21-23 October | Central Park Hotel Songdo, Korea

ICCC24 Conference Agenda

Monday 4 November

08:00 - 09:00 Registration

09:00 - 10:15 Plenary Keynote Session

Moderator: Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands

09:00 Introduction & Welcome (P10a) Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands


09:10 Government Keynote: Qatar’s Vision for Supply Chain Cyber Resilience (P10b) Dana Al-Abdulla, Director of National Cyber Governance and Assurance Affairs, National Cyber Security Agency, Qatar


09:40 CCDB Update (P10c) Julie Chuzel, Policy Officer on European Cybersecurity Certification, Agence nationale de la sécurité des systèmes d’information (ANSSI), France


09:55 CCMC Update (P10d) Naruki Kai, Information-technology Promotion Agency (IPA), Japan


10:10 CCRA Member Signing Ceremony (P10e) Naruki Kai, Information-technology Promotion Agency (IPA), Japan

10:20-11:10 Networking Break in Exhibits

11:10 - 13:00 Plenary Conference Session

Moderator: Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands

11:10 Industry Keynote: Vulnerability Management and Compliance (P11a) Vincent Danen, Vice President of Product Security, Red Hat, Canada


11:45 CCUF Update (P11c) Petra Manche, CCUF Chair, Cisco, United Kingdom


12:00 Plenary Panel Discussion: EUCC (P11d) Leader: Thomas Billeau, Director, Head of Security Certification, NXP Semiconductors, Germany; Roland Atoui, Managing Director, Red Alert Labs, France; Philippe Blot, Head of Sector Certification, European Union Agency for Cybersecurity (ENISA), Greece; Elżbieta Andrukiewicz, ITSEF Manager, Warszawa National Institute of Telecommunications, Poland; Glenn Wever, Security Specialist EU Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Netherlands; Jose Emilio Rico Martínez, CSH Business Support & Strategy, DEKRA, Spain [60MIN]

13:00 - 14:30 Lunch in Exhibit Area

14:30 - 15:30 Track Sessions

Salwa Ballroom I

Certification Schemes Landscape (L12)
CC Statistics and Insights
Moderator: Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands

14:30 2024 CC Statistics Report: Common Criteria Stays Strong (L12a) Jose Pulido, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain


15:00 Enhancing Transparency: Insights From the Common Criteria Certification Ecosystem (L12b) Vashek Matyas, Professor, Masaryk University, Czechia

Salwa Ballroom II

Advances in the Use of CC (A12)
Vulnerability Handling
Moderator: Ryan Perry, Account Executive, TIC, UL Solutions, Netherlands

14:30 Panel Discussion: Vulnerability Handling and Disclosure, Assurance Continuity Processes (A12a) Leader: Vicente Gonzalez Pedros, Cybersecurity Expert, European Union Agency for Cybersecurity (ENISA), Spain; Alan Laing, General Manager, Labs, Securus, Australia; Sylvain Guilley, CTO, Secure-IC, France; Vincent Danen, Vice President of Product Security, Red Hat, Canada; Sébastien Colle, VP, Head of Security, Infineon Technologies, Germany [60MIN]

Salwa Ballroom III

Updates from Schemes and iTCs (U12)
Scheme Updates
Moderator: Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands

14:30 Singapore Scheme Updates (U12a) Roddy Kok, Lead Certifier, Cybersecurity Certification Centre, Cyber Security Agency of Singapore, Singapore


15:00 Japan Scheme Update (U12b) Toru Hashimoto, Assistant Manager, Information-technology Promotion Agency (IPA), Japan

15:30 - 16:00 Networking Break in Exhibits

16:00 - 17:30 Track Sessions

Meeting Customer Requirements (M13)
Applications to Niches
Moderator: Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands

16:00 Applying the CC Framework for Soft-IP Evaluation Reuse (M13a) Ruud Derwig, System & Security Architect, Synopsys, Netherlands; Thomas Schroeder, Security Analyst and Evaluator, Deutsche Telekom Security GmbH, Germany


16:30 EIDAS 2.0 – Cybersecurity Requirements for Remote Digital Signatures as a Service (M13b) Jose Emilio Rico Martínez, CSH Business Support & Strategy, DEKRA, Spain


17:00 CVSS as a Tool for Attack Potential Calculation (M13c) Mirko Malacario, Senior Officer, National Cybersecurity Agency – Agenzia per la Cybersicurezza Nazionale (ACN), Italy

Advances in the Use of CC (A13)
Selected Topics
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

16:00 Confidential Computing and Common Criteria (A13a) Teresa MacArthur, Security and Certifications Analyst, Thales, Canada


16:30 Software Composition Analysis – Gold Standard for Supply Chain Security, Revisited (A13b) Dietmar Rosenthal, Lead Expert Source Code Analysis, TÜV Informationstechnik GmbH, Germany


