ICCC22 Conference Agenda

Buenavista 1

14:15 Good, Fast, Cheap: Why Not All Three? (A12a) Wouter Slegers, CEO, TrustCB, Netherlands

14:45 Labs AMA (Ask Me Anything) (A12b) Wouter Slegers, CEO, TrustCB, Netherlands; Markus Bartsch, Business Development IT Security, TÜV Informationstechnik, Germany; Yi Mao, Managing Director atsec information security corporation, United States; Lachlan Turner, Director Consulting, Lightship Security, Canada; Xavier Vilarrubla, COO, SGS Brightsight EUAM, Spain

Buenavista 2

14:15 The Long and Winding Road (L12a) Miguel Bañon, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain

14:45 2022 CC Statistics Report: Will This Year Beat Last Year’s Record Number of Certifications? (L12b) José Manuel Pulido, Consulting Leader and Senior Evaluator, jtsec Beyond IT Security, Spain

Madrid 1&2

14:15 NIAP Looking Forward (U12a) Shantel Powell, NIAP D/CH, NIAP, United States

14:45 Guidance Development and Awareness Raising on EU Certification (U12b) Chloe Blondeau, Seconded National Expert, European Union Agency for Cybersecurity (ENISA), Greece

Buenavista 1

15:45 Confidential Security Evaluation Environment (A13a) Cheng Jiang, Principle Consultant, CC evaluator, atsec information security, Sweden; Luis Barriga, Ph.D., Principal Researcher, Ericsson, Sweden

16:15 Smartcard and Similar Devices Site Audits and Cloud Applications (A13b) Christophe Bouly, NXP Security Manager, NXP Semiconductors, France

16:45 ISCI WG1—High-Secure Remote Work—The Response to the Post-COVID Hybrid Mode Demand (A13c) Dr. Karsten Klohs, Director Business Development Security Engineering, Achelos, Germany

Buenavista 2

15:45 Automotive Cybersecurity: Could You Trust the Connected Car? (D13a) Markus Bartsch, Business Development IT Security, TÜV Informationstechnik, Germany

16:15 CCC Digital Key: A Worldwide Standard That Enables Our Mobile Devices to Replace Traditional Keys to Give Access to Our Vehicles (D13b) Georg Stütz, Car Connectivity Consortium, Germany

16:45 Common Criteria in the Automotive Security Regulatory Domain—CC-Based Automotive Risk Assessment (D13c) Ena Kurtovic, Senior Certification Specialist, Secura, Netherlands

Madrid 1&2

15:45 Strategic Views on Scheme Development (U13a) Renate Verheijen, Legal Advisor on Cybersecurity, European Union Agency for Cybersecurity (ENISA), Greece

16:15 An Update on the EUCC Scheme (U13b) Philippe Blot, Head of Sector Certification, European Union Agency for Cybersecurity (ENISA), Greece

16:45 EUCC and Industry Security Levels: Are we Heading Towards Misalignment? (U13c) Olivier Van Nieuwenhuyze, Security Lobbying & Standardization Senior Manager, STMicroelectronics, France

Buenavista 1

09:00 When the CCMB is Knocking at Your Door (A20a) Michael Vogel, Managing Director, atsec information security, Germany

09:30 Use Case Related to the Software Product Evaluated with the Highest Attack Potential (A20b) Elzbieta Andrukiewicz, ITSEF Manager, National Institute of Telecommunications, Poland; Dr. Piotr Krawiec, National Institute of Telecommunications, State Research Institute

10:00 Update on Transition Guide 22216 (A20c) Carolina Lavatelli, CTO, Internet of Trust, France

Buenavista 2

09:00 Developing Common Criteria Certification for 3D Printing Equipment (D20a) Alan Sukert, Vice-Chair, Hardcopy Device international Technical Committee, United States

09:30 Security: The Second Wave of Convergence (D20b) Dan O’Loughlin, VP Engineering, Qualcomm Technologies, United States

10:00 Common Criteria and Quantum Crypto (D20c) Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States

Madrid 1&2

09:00 EA Preparation for the EUCC (U20a) Rosalina Porres Ortega, Head of Area of ​​the Department of Laboratories and Product Certification, ENAC, Spain

09:30 Panel Discussion: EUCC (U20b) Moderator: Roberto Cascella, Head of Sector, Technology, Supply Chain & Strategic Autonomy, European Cyber Security Organisation (ECSO), Belgium Panelists: Roland Atoui, Managing Director, Red Alert Labs, France; Alessandro Lazari, Senior Key Account Manager, F24, Italy,  Franck Leroy, Chief Conformity Officer, IN Groupe, France; Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States [60 MIN]

