21-23 October | Central Park Hotel Songdo, Korea

ICCC22 Conference Agenda

Note: This is the agenda from ICCC 2022.

Tuesday 15 November

Networking Break Sponsor

08:00 - 09:00 Registration

09:00 - 10:15 Plenary Keynote Session

9:00 Welcome and Introduction (P10a) Wouter Slegers, ICCC Program Director, CEO, TrustCB, Netherlands; Josepmaria Roca, Director IT Labs Area, Applus+ Laboratories, Spain

9:45 Industry Keynote Address: Engineering Perspective on Cybersecurity
(P10c) José Luis López Diez, Senior Vice President Engineering, Airbus Defence & Space, Spain

10:15 - 11:00 Networking Break in Exhibits

11:00 - 12:45 Plenary Conference Session

Moderator: Wouter Slegers, ICCC Program Director, CEO, TrustCB, Netherlands

11:00 CCDB Update (P11a) Tiziano Inzerilli, Organismo di Certificazione della Sicurezza Informatica (OCSI), Italy


11:15 CCRA Update (P11b) Jon Rolf, Director NIAP, National Security Agency, United States


11:30 CCUF Update (P11c) Petra Manche, Product Security Certification Lead Engineer, Cisco, United Kingdom


11:45 Panel Discussion: ISO Update (P11d) Moderator: Miguel Bañon, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain Panelists: Carolina Lavatelli, CTO & Founder, Internet of Trust, France; Kwangwoo Lee, Security Architect, HP Inc, Korea; Elzbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; David Martin, ISO WG3 Editor, University of Bath, United Kingdom [60MIN]

12:45 - 14:15 Networking and Lunch in Exhibit Area

This special extended-length lunch session includes opportunities to meet and re-connect with colleagues.

14:15 - 15:15 Track Sessions

Buenavista 1

Advances in the Use of Common Criteria
Selling the Value of CC
Moderator: Rob Huisman, NCCA Senior Security Specialist, Ministry of Economic Affairs and Climate Policy, Radiocommunications Agency Netherlands, Netherlands

14:15 Good, Fast, Cheap: Why Not All Three? (A12a) Wouter Slegers, CEO, TrustCB, Netherlands


14:45 Labs AMA (Ask Me Anything) (A12b) Wouter Slegers, CEO, TrustCB, Netherlands; Markus Bartsch, Business Development IT Security, TÜV Informationstechnik, Germany; Yi Mao, Managing Director atsec information security corporation, United States; Lachlan Turner, Director Consulting, Lightship Security, Canada; Xavier Vilarrubla, COO, SGS Brightsight EUAM, Spain

Buenavista 2

Cybersecurity Certification Schemes Landscape
History and Present
Moderator: Kwangwoo Lee, Security Architect, HP, Korea

14:15 The Long and Winding Road (L12a) Miguel Bañon, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain


14:45 2022 CC Statistics Report: Will This Year Beat Last Year’s Record Number of Certifications? (L12b) José Manuel Pulido, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain

Madrid 1&2

Updates from Schemes and ITCs
US and EU
Moderator: Petra Manche, Product Security Certification Lead Engineer, Cisco, United Kingdom

14:15 NIAP Looking Forward (U12a) Shantel Powell, NIAP D/CH, NIAP, United States


14:45 Guidance Development and Awareness Raising on EU Certification (U12b) Chloe Blondeau, Seconded National Expert, European Union Agency for Cybersecurity (ENISA), Greece

15:15 - 15:45 Networking Break in Exhibits

15:45 - 17:15 Track Sessions

Buenavista 1

Advances in the Use of Common Criteria
Site Security
Moderator: Anantha Kandiah, Director of Engineering, Teron Labs, Australia 

15:45 Confidential Security Evaluation Environment (A13a) Cheng Jiang, Principle Consultant, CC evaluator, atsec information security, Sweden; Luis Barriga, Ph.D., Principal Researcher, Ericsson, Sweden


16:15 Smartcard and Similar Devices Site Audits and Cloud Applications (A13b) Christophe Bouly, NXP Security Manager, NXP Semiconductors, France


16:45 ISCI WG1—High-Secure Remote Work—The Response to the Post-COVID Hybrid Mode Demand (A13c) Dr. Karsten Klohs, Director Business Development Security Engineering, Achelos, Germany

Buenavista 2

CC In New Domains
Automotive
Moderator: Jose Emilio Rico, Cybersecurity Division Director, DEKRA, Spain 

Madrid 1&2

Updates from Schemes and ITCs
EU Updates
Moderator: Petra Manche, Product Security Certification Lead Engineer, Cisco, United Kingdom

15:45 Strategic Views on Scheme Development (U13a) Renate Verheijen, Legal Advisor on Cybersecurity, European Union Agency for Cybersecurity (ENISA), Greece


