Moderator: Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands |
09:00 Introduction & Welcome (P10a) Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands
09:10 Government Keynote: Qatar’s Vision for Supply Chain Cyber Resilience (P10b) Dana Al-Abdulla, Director of National Cyber Governance and Assurance Affairs, National Cyber Security Agency, Qatar
09:40 CCDB Update (P10c) Julie Chuzel, Policy Officer on European Cybersecurity Certification, Agence nationale de la sécurité des systèmes d’information (ANSSI), France
09:55 CCMC Update (P10d) Naruki Kai, Information-technology Promotion Agency (IPA), Japan
10:10 CCRA Member Signing Ceremony (P10e) Naruki Kai, Information-technology Promotion Agency (IPA), Japan
Moderator: Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands |
11:10 Industry Keynote: Vulnerability Management and Compliance (P11a) Vincent Danen, Vice President of Product Security, Red Hat, Canada
11:45 CCUF Update (P11c) Petra Manche, CCUF Chair, Cisco, United Kingdom
12:00 Plenary Panel Discussion: EUCC (P11d) Leader: Thomas Billeau, Director, Head of Security Certification, NXP Semiconductors, Germany; Roland Atoui, Managing Director, Red Alert Labs, France; Philippe Blot, Head of Sector Certification, European Union Agency for Cybersecurity (ENISA), Greece; Elżbieta Andrukiewicz, ITSEF Manager, Warszawa National Institute of Telecommunications, Poland; Glenn Wever, Security Specialist EU Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Netherlands; Jose Emilio Rico Martínez, CSH Business Support & Strategy, DEKRA, Spain [60MIN]
Salwa Ballroom I
Certification Schemes Landscape (L12) CC Statistics and Insights |
Moderator: Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands |
14:30 2024 CC Statistics Report: Common Criteria Stays Strong (L12a) Jose Pulido, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain
15:00 Enhancing Transparency: Insights From the Common Criteria Certification Ecosystem (L12b) Vashek Matyas, Professor, Masaryk University, Czechia
Salwa Ballroom II
Advances in the Use of CC (A12) Vulnerability Handling |
Moderator: Ryan Perry, Account Executive, TIC, UL Solutions, Netherlands |
14:30 Panel Discussion: Vulnerability Handling and Disclosure, Assurance Continuity Processes (A12a) Leader: Vicente Gonzalez Pedros, Cybersecurity Expert, European Union Agency for Cybersecurity (ENISA), Spain; Alan Laing, General Manager, Labs, Securus, Australia; Sylvain Guilley, CTO, Secure-IC, France; Vincent Danen, Vice President of Product Security, Red Hat, Canada; Sébastien Colle, VP, Head of Security, Infineon Technologies, Germany [60MIN]
Salwa Ballroom III
Updates from Schemes and iTCs (U12) Scheme Updates |
Moderator: Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands |
14:30 Singapore Scheme Updates (U12a) Roddy Kok, Lead Certifier, Cybersecurity Certification Centre, Cyber Security Agency of Singapore, Singapore
15:00 Japan Scheme Update (U12b) Toru Hashimoto, Assistant Manager, Information-technology Promotion Agency (IPA), Japan
Meeting Customer Requirements (M13) Applications to Niches |
Moderator: Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands |
16:00 Applying the CC Framework for Soft-IP Evaluation Reuse (M13a) Ruud Derwig, System & Security Architect, Synopsys, Netherlands; Thomas Schroeder, Security Analyst and Evaluator, Deutsche Telekom Security GmbH, Germany
16:30 EIDAS 2.0 – Cybersecurity Requirements for Remote Digital Signatures as a Service (M13b) Jose Emilio Rico Martínez, CSH Business Support & Strategy, DEKRA, Spain
17:00 CVSS as a Tool for Attack Potential Calculation (M13c) Mirko Malacario, Senior Officer, National Cybersecurity Agency – Agenzia per la Cybersicurezza Nazionale (ACN), Italy
Advances in the Use of CC (A13) Selected Topics |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
16:00 Confidential Computing and Common Criteria (A13a) Teresa MacArthur, Security and Certifications Analyst, Thales, Canada
16:30 Software Composition Analysis – Gold Standard for Supply Chain Security, Revisited (A13b) Dietmar Rosenthal, Lead Expert Source Code Analysis, TÜV Informationstechnik GmbH, Germany
17:00 SBOMS: BOMS for Vulnerability Tracking. Boom or Bust (A13c) Angela Soum, National Information Assurance Partnership (NIAP), United States
Updates from Schemes and iTCs (U13) Scheme Updates |
Moderator: Jose Francisco Ruiz Gualda, Cybersecurity Business Unit Director, Applus+, Spain |
16:00 EUCC in the Netherlands: Insights and Next Steps (U13a) Glenn Wever, Security Specialist EU Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Netherlands
16:30 French Scheme Update (U13b) Bojana Milovanovic, Quality Department Manager, Agence Nationale de la Sécurité des Systèmes d’information (ANSSI), France
17:00 Germany: Strategic Focus and Scheme Update (U13c) Fritz Bollmann, Head of Division Software Certification, Federal Office for Information Security (BSI), Germany
A free event for conference registrants. During ICCC, CC-certified product developers and certifiers will have the opportunity to receive a commemorative certificate from participating national schemes and receive of photograph of the presentation. Those who wish to participate must respond by October 3, 2024. More info.
