Dear Colleagues,
It is our pleasure to welcome you to the 5th Network and Information Security (NIS'18) Summer School, taking place in Crete, Greece, 24 September - 28 September 2018. This event, having a different "special theme" every year, is jointly organised by the European Union Agency for Network and Information Security (ENISA) and the Foundation for Research and Technology - Hellas (FORTH).
The theme for this year is "The Challenge of the Changing Risk Landscape".
The Changing Risk Landscape refers to the dynamics, dependencies and complexity inherent to
Information
Technology.
In this context, the changing security “ecosystem” is the one of the main challenges of Information
Security. The
relevant
community needs to speed-up reaction, collaboration and information exchange in order to achieve
timely and
effective
response to the challenges involved. This indeed seems to be the only option for Information
Security in the
continuous
race of defense strategies to offer adequate protection against offense attempts.
ENISA is dedicated to promoting a culture of security in Europe that will improve the ability of EU Member States to respond to cyber-attacks. It does so, by pursuing a strategy of mitigating risks through awareness, studies, reports and position papers on current NIS matters. Towards this objective, ENISA and FORTH, a research institute devoted to advancing the State-of-the-Art in ICT, bring together in this Summer School a distinguished faculty from around the world with the purpose to identify current trends, threats and opportunities against the background of recent advances on NIS measures and policies.
Recognising the multi-dimensional facets and intricacies causing changes in the information risks landscape, an array of lectures will cover a variety of key aspects on policy, economic, legal and research matters. The audience includes policy makers from EU Member States and EU Institutions, decision makers from industry and members of the academic community.
By going through a natural evolution cycle, but also by adopting current trends in networking and exchange of knowledge, this year’s Summer School aims at increasing interaction among participants. Targeted breakout sessions will enhance dialogue and exchange of ideas, while cutting edge security issues will be collected before the event through publicly accessible fora and will be channelled to the discussions. Wrap-ups of these interactive sessions will be worked out and distributed during the event.
We would like to thank our keynote speakers, facilitators and faculty for contributing to a programme of such high quality, and we are confident that the participants of NIS'18 will both benefit from, and enjoy the programme.
Prof. Dr. Udo Helmbrecht
Executive Director of ENISA
Prof. Nektarios Tavernarakis
Chairman of the Board Of Directors of FORTH
The organizers of the NIS Summer School would like to offer the opportunity to non-profit organizations/activities in the area of Cyber Threat Intelligence, such as EU Horizon 2020 projects, national academic research and developments projects, open source communities, etc. to disseminate their work through this event. This can be achieved by means of posters, flyers, tool demonstrations etc.
Interested organizations are encouraged to contact the organizer to express their interest, together with some information about the dissemination material (short description of the item to be presented, relevance to CTI, method of presentation, particular presentation requirements). The organizer will review this material via its stakeholder and will inform the project about the acceptance of their presentation. The review of the material is thought as a filter for the relevance and quality of the submissions but also spatial availabilities at the venue of the event.
Interested organizations may contact us through the functional mailbox event.management@nis-summer-school.enisa.europa.eu
Posters will be presented at Room: Mezzo I and II, GROUND LEVEL throughout the duration of conference.
| Sotiris Ioannidis | Foundation for Research and Technology - Hellas |
| Louis Marinos | European Union Agency for Network and Information Security |
| Andreas Miaoudakis | Foundation for Research and Technology - Hellas |
| Maria Mastoraki | Foundation for Research and Technology - Hellas |
| Panos Chatziadam | Foundation for Research and Technology - Hellas |
| Ioannis Askoxylakis | Foundation for Research and Technology - Hellas |
| Gabi Dreo Rodosek | Universität der Bundeswehr München - UniBW |
| Stefanie Frey | DEUTOR Cyber Security Solutions GmbH |
| Pierre Girard | Gemalto |
| Magnus Harlander | Genua GmbH |
| Vasilis Katos | Bournemouth University |
| Katerina Mitrokotsa | Chalmers University of Technology |
| Kai Rannenberg | Goethe Universität Frankfurt |
| Annemarie Zielstra | TNO |
| Paul Theron | Thales |
| Rodica Tirtea | European Union Agency for Network and Information Security |
Printable version of the program can be downloaded following this link
Vassilis Maglaras was born in December 1975 in Athens, where he lives ever since. He
studied Political and
Economic Science at Panteion University of Social and Political Science, at the
National and Kapodistrian
University of Athens, as well as at the Economic University of Athens.