16:15 An Update on the EUCC Scheme (U13b) Philippe Blot, Head of Sector Certification, European Union Agency for Cybersecurity (ENISA), Greece


16:45 EUCC and Industry Security Levels: Are we Heading Towards Misalignment? (U13c) Olivier Van Nieuwenhuyze, Security Lobbying & Standardization Senior Manager, STMicroelectronics, France

17:15 - 19:15 Welcome Reception

2022 Common Criteria Certificate Presentation Ceremony
Participants will have the opportunity to be photographed receiving their CC certificates from the national schemes. (P14)
Host: Bob Clemons, Independent Consultant, United States

19:15 Dine Around Toledo

Enjoy an informal group dinner at one of Toledo’s top restaurants with your ICCC colleagues on Tuesday, 15 November. This is an add-on to the 3-day conference registration. For an additional fee you can reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group at 19:15 at the conference registration desk and depart from there.

Wednesday 16 November

Networking Break Sponsor

08:00 - 09:00 Coffee in The Exhibits

09:00 - 10:30 Track Sessions

Buenavista 1

Advances in the Use of Common Criteria
Select Topics
Moderator: Anantha Kandiah, Director of Engineering, Teron Labs, Australia 

09:00 When the CCMB is Knocking at Your Door (A20a) Michael Vogel, Managing Director, atsec information security, Germany


09:30 Use Case Related to the Software Product Evaluated with the Highest Attack Potential (A20b) Elzbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; Dr. Piotr Krawiec, National Institute of Telecommunications, State Research Institute


10:00 Update on Transition Guide 22216 (A20c) Carolina Lavatelli, CTO, Internet of Trust, France

Buenavista 2

CC In New Domains
Select Topics
Moderator: Kwangwoo Lee, Security Architect, HP, Korea

09:00 Developing Common Criteria Certification for 3D Printing Equipment (D20a) Alan Sukert, Vice-Chair, Hardcopy Device international Technical Committee, United States


09:30 Security: The Second Wave of Convergence (D20b) Dan O’Loughlin, VP Engineering, Qualcomm Technologies, United States


10:00 Common Criteria and Quantum Crypto (D20c) Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States

Madrid 1&2

Updates from Schemes and ITCs
EU Updates
Moderator: Yi Mao, Managing Director atsec information security corporation HP, United States

09:00 EA Preparation for the EUCC (U20a) Rosalina Porres Ortega, Head of Area of ​​the Department of Laboratories and Product Certification, ENAC, Spain


09:30 Panel Discussion: EUCC (U20b) Moderator: Roberto Cascella, Head of Sector, Technology, Supply Chain & Strategic Autonomy, European Cyber Security Organisation (ECSO), Belgium Panelists: Roland Atoui, Managing Director, Red Alert Labs, France; Alessandro Lazari, Senior Key Account Manager, F24, Italy,  Franck Leroy, Chief Conformity Officer, IN Groupe, France; Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States [60 MIN]

10:30 - 11:00 Networking Break in Exhibits

11:00 - 12:30 Track Sessions

Buenavista 1

Advances in the Use of Common Criteria
Select Topics
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

11:00 Pre-Silicon evaluation will save EUCC (A21a) Pascal van Gimst, Vice President Global Services Sales and Business Development, Riscure


11:30 Keep the Code But Not the Flaws: A New Approach to Source Code Analysis (A21b) Michael Scheibel, Project Manager, TÜV Informationstechnik, Germany


12:00 Automation Update: Automating Towards a Better Tomorrow (A21c) Kevin Gallicchio, Technical Leader, NIAP, United States

Buenavista 2

CC in New Domains
Select Topics
Moderator: Gabor Hornyak, Head of Site & Process Certification, NXP Semiconductors, Hungary

Madrid 1&2

Updates from Schemes and ITCs
Scheme Updates
Moderator: Hitoshi Matsumoto, Japan IT Security Evaluation and Certification Scheme (JISEC), Japan

11:00 Spanish CB (CCN) Status Update (U21a) Pablo Franco, Head of Spanish Certification Body, CCN, Spain


11:30 Germany Scheme Update (U21b) Fritz Bollmann, Head of Software Certification, German Federal Office for Information Security (BSI), Germany


12:00 Japan Scheme Update (U21c) Toru Hashimoto, Assistant Manager, IPA, Japan

12:30 - 13:30 Lunch in Exhibit Area

13:30 - 15:00 Track Sessions

Buenavista 1

Advances in the Use of Common Criteria
New Ideas
Moderator: Fritz Bollmann, Head of Software Certification, German Federal Office for Information Security (BSI), Germany

13:30 How to Manage Evaluations for Higher EALs? (A22a) Dariusz Rogowski, ITSEF Manager, Łukasiewicz Research Network – Institute of Innovative Technologies EMAG, Poland


