16-18 November 2020 | Virtual Conference and Vendor Forum

Conference Agenda

All times shown in Central European Time (CET).

Monday 16 November

13:00-14:35 Plenary Conference Session

13:00 CET Introduction, Jose Ruiz Gualda, Program Director, ICCC, Co-founder, jtsec Beyond IT Security, Spain; Opening Welcome (P00a) Martin Schaffer, Global Head of Cybersecurity Services, SGS Group, Austria
13:05 CET Keynote: Securing the Edge: The Role of Third-Party Security Verification (P00b) Wolfgang Steinbauer, Vice-President, Head of Competence Centre Crypto and Security, NXP, Austria
13:35 CET CCDB Update (P00c) Rob Huisman, Netherlands National Communications Security Agency, Netherlands
13:50 CET CCRA Update (P00d) Colin Whorlow, Head of International Standards, National Cyber Security Centre (NCSC), United Kingdom

14:05 CET CCUF Update (P00e) Petra Manche, Product Security Certification Engineer, Cisco, United Kingdom

14:30-14:35 Break

14:35-15:40 Plenary Conference Session

14:40 CET Panel Discussion on EUCC and CCRA: Market Impact (P00f) Miguel Bañón, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain; Aristotelis Tzafalias, Policy Officer, European Commission, Greece

15:40-16:00 Break

16:00-17:30 Track Sessions

New CC ISO Revision Update
Moderator: Dr. Michael Vogel, Principal Consultant, COO, atsec information security GmbH, Germany

16:00 CET ISO/IEC JTC 1/SC 27/WG 3, Current Status, Roadmap and Challenges (R01a) Miguel Bañon, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain


16:30 CET Adopting the New Evaluation Methods and Activities in ISO/IEC 15408-4 (R01b) Tony Boswell, Senior Principal Consultant, CyTAL, United Kingdom


17:00 CET Changes in the ISO/IEC 15408 General Model (R01c) Speaker TBA

Meeting Customer Requirements
Moderator: Petra Manche, Product Security Certification Engineer, Cisco, United Kingdom

16:00 CET FIA’s OTP Security—a Common Criteria Approach (M01a) Markus Bartsch, Business Development, TUViT, Germany; Markus Wagner, TÜV Informationstechnik GmbH


16:30 CET The Road to Smart Meter Security Requirements Acceptance (M01b) Willem Strabbing, Managing Director, ESMIG, Belgium; Olaf Tettero, CTO, Brightsight, The Netherlands


17:00 CET eHealth: Infrastructure and Evaluation in Germany (M01c) Sebastian Hoppach, Security Consultant/Evaluator, TÜV Informationstechnik GmbH, Germany

17:30-18:00 Break

18:00-19:00 Track Sessions

Updates from Schemes and ITCs
Moderator: Dr. Michael Vogel, Principal Consultant, COO, atsec information security GmbH, Germany

18:00 CET Biometrics Security iTC Update (U02a) Brian Wood, Device Security Certification Manager, Samsung Research America, United States


18:30 CET Network Device iTC Update (U02b) Kristy Knowles, Product Security Certification Engineer, Cisco, United States

Meeting Customer Requirements
Moderator: Nithya Rachamadugu, Senior Director, Cygnacom Solutions, United States

18:00 CET FIPS vs CC: What Drives Certification Demand for HSMs? (M02a) Ignacio Dieguez, Senior Principal Security Certifications Engineer, Entrust, United Kingdom. Natalya Robert, Principal Security Certifications Engineer, Entrust, United Kingdom


18:30 CET Protection Profile for SaaS Multi-Tenant Cryptographic Isolation (M02b) Richard Tychansky, Security Architect, Identity Dynamics Corp, United States

Tuesday 17 November

13:00-14:30 Track Sessions

Updates from Schemes and ITCs
Moderator: Naisby Camponeschi, NIAP, United States

13:00 CET Japanese Scheme Update (U10a) Toru Hashimoto, Assistant Manager, IPA, Japan


13:30 CET Hardcopy Devices iTC Update (U10b) Kwangwoo Lee, Security Architect, HP, South Korea


14:00 CET KSO3C: Polish Schema for Evaluation and Certification Compliant with Common Criteria—Last Step Towards Recognition (U10c) Elzbieta Andrukiewicz, KSO3C Project Manager, National Institute of Telecommunications, Poland

