15-17 November 2022 | Toledo, Spain

ICCC22 Conference Agenda

Tuesday 15 November

08:00 - 09:00 Registration

09:00 - 10:15 Plenary Keynote Session

9:00 Welcome and Introduction (P10a)

9:45 Industry Keynote Address TBA (P10c)

10:15 - 11:00 Networking Break in Exhibits

11:00 - 12:45Plenary Conference Session

11:00 CCDB Update (P11a) TBA


11:15 CCRA Update (P11b) Jon Rolf, Director NIAP, National Security Agency, United States


11:30 CCUF Update (P11c) Petra Manche, Product Security Certification Lead Engineer, Cisco, United Kingdom


11:45 Panel Discussion: ISO Update (P11d) Moderator: Miguel Bañon, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain Panelists: Carolina Lavatelli, CTO & Founder, Internet of Trust, France; Kwangwoo Lee, Security Architect, HP Inc, Korea; Elzbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland [60MIN]

12:45 - 14:15 Networking and Lunch in Exhibit Area

This special extended-length lunch session includes opportunities to meet and re-connect with colleagues.

14:15 - 15:15 Track Sessions

Advances in the Use of Common Criteria
Selling the Value of CC

14:15 TBA (A12a)


14:45 Good, Fast, Cheap: Why Not All Three? (A12b) Wouter Slegers, CEO, TrustCB, Netherlands

Cybersecurity Certification Schemes Landscape
History and Present

14:15 The Long and Winding Road (L12a) Miguel Bañon, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain


14:45 2022 CC Statistics Report: Will This Year Beat Last Year’s Record Number of Certifications? (L12b) José Manuel Pulido, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain

Updates from Schemes and ITCs
US and EU

14:15 NIAP Looking Forward (U12a) Shantel Powell, NIAP D/CH, NIAP, United States


14:45 Guidance Development and Awareness Raising on EU Certification (U12b) Chloe Blondeau, Seconded National Expert, European Union Agency for Cybersecurity (ENISA), Greece

15:15 - 15:45 Networking Break in Exhibits

15:45 - 17:15 Track Sessions

Advances in the Use of Common Criteria
Site Security

15:45 Confidential Security Evaluation Environment (A13a) Cheng Jiang, Principle Consultant, CC evaluator, atsec information security, Sweden


16:15 Smartcard and Similar Devices Site Audits and Cloud Applications (A13b) Christophe Bouly, NXP Security Manager, NXP Semiconductors, France


16:45 ISCI WG1—High-Secure Remote Work—The Response to the Post-COVID Hybrid Mode Demand (A13c) Rachel Menda-Shabat, Director of Cybersecurity Certifications, Winbond, Israel

CC In New Domains
Automotive
Updates from Schemes and ITCs
EU Updates

15:45 Strategic Views on Scheme Development (U13a) Renate Verheijen, Legal Advisor on Cybersecurity, European Union Agency for Cybersecurity (ENISA), Greece


16:15 An Update on the EUCC Scheme (U13b) Philippe Blot, Head of Sector Certification, European Union Agency for Cybersecurity (ENISA), Greece


16:45 CCRA and EUCC—Co-operation or Fragmentation? (U13c) Tyrone Stodart, Senior Principal Security Analyst, Oracle, United Kingdom

17:15 - 19:15 Welcome Reception; Presentation of Certificates in Exhibits

19:15 Dine Around Toledo

Enjoy an informal group dinner at one of Toledo’s top restaurants with your ICCC colleagues on Tuesday, 15 November. This is an add-on to the 3-day conference registration. For an additional fee you can reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group at 19:15 at the conference registration desk and depart from there.

Wednesday 16 November

08:00 - 09:00 Coffee in The Exhibits

09:00 - 10:30 Track Sessions

Advances in the Use of Common Criteria
Select Topics

09:00 When the CCMB is Knocking at Your Door (A20a) Michael Vogel, Managing Director, atsec information security, Germany


09:30 Use Case Related to the Software Product Evaluated with the Highest Attack Potential (A20b) Elzbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland


10:00 Update on Transition Guide 22216 (A20c) Carolina Lavatelli, CTO, Internet of Trust, France

CC In New Domains
Select Topics

09:00 Developing Common Criteria Certification for 3D Printing Equipment (D20a) Alan Sukert, Vice-Chair, Hardcopy Device international Technical Committee, United States


