An outline agenda is available below - please check back regularly for updates. If you are interested in speaking opportunities, please contact Anne-Lise Simon at email@example.com
Thursday 1 October, 2015
Welcome Coffee and Registration
Director, Digital Forum,
The Centre for European Policy Studies (CEPS)
Member of Cabinet of Vice-President Ansip,
Senior Director, Global Security Strategy and Diplomacy,
Session 1 - Cyber Security in Europe: are we on the right track? What are the next steps?
With the European Cyber Security Strategy currently in its implementation phase, and the NIS Directive under discussion in the Council, this session will provide an update on cyber security policy developments in Europe. It will discuss issues related to the future implementation of the directive by EU member states taking into account the “minimum-harmonisation” principle and ask how close we concretely are to filling Europe’s cyber security gaps. It will also explore the scope and practical aspects of the mandatory reporting of cyber-incidents affecting critical-infrastructures and, as most critical infrastructures are privately run, will discuss the need for effective public-private cooperation.
- To what extent will the framework concretely help resolve the existing discrepancies between Member States’ cyber security policies and operational capabilities?
- For incidents affecting personal data, how will the legal requirements of the EU Cyber Security Strategy, the e-Privacy Directive, the General Data Protection Regulation and the respect of civil liberties coexist, in practice?
- How effective has the establishment of CERTs at EU level been? As their missions and experiences vary from one country to another, how can better information sharing between countries be achieved?
- What tools are available to member states to strengthen the security and resilience of national critical infrastructures? How can cooperation between governments, critical infrastructure organisations and other non-governmental entities be encouraged? How crucial will the public-private partnership on technologies and solutions for online network security to be launched by the European Commission early next year be to help reduce cyber security risks and implement incident response?
- What impact will the minimum-harmonisation principle linked to the NIS directive have on Member States’ interpretations of what constitutes a critical infrastructure in their national requirements? What effect will this have on the efforts to create a unified and coherent framework for cross-boder cyber security strategies?
- In order to prepare for future threats, and with the development of new technological concepts such as Cloud Computing and the Internet of Things creating new security challenges, how can it be ensured that the legal and regulatory framework governing cyber security remains flexible and future-proof?
Deputy Head of Unit - Trust and Security, DG CONNECT,
Federal Government Austria
Chief Information Security Officer,
Chief Information Security Officer,
Director, Government Affairs, EMEA,
BSA | The Software Alliance
Expert in Computer Security and Incident Handling Policy,
Session 2 - Technical innovation, people and processes: strengthening preparedness against cyber incidents
Securing the cyberspace will not only rely on a strong policy framework and international cooperation but also on the continuous development of innovative security technologies, through the establishment of a responsible cyber security culture within organisations and through the improvement of the workforce’s digital skills in both the private and public sectors.
Embedding cyber security and risk management into overall businesses’ and public entities’ security strategies will become as vital as using the latest technologies, processes and systems to secure networks and infrastructures. Cyber security insurers and reinsurers, whose roles will become increasingly important to manage and mitigate the financial risks linked to security flaws, will be more and more alert to these aspects.
- With continuous innovation creating new vulnerabilities for systems and with the explosion of mobile devices and connected objects stretching the “attack surface”, how can cyber security be better embedded into the design stages of software and applications?
- Which new innovations will help with the analysis and management of future cyber threats? What specific security implications and opportunities are emerging with the use of Cloud Computing and Big Data to reinforce Europe’s cyber resilience?
- What can be done to ensure the integrity of the supply chain of technology products?
- Do business leaders and public sector officials allocate adequate resources to respond to security flaws and cyber attacks? What tools are available to them to support decisions and investments that can significantly enhance security?
- How can organisations achieve continuous compliance to new regulations and respond effectively to evolving risks? What tools are available to organisations to educate their employees about cyber security best practices and offer adequate training?
- Often considered as the “weak links” for cyber attacks, how can SMEs with smaller budgets and resources ensure that they are sufficiently prepared against sophisticated attacks or major security flaws?
- To what extent can cyber security be considered as an insurable risk? What are the key challenges for insurers and reinsurers and how can they analyse the required investments?
- Would giving liability protection encourage companies to report breaches and incite them to have better security systems in place, or would it risk giving them a false sense of security?
CEO and Founder,
Director of product management,
LSEC (Leaders in Security)
Deloitte Enterprise Risk Services
Deputy Head of Companies and experts,
Co-Founder and Chief Business Development Officer,
Session 3 - Developing cyber defence capabilities and norms: defending Europe from external threats
While digital technologies have played a remarkable role in facilitating global communication and international trade, the cyberspace can also be used as a ground for politically motivated, terrorist or states-sponsored attacks and alternative methods of spying or sabotage, as recently seen with the attacks on Sony Pictures Entertainment and TV5Monde.
Given the global dimension of cyber threats, cybers ecurity strategies and policies need to maintain an international outlook to reduce the risk that nation states or terrorist organisations use, abuse or exploit networked technologies as part of offensive operations. How successfully is the EU working with NATO partners and how effective have attempts to develop a global security approach been?
- How can the monitoring and reporting of cyber incidences and attacks be improved internationally? Can the EU become an exporter of cyber security expertise and services?
-How can the capacity to defend against and respond to cyber attacks by national states or terrorist organisations be developed?
- Can a level playing field for international cyber security, recognized certification agreements and defense standards be established?
- Just as there are norms of behavior for States in other areas of conflicts, should universal norms for cybersecurity be established to limit potential conflict in cyberspace so that events don’t escalate to cyber warfare?
- With concerns on some government’s actions to intercept content to improve their defence and counter terrorist activities and propaganda on the Internet, how can the balance be found to ensure that civil liberties and free speech are safeguarded?
Research group director for Defence, Security & Infrastructure,
Ambassador Sorin Ducaru,
Assistant Secretary General for Emerging Security Challenges,
Team Leader of the European Internet Referral Unit (EU IRU),
Head of Cyber Policy Coordination Conflict Prevention and Security Policy,
European External Action Service
Director of Cybersecurity Policy, EMEA,