Taming the IoT Cybersecurity Wicked Challenge

John Moor
Managing Director
IoT Security Foundation

Abstract
This talk addresses the critical challenges of managing product cybersecurity throughout the lifecycle, and across applications. Aimed at designers, developers, and manufacturers with a blend of technical and management skills, the presentation will elucidate the multifaceted nature of IoT security challenges. It will emphasize the need for fit-for-purpose security that aligns with application requirements, regulatory compliance, and lifecycle management. The conclusion underscores the importance of a collaborative and evolving security methodology to address the dynamic challenges of IoT security, inviting all stakeholders to participate.

Biography
John Moor is co-founder and Managing Director of the IoT Security Foundation (IoTSF).He has over 30 years of experience in electronic systems and microelectronics industries and holds executive leadership and general manager responsibilities for IoTSF. Previously John served as a vice-president at the UK's National Microelectronics Institute (NMI) where he was tasked with formulating strategy and leading key innovation initiatives. Before NMI, John was one of the founders of Bristol-based start-up ClearSpeed Technology (formerly PixelFusion Ltd). During this time he led engineering operations at the vice-president level. He was responsible for technology acquisitions, establishing international supply chain operations and acquiring capability in the UK, USA and Taiwan.John holds an MA (Distinction) in Strategic Marketing Management from Kingston University London and a Master of Business Administration from the University of Leicester. John’s formative embedded systems engineering career centred on leading-edge microprocessor-based systems (substantially parallel systems) and used in data communications, high-performance computing, graphics and virtual reality applications.

Total Defense High Tech

Aernout Reijmer
Chief Security Officer
ASML

Abstract
Our industry is increasingly confronted with cybercrime and corporate espionage activities, attempting to exfiltrate intellectual property, engineering information, and customer confidential information for commercial gain or to disrupt business operations. These attacks extend beyond corporate boundaries to our supplier and customer ecosystems. The geopolitical relevance of cyber security has grown tremendously in the recent years in our sector, looking at the nefarious interest to obtain intellectual property and knowledge required for manufacturing high tech products.This presentation proposes a collaborative approach to reduce Cyber Risk in the High Tech / Semi and Defense industry.

Biography
•As CISO at ASML, Aernout implemented significant security capabilities for ASML (including a 10 fold increase in investments and even more for organization) in the domain of Information, IT, Human and Physical Security.•Executed for 8 consecutive years the Security Roadmap, running a portfolio of security projects, working away a historic backlog and achieving decent maturity level.•Spearheaded SIA’s and SEMICON CISO workgroup (US), the same for multinationals in NL, with the NL CISO Circle of Trust.•Became CISO of BT Global Services at the early age of 33 through a track record of solid execution and delivery.•While at BT, responsible for global security outside the UK. Brought security maturity to operational excellence level in 30 (mostly newly acquired) entities

Cybersecurity for Next Generation Critical Instructure Systems

Angelos Marnerides
Asst. Professor
University of Cyprus

Abstract
Critical Infrastructure Systems (CIS) composing Critical National Infrastructures (CNIs) enabling sectors such as power, manufacturing, nuclear, defence, space and transport are underpinned by Industrial Control Systems (ICS) that have recently been exposed to the Internet and the Internet-of-Things (IoT) technologies by virtue of urging business models. Evidently, this relatively recent interface of such traditionally isolated setups with the IoT has resulted to a rapid surge of sophisticated and targeted Advanced Persistent Threats (APTs) causing significant safety as well as monetary effects on a global scale. Such attack vectors are stealthy, and they target hardware and logical processes that are typically resource-constrained and unprotected. Moreover, they are used frequently in several malicious cyber operations such as nation-sponsored cyberwarfare and cybercrimes. Therefore, a great challenge and need exists on developing and evaluating defence and mitigation mechanisms within realistic setups that also adhere to ICS vendor-oriented and proprietary software nature. In this talk, we will focus on illustrating the vulnerability spectrum of ICS devices as well as on-going activities on how generalised vendor-independent solutions can be developed via real use cases in the context of the power, utilities and defence sectors.

Biography
Dr. Angelos K. Marnerides is an Asst. Professor of Cyber Physical Systems Security at the University of Cyprus, in the Department of Electrical & Computer Engineering and a faculty member leading activities in cybersecurity research at the KIOS Research and Innovation Centre of Excellence. Previously, he was a Assoc. Professor at the University of Glasgow (UofG), leading the Glasgow Cyber Defence Group and all the cybersecurity research activities across all research sections in the School of Computing Science at UofG. His research focuses on applied security and resilience for Internet-enabled cyber physical systems using data-driven approaches with focus on critical national infrastructures in various sectors including energy, defence, manufacturing and water utilities. Dr. Marnerides’ research has received significant funding in excess of €8M+ from the industry (e.g., Fujitsu, BAE, Raytheon, EDF), governmental bodies (e.g., EU, IUK, EPSRC) as well as UK national security and defence agencies (e.g., NCSC, GCHQ, MoD Dstl). Dr. Marnerides is currently the project coordinator for the €5.8M COCOON project funded by the EU Horizon Innovation Action (IA) being the first ever EU IA project coordinated by UCY KIOS and UCY in general. He is a malware detection patent author and has published extensively in top-tier IEEE/ACM conferences and journals. Moreover, he is a Senior Member (SMIEEE) of the IEEE and a member of the ACM since 2007. Dr. Marnerides has also played significant roles in various IEEE conferences, earning IEEE ComSoc contribution awards in 2016 and 2018. He obtained his PhD in Computer Science from Lancaster University in 2011 and has held lectureships and postdoctoral positions at institutions including Carnegie Mellon University, University of Porto, University College London, and Lancaster University.

Product Security for Trusted Electronics: A Holistic Approach

Konstantinos Papapanagiotou
Advisory Services Director
Census S.A.

Abstract
Electronics are more prevalent than ever in our lives. We are becoming more and more dependant on them as they play a signicant role in critical domains such as healthcare, communications, automotive, and even defense. Undoubtedly, the regulatory compliance landscape is becoming more complex and strict, aiming to protect the society from risks related to the use of such electronic devices. Regulations like NIS 2 and the EU Cyber Resilience Act set specific requirements for manufacturing trusted electronics. At the same time attacks occur, which demonstrate that the industry is not well prepared or mature enough. Furthermore, new technologies that are introduced bring about exiting capabilities but also challenges for cybersecurity.In this presentation we will provide an outline of the steps that need to be taken to create trusted electronics. The approach that we will present takes into account lessons learned from other sectors, such as medical devices, to introduce security activities throughout the product development lifecycle. Starting from security reqiurements and threat modeling, and continuing until product validation, testing, and field operation, we will present how you can ensure that a secure product can be built without interruptions or delays in the production timeframe.

Biography
Dr Konstantinos Papapanagiotou is the Advisory Services Director at Census Labs S.A. Prior to that, he worked for OTE S.A. (member of Deutsche Telekom Group) where he was responsible for the cyber security solutions offered to corporate customers. In the past he has led cyber security consulting teams in other private sector organizations.Dr Papapanagiotou has more than 20 years of experience in the field of cyber security both as a corporate consultant and as a researcher. During that time, he participated in numerous cyber security projects in public and private sector organizations, in Greece, Europe, and the Middle East.He holds a PhD and BSc from the Department of Informatics and Telecommunications at the University of Athens, Greece, as well as a MSc in Information Security with distinction from Royal Holloway, University of London. For more than 10 he served as an Adjunct Lecturer at the Hellenic American University, as well as the University of Athens and University of Piraeus, teaching Information Security to postgraduate and undergraduate students.