09:30 Protection Profile for Quantum Computing-as-a-Service (D20b) Richard Tychansky, Quantum Computing Security Architect, Identity Dynamics Corp, United States


10:00 Common Criteria and Quantum Crypto (D20c) Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States

Updates from Schemes and ITCs
EU Updates

09:00 EA Preparation for the EUCC (U20a) Rosalina Porres Ortega, Head of Area of ​​the Department of Laboratories and Product Certification, ENAC, Spain


09:30 Panel Discussion: EUCC (U20b) Moderator: Roberto Cascella, Senior Policy Manager, European Cyber Security Organisation (ECSO), Belgium Panelists: Roland Atoui, Managing Director, Red Alert Labs, France; Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States; TBA [60 MIN]

10:30 - 11:00 Networking Break in Exhibits

11:00 - 12:30 Track Sessions

Advances in the Use of Common Criteria
Select Topics

11:00 EUCC Will Save the Day (A21a) Jasmina Omic, Product Manger Services, Riscure, Netherlands


11:30 Keep the Code But Not the Flaws: A New Approach to Source Code Analysis (A21b) Michael Scheibel, Project Manager, TÜV Informationstechnik, Germany


12:00 Automation Update: Automating Towards a Better Tomorrow (A21c) Kevin Gallicchio, Technical Leader, NIAP, United States

CC in New Domains
Cloud

11:00 The Evolution of Relational Database Management System (RDBMS) Certifications from On-Prem to Cloud—An Overdue Demand (D21a) Álvaro Ortega, Lab Technical Manager, DEKRA, Spain; Wolfgang Peter, Principal Security Program Manager, Microsoft, Germany


11:30 Cloud HSM for Governments Enabled by CC (D21b) Nils Gerhardt, CTO, Utimaco, Germany


12:00 Adapting PP Modules for Cloud Evaluations (D21c) Brandon Harvey, Principal Security Analyst, Oracle, United States

Updates from Schemes and ITCs
Scheme Updates

11:00 Spanish CB (CCN) Status Update (U21a) Pablo Franco, Head of Spanish Certification Body, CCN, Spain


11:30 Germany Scheme Update (U21b) Fritz Bollmann, Head of Software Certification, German Federal Office for Information Security (BSI), Germany


12:00 Japan Scheme Update (U21c) Toru Hashimoto, Assistant Manager, IPA, Japan

12:30 - 13:30 Lunch in Exhibit Area

13:30 - 15:00 Track Sessions

Advances in the Use of Common Criteria
New Ideas

13:30 How to Manage Evaluations for Higher EALs? (A22a) Dariusz Rogowski, ITSEF Manager, Łukasiewicz Research Network – Institute of Innovative Technologies EMAG, Poland


14:00 Developing an EAL2 Protection Profile and an Evaluation Methodology Document for Prepare and Measure Quantum Key Distribution Modules (A22b) Kenji Yamaya, CC Manager, ECSEC Laboratory, Japan


14:30 Threats and Challenges for AI/ML Based Solutions (A22c) Mehmet Cakir, CEO, BEAM Teknoloji A.Ş., Turkey

CC In New Domains
Biometrics

13:30 Biometrics Security iTC Update (D22a) Brian Wood, Program Manager, Google, United States


14:00 Presentation of the Biometric Evaluation Procedure in Spain (D22b) Pablo Franco, Head of Spanish Certification Body, CCN, Spain


14:30 Evaluation of Presentation Attack Detection Mechanisms in Biometric Systems (D22c) Boris Leidner, Product Manager, TÜV Informationstechnik, Germany

Updates from Schemes and ITCs
Scheme Updates

13:30 Singapore Scheme Update (U22a) Henry Tan, Deputy Director/Cybersecurity Certification Centre, Cyber Security Agency of Singapore, Singapore; Chok Wen Li, Certifier/Cybersecurity Certification Centre, Cyber Security Agency of Singapore, Singapore


14:00 Panel Discussion: Asian Schemes Dealing with Global Changes (U22b) Panelists TBA [60 MIN]

15:00 - 15:30 Networking Break in Exhibits

15:30 - 17:00 Track Sessions

Advances in the Use of Common Criteria
Re-use and Composition

15:30 Applying the CC Framework for Soft-IP Evaluation Reuse (A23a) Ruud Derwig, System Architect, Synopsys, Netherlands


