ETSI Security Conference 2023

Please find below the event programme for the ETSI Security Conference 2023. 

• Day 1: Monday 16 October
•  

   

  09.30 - 09:45  EVENT OPENING 

  • Alex Leadbeater, ETSI TC Cyber Chair
  • Luis Jorge Romero, ETSI Director-General
    
    

  09:45 SESSION D1-1: GLOBAL CYBER SECURITY
  Chaired by Alex Leadbeater, ETSI TC Cyber Chair, GSMA
  

  • KEYNOTE: Where Security Research and Standardization Meet
    Claire Vishik, Former Intel Fellow
  • KEYNOTE: ENISA Security Landscape - State of the Nation
    Andreas Mitrakas, ENISA
  • KEYNOTE: IoT Security Labels: Now what?
    Dave Kleidermacher, Google
    
    

  11:00 Coffee & Networking Break - Demos and Posters Visits

  11:30 SESSION D1-2: GLOBAL CYBER SECURITY 
  Chaired by Alex Leadbeater, ETSI TC Cyber Chair, GSMA
  

  • Security in ETSI
    Charles Brookson, Zeata
  • Product Security – Connecting Standards and Regulation to Market Access Opportunities
    Amit Elazari, Open Policy Group
  • Post Quantum - Network Standards Ecosystem Update
    Michael Salmon, Verizon
  • SBOM and Vulnerability Management
    Phyllis Lee, Center for Internet Security (CIS)
    
    

  12:45 Lunch & Networking Break - Demos and Posters Visits

   14:15 SESSION D1-3: REGULATION STATE OF THE NATION
  Chaired by Colin Whorlow, NCSC

  • Overview of EU Cybersecurity Regulatory Instruments and ETSI Support
    Tony Rutkowski, Lead, ETSI REGPOLES Regulatory Instruments group
  • IoT Security Initiatives in India
    Sushil Kumar, Telecommunication Engineering Centre, DoT, Government of India
  • How to Reconciliate International Standards and Regional Policy Making on Cybersecurity?
    Eloïse Ryon & Gabriel Faifman, Schneider Electric
  • EU CSA 5G Scheme Update
    Philippe Magnabosco, ENISA
  • NESAS Update
    James Moran, GSMA
    
    

  16:00 Tea & Networking Break - Demos and Posters Visits

  16:30  SESSION D1-04: Regulation, Data Protection and Privacy, Technical Aspects
  Chaired by Slawomir Gorniak, ENISA

  • Achieving Data Privacy Without Sacrificing Data Usability: The ENCRYPT Solution
    Salvatore Dantonio, University of Naples Parthenope
  • Global Cyber Security Regulation – Analyst’s Perspective
    Patrick Donegan, Harden Stance
  • Key Steps for Developing Trustworthy AI
    Philippe Coution, TÜV SÜD
  • The Role of Digital Twins in the Era of 5G: Ensuring Security and Compliance
    Ian Carpenter, Valid8
    
    

  17:50 Networking Event

• Day 2: Tuesday 17 October
•  

   

  Day Opening by Alex Leadbeater, ETSI TC Cyber Chair, GSMA

  08:30 SESSION D2-1 : Zero Trust, Supply Chain & Open Source
  Chaired by Scott Cadzow, C3L

  • Ensuring Trustworthy Identification for Accountability in Today’s Distributed Environments
    Santino Foti, TC ESI Vice-Chair, InfoCert
  • Beyond SBOM: Observability, Security Automation and Business impact Analysis for Heterogenous, Programmable Infrastructures
    Piotr Zuraniewski, TNO
  • DevSecOps in Telco: Full Lifecycle Management of Security Testing Tools for Better R&D
    Luca Bongiorni, ZTE
  • ZTA - The Inevitability … or is it NOT?
    Galina Pildush, Palo Alto Networks
    
    

  09:50 KEYNOTE: Export Controls - Wassenaar and Beyond
  Torbjörn Gustavsson -FRA  - Mathilde Latour Cisco

  10:20 Coffee & Networking Break - Demos and Posters Visits

  10:45 KEYNOTE: Building an Ecosystem for Baseline Security
  Sandro Amendola, BSI's Standardisation and Certification Department

   11:10 Session D2 - 2: ioT & Certification
  Chaired by Samim Ahmadi, ETSI TC Cyber Vice-Chair, Umlaut