Buenavista 1

11:00 Pre-Silicon evaluation will save EUCC (A21a) Pascal van Gimst, Vice President Global Services Sales and Business Development, Riscure

11:30 Keep the Code But Not the Flaws: A New Approach to Source Code Analysis (A21b) Michael Scheibel, Project Manager, TÜV Informationstechnik, Germany

12:00 Automation Update: Automating Towards a Better Tomorrow (A21c) Kevin Gallicchio, Technical Leader, NIAP, United States

Buenavista 2

11:00 The Evolution of Relational Database Management System (RDBMS) Certifications from On-Prem to Cloud—An Overdue Demand (D21a) Álvaro Ortega, Lab Manager, DEKRA, Spain; Wolfgang Peter, Principal Security Program Manager, Microsoft, Germany

11:30 Cloud HSM for Governments Enabled by CC (D21b) Nils Gerhardt, CTO, Utimaco, Germany

12:00 Lightweight Certification: From a Lab Point of View (D21c) Maria Christofi, Oppida, France

Madrid 1&2

11:00 Spanish CB (CCN) Status Update (U21a) Pablo Franco, Head of Spanish Certification Body, CCN, Spain

11:30 Germany Scheme Update (U21b) Fritz Bollmann, Head of Software Certification, German Federal Office for Information Security (BSI), Germany

12:00 Japan Scheme Update (U21c) Toru Hashimoto, Assistant Manager, IPA, Japan

Buenavista 1

13:30 How to Manage Evaluations for Higher EALs? (A22a) Dariusz Rogowski, ITSEF Manager, Łukasiewicz Research Network – Institute of Innovative Technologies EMAG, Poland

14:00 Developing an EAL2 Protection Profile and an Evaluation Methodology Document for Prepare and Measure Quantum Key Distribution Modules (A22b) Kenji Yamaya, CC Manager, ECSEC Laboratory, Japan; Kiyotaka Hammura, Technical Researcher, National Institute of Information and Communications Technology (NICT), Japan 

14:30 Threats and Challenges for AI/ML Based Solutions (A22c) Mehmet Cakir, CEO, BEAM Teknoloji A.Ş., Turkey

Buenavista 2

13:30 Evaluation of Presentation Attack Detection Mechanisms in Biometric Systems (D22a) Jonas Geilich, Evaluator and Consultant, TÜV Informationstechnik, Germany 

14:00 Presentation of the Biometric Evaluation Procedure in Spain (D22b) Belén Fernández, CCN, Spain

14:30 Biometrics Security iTC Update (D22c) Brian Wood, Program Manager, Google, United States 

Madrid 1&2

13:30 Singapore Scheme Update (U22a) Henry Tan, Deputy Director/Cybersecurity Certification Centre, Cyber Security Agency of Singapore Singapore

14:00 Panel Discussion: Asian Schemes Dealing with Global Changes (U22b) Moderator: Wan Shafiuddin Zainudin, Head, Information Security Certification Body, CyberSecurity Malaysia, Malaysia Panelists: Lim Soon Chia, Director (CSEC)/ Head Cybersecurity Certification Centre, CSA Singapore , Singapore; Toru Hashimoto, Assistant Manager, IPA, Japan; Hirotaka Yoshida, Team Leader, AIST, Japan; Nathaniel Aliño, Common Criteria Program Manager, T-Systems, Singapore

Buenavista 1

Track Sponsor

15:30 Applying the CC Framework for Soft-IP Evaluation Reuse (A23a) Ruud Derwig, System Architect, Synopsys, Netherlands

16:00 Guidance for Support of Evaluation and Certification of PP-0117 Compliant Integrated Secure Elements (A23b) Monique Bakker, Senior Security Evaluator, SGS Brightsight, Netherlands

16:30 Cascading Evaluations—Can Downstream Vendors Benefit from Reference Evaluations (A23c) Brian Wood, Program Manager, Google, United States; Edward Morris, Co-founder, Gossamer Security Solutions

Buenavista 2

15:30 Certification Considerations for Open Source; The OpenTitan Project (D23a) Johann Heyszl, Security Engineering Manager, Opentitan, Google, United States