17:00 SBOMS: BOMS for Vulnerability Tracking. Boom or Bust (A13c) Angela Soum, National Information Assurance Partnership (NIAP), United States

Updates from Schemes and iTCs (U13)
Scheme Updates
Moderator: Jose Francisco Ruiz Gualda, Cybersecurity Business Unit Director, Applus+, Spain

16:00 EUCC in the Netherlands: Insights and Next Steps (U13a) Glenn Wever, Security Specialist EU Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Netherlands


16:30 French Scheme Update (U13b) Bojana Milovanovic, Quality Department Manager, Agence Nationale de la Sécurité des Systèmes d’information (ANSSI), France


17:00 Germany: Strategic Focus and Scheme Update (U13c) Fritz Bollmann, Head of Division Software Certification, Federal Office for Information Security (BSI), Germany

17:30 - 19:00 Welcome Reception in Exhibits

Open to everyone. Located in the Exhibit Area. Catch up with your colleagues for a refreshing beverage at the end of the day’s events.

CC Certificate Presentation Ceremony (P14a)

A free event for conference registrants. During ICCC, CC-certified product developers and certifiers will have the opportunity to receive a commemorative certificate from participating national schemes and receive of photograph of the presentation. Those who wish to participate must respond by October 3, 2024. More info.

Tuesday 5 November

08:00 - 09:00 Coffee in The Exhibits

09:00 - 10:30 Track Sessions

Salwa Ballroom I

Meeting Customer Requirements (M20)
CC Applications
Moderator: Thomas Billeau, Director, Head of Security Certification, NXP Semiconductors, Germany

09:00 Java Card Protection Profile Update to CC:2022 and the Development of a Multi-Assurance Protection Profile (M20a) Tyrone Stodart, Senior Principal Security Analyst, Oracle, United Kingdom


09:30 Reusing CC for ISO21434 Certification (M20b) Marc Le Guin, Head of Evaluation Body IT Security, TÜV Informationstechnik GmbH, Germany


10:00 Automotive Safety and Cybersecurity Convergence With CC AVA_VAN (M20c) Ritu Ranjan Shrivastwa, Director, Secure-IC, France

Salwa Ballroom II

Advances in the Use of CC (A20)
AI and CC
Moderator: Ryan Perry, Account Executive, TIC, UL Solutions, Netherlands

09:00 Evaluation of AI-Based Technology (A20a) Naruki Kai, Information-technology Promotion Agency (IPA), Japan


09:30 Panel Discussion: Everything AI and Common Criteria (A20b) Leader: Dean Zwarts, Snr. Global Business Manager for Cybersecurity Device Security & Audit Solutions, UL, Netherlands; Mehmet Cakir, CEO, BEAM Teknoloji AS , Turkey; Sergio Casanova, CTO, Chief Technical Officer, SGS Brightsight, Spain; Yi Mao, CEO and Managing Director, atsec information security corporation, United States [60MIN]

Salwa Ballroom III

Updates from Schemes and iTCs (U20)
Scheme Updates
Moderator: Angela Soum, National Information Assurance Partnership (NIAP), United States

09:00 Scheme Update of the Italian Certification Body (U20a) Tiziano Inzerilli, Senior Officer, Agenzia per la Cybersicurezza Nazionale, Italy; Massimiliano Orazi, Senior Officer, Agenzia per la Cybersicurezza Nazionale, Italy


09:30 Transition to EUCC from a Lab and Scheme Perspective (U20b) Leader: Philippe Blot, Head of Sector Certification, ENISA, Greece; Michiel Grashuis, Lead Technical Analyst, UL, Netherlands; Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure, Netherlands; Anna Kolesnichenko, Operations Manager, Riscure/Keysight, Netherlands


10:00 Establishing the NCCA in Cyprus and Adopting EU Cybersecurity Schemes (U20c) Xenia Kyriakidou, Senior Officer of NCCA – CY, Digital Security Authority, Cyprus

10:30 - 11:00 Networking Break in Exhibits

11:00 - 12:30 Track Sessions

CC in New Domains (D21)
Mobile Applications
Moderator: Alvaro Ortega Chamorro, Cybersecurity Operational Manager, DEKRA, Spain
Track Sponsor

11:00 Mobile Device Fundamentals Vs Consumer Mobile Device – Where Do We Go From Here? (D21a) Brian Wood, Program Manager, Google, United States


11:30 Optimizing EUICC Certification Under ENISA’s EU5G Activities (D21b) Mohamad Hajj, Cyber Security Manager, Internet of Trust, France


12:00 Simplifying Certification of Digital ID Applets With the Cryptographic Service Provider (CSP) (D21c) Gil Bernabeu, Chief Technology Officer, GlobalPlatform, United Kingdom