  • EN 303 645 Eco-System Update
    Samim Ahmadi, ETSI TC Cyber Vice-Chair
  • From Standards to the UK Product Security Regime: Legislation and Enforcement
    Veena Dholiwar and Warda Hassan, Department for Science, Innovation and Technology (DSIT)
  • Small “s” Standards: NIST's Role in IoT Cybersecurity
    Katerina Megas, NIST
  • Unveiling CyberPass: Streamlining Cybersecurity Assessment & Certification for IoT Products in Compliance with ETSI EN 303 645
    Roland Atoui, Red Alert Labs
    
    

  12:30 Networking Lunch - Demos and Posters Visits

  14:00 SESSION D2-3: ZERO TRUST, SUPPLY CHAIN & OPEN SOURCE
  Chaired by Gerry McQuaid, Ofcom

  • ETI - Zero Trust’s Role in Enabling Network Visibility
    Scott Cadzow, C3L 
  • Front-end Access Management (feam)– Combining Best Features of Fido and Oauth!
    Andras Vilmos, SafePay Systems Ltd.
  • Efficient Fine-Grained Hidden Access Control with Pre- and Post-Quantum Hybridization
    Chloe Hébant, Théophile Brezot - Cosmian
  • TCG Standards for Zero-Trust: Ensuring Confidentiality, Integrity, and Supply Chain Trust
    Silviu Vlasceanu - Huawei 
    
    

  15:20 Tea & Networking Break - Demos and Posters Visits

  15:50 SESSION D2-4 Quantum Safe Cryptography Session
  Chaired by Matt Campagna, ETSI QSC Chair, Amazon

  • Update on the NIST PQC Standards
    Lily Chen, NIST
  • Quantum Safe Cryptography and ETSI Cyber QSC
    Matt Campagna, ETSI TC Cyber QSC, Amazon Web Services
  • Quantum Key Distribution and ETSI’s ISG QKD
    Martin Ward, ETSI ISG QKD, Toshiba 
  • Towards Certification of Quantum Communications: an EU Perspective
    Adam Lewis, European Commission Joint Research Centre
  • Simple and Effective Methods to Achieve Quantum Security Today
    Daniel Shiu, Arqit
  • Efficient Quantum-Safe Communication Using Hybrid Encryption
    Rei Safavi-Naini - University of Calgary
    
    

  18:00 Networking Drink

• Day 3: Wednesday 18 October
•  

   

  Day Opening by Alex Leadbeater, ETSI TC Cyber Chair, GSMA

  08:45 KEYNOTE: The Path to Diversity: How the UK CyberFirst Project is Shaping the Next Generation of Cyber Security Professionals
  Helen L, NCSC - Jane Wright, QinetiQ

  09:10 Session D3-1: Experiences of Attracting Next Generation of Engineers and Investing in Future
  Chaired by Nataliya Stanetsky, Google

  • Skills Short, Threats Deep...How to Foster and Retain a Security Team amongst a Significant Workforce Gap
    Jon France, IC2
  • ETSI’s Approach to Education about Standardization
    Claire d'Esclercs, ETSI - Nizar Abdelkafi, Politecnico di Milano
  • PANEL DISCUSSION led by the session chair with all session speakers
    
    

  10:30  Coffee and Networking - Demos and Posters Visit

  11:00 SESSION D3-2: IoT and Certification Session
  Chaired by Davide Pratone, Huawei

  • Implementing Design Practices to Prevent Coercive Control in Consumer IoT
    Alex Cadzow, C3L
  • Automated and Continuous Cybersecurity Certification for Internet of Things
    Shahid Raza, RISE Research Institutes of Sweden
  • SparkLink: What it is and Why it Matters for Secure AIoTI
    Peter Schmitting, AIOTI
  • Security in oneM2M
  • Rana Kamill, BT Group
    
    

   12:20 Lunch & Networking  - Demos and Posters Visit

  14:00 SESSION D3-3: IoT & Mobile Certification
  Chaired by Hollie Hennessy, Omdia

  • TS 103 732 Presentation
    Davide Pratone, Huawei
  • GSMA certification program based on ETSI TS 103 732 and Importance of Security Labelling
    Brian Wood, Google
  • CSA IoT Certification Overview: Is EN 303 645 your one-stop shop for Global Consumer IoT regulatory compliance?
    Nataliya Stanetsky, Google
  • PANEL DISCUSSION with Davide Pratone, Brian Woord and Paul Watrobski (NIST), led by the session Chair
    