Salwa Ballroom I
Meeting Customer Requirements (M20) CC Applications |
Moderator: Thomas Billeau, Director, Head of Security Certification, NXP Semiconductors, Germany |
09:00 Java Card Protection Profile Update to CC:2022 and the Development of a Multi-Assurance Protection Profile (M20a) Tyrone Stodart, Senior Principal Security Analyst, Oracle, United Kingdom
09:30 Reusing CC for ISO21434 Certification (M20b) Marc Le Guin, Head of Evaluation Body IT Security, TÜV Informationstechnik GmbH, Germany
10:00 Automotive Safety and Cybersecurity Convergence With CC AVA_VAN (M20c) Ritu Ranjan Shrivastwa, Director, Secure-IC, France
Salwa Ballroom II
Advances in the Use of CC (A20) AI and CC |
Moderator: Ryan Perry, Account Executive, TIC, UL Solutions, Netherlands |
09:00 Evaluation of AI-Based Technology (A20a) Naruki Kai, Information-technology Promotion Agency (IPA), Japan
09:30 Panel Discussion: Everything AI and Common Criteria (A20b) Leader: Dean Zwarts, Snr. Global Business Manager for Cybersecurity Device Security & Audit Solutions, UL, Netherlands; Mehmet Cakir, CEO, BEAM Teknoloji AS , Turkey; Sergio Casanova, CTO, Chief Technical Officer, SGS Brightsight, Spain; Yi Mao, CEO and Managing Director, atsec information security corporation, United States [60MIN]
Salwa Ballroom III
Updates from Schemes and iTCs (U20) Scheme Updates |
Moderator: Angela Soum, National Information Assurance Partnership (NIAP), United States |
09:00 Scheme Update of the Italian Certification Body (U20a) Tiziano Inzerilli, Senior Officer, Agenzia per la Cybersicurezza Nazionale, Italy; Massimiliano Orazi, Senior Officer, Agenzia per la Cybersicurezza Nazionale, Italy
09:30 Transition to EUCC from a Lab and Scheme Perspective (U20b) Leader: Philippe Blot, Head of Sector Certification, ENISA, Greece; Michiel Grashuis, Lead Technical Analyst, UL, Netherlands; Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure, Netherlands; Anna Kolesnichenko, Operations Manager, Riscure/Keysight, Netherlands
10:00 Establishing the NCCA in Cyprus and Adopting EU Cybersecurity Schemes (U20c) Xenia Kyriakidou, Senior Officer of NCCA – CY, Digital Security Authority, Cyprus
CC in New Domains (D21) Mobile Applications |
Moderator: Alvaro Ortega Chamorro, Cybersecurity Operational Manager, DEKRA, Spain |
11:00 Mobile Device Fundamentals Vs Consumer Mobile Device – Where Do We Go From Here? (D21a) Brian Wood, Program Manager, Google, United States
11:30 Optimizing EUICC Certification Under ENISA’s EU5G Activities (D21b) Mohamad Hajj, Cyber Security Manager, Internet of Trust, France
12:00 Simplifying Certification of Digital ID Applets With the Cryptographic Service Provider (CSP) (D21c) Gil Bernabeu, Chief Technology Officer, GlobalPlatform, United Kingdom
Advances in the Use of CC (A21) AI and Software |
Moderator: Sylvain Guilley, CTO, Secure-IC, France |
11:00 IA in the Age of AI (A21a) Yi Mao, CEO and Managing Director, atsec information security corporation, United States
11:30 To CB or to NB: That Is Not the Question (A21b) Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands
12:00 High Assurance Evaluations of Software-Only TOES (A21c) Sergio Casanova, CTO, Chief Technical Officer, SGS Brightsight, Spain
Updates from Schemes and iTCs (U21) Scheme Updates |
Moderator: Petra Manche, CCUF Chair, Cisco, United Kingdom |
11:00 US Scheme Update (U21a) Jon Rolf, Director, NIAP, United States
11:30 National Security Agencies—Time to Weigh-In on Legislation Affecting Security (U21b) Adam Golodner, Managing Partner, AMG Global Cyber Law, United States
12:00 Building a Cybersecurity Certification Scheme From EN17640 Fit CEM (U21c) Kai Redeker, Certifier, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
CC in New Domains (D22) IoT Applications |
Moderator: Thomas Billeau, Director, Head of Security Certification, NXP Semiconductors, Germany |