Advances in the Use of CC (A21)
AI and Software
Moderator: Sylvain Guilley, CTO, Secure-IC, France
Conference Track Sponsor

11:00 IA in the Age of AI (A21a) Yi Mao, CEO and Managing Director, atsec information security corporation, United States


11:30 To CB or to NB: That Is Not the Question (A21b) Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands 


12:00 High Assurance Evaluations of Software-Only TOES (A21c) Sergio Casanova, CTO, Chief Technical Officer, SGS Brightsight, Spain

Updates from Schemes and iTCs (U21)
Scheme Updates
Moderator: Petra Manche, CCUF Chair, Cisco, United Kingdom

11:00 US Scheme Update (U21a) Jon Rolf, Director, NIAP, United States


11:30 National Security Agencies—Time to Weigh-In on Legislation Affecting Security (U21b) Adam Golodner, Managing Partner, AMG Global Cyber Law, United States


12:00 Building a Cybersecurity Certification Scheme From EN17640 Fit CEM (U21c) Kai Redeker, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany

12:30 - 13:30 Lunch in Exhibit Area

13:30 - 15:00 Track Sessions

CC in New Domains (D22)
IoT Applications
Moderator: Thomas Billeau, Director, Head of Security Certification, NXP Semiconductors, Germany

13:30 Leveraging EN 17927 for Streamlined IoT Security Compliance in the Face of Evolving EU Regulations (D22a) Jasiek Tabeau, Project Director for Certification, Riscure, and Member of the SESIP Committee, GlobalPlatform, United Kingdom


14:00 How Common Criteria Can Be Optimized to Develop More Efficient Schemes (D22b) Alireza Rohani, Certifier, TrustCB, Netherlands


14:30 Methodology for Vulnerability Assessment in 5G Networks – the RAN Module Case Study (D22c) Piotr Krawiec, Technical Manager, National Institute of Telecommunications, Poland

Advances in the Use of CC (A22)
Cloud and CC
Moderator: Angela Soum, National Information Assurance Partnership (NIAP), United States

13:30 Common Criteria in the Cloud, Is This the End or Just the Beginning? (A22a) Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States 


14:00 Extending the DBMS CPP: Embracing Cloud Architectures (A22b) Brandon Harvey, Principal Security Analyst, Oracle, United States


14:30 Impact of the Adoption of Cloud Services for Code Review on ALC_DVS and Attack Potential (A22c) Lorenzo Zamburru, Senior Certifier, Agenzia Cybersicurezza Nazionale (National Cybersecurity Agency), Italy

Updates from Schemes and iTCs (U22)
EUCC and CCMRA
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

13:30 Update on EUCC (U22a) Philippe Blot, Head of Sector Certification, European Union Agency for Cybersecurity (ENISA), Greece


14:00 Panel Discussion: Challenges to Common Criteria Mutual Recognition (U22b) Leader: Jon Rolf, Director, NIAP, United States; Robert Harland, Operations Manager, Canadian Common Criteria Program, Canadian Centre for Cyber Security, Canada; Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands; Sandro Amendola, Director-General, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Hin Chan, Manager – Australian Certification Authority, Australian Cyber Security Centre, Australia [60MIN]


15:00 - 15:30 Networking Break in Exhibits


Exhibits Close at 15:30

15:30 - 17:00 Track Sessions

Meeting Customer Requirements (M23)
CC Applications
Moderator: Petra Manche, CCUF Chair, Cisco, United Kingdom

15:30 Using Common Criteria/EUCC to Meet CRA (M23a) Jose Pulido, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain


16:00 The Multi Assurance Paradigm Evaluation in EUCC (M23b) Gaetano Cavarretta, Senior Officer, Agenzia per la Cybersicurezza Nazionale, Italy


16:30 Trucks on and Off the Track: On Evaluation of Motion Sensors (M23c) Piotr Wiśniewski, Lead Evaluator, ITSEF, ITSEF, National Institute of Telecommunications, Poland

Advances in the Use of CC (A23)
Cloud and CC
Moderator: Patrick Campbell-Dunn, CEO, Securus Consulting Group, Australia

15:30 Cloud Formations: NIAP Cloud Certifications and the Way Forward (A23a) Jon Rolf, Director, NIAP, United States, Swapna Katikaneni, NIAP Validator, Aerospace Corporation, United States


16:00 Panel Discussion: How Will Native Cloud Migration Affect CC Certification? (A23b) Leader: Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands; Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States; Javier Tallon, Co-Director, jtsec Beyond IT Security, Spain; Lachlan Turner, Director Cyber Labs, Lightship Security, Canada [60MIN]