16:00 Guidance for Support of Evaluation and Certification of PP-0117 Compliant Integrated Secure Elements (A23b) Monique Bakker, Senior Security Evaluator, SGS Brightsight, Netherlands


16:30 Cascading Evaluations—Can Downstream Vendors Benefit from Reference Evaluations (A23c) Brian Wood, Program Manager, Google, United States

CC In New Domains
New Applications

14:30 Certification Considerations for Open Source; The OpenTitan Project (D23a) Dominic Rizzo, Open Secure Silicon Tech Lead, FIPS Security Key Tech Lead, Google, United States


15:30 Panel Discussion: New Certification Schemes Based on CC (D23b) Moderator: Mike Grimm, Principal Security Program Manager, Microsoft, United States Panelists: TBA [60 Min]

Updates from Schemes and ITCs
CC in Specific Domains

15:30 Network Device iTC Update (U23a) Kristy Knowles, Security Research Engineer, Cisco, United States


16:00 Hardcopy Devices iTC Update—HCD cPP v1.0 (U23b) Kwangwoo Lee, Security Architect, HP, South Korea; Anantha Kandiah, Director, Teron Labs, Australia


16:30 Square Peg in a Round Hole—How the CC in the Cloud TWG is Making CC Work for DevOps (U23c) Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States

Thursday 17 November

08:00 - 09:00 Coffee

09:00 - 10:30 Track Sessions

Advances in the Use of Common Criteria
Tool Support

09:00 Taking the Guess Work out of Entropy Assessments! (A30a) James Ramage, Cryptographic Security Testing (CST) – Senior Evaluator, Lightship Security, Canada


09:30 CCCAB Tool—Making CABs Life Easy—Chapter 2 (A30b) Jose Ruiz, CTO, jtsec Beyond IT Security, Spain


10:00 n-doc. An Open Source Platform for CC-Documentation (A30c) Alexander Krumeich, Head of Certification/Senior Software Developer, n-design GmbH, Germany

Meeting Customer Requirements
Vulnerability Handling

09:00 Vulnerability Handling on Certified Solutions (M30a) Vicente Gonzalez Pedros, Cybersecurity Expert, European Union Agency for Cybersecurity (ENISA), Spain


09:30 Panel Discussion: Vulnerability Handling and Disclosure (M30b) Panelists TBA [60 MIN]

Cybersecurity Certification Schemes Landscape
Select Topics

09:00 How Do Other Schemes Reinforce Common Criteria Certifications? (L30a) Sylvain Guilley, CTO, Secure-IC, France


09:30 Much Ado About Blocking (L30b) Marina Ibrishimova, Cyber Security Consultant, Lightship Security, Canada


10:00 Eurosmart ISCI WG1—Evaluation Methodology for High-Security Evaluations (L30c) Gordon Caffrey, Technical Lead for Secure Environment and Certification Strategy, NXP Semiconductors, Germany; Jan Eichholz, Head of Security Consulting, Giesecke+Devrient GmbH, Germany

10:30 - 10:45 Networking Break

10:45-12:15 Track Sessions

CC in New Domains
Modules and Mobiles

10:45 GSMA Update (A31a) TBA


11:15 Mobile Device Evaluation? Which PP? (A31b) Rasma Mozuraite Araby, CEO, Lab Manager, atsec information security, Sweden


11:45 Ch-ch-ch-ch-changes! Impact of Algorithm Transitions on PP-Based CC Evaluations (A31c) Ryan Thomas, CSTL Certification Program Director, Lightship Security, Canada

Meeting Customer Requirements
Process Improvement

10:45 Satisfying the Requirements of a Multi-Scheme Security Certification Effort—Striking Just the Right Balance (M31a) Kelvin Desplanque, Senior Program Manager, Microsoft, Canada


11:15 Is Automation Necessary for the CC Survival? (M31b) Moderator: José Ruiz, CTO, jtsec Beyond IT Security, Spain Panelists: TBA [60 MIN]

Cybersecurity Certification Schemes Landscape
Cryptographic Standards

10:45 ISO/IEC 29128-3: A New Paradigm of Cryptographic Protocol Verification Using CC Methodology (L31a) Ritu Ranjan Shrivastwa, Certification Program Manager, Secure-IC, France


11:15 Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (L31b) Moderator: Yi Mao, VP Lab Director, atsec information security corporation, United States Panelists: TBA [60 MIN]

12:15 - 12:30 Networking Break

12:30 - 13:30 Closing Plenary Session

13:30 Adjourn