News

Event type: None

Scope

5G phase 1 specifications are now done, and the world is preparing for the arrival of 5G networks. A major design goal of 5G is a high degree of flexibility to better cater for specific needs of actors from outside the telecom sector (e.g. automotive industry, mission-critical organisations). During this workshop, we will review how well 5G networks can provide security for different trust models, security policies, and deployment scenarios – not least for ongoing threats in the IoT world. 5G provides higher flexibility than legacy networks by network slicing and virtualization of functions. The workshop aims to discuss how network slicing could help in fulfilling needs for different users of 5G networks.
5G will allow the use of different authentication methods. This raises many interesting questions. How are these authentication methods supported in devices via the new secure element defined in ETSI SCP, or vendor-specific concepts? How can mission-critical and low-cost IoT use cases coexist side-by-side on the same network?
The 5G promise of higher flexibility is also delivered via its Service-Based Architecture (SBA). SBA provides open 3rd party interfaces to support new business models which allow direct impact on network functions. Another consequence of SBA is a paradigm shift for inter-operator networks: modern APIs will replace legacy signaling protocols between networks. What are the relevant security measures to protect the SBA and all parties involved? What is the role of international carrier networks like IPX in 5G?

Event Objectives

The workshop intends to:

Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views have shaped phase 1 of 5G, to understand how security requirements were met, and what challenges remain; Discuss slicing as a means to implement separate security policies and compartments for independent tenants on the same infrastructure; Give an update of what is happening in 3GPP 5G security; Explain to IoT players what 5G security can (and cannot) do for them, including risks and opportunities related to alternative access credentials; Understand stakeholders' (PMNs, carriers, GSMA, vendors) needs to make SBA both secure and successful. How can SBA tackle existing issues in interconnect networks like fraud, tracking, privacy breaches; Allow vendors to present interesting proposals for open security questions in 5G: secure credential store, firewalling SBA's RESTful APIs; Debate about hot topics such as: IoT security, Slicing security, Privacy, Secure storage and processing and Security of the interconnection network.

Target Audience

The 5G Security workshop will be of interest to:

Industry, customers and regulators Researchers and standardizers Research Institutes & Universities SMEs and Start-Ups driving security innovation Chipset and Device Manufacturers Network Infrastructure Manufacturers Network security vendors (firewalls, API gateways) Network Operators and international (IPX) carriers Service Providers

Event type: None

Event Technology: Digital Signature

Scope

While standards are well in place for signatures created locally by end-users, the market take-up of these solutions has been significantly low due to the unfriendly requirement for the end-user to have a physical device (e.g. dongle, smart card). The market has then been moving to signature creation services hosted in the cloud and managed by Trust Service Providers. These solutions imply moving the user private key from a user-owned device to the cloud and raise security challenges in order to ensure the security of the service. ETSI started to work on this topic in order to bring technical interoperability as well as a high level of assurance of the trust services building on the CEN standard for "server signing". The objective of the standards is to meet the aims of the eIDAS Regulation as well as to meet the general requirements of the European and international community.
The workshop discussed about standardization for remote signature creation services provided by Trust Service Providers, addressing business cases, audit requirements and protocols.

Objectives

1. Make users of the standards aware of:

Scope of standards and general approach being taken Operation of Protocols Main "policy" requirements to be covered by audit

2. Get an idea of some example business use cases

3. Collect initial feedback on standards and public review process

Target audience

This event was of particular interest for:

Remote signature creation service providers and manufacturers, Major users of signature creation services (e.g. Banks) Audit Bodies, Supervisory Bodies, Policy makers, Other eSignature/eSeal related trust providers.

 

Event type: None

Scope

After several years of quiet incubation of the Bitcoin project, Blockchain is now a word known to the general public and pervasive in the industry.
More recently, researchers and industry are exploring the space of application of distributed ledgers beyond financial and monetary solutions, looking for alternatives to overcome the limitations of these technologies such as scalability and power consumptions, thus multiplying the number of projects and initiatives.
It remains unclear at this point what is and what should be the role of regulators and standardization bodies but in order to enable application of distributed ledger technologies (DLTs) in critical ICT services, ETSI is calling for a public discussion on the value of DLTs for the security and trust in the world wide ICT ecosystems.