He holds BA Hons in Political Science from the Department of Political Science and
History of Panteion
University of Social and Political Science, two Master degrees and two PhDs from the
Department of Political
Science and Public Administration of the National and Kapodistrian University of
Athens and from the
Department of Economic and Regional Development of Panteion University of Social and
Political Science. He
also holds a certified post-doctoral qualification and he is a fluent speaker of
English and French.
Dr. Leandros A. Maglaras received the B.Sc. degree from Aristotle University of
Thessaloniki, Greece in 1998,
M.Sc. in Industrial Production and Management from University of Thessaly in 2004,
and M.Sc. and PhD degrees
in Electrical & Computer Engineering from University of Volos, in 2008 and 2014
respectively. In 2018 he was
awarded a PhD in Intrusion Detection in SCADA systems from University of
Huddersfield. He is the head of the
National Cyber Security Authority of Greece and a visiting Lecturer in the School of
Computer Science and
Informatics at De Montfort University, U.K.
He serves on the Editorial Board of
several International
peer-reviewed journals such as IEEE Access and Wiley Journal on Security &
Communication Networks. He is an
author of more than 90 papers in scientific magazines and conferences and is a
senior member of IEEE.
The major target of cyber attacks is a country's Critical National Infrastructure (CNI) such as ports, hospitals, water, gas or electricity producers, which use and rely upon Supervisory Control and Data Acquisitions(SCADA) and Industrial Control Systems (ICS) to manage their production. Protection of CNIs becomes an essential issue to be considered. Generally, available protective measures are classified according to legal, technical, organizational, capacity building, and cooperation aspects. In this talk, we will discuss about regulations and policies that may be used to tackle cyber attacks to CNIs along with practical measures that need to be taken in order for these regulations to be effective. Attribution of cyber attacks, especially when these originate from another nation, is questionable regarding which country or law enforcement agency has the authority to investigate and prosecute the penetrators.
Aidan joined ENISA in July 2014. He is a policy adviser and the Legal officer for
ENISA. He is a Lawyer and an
Electrical Engineer by training. Aidan has been responsible for drafting a number of
policy papers for the
Agency on cybersecurity policy and strategy and has supported the drafting of
European Directives and
Regulations in cybersecurity.
Before joining ENISA, Aidan was a technical adviser to the Minister for
Communications, Energy and Natural
Resources in Ireland on telecommunications, cyber security, emergency planning and
the 112 emergency call
answering service. He set up and was the Head of the National Cyber Security Centre
in Ireland between 2011
and 2014. He was responsible for chairing a number of Council Working Parties during
the Irish Presidency in
2014. He was also responsible for the preparation of the Council Conclusions on the
2013 EU Cyber Security
Strategy when he chaired the Friends of the Presidency Working Group.
Aidan was a member of the Telecommunication working group that draft the founding
Regulation of ENISA in 2004.
Between 2004 and 2014 he was the Irish representative to the Management Board of
ENISA. He also the supported
the negotiation of the renewal of the mandate of ENISA in January 2013 with the
European Parliament.
Bart Preneel is a full professor at the KU Leuven, where he heads the Imec-COSIC
research group, that has 80
members. He has authored numerous scientific publications & is inventor of five
patents. His research
interests are cryptography, cybersecurity & privacy. He is president of LSEC & has
been president of the IACR
(International Association for Cryptologic Research).
Bart has been invited speaker at more than 120 conferences in more than 40
countries. In 2014 he received the
RSA Award for Excellence in the Field of Mathematics & in 2016 he received the
Kristian Beckman Award from
IFIP TC11.
The quantity and especially the quality of cyber attacks are constantly increasing. Recent examples of high-quality attack vectors, specifically designed to permeate the state of the art technologies, show that current approaches are failing to guarantee an adequate protection. It is the asymmetry of the attack that needs to be addressed. An attacker needs to exploit only one vulnerability whereas a defender has to defend the whole system. Moving Target Defence (MTD) are promising approaches to address this asymmetry and increase the uncertainty for the attacker. The talk will give an overview of MTD approaches and discuss their applicability, including the aspect whether MTD is a potential game changer in the security landscape.
Edgar R. Weippl is Research Director of SBA Research and Privatdozent at the Vienna
University of Technology
and teaches at several universities of applied sciences. He focuses on (1)
fundamental and applied research on
blockchain and distributed ledger technologies and (2) security of production
systems engineering.
