ETSI’s annual flagship event on Cyber Security, the ETSI Security Conference, took place face-to-face from 16 to 19 October 2023, in ETSI, Sophia Antipolis, France and gathered more than 200 people.
This year the event focused on Security Research and Global Security Standards in action The event also considered wider aspects such as Attracting the next generation of Cyber Security standardization professionals and supporting SMEs.
Meet & Network with the Community
This exclusive face-to-face event provided an exceptional opportunity for the security community to come together to exchange with experts, network with peers, and share facts and opinions around the subject of cybersecurity standardization.
Please find below the event programme for the ETSI Security Conference 2023.
- Day 1: Monday 16 October
09.30 - 09:45 EVENT OPENING
- Alex Leadbeater, ETSI TC Cyber Chair
- Luis Jorge Romero, ETSI Director-General
09:45 SESSION D1-1: GLOBAL CYBER SECURITY
Chaired by Alex Leadbeater, ETSI TC Cyber Chair, GSMA- KEYNOTE: Where Security Research and Standardization Meet
Claire Vishik, Former Intel Fellow - KEYNOTE: ENISA Security Landscape - State of the Nation
Andreas Mitrakas, ENISA - KEYNOTE: IoT Security Labels: Now what?
Dave Kleidermacher, Google
11:00 Coffee & Networking Break - Demos and Posters Visits
11:30 SESSION D1-2: GLOBAL CYBER SECURITY
Chaired by Alex Leadbeater, ETSI TC Cyber Chair, GSMA- Security in ETSI
Charles Brookson, Zeata - Product Security – Connecting Standards and Regulation to Market Access Opportunities
Amit Elazari, Open Policy Group - Post Quantum - Network Standards Ecosystem Update
Michael Salmon, Verizon - SBOM and Vulnerability Management
Phyllis Lee, Center for Internet Security (CIS)
12:45 Lunch & Networking Break - Demos and Posters Visits
14:15 SESSION D1-3: REGULATION STATE OF THE NATION
Chaired by Colin Whorlow, NCSC- Overview of EU Cybersecurity Regulatory Instruments and ETSI Support
Tony Rutkowski, Lead, ETSI REGPOLES Regulatory Instruments group - IoT Security Initiatives in India
Sushil Kumar, Telecommunication Engineering Centre, DoT, Government of India - How to Reconciliate International Standards and Regional Policy Making on Cybersecurity?
Eloïse Ryon & Gabriel Faifman, Schneider Electric - EU CSA 5G Scheme Update
Philippe Magnabosco, ENISA - NESAS Update
James Moran, GSMA
16:00 Tea & Networking Break - Demos and Posters Visits
16:30 SESSION D1-04: Regulation, Data Protection and Privacy, Technical Aspects
Chaired by Slawomir Gorniak, ENISA- Achieving Data Privacy Without Sacrificing Data Usability: The ENCRYPT Solution
Salvatore Dantonio, University of Naples Parthenope - Global Cyber Security Regulation – Analyst’s Perspective
Patrick Donegan, Harden Stance - Key Steps for Developing Trustworthy AI
Philippe Coution, TÜV SÜD - The Role of Digital Twins in the Era of 5G: Ensuring Security and Compliance
Ian Carpenter, Valid8
17:50 Networking Event
- Day 2: Tuesday 17 October
Day Opening by Alex Leadbeater, ETSI TC Cyber Chair, GSMA
08:30 SESSION D2-1 : Zero Trust, Supply Chain & Open Source
Chaired by Scott Cadzow, C3L- Ensuring Trustworthy Identification for Accountability in Today’s Distributed Environments
Santino Foti, TC ESI Vice-Chair, InfoCert - Beyond SBOM: Observability, Security Automation and Business impact Analysis for Heterogenous, Programmable Infrastructures
Piotr Zuraniewski, TNO - DevSecOps in Telco: Full Lifecycle Management of Security Testing Tools for Better R&D
Luca Bongiorni, ZTE - ZTA - The Inevitability … or is it NOT?
