrian Institute of Technology

Block 3 – Supply Chain resilience
  • Supply chain and cyber resilience: How to create value within an secure environment - Stefan Jakoubi, SBA Research
  • Supply Chain Resilience: Risk analysis and modelling for supply chains in the context of current threats - Johannes Göllner, Zentrum für Risiko- und Krisenmanagement
 Workshop 3 - Quantum Technology

Quantum Technologies open the door for new possibilities and sometimes require to critically review existing classical approaches. On the one hand quantum computing is one such possibility as a new form of computation, which requires a new skill set for prospective computer scientists. On the other hand algorithms from classical cryptography need to be revised in order to resist attacks using - so far only theoretically established - methods with the help of a quantum machine.

  • Methods for processing quantum circuits - Dr. Wolfgang Gehrke, Research Institute CODE
  • Application of Quantum Computing: From Material Simulation to Quantum Optimization and „Quantum Machine Learning“ - Prof. Sabine Tornow, Hochschule München
  • Algorithms for NISQ devices - Christopher Zachow, SVA System Vertrieb Alexander GmbH
  • MAGIC: Scalable quantum computing with ions and microwaves - Dr. Michael Johanning, Universität Siegen
  • Update on PQC: Standardization and Migration - Leonie Bruckert, secunet
 Workshop 4 - Cyber Security Through Formal Software Verification

A major source of weaknesses in software based systems are errors introduced in the development process. Systematical testing usually reveals many of these errors, however, it cannot cover all possible behaviors of a complex system. Formal software verification instead provides a mathematical proof that a piece of software behaves according to a specification - there is no room left for errors, so the system is safe and cannot be attacked.

This vision exists for several decades and has proven to be very difficult to reach. However, the last years have seen several practical applications of formal software verification for cyber security and safety. This workshop aims at giving an impression of the opportunities and limitations of this approach: What kind of systems can profit? Is a formally verified system really secure and safe? What techniques and tools are used? What results can I expect? Is formal software verification ready for practical application?

Agenda:
  • 09:40 - Introduction and Moderation - Prof. Dr. Gunnar Teege, Research Institute CODE
  • 10:00 - Interactive Theorem Provers - Prof. Dr. Tobias Nipkow, Technical University Munich
  • 10:30 - SW Verification: Lessons from the seL4 Project - Prof. Dr. Gernot Heiser, CSIRO Data61, Canberra, Australia
  • 11:00 - Practical Verification for Software Engineers - Alexander Senier, Componolit Dresden
  • 11:30 - Hands on: Watching software being verified - Dr. Jaap Boender, Hensoldt Cyber, Taufkirchen
  • 12:00 - Panel
  • 12:30 - End
 Workshop 5 - Taking the “I” in CIDS HQ seriously

Hybrid threats are a major challenge for German security policy. Many strategists, military thinkers, and scientists try to better understand these threats and devise ideas how to deal with them. The factor information is a central theme of hybrid threats and it particularly concerns the (still rather new) operational domain of the Cyber- and Information Environment.

The mandate of Germany’s Cyber and Information Domain Service HQ (CIDS HQ) is to develop capabilities necessary to understand and act in this operational environment. While the focus of many experts and media reporting lies on the Services’ cyber functions and capabilities, the “softer” aspects of communication or propaganda awareness should not be overlooked. Hence, this workshop will take a closer look at the political security challenges in the Information Environment, how they might impact the Bundeswehr and finally, what the Bundeswehr is doing to address these challenges.

Agenda:
Moderation: Major Stefan Langnau, CIDS HQ
  • 09.45 – 10.15 - Keynote 1: Challenges of Hybrid Threats/Warfare - Dr. Johann Schmid, Director COI Strategy and Defence, European Centre of Excellence for Countering Hybrid Threats (tbd)
  • 10.20 – 10.50 - Keynote 2: Narrative Threat Scenarios as autoimmune Reaction: Explaining Virology in the Culture Centric Domain - Prof. Dr. Zowislo-Grünewald, University of the Federal Armed Forces, Munich
  • 10.55 – 11.25 - Bundeswehr responses to challenges in the Information Environment - Dr. Carolin Busch, Benjamin Fuchs, IABG
  • 11.30 – 12.00 - In the information domain: covering and analyzing the communication in news applying AI - Dr. Raphael Paschke, Senior Data Scientist, Schönhofer Sales & Engineering Reconnaissance
  • 12.05 – 12.25 - How to cover demand from a military perspective - Major Stefan Langnau, CIDS HQ
 Workshop 6 - Cyber Security from a Policy Perspective

