4 December 2017
DATE: Monday 4 December 2017
LOCATION: Lille Aud, Kristen Nygaard's House (Old IFI Building).
14:00h Welcome at IFI
14:15h Invited Talks:
- The Usual Insecurity of Things, Keith Martin, Prof. at Royal Holloway College, University of London.
While the Internet of Things is used to describe a host of new lightweight technologies, when it comes to security it pays to focus less on the novelty of IoT, and more on what IoT applications have in common with previous technologies that have learned about security the hard way (by first getting it wrong). It's time to go back to basics, and reflect on what security means in cyberspace. Only once this is understood, can we hope to secure any type of application that resides there.
- System-wide Probabilistic Vulnerability Assessment Using Attack Graphs, Mathias Eckstedt, Prof. at Royal Institute of Technology (KTH), Stockholm.
IT-systems are today highly complex and interconnected into large systems-of-systems. With the ongoing digitalization systems are becoming even more all encompassing and integrated. Ensuring a high-level of security in such system environments is a challenge that thus requires a holistic approach addressing multiple and a diverse set of attack surfaces and potential attack vectors. This presentation describes previous and ongoing work with combining probabilistic attack graphs and system architecture modelling as a means to produce design and maintenance support for security engineering of system architectures.
- Cybersecurity in the Norwegian Energy Sector, Janne Hagen, Chief Engineer at the Norwegian Water Resources and Energy Directorate (NVE).
Norway has been awarded the title as being one of the world’s most digitized countries. However, with technological innovation comes cyber risks. In 2015, the Norwegian Digital Vulnerability Committee assessed the Norwegian society's digital vulnerabilities and recommended how the government could improve and coordinate emergency preparedness in the digitalized society. NVE has recently evaluated and reviewed current regulation on cyber security in the energy sector. A huge dilemma is that digital innovations, like for instance smart cities and more automation, impose new cyber risks and challenge the trustworthiness of digital systems. The presentation outlines Norway’s position with emphasis on protection of the energy sector against cyber threats and digital risks.
- Improving Cybersecurity by Building Security Into your Devops Pipeline, Tord Persokrud, Chief Security Analyst at Conax.
As we are moving towards faster release cycles for products and services it is important to integrate tools and practices into your development process to create hacker-resistant software. Not everyone can afford to run a fully-fledged Secure Developement Lifecycle program with one security guy per developer. In Conax we have defined a more minimal approach and I will share some experiences and ideas from how we have approached this challenge.
- Defending Critical Infrastructure from Espionage and Sabotage, Frode Hommedal, Head of Telenor SOC and CERT.
This presentation is about how you can structure your analysis to increase the chances of success when attempting to evict an advanced attacker. It's my thoughts on how to think when deciding how and when to respond and attempt to evict a mission driven attacker from your infrastructure. This is a continuation of my previous work on the Cyber Threat Intelligence Matrix.
16:00h Panel and Discussion
Chair: Audun Jøsang
- Keith Martin is Professor and a former Director of the Information Security Group at Royal Holloway College, University of London.
- Mathias Ekstedt is Professor in Industrial Information and Control Systems at KTH Royal Institute of Technology, Sweden. His research interests include software, systems, and enterprise architecture modeling and analyses with respect to information and cyber security. In particular the research is applied in the power industry and information systems related to physical monitoring and control. He is currently engaged in the EU FP7 project SEGRID (security for smart electricity grids) and the nationally funded Resilient Information and Control Systems (RICS) center. He is also co-founder of foreseeti, a start-up company developing a tool for cyber security modeling and analysis.
- Janne Hagen is Chief Security Engineer at the Norwegian Water Resources and Energy Directorate which is responsible for the national power grid. She previously worked as researcher at the Norwegian Defence Research Establishment.
- Tord Persokrud works as Chief Security Analyst at Conax AS which develops technology and operates services that enable secure content revenues for 400 operators representing 140 million pay-TV consumers in 85 countries globally over broadcast, broadband and connected devices.
- Frode Hommedal is a senior incident responder and analyst. He is currently head of incident response and security analytics at Telenor CERT, where he’s part of the team that is establishing the global CERT/SOC capability of Telenor, Norway’s biggest telco, with over 200 million customers and presence in South-East Asia, Easter Europe and the Nordics. He has previously worked seven years for the Norwegian national CSIRT, NorCERT, mostly with targeted intrusions. One of Frode’s main interests is modelling CSIRTs to improve performance.
|AFSecurity is organised by the University of Oslo SecurityLab|