He is on the editorial board of Elsevier’s Computers & Security journal (COSE), PC
chair of ESORICS 2015,
general chair of ACM CCS 2016 and PC Chair of SACMAT 2017.
After graduating with a Ph.D. from the Vienna University of Technology, Edgar worked
for two years in a
research startup. He spent one year teaching as an assistant professor at Beloit
College, WI. From 2002 to
2004, while with the software vendor ISIS Papyrus, he worked as a consultant for an
HMO in New York, NY and
Albany, NY, and for the financial industry in Frankfurt, Germany. In 2004 he joined
the Vienna University of
Technology and together with A Min Tjoa and Markus Klemen founded the research
center SBA Research.
"The non-profit Shadowserver Foundation has been collecting network threat information on a large scale for many years with a mission to make the Internet a more secure environment for all. The collected data is sent to National CERTs and network owners via the Shadowserver free daily remediation feed and used to support various law enforcement investigations. Data collection on such a scale is a big challenge - the talk will give an overview of how Shadowserver operates, what data it collects, how the information is being shared and how Shadowserver has supported various botnet takedowns."
"Active Cyber-Defence"
Short presentation from the demonstrators participating in the Summer School
This lab exercise will focus on various attacks on the very common IoT communication
protocol, BLE (Bluetooth
Low Energy).
The agenda will be structured as follows:
This lab exercise will focus on various attacks on the very common IoT communication
protocol, BLE (Bluetooth
Low Energy).
The agenda will be structured as follows:
Prof. Doerr works in the broad area of network security and critical infrastructure
protection. His research
focus is designing resilient network systems, localizing and estimating current
threats through real-time
situational awareness in networks as well as conducting threat intelligence on
adversaries.
Prior to joining Delft University of Technology, he was at the University of
Colorado, USA, where he received
his Ph.D. in Computer Science and Cognitive Science. While most of his work focuses
on technology, he also
integrates socio-technical aspects of cyber security with this background in his
research.
Prof Dr. Tanja Lange joined the Technische Universiteit Eindhoven (The Netherlands)
as Full Professor in 2006.
Her work bridges the gaps between algebraic geometry, theoretical cryptography, and
real-world information
security. She is an expert on curve-based cryptography and post-quantum
cryptography.
Prof. Dr. Lange is on the editorial board for 3 journals and serves on 3 steering
committees, including the
workshop series on Post-Quantum Cryptography. She coordinated the EU-H2020 project
PQCRYPTO -- Post-quantum
cryptography for long-term security https://pqcrypto.eu.org
She is a regular speaker at crypto and security conferences and has written more
than 70 articles and books,
including a paper in Nature on Post-Quantum Cryptography.
Nineta Polemi has obtained a Ph.D. in Applied Mathematics (Coding Theory) from The City University of New York (Graduate Center). She held teaching positions in Queens College, Baruch College of City University of New York and the State University of New York. She acted as President of the BoD and Technical Manager in the security consultancy company ExpertNet. She is currently Programme Manager in the European Commission in DG CONNECT (Cyber Security and Digital Privacy Unit H1), she is under suspension of duties as tenure Associate Professor in the University of Piraeus (Dept. of Informatics) and as Director of the UNIPI Security Lab. She has taught cryptography, security of ICT systems, port security and e-business. She has over one hundred publications, organised numerous security scientific events and has received a plethora of research grants. She has been PM and TM in over than 50 security projects of various international, EU and national programmes including National Security Agency (NSA), Dr. Nuala McGann Drescher Foundation, Greek Ministry of Defence, INFOSEC, IST Programme, FP5-FP7 and Horizon2020 EU Programmes.
Head of Unit of the newly created High Performance Computing and Quantum Technology
unit, DG Communications
Networks, Content and Technology, European Commission Dr. Gustav Kalbe is German,
born in Belgium. From 1986
to 1990 he studied Applied Physics at the Université Catholique de Louvain, Belgium.
In 1991 he studied
Applied Optics at the Imperial College of Science in London. In 1995 he completed
his studies and earned a PhD
in Physics, Molecular Spectroscopy, at the Université Catholique de Louvain,
Belgium.
In 1995 he began working as a project manager in photonic networks at Belgacom S.A.,
where he was R&D manager
when he left the company.
In 1998 he joined the Directorate General Information Society & Media of the
European Commission where he
started working as a Project Officer managing research projects of the European
Framework Programs for
Research. The main areas covered were optical telecommunications, photonics, quantum
information processing,
ICT security and foundational ICT research. Gustav Kalbe was among the Project
officers that launched the 1st
European Initiative of Quantum Technologies in 1999 and has stayed involved in this
field throughout his
different assignments in the European Commission.