Updates from Schemes and iTCs (U23)
iTC updates
Moderator: Fritz Bollmann, Head of Division Software Certification, Federal Office for Information Security (BSI), Germany

15:30 Network Device ITC Update (U23a) Michael Vogel, Managing Director, atsec information security corporation, Germany


16:00 Hardcopy Devices ITC Update – HCD CPP V1.0E and Future Roadmap (U23b) Kwangwoo Lee, Security Architect, HP, South Korea


16:30 Biometrics Security ITC Update (U23c) Brian Wood, Program Manager, Google, United States

18:00 - 20:00 Dine-Out Doha

Enjoy an informal group dinner with your ICCC colleagues at one of Doha’s leading restaurants. Reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. This is an optional add-on to the conference registration. On site, you’ll meet your group at the ICCC registration desk and depart from there.

Wednesday 6 November

08:00 - 09:00 Coffee

09:00 - 10:30 Track Sessions

Salwa Ballroom I

Meeting Customer Requirements (M30)
Selected Topics
Moderator: Mehmet Cakir, CEO, BEAM Teknoloji AS , Turkey

09:00 Why Low Assurance is So Hard (M30a) Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands


09:30 Navigating the Certification Landscape: Insights for Private CABS (M30b) Rasma Araby, Managing Director, atsec information security corporation, Sweden


10:00 Navigate OT Cybersecurity Risks in the Era of AI and Digital Transformation (M30c) Ramy Abbas, Cybersecurity Business Consultant, Honeywell, Qatar

Salwa Ballroom II

Advances in the Use of CC (A30)
New Crypto and CC, Selected Topics
Moderator: Jaroslav Reznik, Principal Program Manager, Product Security Compliance and Risk, Red Hat, Czechia

09:00 A Survey of Cryptographic Algorithm Usage (A30a) Teresa MacArthur, Security and Certifications Analyst, Thales, Canada


09:30 Navigating the Future: Impact of Post-Quantum Cryptography in Common Criteria (A30b) Cansu Yener, Senior Certification Specialist, Secura, Netherlands


10:00 Return of Experience of ITSEF Challenges: A Concrete Example (A30c) Franck Sadmi, Head of the French Certification Body, Agence nationale de la sécurité des systèmes d’information (ANSSI), France

Salwa Ballroom III

Updates from Schemes and iTCs (U30)
iTC Updates and Further Applications
Moderator: Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands

10:30 - 11:00 Networking Break

11:00-12:30 Track Sessions

Meeting Customer Requirements (M31)
EUCC
Moderator: Fritz Bollmann, Head of Division Software Certification, Federal Office for Information Security (BSI), Germany
Advances in the Use of CC (A31)
CC:2022 and AI
Moderator: Mehmet Cakir, CEO, BEAM Teknoloji AS , Turkey

11:00 Challenges in the Transition to CC:2022—Update of Protection Profiles (A31a) Tobias Wagner, Head of BSI ITSEF, Brightsight, an SGS Company


11:30 Enhancing Common Criteria Evaluations: The Potential and Risks of AI Integration (A31b) Hilal Sahin Ergin, TS Team Leader, UL Solutions, Netherlands


12:00 Quantum Computing Implications to ICT Security (A31c) Alan Laing, General Manager, Labs, Securus, Australia

Certification Schemes Landscape (L31)
CC Future?
Moderator: Sebastian Scandura, Chief Risk Officer, Securus Consulting Group, Australia

11:00 Beyond Pass/Fail: Revolutionizing CC Scoring for Enhanced Assurance and Decision-Making (L31a) Roland Atoui, Managing Director, Red Alert Labs, France


11:30 Panel Discussion: Common Criteria (CC)—Maintenance and Development (L31b) Leader: Susanne Pingel, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Carolina Lavatelli, CTO & Founder, Internet of Trust, France; Kwangwoo Lee, Security Architect, HP, Korea; Elżbieta Andrukiewicz, ITSEF Manager, Warszawa National Institute of Telecommunications, Poland [60MIN]

12:30 - 13:00 Networking Break

13:00 - 14:00 Closing Plenary Session

13:00 Summary Panel Discussion: How Will Common Criteria Deal With the Complex Interplay Between Multiple Global Frameworks? (P32a) Leader: Jose Francisco Ruiz Gualda, Cybersecurity Business Unit Director, Applus+, Spain; Vicente Gonzalez Pedros, Cybersecurity Expert, European Union Agency for Cybersecurity (ENISA), Spain; Pierre-Jean Verrando, Director General, Eurosmart, Belgium; John Billow, Head of Department, Cybersecurity and Certification, Swedish National Cybersecurity Certification Authority, Sweden; Jacques Kruse Brandao, Head of Advocacy, Strategy and M&A, TÜViT, Germany [60MIN]

Announcement of ICCC 2025

14:00 Adjourn