Meeting Customer Requirements
Moderator: Ahmad Zuraimi bin Mohamad, Technical Director, Cybersecurity & Common Criteria, Securelytics, Malaysia

13:00 CET Track Keynote: Meeting Customer Requirements with Unified Verification Standard (M10a) Bob Xie, Cyber Security Officer, Huawei Western European Region, Director, Huawei Cyber Security Transparency Centre, Huawei, Belgium


13:30 CET Trust Model for Verticals Over 5G (M10b) Claire Loiseaux, CEO, Internet of Trust, France


14:00 CET You want what? By when?? …. Ok! (M10c) Wouter Slegers, CEO, TrustCB, Netherlands

14:30-15:00 Break

15:00-17:00 Track Sessions

Updates from Schemes and ITCs
Moderator: Erin Connor, Consultant, Canada

15:00 CET Spanish Scheme Update (U11a) David Cerezo, Ccn, Technical Manager, CCN (Centro Criptológico Nacional), Spain


15:30 CET ISCI-WG1 Contribution to the Common Criteria Methodology Improvement and Usage (U11b) Francois Guerin, ISCI-WG1 Chairman, Representative of Thales in ISCI-WG1, ISCI-WG1, France


16:00 CET 2020 Statistics Report. Is the Industry Surviving to Lockdown? (U11c) José Pulido, jtsec, Spain


16:30 CET Using the Common Criteria in Canada (U11d) Robert Harland, Operations Manager, Canadian Common Criteria Scheme, Canadian Centre for Cyber Security, Canada

Assurance
Moderator: Brian Wood, Device Security Certification Manager, Samsung Research America, United States

15:00 CET Reading Between the Lines, A Biometric Acceptance in Malaysia Voyage (S11a) Nur Iylia Roslan, Security Analyst, CyberSecurity Malaysia, Malaysia; Nor Zarina Zamri, CyberSecurity Malaysia, Malaysia


15:30 CET Outbreak Impact in CC (S11b) Alvaro Ortega Chamorro, Cybersecurity Lab Manager, DEKRA Testing and Certification S.A.U., Spain


16:00 CET End-to-End Side-Channel Detection Methodology (S11c) Sylvain Guilley, CTO, Secure-IC S.A.S., France


16:30 CET JHAS Rating Approach and Assessment of SW Vulnerabilities—All ITSEFs Will Become Hackers (S11d) Jasmina Omic, Product Manager Services, Riscure, Netherlands

17:00-17:30 Break

17:30-19:00 Track Sessions

Updates from Schemes and ITCs
Moderator: Nithya Rachamadugu, Senior Director, Cygnacom Solutions, United States

17:30 CET NIAP Update (U12a) Mary Baish, Director, NIAP, United States


18:00 CET A Transition to New Algorithms: Encryption, Key Establishment and Entropy—the CMVP Perspective (U12b) Allen Roginsky, Mathematician, NIST, United States


18:30 CET NIAP Automation Work Update and Demo (U12c) Robert Clemons, Director, NIAP, United States

Assurance
Moderator: Brian Wood, Device Security Certification Manager, Samsung Research America, United States

17:30 CET The Changes of Change Management (S12a) Gabor Hornyak, CTO & Head of Budapest laboratory, CCLab Ltd., Hungary


18:00 CET Towards Creating an Extension for Patch Management for ISO/IEC 15408 and ISO/IEC 18045 (S12b) Sebastian Fritsch, Secuvera, Germany; Javier Tallón, jtsec, Spain


18:30 CET Results on Automating National Information Assurance Partnership (NIAP) Requirements Testing for Mobile App Vetting (S12c) Vincent Sritapan, Program Manager, U.S. Department of Homeland Security, United States; Angelos Stavrou, Kryptowire, United States

Wednesday 18 November

13:00-14:30 Track Sessions

Advances in the Use of Common Criteria
Moderator: Gonzalo Erro Iribarren, Data Privacy and Cybersecurity Officer, Huawei Technologies, Spain

13:00 CET EUCC Scheme Update (A20a) Philippe Blot, Lead Certification Expert, ENISA, France


13:30 CET State of Play and Way Forward (A20b) Aristotelis Tzafalias, Policy Officer, European Commission, Greece