    

  15:45 Tea & Networking  - Demos and Posters Visit

  16:15 SESSION D3-4: 5G in the Wild - Part 1
  Chaired by Alf Zugenmaier, NTT Docomo

  • Introduction to 3GPP
    Mirko Cano Soveri, ETSI
  • Securing the Telecom Business across IT and Network
    Anand Prasad, Deloitte Tohmatsu Cyber LLC
  • ETSI Addresses Certificate Woes in NFV Technology Based 5G Networks
    Ben Smeets, Ericsson
  • What Will Happen and Is Happening on 5G/5G-A Security?
    Rong Wu, Huawei
  • How to Test and Certify the Security of 5G Products in the Wild - Approach and First Insights from BSI in Germany
    Heiner Grottendieck & Jens Ziegler, Federal Office for Information Security (BSI Germany)
    
    

   18:00 Day 3 Networking Drink

• Day 4: Thursday 19 October
•  

   

  Day Opening by Samin Ahmadi, ETSI TC Cyber Vice-Chair, Umlaut

  08:45 SESSION D4-1: 5G in the Wild - Part 2
  Chaired by Bjorn Fanta, Fabasoft

  • ETSI NFV & NFV Security State of the Nation
    Leslie Willis, BT
  • Road-Map Towards the Adoption of Dynamic Trust Assurances for Safety and Security Convergence in Safety-Critical Systems
    Francesca Bassi, IRT SystemX
  • Security Challenges in 5G-based Public safety Networks
    Ravishankar Borgaonkar, SINTEF AS
  • On using Containers, Virtual Machines, LigthVMs and Unikerls in a Secure Operational Environment for Critical Infrastructure
    Djibrilla Amadou Kountche, Akkodis
  • UICC, the universal toolbox for securing your services in the 5G ecosystem
    Denis Praca, TC SET Chair, Thales
    
    

  10:30 Coffee & Networking - Demos and Posters Visits

  11:00 Session D4-2 6G Futures
  Chaired by Charles Brookson,ZEATA Security

  • ETSI Perspectives
    David Boswarthick, ETSI 
  • PDL for Trustworthy 6G
    Chonggang Wang, Interdigital
  • 6G - The Next Hyper-Connected Experience For All
    Erik Guttman, Samsung

  12:00 Lunch & Networking - Demos and Posters Visits

  13:15 SESSION D4-3: Augmented Reality and AI
  Chaired by George Sarkhov, SBS aisbl

  • The Challenge of Standards for Securing AI - the Work of ISG SAI
    Scott Cadzow 3CL 
  • The proposed Framework for AI good Cybersecurity Practices (FAICP)
    Nineta Polemi,  University of Pireaus
  • Cybersecurity research and innovation needs and priorities for AI and what it means for standardization
    Corina Pascu, ENISA
  • Is AI Security scalable?
    Manojkumar Parmar, Bosch
  • Leverage AI in Cyber Security Audits – NLP, LLM and Evidence-Based Approaches.
    Bjorn Fanta, Fabasoft
    
    

  15:00 Event Wrap Up 

  15:15 Close 

During the event breaks, attendees were able to visit the following demos and poster sessions:

DEMOS

• Covercrypt: an Efficient Pre and Post-Quantum Early-Abort KEM for Hidden Access Policies with Traceability - by Cosmian
  Attribute-Based Encryption (ABE) is a very attractive primitive to limit access according to specific rights. While very powerful instantiations have been offered, under various computational assumptions, they rely on either classical or post-quantum problems, and are quite intricate to implement, generally resulting in poor efficiency; the construction we offer results in a powerful efficiency gap with respect to existing solutions.
  With the threat of quantum computers, post-quantum solutions are important, but not yet tested enough to rely on such problems only. We thus first study an hybrid approach to rely on the best of the two worlds: the scheme is secure if at least one of the two underlying assumptions is still valid (i.e. the DDH and LWE).
  Then, we address the ABE problem, with a practical solution delivering encrypted contents such that only authorized users can decrypt, without revealing the target sets, while also granting tracing capabilities. Our scheme is inspired by the Subset Cover framework where the users' rights are organized as subsets and a content is encrypted with respect to a subset covering of the target set.
  Quite conveniently, we offer black-box modularity: one can easily use any public-key encryption of their choice, such as Kyber, with their favorite library, to combine it with a simple ElGamal variant of key encapsulation mechanisms, providing strong security guarantees.  
  