In 2014 Gustav Kalbe became Head of Unit for Administration & Finance in the
European Commission, in
Directorate General Communications Networks, Content and Technology. In 2016 he was
appointed Head of Unit of
the newly created High Performance Computing and Quantum Technology unit in
Directorate General Communications
Networks, Content and Technology.
Via video conference High Performance Computing & Quantum Technologies, DG Com. Networks
Daniel J. Bernstein is the designer of the "tinydns" software used by Facebook to publish server addresses, the "ChaCha20" cipher used to encrypt Chrome's HTTPS connections to Google, the "dnscache" software used by OpenDNS to handle address requests from 65 million Internet users, the "SipHash" hash function (co-designed with Jean-Philippe Aumasson) used by Python to protect against hash-flooding attacks, the "qmail" software used by Yahoo to receive mail, and the "Curve25519" public-key system used by WhatsApp for end-to-end encryption.
Michael Groves is a technical director for cryptographic research at NCSC, having held a number of research positions over a period of about 20 years. He has also had a variety of advisory roles on cryptography and cyber security and has been prominent in the public debate on quantum topics in the UK. Michael is the author of three internet RFCs on identity-based cryptography (IETF RFCs 6507, 6508 and 6509) which have been adopted and standardized by 3GPP for public safety applications. For the past four years he has served as Vice Chair of the specialist ETSI Industry Specification Group studying quantum-safe cryptography.
Bart Preneel is a full professor at the KU Leuven, where he heads the Imec-COSIC
research group, that has 80
members. He has authored numerous scientific publications & is inventor of five
patents. His research
interests are cryptography, cybersecurity & privacy. He is president of LSEC & has
been president of the IACR
(International Association for Cryptologic Research).
Bart has been invited speaker at more than 120 conferences in more than 40
countries. In 2014 he received the
RSA Award for Excellence in the Field of Mathematics & in 2016 he received the
Kristian Beckman Award from
IFIP TC11.
In the morning session you will learn about the IoT security frameworks developed by ENISA, GSMA and OWASP.
In this session you will be put into the role of a product manager, who has to determine whether the security recommendations have indeed been met. Organized in small teams you will be looking at production-quality code and network traces to answer the security assessment challenges in this hands-on session.
What can you expect? You will learn how to apply the security recommendations to real-world implementations. We expect this to be a discussion intensive session!
Continuation of the session started at 14:00. For those who are interested in a post-session exercise the group will meet in the hotel bar to get IoT code running on the FRDM-K64F running the Cortex-M4 processor.
Vadim Lyubashevsky is a researcher in the cryptography group at IBM Research –
Zurich. His main area of
research is post-quantum cryptography based on the hardness of lattice problems. In
particular, he has done
extensive foundational work on constructions of efficient cryptographic primitives,
including encryption,
digital signatures, and zero-knowledge proofs, based on the hardness of
ideal-lattice problems. His designs
have been used as blueprints for submissions, by many various groups, to the ongoing
NIST post-quantum
standardization process. Vadim's research is currently supported by a starting ERC
grant FELICITY.
Vadim
received his Ph.D. in 2008 from UCSD, after which he spent two years as a post-doc
at Tel-Aviv University.
Prior to joining IBM, he was a researcher at Inria in France from 2010 - 2015.
Prof Máire O’Neill is Principal Investigator of Queen’s University of Belfast’s Centre for Secure Information Technologies (CSIT). She is currently Director of the UK Research Institute in Secure Hardware and Embedded Systems (RISE: https://www.ukrise.org/). She also leads the EU H2020 SAFEcrypto (Secure architectures for Future Emerging Cryptography) project (www.safecrypto.eu). She previously held an EPSRC Leadership Fellowship (2008-2014) and was a former holder of a UK Royal Academy of Engineering research fellowship (2003-2008). She has received numerous awards for her research work which include a 2014 Royal Academy of Engineering Silver Medal and British Female Inventor of the Year 2007. She has authored two research books and has over 140 international peer-reviewed conference and journal publications. She is Associate Editor for IEEE Transactions on Computers and IEEE Transactions on Emerging Topics in Computing and has acted as guest editor for a number of journals, including a special issue on ‘Cryptography in the coming decade’ in ACM Trans. on Embedded Computing (2015). Her research into high-speed AES security was successfully commercialised by Amphion Semiconductors and collaborative research with ETRI on a novel security architecture for Electric Vehicle
Michael Groves is a technical director for cryptographic research at NCSC, having held a number of research positions over a period of about 20 years. He has also had a variety of advisory roles on cryptography and cyber security and has been prominent in the public debate on quantum topics in the UK. Michael is the author of three internet RFCs on identity-based cryptography (IETF RFCs 6507, 6508 and 6509) which have been adopted and standardized by 3GPP for public safety applications. For the past four years he has served as Vice Chair of the specialist ETSI Industry Specification Group studying quantum-safe cryptography.