14:00 CET Cryptographic Agility in Security Standards (A20c) Tomislav Nad, Head of Cryptography & System Security, SGS Digital Trust Services GmbH, Austria

Cybersecurity Certification Schemes Landscape
Moderator: Juan Manuel Gonzalez Nieto, Laboratory Director and Co-founder,Teron Labs, Australia

13:00 CET Automotive Cyber Security (L20a) Xavier Vilarrubla, General Manager, Brightsight Barcelona, Spain


13:30 CET What About 5G Certification (L20b) Boutheina Chetali, Security Certification Sr. Expert, Huawei Technologies France, France


14:00 CET Update on NESAS/SCAS Scheme (L20c) James Moran, Head of Security, GSMA, Ireland

14:30-15:00 Break

15:00-17:00 Track Sessions

Advances in the Use of Common Criteria
Moderator: Thomas Billeau, Senior Manager–Head of Certification, Competence Center Crypto & Security/BU: Chief Technology Office, NXP Semiconductors, Germany

15:00 CET Application of the Common Criteria to Building Trustworthy Automotive SDLC (A21a) Seungyeon Jeong, Ms.C Student, Korea University, South Korea, Sooyoung Kang, Korea University, South Korea; Seungjoo Kim, Korea University, South Korea.


15:30 CET Evolution Towards Evaluation of HW IP Blocks (A21b) Gordon Caffrey, Head of Site Certification, Eurosmart ITSC – Chairman (NXP), United Kingdom; Jean-Philippe Galvan, Principal Engineer, Qualcomm, Vice-Chairman, Eurosmart ITSC , France


16:00 CET How ‘By-Parts’ Evaluation Achieves Certification Scheme Scalability (A21c) Gil Bernabeu, GlobalPlatform, France


16:30 CET Soft IP Certification, a Glimpse into the Future (A21d) Joop van de Pol, Senior Security Evaluator, Brightsight, Netherlands

Cybersecurity Certification Schemes Landscape
Moderator: Alicia Squires, Global Certifications Team–Manager, FIPS/Common Criteria, Cisco Systems, United States

15:00 CET Strong Digital Identity as an Enabler for Adaptive Security and How It Fits into Certification (L21a) John Boggie, Director, Head of Cybersecurity Certification, NXP Semiconductors, United Kingdom; Georg Stutz, Principal Security Certification Expert, NXP Semiconductors, Germany


15:30 CET Composite Evaluations: The Way Forward for IoT Security and Compliance (L21b) Dirk-Jan Out, CEO, Brightsight, The Netherlands


16:00 CET Certifying IoT Devices: Challenges from the Real World (L21c) Raphael Spreitzer, Principal Security Expert, SGS Digital Trust Services, Austria


16:30 CET The EMVCo Security Evaluation Processes for IoT (L21d) Gary Hemmings, Member, EMVCo Security Evaluation Group, Director, MasterCard, United Kingdom

17:00-17:30 Break

17:30-19:00 Track Sessions

Advances in the Use of Common Criteria
Moderator: Dianne Hale, NIAP, United States

17:30 CET Formal Models for High-Assurance: Why and How (A22a) Carolina Lavatelli, CTO, Internet of Trust, France


18:00 CET Qualcomm’s View on EUCC and Importance of Composition and Re-Use in Certification (A22b) Anne-Lise Thieblemont, Vice President, Qualcomm, United States


18:30 CET Cloud and Common Criteria: NWI ISO Proposal (A22c ) Joshua Brickman, Director, Security Evaluations, Oracle, United States

Cybersecurity Certification Schemes Landscape
Moderator: Petra Manche, Product Security Certification Engineer, Cisco, United Kingdom

17:30 CET Industrial Automation Control Systems Cybersecurity Certification – Chapter II (L22a) Georgios Giannopoulos, Project Manager Team Lead, JRC ERNCIP, Greece; Jose Ruiz Gualda, Co-founder, jtsec Beyond IT Security, Spain


18:00 CET Common Criteria Vs FedRAMP (L22b) Ravi Jagannathan, Cloud Security Architect, VMware, United States


18:30 CET You, Me and FIPS 140-3: Open for Business! (L22c) Ryan Thomas, CST Laboratory Manager, Acumen Security, United States


19:00 CET Summary Presentation (P22d) Nithya Rachamadugu, Senior Director, Cygnacom Solutions, United States

19:30 Adjourn