The objective of this event is to: 

Understand Distributed Ledger Technologies (DLT) technical principles Understand how the Distributed Ledger Technologies (DLT) address cybersecurity threats and in which cases they are effective Investigate use cases and applications of DLT Investigate how ETSI can use such technologies within services and technologies it standardizes Discuss security features and security/privacy weaknesses of DLT Investigate what ETSI can do in the standardization of DLT in complement to other standardization initiatives Investigate to what extent ETSI standardization is impacted by these technologies

Target Audience

This event is of interest to any organisation having a stake in distributed ledgers developments and standardisation.

Event type: None

Participate in the Middlebox Hackathon!

Interested in improving network security? 

Learn about middleboxes through practical implementation Learn about and improve the TC CYBER Middlebox Standard

Target Audience

All attendees interested in middlebox security are welcome. The event is best suited for software development professionals. Students on relevant educational programmes are also welcome.

Join in the Slack conversation now: middleboxhackathon.slack.com (email us for an invitation)

#middleboxhackathon Download the Hackathon Flyer

Event type: None

Event Technology: Cybersecurity

Supporting European Cyber Security & Privacy Standardisation in the European Digital Single Market context – StandICT.eu - co located with the ETSI Security Week

Scope

The Digital Single Market (DSM) is aimed at boosting Europe's competitiveness throughout multiple industrial and service sectors. 5 priority domains are highlighted as the building blocks of the DSM: 5G, Cloud Computing, Internet of Things, Cybersecurity and Big Data. The emergence and continuous evolution in these domains compels the establishment of common standards to guarantee interoperable and benchmarked services and technologies to drive the DSM, keep markets open, support innovation and allow a full-service portability. In this context it is important to support contributions from the international Standards Development Organisations, national standardisation bodies, voluntary communities while ensuring the promotion and convergence of activities, interests and priorities.

The event will discuss the role of standardisation and the different European players in the domain of Cybersecurity: achievements made, ongoing activities, and gaps where standards are needed but have not been addressed so far. Standards in this domain are mainly driven by industry and private sector stakeholders playing a fundamental role in fostering innovation. However, voluntary communities, e.g. Open Source Software communities, and research, like in the field of Blockchain, have an increasing impact. The different players are considered as target audience and as contributors to the event.

StandICT.eu, "Supporting European Experts Presence in International Standardisation Activities in ICT", addresses the need for ICT Standardisation and defines a pragmatic approach and streamlined process to reinforce EU expert presence in the international ICT standardisation scene. Through a Standards Watch, StandICT.eu will analyse and monitor the international ICT standards landscape and liaise with Standards Development Organisations (SDOs) and Standard Setting Organisations (SSOs), key organisations such as the EU Multi Stakeholder Platform for ICT Standardisation as well as industry-led groups, to pinpoint gaps and priorities matching EU DSM objectives. These will become the topics for a series of 10 Open calls focused on priority domains and a continuous cascading grants process, launched by StandICT.eu from March 2018, providing support for European specialists to contribute to ongoing standards development activities, as well as to attend SDO & SSO meetings.

StandICT.eu has published the first Open Call for proposals from 30 March - 29 May 2018, midnight CET. The call is open for submissions of proposals for grants to support activities in standardisation addressing one or more priority topics of the call.

Links to StandICT.eu and to the 1st Open Call

Event Objectives

The event outputs will be oriented along the following lines:

Getting an overview of relevant ongoing standards development activities in the domain of CyberSecurity & Privacy. Gathering input from the international and national standardisation activities in Europe – understanding the landscape and defining a way to organise contributions supported by StandICT.eu. Identifying a list of standardisation issues/gaps/topics relevant for the Cyber Security & Privacy domain that are stemming from, e.g., the organisations of the stakeholders, from communities active in the field, users. Engaging the participants to leverage their contribution to interoperability and standards activities in the domain of CyberSecurity & Privacy through StandICT.eu's Open Calls.

Target audience

Target audience are stakeholders engaged in the development of standards in the domain of Cybersecurity & Privacy both from SDOs and communities, researchers and developers in the field, practitioners and potential users.