“Future Proofing and Certifying Supply Chains” Clustering Workshop
The Clustering Workshop co–organized by EU-funded projects ASSURED and CYRENE aims at bringing together projects that target Supply Chain Security, Resilience and Certification aspects, experts, members and consultants from standardization and certification bodies for exploring synergies and identifying actions that can be pursued in common.
Cybersecurity is a complex ecosystem targeting the protection of all building blocks of IoT and next-generation smart connectivity “Systems of Systems”. For this reason, it is of paramount importance to have such networked information systems designed having security, privacy, data protection, fault tolerance and accountability in mind from their design phase. However, this is not an easy task at hand – the restricted environment of many IoT devices and CPSoS makes the deployment of complex security solutions rather challenging and a continuous arms race for balancing several trade-offs such as security vs safety, security vs privacy, security vs trust, security vs usability, security vs cost, to name a few. It is now understood that new solutions cannot be rolled out unless all these challenges have been overcome and they are properly secured and they ensure user’s privacy.
Towards this direction, we already have a rich trove of algorithms, tools and mechanisms to ensure the security and trustworthiness of ICT systems and both industry and academia are allocating a lot of resources for enhancing such mechanisms taking into account future-proof, advanced cryptographic means, trusted computing, certification and auditing schemes for connected devices, Blockchain for secure data sharing, multi-factor authentication hardware and software solutions, etc.
However, in spite all the progress made, how close are we to feeling safe in cyberspace and truly protecting all algorithms, hardware and software across the entire supply chain? How well do we do in addressing real-world security and privacy (S&P) problems? Or, to put it slightly differently, how could we best address them? The goal of this workshop is to foster collaboration and discussion among cyber-security researchers and practitioners, through bringing together a number of EU security initiatives, better understand the various facets and trade-offs of cybersecurity and how new technologies and algorithms might impact existing or future security models.
Ifigeneia Lella joined ENISA in 2016 as Cybersecurity Officer. Initially, she has been in charge of EU wide cyber exercises such as Cyber Europe 2018 and is currently engaged in the preparation of the 2022 edition of the event. She has been responsible for the Threat Landscape project since 2021. In 2009 she graduated from the University of Piraeus BSc in computer science. She continued her studies at the University of Kent at Canterbury in the United Kingdom and completed there her MSc degree in information security and biometrics she obtained in 2011.
Her career started when she became Security Engineer at the European Central Bank where she was in charge of projects in identity management. She was also a member of the SOC team of the bank. Before joining ENISA in 2016, she had been working as information security officer within the SOC team of the Hellenic Telecommunication Organisation since 2014.
Stephen Holmes is a part-time Post Graduate Researcher at Surrey University, researching Post Quantum Cryptography on blockchain and DLT systems. He represents the UK on ISO TC307 and chairs the privacy group and until last month chaired the smart contract security group. He is currently Chief Product Officer at Arqit – a post-quantum cryptography and satellite company and has a keen interest in the unfulfilled promise of blockchain and DLT systems.
|9:00–9:15||Welcome and Introduction of the Agenda||Sofoklis Efremidis, Maggioli|
|9:15–9:45||Keynote #1 | Understanding Supply Chain Attacks Threat Landscape
The presentation aims at highlighting the key observations and major findings described/illustrated in the ENISA “Threat Landscape for Supply Chain Attacks” report that was published in July 2021. The report provides a mapping and analysis of 24 supply chain attacks based on incidents identified and reported from January 2020 to early July 2021, along with their classification based on a proposed taxonomy of their key characteristics and techniques. The analysis answers the questions: what are the most common attack techniques being used in supply chain attacks, what are the main customer assets that attackers are after and which is the relationship between attacks and assets targeted.
|Ifigeneia Lella, ENISA|
|9:45–10:15||H2020 SANCUS Project Overview & Technical Status||TBD|
|10:15–10:45||H2020 ASSURED Project Overview & Technical Status||Thanassis Giannetsos, UBITECH|
|10:45–11:15||H2020 FISHY Project Overview & Technical Status||TBD|
|11:15–11:30 | Coffee Break|
|11:30–12:00||H2020 CYRENE Project Overview & Technical Status||Sofoklis Efremidis, Maggioli|
|12:00–12:30||H2020 MEDINA Project Overview & Technical Status||TBD|
|12:30–13:00||H2020 BIECO Project Overview & Technical Status||TBD|
|13:00–14:00 | Lunch Break|
|14:00–14:30||Keynote #2 | Blockchain: Anchors of Rust or Anchors of TRUST
The talk will highlight the issues and need for a decentralised trust model that not only supports WEB3 but also can provide anchors of trust in a post quantum world. Where quantum computers not only undermine today’s cryptography but also advance AI to enable fundamentally new threat models to today’s infrastructure.
|Stephen Holmes, Arqit|
|14:30–15:00||H2020 IOTAC Project Overview & Technical Status||TBD|
|15:00–15:30||H2020 SIFIS–Home Project Overview & Technical Status||TBD|
|16:30 | Workshop closing|