13:30 Leveraging EN 17927 for Streamlined IoT Security Compliance in the Face of Evolving EU Regulations (D22a) Jasiek Tabeau, Project Director for Certification, Riscure, and Member of the SESIP Committee, GlobalPlatform, United Kingdom
14:00 How Common Criteria Can Be Optimized to Develop More Efficient Schemes (D22b) Alireza Rohani, Certifier, TrustCB, Netherlands
14:30 Methodology for Vulnerability Assessment in 5G Networks – the RAN Module Case Study (D22c) Piotr Krawiec, Technical Manager, National Institute of Telecommunications, Poland
Advances in the Use of CC (A22) Cloud and CC |
Moderator: Angela Soum, National Information Assurance Partnership (NIAP), United States |
13:30 Common Criteria in the Cloud, Is This the End or Just the Beginning? (A22a) Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States
14:00 Extending the DBMS CPP: Embracing Cloud Architectures (A22b) Brandon Harvey, Principal Security Analyst, Oracle, United States
14:30 Impact of the Adoption of Cloud Services for Code Review on ALC_DVS and Attack Potential (A22c) Lorenzo Zamburru, Senior Certifier, Agenzia Cybersicurezza Nazionale (National Cybersecurity Agency), Italy
Updates from Schemes and iTCs (U22) EUCC and CCMRA |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
13:30 Update on EUCC (U22a) Philippe Blot, Head of Sector Certification, European Union Agency for Cybersecurity (ENISA), Greece
14:00 Panel Discussion: Challenges to Common Criteria Mutual Recognition (U22b) Leader: Jon Rolf, Director, NIAP, United States; Robert Harland, Operations Manager, Canadian Common Criteria Program, Canadian Centre for Cyber Security, Canada; Rob Huisman, Lead Security Expert European Cybersecurity Certification, Dutch Authority for Digital Infrastructure (NL:RDI), Ministry of Economic Affairs and Climate Policy, Netherlands; Sandro Amendola, Director-General, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Hin Chan, Manager – Australian Certification Authority, Australian Cyber Security Centre, Australia [60MIN]
Meeting Customer Requirements (M23) CC Applications |
Moderator: Petra Manche, CCUF Chair, Cisco, United Kingdom |
15:30 Using Common Criteria/EUCC to Meet CRA (M23a) Jose Pulido, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain
16:00 The Multi Assurance Paradigm Evaluation in EUCC (M23b) Gaetano Cavarretta, Senior Officer, Agenzia per la Cybersicurezza Nazionale, Italy
16:30 Trucks on and Off the Track: On Evaluation of Motion Sensors (M23c) Piotr Wiśniewski, Lead Evaluator, ITSEF, ITSEF, National Institute of Telecommunications, Poland
Advances in the Use of CC (A23) Cloud and CC |
Moderator: Patrick Campbell-Dunn, CEO, Securus Consulting Group, Australia |
15:30 Cloud Formations: NIAP Cloud Certifications and the Way Forward (A23a) Jon Rolf, Director, NIAP, United States, Swapna Katikaneni, NIAP Validator, Aerospace Corporation, United States
16:00 Panel Discussion: How Will Native Cloud Migration Affect CC Certification? (A23b) Leader: Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands; Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States; Javier Tallon, Co-Director, jtsec Beyond IT Security, Spain; Lachlan Turner, Director Cyber Labs, Lightship Security, Canada [60MIN]
Updates from Schemes and iTCs (U23) iTC updates |
Moderator: Fritz Bollmann, Head of Division Software Certification, Federal Office for Information Security (BSI), Germany |
15:30 Network Device ITC Update (U23a) Michael Vogel, Managing Director, atsec information security corporation, Germany
16:00 Hardcopy Devices ITC Update – HCD CPP V1.0E and Future Roadmap (U23b) Kwangwoo Lee, Security Architect, HP, South Korea
16:30 Biometrics Security ITC Update (U23c) Brian Wood, Program Manager, Google, United States
Enjoy an informal group dinner with your ICCC colleagues at one of Doha’s leading restaurants. Reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. This is an optional add-on to the conference registration. On site, you’ll meet your group at the ICCC registration desk and depart from there.