16:00 Panel Discussion: New Certification Schemes Based on CC (D23b) Moderator: Mike Grimm, Principal Security Program Manager, Microsoft, United States Panelists: Reinaldo Figueiredo, Vice President Conformity Assessment Strategy, ANSI National Accreditation Board/ANAB, United States; Ravi Jagannathan, Information System Security Manager / Sr Distinguished Engineer, Palo Alto Networks, United States; Nils Tekampe, IT Consultant, Konfidas, Germany; Wouter Slegers CEO, TrustCB, Netherlands [60 Min]

Madrid 1&2

15:30 Network Device iTC Update (U23a) Kristy Knowles, Security Research Engineer, Cisco, United States

16:00 Hardcopy Devices iTC Update—HCD cPP v1.0 (U23b) Kwangwoo Lee, Security Architect, HP, South Korea; Anantha Kandiah, Director, Teron Labs, Australia

16:30 NL Scheme Update and Preparation for the EUCC Scheme (U23c) Peter van Swieten, Senior Security Specialist European Cybersecurity Certification, Agentschap Telecom, Netherlands

Buenavista 1

09:00 Taking the Guess Work out of Entropy Assessments! (A30a) James Ramage, Cryptographic Security Testing (CST) – Senior Evaluator, Lightship Security, Canada

09:30 CCCAB Tool—Making CABs Life Easy—Chapter 2 (A30b) Jose Ruiz, CTO, jtsec Beyond IT Security, Spain

10:00 n-doc. An Open Source Platform for CC-Documentation (A30c) Alexander Krumeich, Head of Certification/Senior Software Developer, n-design GmbH, Germany

Buenavista 2

09:00 Vulnerability Handling on Certified Solutions (M30a) Vicente Gonzalez Pedros, Chair Thematic Group Vulnerability Handling on Certified Solutions, European Union Agency for Cybersecurity (ENISA), Spain

09:30 Panel Discussion: Vulnerability Handling and Disclosure (M30b) Moderator: Gabor Hornyak, Head of Site & Process Certification, NXP Semiconductors, Hungary  Panelists Christiane Droulers, STMicroelectronics, France; Vicente Gonzalez Pedros, Chair Thematic Group Vulnerability Handling on Certified Solutions, European Union Agency for Cybersecurity (ENISA), Spain; Javier Tallon, Technical Director, jtsec, Spain [60 MIN]

Madrid 1&2

09:00 How Do Other Schemes Reinforce Common Criteria Certifications? (L30a) Sylvain Guilley, CTO, Secure-IC, France

09:30 Much Ado About Blocking (L30b) Marina Ibrishimova, Cyber Security Consultant, Lightship Security, Canada

10:00 Eurosmart ISCI WG1—Evaluation Methodology for High-Security Evaluations (L30c) Jan Eichholz, Head of Security Consulting, Giesecke+Devrient GmbH, Germany

Buenavista 1

10:45 Building Resilience into Mobile Network Equipment Security (A31a) Vinny Robertson, Technical Sales Manager, GSMA, United Kingdom

11:15 Mobile Device Evaluation? Which PP? (A31b) Rasma Mozuraite Araby, CEO, Lab Manager, atsec information security, Sweden

11:45 Ch-ch-ch-ch-changes! Impact of Algorithm Transitions on PP-Based CC Evaluations (A31c) Ryan Thomas, CSTL Certification Program Director, Lightship Security, Canada

Buenavista 2

10:45 Common Criteria Certification of Electric Vehicle Charging Solutions (M31a) Yasir Emre Bulut, Director, OKTEM Laboratory, Turkey

11:15 Is Automation Necessary for the CC Survival? (M31b) Moderator: José Ruiz, CTO, jtsec Beyond IT Security, Spain Panelists: Kevin Gallicchio, Technical Leader, NIAP, United States; Alexander Krumeich, Head of Certification/Senior Software Developer, n-design GmbH, Germany; Lachlan Turner, Director Consulting, Lightship Security, Canada; Pascal van Gimst, Vice President Global Services Sales and Business Development, Riscure  [60 MIN]

Madrid 1&2

Track Sponsor

10:45 ISO/IEC 29128-3: A New Paradigm of Cryptographic Protocol Verification Using CC Methodology (L31a) Ritu Ranjan Shrivastwa, Certification Program Manager, Secure-IC, France

11:15 Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (L31b) Moderator: Yi Mao, Managing Director, atsec information security corporation, United States Panelists: Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom; Naruki Kai, IPA, Japan; Dan O’Loughlin, VP Engineering, Qualcomm Technologies, United States; Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States  [60 MIN]