14:00 Developing an EAL2 Protection Profile and an Evaluation Methodology Document for Prepare and Measure Quantum Key Distribution Modules (A22b) Kenji Yamaya, CC Manager, ECSEC Laboratory, Japan; Kiyotaka Hammura, Technical Researcher, National Institute of Information and Communications Technology (NICT), Japan 


14:30 Threats and Challenges for AI/ML Based Solutions (A22c) Mehmet Cakir, CEO, BEAM Teknoloji A.Ş., Turkey

Buenavista 2

CC In New Domains
Biometrics 
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

13:30 Evaluation of Presentation Attack Detection Mechanisms in Biometric Systems (D22a) Jonas Geilich, Evaluator and Consultant, TÜV Informationstechnik, Germany 


14:00 Presentation of the Biometric Evaluation Procedure in Spain (D22b) Belén Fernández, CCN, Spain


14:30 Biometrics Security iTC Update (D22c) Brian Wood, Program Manager, Google, United States 

Madrid 1&2

Updates from Schemes and ITCs
Scheme Updates
Moderator: Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States

13:30 Singapore Scheme Update (U22a) Henry Tan, Deputy Director/Cybersecurity Certification Centre, Cyber Security Agency of Singapore Singapore


14:00 Panel Discussion: Asian Schemes Dealing with Global Changes (U22b) Moderator: Wan Shafiuddin Zainudin, Head, Information Security Certification Body, CyberSecurity Malaysia, Malaysia Panelists: Lim Soon Chia, Director (CSEC)/ Head Cybersecurity Certification Centre, CSA Singapore , Singapore; Toru Hashimoto, Assistant Manager, IPA, Japan; Hirotaka Yoshida, Team Leader, AIST, Japan; Nathaniel Aliño, Common Criteria Program Manager, T-Systems, Singapore

15:00 - 15:30 Networking Break in Exhibits

Exhibits end at 15:30

15:30 - 17:00 Track Sessions

Buenavista 1

Advances in the Use of Common Criteria
Re-use and Composition 
Moderator: Ritu-Ranjan Shrivastwa, Certification Program Manager, Secure-IC, France

Track Sponsor

15:30 Applying the CC Framework for Soft-IP Evaluation Reuse (A23a) Ruud Derwig, System Architect, Synopsys, Netherlands


16:00 Guidance for Support of Evaluation and Certification of PP-0117 Compliant Integrated Secure Elements (A23b) Monique Bakker, Senior Security Evaluator, SGS Brightsight, Netherlands


16:30 Cascading Evaluations—Can Downstream Vendors Benefit from Reference Evaluations (A23c) Brian Wood, Program Manager, Google, United States; Edward Morris, Co-founder, Gossamer Security Solutions

Buenavista 2

CC In New Domains
New Applications
Moderator: Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States

15:30 Certification Considerations for Open Source; The OpenTitan Project (D23a) Johann Heyszl, Security Engineering Manager, Opentitan, Google, United States


16:00 Panel Discussion: New Certification Schemes Based on CC (D23b) Moderator: Mike Grimm, Principal Security Program Manager, Microsoft, United States Panelists: Reinaldo Figueiredo, Vice President Conformity Assessment Strategy, ANSI National Accreditation Board/ANAB, United States; Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States; Nils Tekampe, IT Consultant, Konfidas, Germany; Wouter Slegers CEO, TrustCB, Netherlands [60 Min]

Madrid 1&2

Updates from Schemes and ITCs
CC in Specific Domains
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

15:30 Network Device iTC Update (U23a) Kristy Knowles, Security Research Engineer, Cisco, United States


16:00 Hardcopy Devices iTC Update—HCD cPP v1.0 (U23b) Kwangwoo Lee, Security Architect, HP, South Korea; Anantha Kandiah, Director, Teron Labs, Australia


16:30 NL Scheme Update and Preparation for the EUCC Scheme (U23c) Peter van Swieten, Senior Security Specialist European Cybersecurity Certification, Agentschap Telecom, Netherlands

Thursday 17 November

Networking Break Sponsor

08:00 - 09:00 Coffee

09:00 - 10:30 Track Sessions

Buenavista 1

Advances in the Use of Common Criteria
Tool Support
Moderator: Brian Wood, Program Manager, Google, United States

09:00 Taking the Guess Work out of Entropy Assessments! (A30a) James Ramage, Cryptographic Security Testing (CST) – Senior Evaluator, Lightship Security, Canada


09:30 CCCAB Tool—Making CABs Life Easy—Chapter 2 (A30b) Jose Ruiz, CTO, jtsec Beyond IT Security, Spain