  
• CyberPass | Trust Your Connected Products with ETSI EN 303 645r - by Red Alert Labs
  Nowadays, cybersecurity assessments and certification of ICT/IOT products are more often costly, slow, and cumbersome. However, these processes are capital to ensure cybersecurity and trust through your supply chain. In this demo we will show you CyberPass - an innovative cybersecurity solution that provides businesses with a cost-effective and scalable way to assess the level of cybersecurity of their connected ICT/IoT products from third-party vendors. This solution fully implements ETSI EN 303 645 and TS 103 701 standards, and combines automation with the precision of recognized experts to evaluate suppliers from all over the world. CyberPass provides manufacturers with a standardized cybersecurity assessment, a label, and a certificate that they can share with customers, as well as a detailed improvement plan to increase their level of maturity. With CyberPass, businesses can ensure cybersecurity throughout their supply chain without the heavy processes, cost, and time associated with traditional cybersecurity assessments.
  
  
• Beyond SBOM: observability, security automation and business impact analysis for heterogenous, programmable infrastructures - by TNO
  We present a technical demonstration of the Automated Security Operation (ASOP): cloud-based, open, modular and vendor agnostic platform for automating security operations in heterogenous, hybrid/multi-cloud infrastructures. We show how an incoming cyber-threat intelligence triggers a series of events like activating monitoring functions, assessing impact of the threat for the given asset and judging what business impact is expected if certain course of action is taken, finally offering a SoC specialist to execute a selected response. We demonstrate how exploiting and extending CycloneDX (OWASP Bill of Materials standard) to create a cloud agnostic infrastructure model, allows to perform the aforementioned operations in a heterogenous cloud environment.
  
  
• Using 5G Digital Twins to test Security and Compliance - by valid8.com
  As 5G technology continues to evolve, maintaining and securing the network and devices accessing the network will become increasingly challenging. This demo will highlight ways operators can face security challenges and properly test their equipment to meet their goals of ensuring a seamless, secure user experience.
  
  
• Automated IoT Cyber Security Test Platform - SafeShark
  The SafeShark test platform is a unique cyber security test platform for consumer IoT. With a plug and play device with no buttons or screens that connects to the product under test, it continually reports the status of the testing, providing reports and results against the international standard EN 303 645. The SafeShark test platform also enables remote testing and results of all products under test can be viewed via a secure portal where separate labs, or employee views can be set up. The platform can be licensed and white labelled to enable in-house self-assessment.

POSTERS

• Continuous and Efficient Cooperative Trust Management for Resilient CCAM- by IRT SystemX
• AI Computing Platform Security Framework - By Huawei
• Post Quantum Cryptography (PQC) for Cooperative ITS: ready for transition?  - by IRT SystemX
• The ABCCD's of Cybersecurity: Architecting and Building Collaborative Cybersecurity Demonstrations at the U.S. National Cybersecurity Center of Excellence (NCCoE) - NIST

The ETSI Security Conference 2023 programme is being built by the following people:

• Samim Ahmadi, Umlaut
• Charles Brookson, ZEATA Security
• Alex Cadzow, C3L
• Scott Cadzow, C3L
• Matt Campagna, Amazon Web Services
• Peter C, NCSC
• Mirko Cano Soveri, ETSI/3GPP
• Björn Fanta, Fabasoft
• Slawomir Gorniak, ENISA
• Alan Hayward, NCSC
• Alex Leadbeater,GSMA, Programme Committee Chair
• Tieyan Li, Huawei
• Gerry McQuaid, Ofcom
• Mats Naslund, NDRE
• Jean-Pierre Quémard, KAT
• Ian Oliver, Nokia Bell Labs
• Laure Pourcin, ETSI
• Davide Pratone, Huawei
• Tony Rutkowski, CIS
• George Sharkov, European DIGITAL SME Alliance & SBS
• Nataliya Stanetsky, Google Ireland Limited
• Colin Whorlow, NCSC
• Alf Zugenmaier, NTT Docomo

Presentations made during the event are available in PDF format.