Stefan-Lukas Gazdag is research engineer and firewall developer at genua GmbH. After starting out with network security, monitoring of security critical systems, intrusion detection and event management he switched his interest field to cryptography. Currently he works on bringing post-quantum cryptography into practice. He holds a Master of Science in Computer Science.
Daniel Loebenberger earned his doctorate in 2012 at the University of Bonn in the area of applied cryptography. He then continued to research and teach in Bonn at the Bonn-Aachen International Center for Information Technology (b-it). Since the beginning of 2016, he has been working as an IT security expert with a focus on cryptography at genua GmbH, Munich. Among others, he is currently researching practical feasibility of quantum-resistant VPNs.
Daniel Loebenberger earned his doctorate in 2012 at the University of Bonn in the area of applied cryptography. He then continued to research and teach in Bonn at the Bonn-Aachen International Center for Information Technology (b-it). Since the beginning of 2016, he has been working as an IT security expert with a focus on cryptography at genua GmbH, Munich. Among others, he is currently researching practical feasibility of quantum-resistant VPNs.
Stefan-Lukas Gazdag is research engineer and firewall developer at genua GmbH. After starting out with network security, monitoring of security critical systems, intrusion detection and event management he switched his interest field to cryptography. Currently he works on bringing post-quantum cryptography into practice. He holds a Master of Science in Computer Science.
Daniel J. Bernstein is the designer of the "tinydns" software used by Facebook to publish server addresses, the "ChaCha20" cipher used to encrypt Chrome's HTTPS connections to Google, the "dnscache" software used by OpenDNS to handle address requests from 65 million Internet users, the "SipHash" hash function (co-designed with Jean-Philippe Aumasson) used by Python to protect against hash-flooding attacks, the "qmail" software used by Yahoo to receive mail, and the "Curve25519" public-key system used by WhatsApp for end-to-end encryption.
Prof Dr. Tanja Lange joined the Technische Universiteit Eindhoven (The
Netherlands) as Full Professor in
2006.
Her work bridges the gaps between algebraic geometry, theoretical
cryptography, and real-world information
security. She is an expert on curve-based cryptography and post-quantum
cryptography.
Prof. Dr. Lange is on the editorial board for 3 journals and serves on 3
steering committees, including the
workshop series on Post-Quantum Cryptography. She coordinated the
EU-H2020 project PQCRYPTO -- Post-quantum
cryptography for long-term security https://pqcrypto.eu.org
She is a regular speaker at crypto and security conferences and has
written more than 70 articles and
books,
including a paper in Nature on Post-Quantum Cryptography.
Visit to archaeological site of Knossos
The venue of the Summer School is Galaxy Hotel Iraklio . Galaxy Hotel is simply the place to be whether you seek to combine business with leisure or leisure with pleasure.
Hotel reservation will be available through the registration process, subject to availability
There are four types of registration available:
| industry | academia/public sector | students | |
| Complete Event | 500 € | 400 € | 200 € |
| Conference only | 250 € | 200 € | 100 € |
| Training session only | 250 € | 200 € | 100 € |
| Poster Presentation | 500 € | 500 € | 500 € |
Registration is available through:
CCBS GREECE P.C. Cretan Conference and Business Services P.C
6 Pediados Str, 71201, Heraklion GR
Tel: +30 2810 331010, Fax: +30 2810 330606
A cancellation fee of €50 applies. No cancellation will be allowed after July 30, 2018. If you cannot attend you may transfer the registration to another person.
European Union Agency for
Network and Information Security Agency
1 Vasilissis Sofias Str Maroussi 151 24
Attiki, Greece
Tel: +30 28 14 40 9711
Foundation for Research and Technology - Hellas
N. Plastira 100, Vassilika Vouton
Heraklion, GR-700 13, Crete, Greece
Tel.: +30 2810 391945