The NIS Directive is the first piece of EU-wide legislation on cybersecurity. The objective is to provide legal measures to boost the overall level of cybersecurity in the EU[1]. The General Data Protection Regulation (GDPR) is another important EU-wide. This regulation is an essential step to strengthen individuals' fundamental rights in the digital[2]. Now in 2020 during the COVID 19 pandemic we see clearly the dependence of our society on Information and Communication technologies (ICT). In the lockdown phase of the Covid 19 pandemic our business and private life would not have worked anymore without platforms for social networks, online shopping, cloud services for video conferences to name a few examples. But on the other hand, Zoom is an example where security and privacy flaws[3]. The Covid 19 pandemic also has reshaped the cyber-threat landscape around the globe[4]. For example, cybercriminals are taking advantage of the widespread global communications on the coronavirus to mask their activities. The objective of this workshop is to look into cybersecurity from a policy perspective and discuss if today’s legislative tools and policies are adequate for an open, safe and secure cyberspace.

Moderator: Besnik Limaj, Team Leader of the EU funded “Cybersecurity EAST” Project
Agenda:
  • 09:40 - Welcome & Introduction - Besnik Limaj, Team Leader of the EU funded “Cybersecurity EAST” Project
  • 09:45 - State of Play of Cybersecurity in Europe - Miguel Gonzalez-Sacho Bodero, DG CNECT.H1 'Cybersecurity Technology and Capacity Building'
  • 10:10 - An Agency to manage European Cyber risks - Jean-Baptiste Demaison, Agence nationale de la sécurité des systèmes d’information (ANSSI), Chair of ENISA Management Board
  • 10:35 - The Criminal Landscape after COVID-19 - Philipp Amann, Europol Cyber Crime Center
  • 11:00 - Cybersecurity from a Policy Perspective - Dan Cimpean, Director General, CERT-RO
  • 11:25 - EU support to cyber resilience in the Eastern Neighbourhood - Mathieu Bousquet, DG NEAR
  • 11:50 - Wrap Up/Conclusions - Besnik Limaj, Team Leader of the EU funded “Cybersecurity EAST” Project

 Workshop 7 - Convergence of Space and Cyber to achieve Multi-Domain Resiliency

Current and future key systems of the defence and civil landscape rely on satellite services. Applications like space-based intelligence, earth observation, satellite communication and satellite navigation possess paramount value to everyday civil life and the armed forces. Examples are the agricultural industry that depends on accurate weather data and operations on the sea or in the air, where satellite communication is often the only means of communicating with other units. The connectivity aspect also becomes important when systems-of-systems will rely on satellite communications in case no other means for data transmission are unavailable.

The resilience of the armed forces and civil critical infrastructure hence can depend largely on the resilience of the space domain. As satellites and their user and control equipment consist of cyber-physical components that interact with other systems and potentially cloud services, special attention lies on the safeguarding of the resilience of such devices.

The questions that the workshop will answer are: How can a comprehensive protection of space-based systems be achieved? How can a mission be secured across its ground, space, user, and link segments? Which aspects need to be taken into account to achieve a system’s accreditation in the future?

Moderation: Dr. Frank Schubert, Head of Defence and Aerospace Security, Airbus CyberSecurity

The agenda of the workshop is as follows:

  • 09:45-10:00: Introduction, Dr. Frank Schubert
  • 10:00-10:30: “Cyber in Space” Massimo Mercati, Head of the Security Office, European Space Agency
  • 10:30-11:00: “A Space Parable: Takeaways from Exploiting Satellite Broadband”, James Pavur, University of Oxford
  • 11:00-11:15: Break
  • 11:15-11:45: “Applications of quantum protocols and post-quantum crypto in aerospace“, Prof. Dr. Thomas Strang, German Aerospace Center
  • 11:45-12:15: “Advancing Cybersecurity Across Domains in Support of Military, Homeland Security Forces, and Critical Infrastructure Protection”, Constantin Schlachetzki, IABG
  • 12:15-12:30: Q&A, discussion, conclusion.

 

2020_Logo_gesammelt_animiert02.gif