Galina Pildush, Palo Alto Networks
09:50 KEYNOTE: Export Controls - Wassenaar and Beyond
Torbjörn Gustavsson -FRA - Mathilde Latour Cisco10:20 Coffee & Networking Break - Demos and Posters Visits
10:45 KEYNOTE: Building an Ecosystem for Baseline Security
Sandro Amendola, BSI's Standardisation and Certification Department11:10 Session D2 - 2: ioT & Certification
Chaired by Samim Ahmadi, ETSI TC Cyber Vice-Chair, Umlaut- EN 303 645 Eco-System Update
Samim Ahmadi, ETSI TC Cyber Vice-Chair - From Standards to the UK Product Security Regime: Legislation and Enforcement
Veena Dholiwar and Warda Hassan, Department for Science, Innovation and Technology (DSIT) - Small “s” Standards: NIST's Role in IoT Cybersecurity
Katerina Megas, NIST - Unveiling CyberPass: Streamlining Cybersecurity Assessment & Certification for IoT Products in Compliance with ETSI EN 303 645
Roland Atoui, Red Alert Labs
12:30 Networking Lunch - Demos and Posters Visits
14:00 SESSION D2-3: ZERO TRUST, SUPPLY CHAIN & OPEN SOURCE
Chaired by Gerry McQuaid, Ofcom- ETI - Zero Trust’s Role in Enabling Network Visibility
Scott Cadzow, C3L - Front-end Access Management (feam)– Combining Best Features of Fido and Oauth!
Andras Vilmos, SafePay Systems Ltd. - Efficient Fine-Grained Hidden Access Control with Pre- and Post-Quantum Hybridization
Chloe Hébant, Théophile Brezot - Cosmian - TCG Standards for Zero-Trust: Ensuring Confidentiality, Integrity, and Supply Chain Trust
Silviu Vlasceanu - Huawei
15:20 Tea & Networking Break - Demos and Posters Visits
15:50 SESSION D2-4 Quantum Safe Cryptography Session
Chaired by Matt Campagna, ETSI QSC Chair, Amazon- Update on the NIST PQC Standards
Lily Chen, NIST - Quantum Safe Cryptography and ETSI Cyber QSC
Matt Campagna, ETSI TC Cyber QSC, Amazon Web Services - Quantum Key Distribution and ETSI’s ISG QKD
Martin Ward, ETSI ISG QKD, Toshiba - Towards Certification of Quantum Communications: an EU Perspective
Adam Lewis, European Commission Joint Research Centre - Simple and Effective Methods to Achieve Quantum Security Today
Daniel Shiu, Arqit - Efficient Quantum-Safe Communication Using Hybrid Encryption
Rei Safavi-Naini - University of Calgary
18:00 Networking Drink
- Ensuring Trustworthy Identification for Accountability in Today’s Distributed Environments
- Day 3: Wednesday 18 October
Day Opening by Alex Leadbeater, ETSI TC Cyber Chair, GSMA
08:45 KEYNOTE: The Path to Diversity: How the UK CyberFirst Project is Shaping the Next Generation of Cyber Security Professionals
Helen L, NCSC - Jane Wright, QinetiQ09:10 Session D3-1: Experiences of Attracting Next Generation of Engineers and Investing in Future
Chaired by Nataliya Stanetsky, Google- Skills Short, Threats Deep...How to Foster and Retain a Security Team amongst a Significant Workforce Gap
Jon France, IC2 - ETSI’s Approach to Education about Standardization
Claire d'Esclercs, ETSI - Nizar Abdelkafi, Politecnico di Milano - PANEL DISCUSSION led by the session chair with all session speakers
10:30 Coffee and Networking - Demos and Posters Visit
11:00 SESSION D3-2: IoT and Certification Session
Chaired by Davide Pratone, Huawei- Implementing Design Practices to Prevent Coercive Control in Consumer IoT
Alex Cadzow, C3L - Automated and Continuous Cybersecurity Certification for Internet of Things
Shahid Raza, RISE Research Institutes of Sweden - SparkLink: What it is and Why it Matters for Secure AIoTI
Peter Schmitting, AIOTI - Security in oneM2M
- Rana Kamill, BT Group
12:20 Lunch & Networking - Demos and Posters Visit
14:00 SESSION D3-3: IoT & Mobile Certification
Chaired by Hollie Hennessy, Omdia- TS 103 732 Presentation
Davide Pratone, Huawei - GSMA certification program based on ETSI TS 103 732 and Importance of Security Labelling
Brian Wood, Google - CSA IoT Certification Overview: Is EN 303 645 your one-stop shop for Global Consumer IoT regulatory compliance?