Salwa Ballroom I
Meeting Customer Requirements (M30) Selected Topics |
Moderator: Mehmet Cakir, CEO, BEAM Teknoloji AS , Turkey |
09:00 Why Low Assurance is So Hard (M30a) Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands
09:30 Navigating the Certification Landscape: Insights for Private CABS (M30b) Rasma Araby, Managing Director, atsec information security corporation, Sweden
10:00 Navigate OT Cybersecurity Risks in the Era of AI and Digital Transformation (M30c) Ramy Abbas, Cybersecurity Business Consultant, Honeywell, Qatar
Salwa Ballroom II
Advances in the Use of CC (A30) New Crypto and CC, Selected Topics |
Moderator: Jaroslav Reznik, Principal Program Manager, Product Security Compliance and Risk, Red Hat, Czechia |
09:00 A Survey of Cryptographic Algorithm Usage (A30a) Teresa MacArthur, Security and Certifications Analyst, Thales, Canada
09:30 Navigating the Future: Impact of Post-Quantum Cryptography in Common Criteria (A30b) Cansu Yener, Senior Certification Specialist, Secura, Netherlands
10:00 Return of Experience of ITSEF Challenges: A Concrete Example (A30c) Franck Sadmi, Head of the French Certification Body, Agence nationale de la sécurité des systèmes d’information (ANSSI), France
Salwa Ballroom III
Updates from Schemes and iTCs (U30) iTC Updates and Further Applications |
Moderator: Wouter Slegers, ICCC Conference Chair, and CEO, TrustCB, Netherlands |
09:00 Dedicated Security Components ITC Update (U30a) Brian Wood, Program Manager, Google, United States
09:30 IEEE Cybersecurity Certification Programs: Medical Devices Using Common Criteria and IoT Sensors Based on IEEE Cybersecurity Reference Architecture Model (U30b) Ted Osinski, IEEE Conformity Program Manager, IEEE, United States
10:00 Eurosmart ISCI – WG1 – Evaluation Methodology for High Security Evaluations (U30c) Gordon Caffrey, CEO Founder, JKL Compliance, United Kingdom
Meeting Customer Requirements (M31) EUCC |
Moderator: Fritz Bollmann, Head of Division Software Certification, Federal Office for Information Security (BSI), Germany |
11:00 EUCC Accreditation: The Complexity of Managing ITSEF’s Technical Competence. How To (M31a) Jose Emilio Rico Martínez, CSH Business Support & Strategy, DEKRA, Spain
11:30 EUCC – Ready for Software Evaluations? (M31b) Sebastian Fritsch, Lab Manager/Head of ITSEF, secuvera, Germany
12:00 Statistical Bounds to Expedite (High-Order) Side-Channel Attacks (M31c) Sylvain Guilley, CTO, Secure-IC, France
Advances in the Use of CC (A31) CC:2022 and AI |
Moderator: Mehmet Cakir, CEO, BEAM Teknoloji AS , Turkey |
11:00 Challenges in the Transition to CC:2022—Update of Protection Profiles (A31a) Tobias Wagner, Head of BSI ITSEF, Brightsight, an SGS Company
11:30 Enhancing Common Criteria Evaluations: The Potential and Risks of AI Integration (A31b) Hilal Sahin Ergin, TS Team Leader, UL Solutions, Netherlands
12:00 Quantum Computing Implications to ICT Security (A31c) Alan Laing, General Manager, Labs, Securus, Australia
Certification Schemes Landscape (L31) CC Future? |
Moderator: Sebastian Scandura, Chief Risk Officer, Securus Consulting Group, Australia |
11:00 Beyond Pass/Fail: Revolutionizing CC Scoring for Enhanced Assurance and Decision-Making (L31a) Roland Atoui, Managing Director, Red Alert Labs, France
11:30 Panel Discussion: Common Criteria (CC)—Maintenance and Development (L31b) Leader: Susanne Pingel, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Carolina Lavatelli, CTO & Founder, Internet of Trust, France; Kwangwoo Lee, Security Architect, HP, Korea; Elżbieta Andrukiewicz, ITSEF Manager, Warszawa National Institute of Telecommunications, Poland [60MIN]
13:00 Summary Panel Discussion: How Will Common Criteria Deal With the Complex Interplay Between Multiple Global Frameworks? (P32a) Leader: Jose Francisco Ruiz Gualda, Cybersecurity Business Unit Director, Applus+, Spain; Vicente Gonzalez Pedros, Cybersecurity Expert, European Union Agency for Cybersecurity (ENISA), Spain; Pierre-Jean Verrando, Director General, Eurosmart, Belgium; John Billow, Head of Department, Cybersecurity and Certification, Swedish National Cybersecurity Certification Authority, Sweden; Jacques Kruse Brandao, Head of Advocacy, Strategy and M&A, TÜViT, Germany [60MIN]