ACCSS – NCSC – SURF Symposium

On Tuesday May 14th ACCSS, NCSC and SURF will host a joint symposium on the topic of Cyber Security and Society. The main goal of the symposium is to bring together scientists from academia and practitioners from the government in order to exchange ideas and foster collaboration. In between the talks there will be opportunity to network.

When: Tuesday May 14, 2024 13:30 – 17:00
Where: SURF, Moreelsepark 48, 3511 EP Utrecht
Registration: There are still a few spots left. Please register by sending an email with your name and affiliation to research@ncsc.nl.

Programme

13:30 – 13:35: Opening by Belle Webster, director of the Collaboration and Knowledge unit of the NCSC

13:35 – 14:20: Bert Hubert
Cyber Security and Society: a pre-war reality check
The big disaster just won’t come. Despite the continuing string of leaks in security software, despite mediocre patching, despite poor regulation: the worst we notice here is ransomware and the occasional DoS attack. In this talk, I try to give the best calibrated picture possible of how safe and robust our infrastructure actually is. The infrastructure on which all of our lives now run. In practice many aspects of cyber are not as bad as they look.
But, there are also things we rather not talk about. Because we currently assume that the (marine) cables always work, That our ICT partners continents away continue to care for us. And that “the cloud” will never get hacked. But what if that turns out not be true? Could we still function? Could we keep our communication going in times of war? Or if not, would we know how to get back online? Could our government in a crisis still communicate when WhatsApp is down?
The goal of this talk is to sketch as realistic a picture as possible of where we stand, and what we can do better.

14:20 – 14:40: break

14:40 – 15:05: Stijn Bankras & Katie Hendriks (NCSC)
The research team at NCSC-NL aims to bridge the gap between academia and cybersecurity practice. Besides conducting our own research, we also work closely with our research partners and, of course, our own organisation.
During our talk we hope to show exactly how this works. Of course, we will also enlighten you on the operational side of our organisation and how this relates to research.

15:05 – 15:30: Bram Poppink, Arne de Roode & Reinder Wolthuis (TNO)
Playing by the NCSC playbooks.
To improve efficiency and speed of cybersecurity operations, the industry is increasingly automating operational security tasks. A machine-readable security playbook is one such development, that could replace many manual tasks. We explored the current practical applicability of security playbooks.
Looking into the future – the impact of Large Language Models on the cyber threat landscape.
Over the past two years Large Language Models have had a huge impact on society, but what is the impact on the cyber security threat landscape? For what purposes can LLMs be abused by adversaries, and how will this develop over time? In this talk we present the impact that current developments in LLM technology have had on the cyber threat landscape, and a way forward to monitor this impact over time when new developments arise on the horizon.
The Security Operations Center of the Future – Blueprint of the SOC in 2030.
Security monitoring and incident response will face major challenges the coming years as the complexity of infrastructures, threats and regulation increases. This presentation provides a rough sketch of the organization, processes and interaction with the outside world deemed necessary in 2030 – a SOC blueprint. A number of recommendations for relevant stakeholders is also given.

15:30 – 15:50: break

15:50 – 16:15: Els de Busser (Universiteit Leiden)
The C-SIDe project is an interdisciplinary project funded by NWO bringing together researchers from different scientific disciplines from Leiden University and the Hague University of Applied Sciences. The aim of the project is new set of guidelines for software developers that helps them to integrate the technical and non-technical aspects of cyber security into the design of new software.
An interdisciplinary team of researchers have each studied specific parts of software development and security-by-design. These parts are now integrated to form guidelines addressed to key stakeholders directly or indirectly involved with software development such as government, companies and software developers.
The project team researched how to (re)define security-by-design and expand the concept of security beyond technology. This means including human behaviour, decision-making processes and other organisational aspects. On a technological plane, the project team researched how to measure security and the role that the quality and quantity of vulnerability libraries play in creating more secure software. The C-SIDE guidelines will work as a practical guide through the steps to take to build more secure software from the point of view of these stakeholders.

16:15 – 16:40: Jeroen van der Ham (Universiteit Twente & NCSC)
Vulnerability Disclosure has been a topic that Jeroen has focused on in the past ten years. In this presentation he’ll focus on the interdisciplinary aspects of vulnerability disclosure, ranging from social and business aspects: how do we deal with vulnerability reports and who can turn off a high-risk vulnerable system? But also legal and ethical aspects of vulnerabilities: what is “ethical” about hacking? How do you decide to inform affected parties? And of course, with the NIS2, vulnerability disclosure is in the spotlight, and becomes a policy issue as well, with very different cultural angles.

16:40 – …: Drinks and snacks!