Nataliya Stanetsky, Google - PANEL DISCUSSION with Davide Pratone, Brian Woord and Paul Watrobski (NIST), led by the session Chair
15:45 Tea & Networking - Demos and Posters Visit
16:15 SESSION D3-4: 5G in the Wild - Part 1
Chaired by Alf Zugenmaier, NTT Docomo- Introduction to 3GPP
Mirko Cano Soveri, ETSI - Securing the Telecom Business across IT and Network
Anand Prasad, Deloitte Tohmatsu Cyber LLC - ETSI Addresses Certificate Woes in NFV Technology Based 5G Networks
Ben Smeets, Ericsson - What Will Happen and Is Happening on 5G/5G-A Security?
Rong Wu, Huawei - How to Test and Certify the Security of 5G Products in the Wild - Approach and First Insights from BSI in Germany
Heiner Grottendieck & Jens Ziegler, Federal Office for Information Security (BSI Germany)
18:00 Day 3 Networking Drink
- Skills Short, Threats Deep...How to Foster and Retain a Security Team amongst a Significant Workforce Gap
- Day 4: Thursday 19 October
Day Opening by Samin Ahmadi, ETSI TC Cyber Vice-Chair, Umlaut
08:45 SESSION D4-1: 5G in the Wild - Part 2
Chaired by Bjorn Fanta, Fabasoft- ETSI NFV & NFV Security State of the Nation
Leslie Willis, BT - Road-Map Towards the Adoption of Dynamic Trust Assurances for Safety and Security Convergence in Safety-Critical Systems
Francesca Bassi, IRT SystemX - Security Challenges in 5G-based Public safety Networks
Ravishankar Borgaonkar, SINTEF AS - On using Containers, Virtual Machines, LigthVMs and Unikerls in a Secure Operational Environment for Critical Infrastructure
Djibrilla Amadou Kountche, Akkodis - UICC, the universal toolbox for securing your services in the 5G ecosystem
Denis Praca, TC SET Chair, Thales
10:30 Coffee & Networking - Demos and Posters Visits
11:00 Session D4-2 6G Futures
Chaired by Charles Brookson,ZEATA Security- ETSI Perspectives
David Boswarthick, ETSI - PDL for Trustworthy 6G
Chonggang Wang, Interdigital - 6G - The Next Hyper-Connected Experience For All
Erik Guttman, Samsung
12:00 Lunch & Networking - Demos and Posters Visits
13:15 SESSION D4-3: Augmented Reality and AI
Chaired by George Sarkhov, SBS aisbl- The Challenge of Standards for Securing AI - the Work of ISG SAI
Scott Cadzow 3CL - The proposed Framework for AI good Cybersecurity Practices (FAICP)
Nineta Polemi, University of Pireaus - Cybersecurity research and innovation needs and priorities for AI and what it means for standardization
Corina Pascu, ENISA - Is AI Security scalable?
Manojkumar Parmar, Bosch - Leverage AI in Cyber Security Audits – NLP, LLM and Evidence-Based Approaches.
Bjorn Fanta, Fabasoft
15:00 Event Wrap Up
15:15 Close
- ETSI NFV & NFV Security State of the Nation
Venue: ETSI Headquarters
650 Route des Lucioles
06560 Valbonne - Sophia Antipolis
FRANCE Tel: +33 4 92 94 42 00
During the event breaks, attendees were able to visit the following demos and poster sessions:
DEMOS
- Covercrypt: an Efficient Pre and Post-Quantum Early-Abort KEM for Hidden Access Policies with Traceability - by Cosmian
Attribute-Based Encryption (ABE) is a very attractive primitive to limit access according to specific rights. While very powerful instantiations have been offered, under various computational assumptions, they rely on either classical or post-quantum problems, and are quite intricate to implement, generally resulting in poor efficiency; the construction we offer results in a powerful efficiency gap with respect to existing solutions.
With the threat of quantum computers, post-quantum solutions are important, but not yet tested enough to rely on such problems only. We thus first study an hybrid approach to rely on the best of the two worlds: the scheme is secure if at least one of the two underlying assumptions is still valid (i.e. the DDH and LWE).
Then, we address the ABE problem, with a practical solution delivering encrypted contents such that only authorized users can decrypt, without revealing the target sets, while also granting tracing capabilities. Our scheme is inspired by the Subset Cover framework where the users' rights are organized as subsets and a content is encrypted with respect to a subset covering of the target set.