10:00 n-doc. An Open Source Platform for CC-Documentation (A30c) Alexander Krumeich, Head of Certification/Senior Software Developer, n-design GmbH, Germany

Buenavista 2

Meeting Customer Requirements
Vulnerability Handling
Moderator: Rob Huisman, NCCA Senior Security Specialist, Ministry of Economic Affairs and Climate Policy, Radiocommunications Agency Netherlands, Netherlands

09:00 Vulnerability Handling on Certified Solutions (M30a) Vicente Gonzalez Pedros, Chair Thematic Group Vulnerability Handling on Certified Solutions, European Union Agency for Cybersecurity (ENISA), Spain


09:30 Panel Discussion: Vulnerability Handling and Disclosure (M30b) Moderator: Gabor Hornyak, Head of Site & Process Certification, NXP Semiconductors, Hungary  Panelists Christiane Droulers, STMicroelectronics, France; Vicente Gonzalez Pedros, Chair Thematic Group Vulnerability Handling on Certified Solutions, European Union Agency for Cybersecurity (ENISA), Spain; Javier Tallon, Technical Director, jtsec, Spain [60 MIN]

Madrid 1&2

Cybersecurity Certification Schemes Landscape
Select Topics
Moderator: Michael Vogel, Managing Director, atsec Information Security, Germany

09:00 How Do Other Schemes Reinforce Common Criteria Certifications? (L30a) Sylvain Guilley, CTO, Secure-IC, France


09:30 Much Ado About Blocking (L30b) Marina Ibrishimova, Cyber Security Consultant, Lightship Security, Canada


10:00 Eurosmart ISCI WG1—Evaluation Methodology for High-Security Evaluations (L30c) Jan Eichholz, Head of Security Consulting, Giesecke+Devrient GmbH, Germany

10:30 - 10:45 Networking Break

10:45-12:15 Track Sessions

Buenavista 1

CC in New Domains
Modules and Mobiles
Moderator: Michael Vogel, Managing Director, atsec Information Security, Germany

10:45 Building Resilience into Mobile Network Equipment Security (A31a) Vinny Robertson, Technical Sales Manager, GSMA, United Kingdom


11:15 Mobile Device Evaluation? Which PP? (A31b) Rasma Mozuraite Araby, CEO, Lab Manager, atsec information security, Sweden


11:45 Ch-ch-ch-ch-changes! Impact of Algorithm Transitions on PP-Based CC Evaluations (A31c) Ryan Thomas, CSTL Certification Program Director, Lightship Security, Canada

Buenavista 2

Meeting Customer Requirements
Process Improvement
Moderator: Ed Morris, Co-founder, Gossamer Security Solutions, United States

10:45 Common Criteria Certification of Electric Vehicle Charging Solutions (M31a) Yasir Emre Bulut, Director, OKTEM Laboratory, Turkey


11:15 Is Automation Necessary for the CC Survival? (M31b) Moderator: José Ruiz, CTO, jtsec Beyond IT Security, Spain Panelists: Kevin Gallicchio, Technical Leader, NIAP, United States; Alexander Krumeich, Head of Certification/Senior Software Developer, n-design GmbH, Germany; Lachlan Turner, Director Consulting, Lightship Security, Canada; Pascal van Gimst, Vice President Global Services Sales and Business Development, Riscure  [60 MIN]

Madrid 1&2

Cybersecurity Certification Schemes Landscape
Cryptographic Standards
Moderator: Sylvain Guilley, CTO, Secure-IC, France

Track Sponsor

10:45 ISO/IEC 29128-3: A New Paradigm of Cryptographic Protocol Verification Using CC Methodology (L31a) Ritu Ranjan Shrivastwa, Certification Program Manager, Secure-IC, France


11:15 Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (L31b) Moderator: Yi Mao, Managing Director, atsec information security corporation, United States Panelists: Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom; Naruki Kai, IPA, Japan; Dan O’Loughlin, VP Engineering, Qualcomm Technologies, United States; Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States  [60 MIN]

12:15 - 12:30 Networking Break

12:30 - 13:30 Closing Plenary Session

Buenavista 1

12:30 Summary Panel Discussion: Looking Forward (P32a)

Moderator: Alban Feraud, International Organizations & Regulatory Affairs, Strategy & Market Officer, IDEMIA Public Security & Identity, and President, EUROSMART, France Panelists: Philippe Blot, Lead Expert Certification, ENISA, Greece; John Boggie, Director, Head of Cybersecurity Certification, NXP Semiconductors, United Kingdom; Shaunak Shah, Engineering Manager | Lab Manager, CC, Intertek Acumen Security, United States; Laurie Mack, Director Security, and Certifications, Thales, Canada [60MIN]

13:30 Announcement of ICCC 2023 (P32b) Shantel Powell, NIAP D/CH, NIAP, United States

13:40 Adjourn