Quite conveniently, we offer black-box modularity: one can easily use any public-key encryption of their choice, such as Kyber, with their favorite library, to combine it with a simple ElGamal variant of key encapsulation mechanisms, providing strong security guarantees. - CyberPass | Trust Your Connected Products with ETSI EN 303 645r - by Red Alert Labs
Nowadays, cybersecurity assessments and certification of ICT/IOT products are more often costly, slow, and cumbersome. However, these processes are capital to ensure cybersecurity and trust through your supply chain. In this demo we will show you CyberPass - an innovative cybersecurity solution that provides businesses with a cost-effective and scalable way to assess the level of cybersecurity of their connected ICT/IoT products from third-party vendors. This solution fully implements ETSI EN 303 645 and TS 103 701 standards, and combines automation with the precision of recognized experts to evaluate suppliers from all over the world. CyberPass provides manufacturers with a standardized cybersecurity assessment, a label, and a certificate that they can share with customers, as well as a detailed improvement plan to increase their level of maturity. With CyberPass, businesses can ensure cybersecurity throughout their supply chain without the heavy processes, cost, and time associated with traditional cybersecurity assessments. - Beyond SBOM: observability, security automation and business impact analysis for heterogenous, programmable infrastructures - by TNO
We present a technical demonstration of the Automated Security Operation (ASOP): cloud-based, open, modular and vendor agnostic platform for automating security operations in heterogenous, hybrid/multi-cloud infrastructures. We show how an incoming cyber-threat intelligence triggers a series of events like activating monitoring functions, assessing impact of the threat for the given asset and judging what business impact is expected if certain course of action is taken, finally offering a SoC specialist to execute a selected response. We demonstrate how exploiting and extending CycloneDX (OWASP Bill of Materials standard) to create a cloud agnostic infrastructure model, allows to perform the aforementioned operations in a heterogenous cloud environment. - Using 5G Digital Twins to test Security and Compliance - by valid8.com
As 5G technology continues to evolve, maintaining and securing the network and devices accessing the network will become increasingly challenging. This demo will highlight ways operators can face security challenges and properly test their equipment to meet their goals of ensuring a seamless, secure user experience. - Automated IoT Cyber Security Test Platform - SafeShark
The SafeShark test platform is a unique cyber security test platform for consumer IoT. With a plug and play device with no buttons or screens that connects to the product under test, it continually reports the status of the testing, providing reports and results against the international standard EN 303 645. The SafeShark test platform also enables remote testing and results of all products under test can be viewed via a secure portal where separate labs, or employee views can be set up. The platform can be licensed and white labelled to enable in-house self-assessment.
POSTERS
- Continuous and Efficient Cooperative Trust Management for Resilient CCAM- by IRT SystemX
- AI Computing Platform Security Framework - By Huawei
- Post Quantum Cryptography (PQC) for Cooperative ITS: ready for transition? - by IRT SystemX
- The ABCCD's of Cybersecurity: Architecting and Building Collaborative Cybersecurity Demonstrations at the U.S. National Cybersecurity Center of Excellence (NCCoE) - NIST
The ETSI Security Conference 2023 programme is being built by the following people:
- Samim Ahmadi, Umlaut
- Charles Brookson, ZEATA Security
- Alex Cadzow, C3L
- Scott Cadzow, C3L
- Matt Campagna, Amazon Web Services
- Peter C, NCSC
- Mirko Cano Soveri, ETSI/3GPP
- Björn Fanta, Fabasoft
- Slawomir Gorniak, ENISA
- Alan Hayward, NCSC
- Alex Leadbeater,GSMA, Programme Committee Chair
- Tieyan Li, Huawei
- Gerry McQuaid, Ofcom
- Mats Naslund, NDRE
- Jean-Pierre Quémard, KAT
- Ian Oliver, Nokia Bell Labs
- Laure Pourcin, ETSI
- Davide Pratone, Huawei
- Tony Rutkowski, CIS
- George Sharkov, European DIGITAL SME Alliance & SBS
- Nataliya Stanetsky, Google Ireland Limited
- Colin Whorlow, NCSC
- Alf Zugenmaier, NTT Docomo
Presentations made during the event are available in PDF format.
Recognition & Thanks
Cybersecurity Magazine
At Cybersecurity Magazine we first and foremost aim to bring cybersecurity associated information in language accessible to everyone. We feature weekly articles, written and reviewed by experts, and podcasts in various topics around the latest cybersecurity news and developments. We aim to bring quality topical articles that will help professionals and experts in the field, decision makers, and all users of technology. Our monthly podcast features episodes from our editors, with special guest experts, discussing the latest news and relevant topics of cybersecurity.