Overview of Cybertalks
30 November 2021 | 4 pm CET | Marc de Bruin: Self driving cars are secure and safe and several other fairytales
Do you still dare to walk in public besides cars?
As the national type approval authority, RDW is responsible for the European type approval of, among others, the Tesla Model S, X and 3. This means that these vehicles can be used throughout Europe and therefore do not have to be re-approved in other countries.
A Tesla is often full of all kinds of tools to make driving easier. Think of adaptive cruise control, lane assist, but also (what Tesla calls) an "autopilot". This aid allows the vehicle to travel independently without any intervention from the driver. Your speaker has had “interesting experiences” with this “autopilot”. Fasten your seatbelts, you are not secure!
Marc de Bruin has extensive experience working for RDW. He started his career at RDW almost 20 years ago as IT consultant. He later became IT architect and Senior IT Consultant before changing to his current position as Senior Consultant. Prior to working at RDW, Marc has worked as researcher for KPN Research and as researcher for Océ Research and Development. He also worked as a Software Engineer at Imtech. Marc specializes in IT architecture, security, privacy, ethical hacking and self driving.
7 December 2021 | 4 pm CET | Nynke Vellinga: Regulating the Cybersecurity of Vehicles: beyond Technical Vehicle Regulations
The traditional technical vehicle regulations seem suitable instruments to regulate cyber security in vehicles. However, other legal instruments can (and do) encourage the development of ‘cybersecure’ vehicles. In her talk, Nynke will provide an overview of these instruments as well as identify any lacunas in the current legislative framework on vehicle cyber security.
Nynke Vellinga works as a postdoc researcher at the Faculty of Law of the University of Groningen. Within the context of the Cybersecurity Noord-Nederland project, Nynke extents her research concerning the legal aspects of automated vehicles into the field of cyber security in vehicles. In addition, Nynke is a member of the ITU focus group on AI for autonomous and assisted driving and she represents the University in the CCAM Partnership.
14 December 2021 | 4 pm CET | Bashar Fteiha: Regulating the Cybersecurity of Autonomous Vehicles using a Law and Economics Approach
This lecture intends to discuss how the use of Law and Economics approach, more specifically the theory of optimal enforcement, could be useful in developing a regulatory framework for the cyber-security of automated vehicles (AVs). Accordingly, the lecture will look into how the theory of optimal enforcement could employed to examine which enforcement mechanism (private enforcement through liability or public enforcement through administrative and criminal enforcement) will be more suitable for providing incentives structures that gear the actions of the main actors towards achieving a high level of security in AVs.
Bashar Fteiha is a PhD Researcher at the Faculty of Law of the University of Groningen. His research focuses on the use of Law and Economics Approach in regulating the cybersecurity of Autonomous Vehicles (AVs). Specifically, he is seeking to employ the theory of Optimal Law Enforcement to examine how legal rules can be formulated to provide security-enhancing incentives to all the main stakeholders throughout the lifetime of AVs. His project is part of the Cybersecurity Noord-Nederland project (CSNN).
21 December 2021 | 4 pm CET | Jessica Hof: Data Protection by Design and eHealth
The mini-lecture given by Jessica will address to what extent Friedman's VSD (Value Sensitive Design) methods can be helpful in ensuring data protection in the eHealth design process. The Dutch app CoronaMelder will serve as a case study in this regard.
Jessica Hof works as lecturer and researcher at the Hanze University of Applied Sciences Groningen. In September 2020, she started her PhD-project in close collaboration with de University of Groningen (UG) as part of the Cybersecurity project Northern Netherlands (CSNN). Jessica’s PhD-project focuses on the design process of eHealth applications and addresses in what way the values of the legislator, purchaser, developer and (end)users can be guaranteed in respect of the accessibility and protection of personal data in the design process of eHealth applications.
11 January 2022 | 4 pm CET | Ruud Kerssens: The impact of the new EU Cybersecurity certification
Cybersecurity is hot and does have a prominent place in the agenda of the European Commission. In her State of the Union Ursula von der Leyen, President of the European Commission, stipulated the importance once more with, among the key points, “Leading the digital transformation that will create jobs and drive competitiveness, while ensuring technical excellence and security of supply”. A challenging combination of economics and security.
An important instrument for the European Commission is the Cybersecurity Act (CSA). The CSA appears to become a crucial part of the Cybersecurity strategy in Europe.
In this minilecture the participants will be guided through
- the key elements of the CSA;
- from Basic to High Assurance level;
- the process of how certification schemes are developed and made effective;
- explanation of ECCG, SCCG, AHWG, TG’s in their dependencies;
- scheme explanation with some examples from schemes under construction;
- the role of standard setting bodies;
- from voluntary to mandatory;
- the relation with other regulation;
- the prior approval model implementation in The Netherlands;
- role of Agentschap Telecom
- closing with some challenging statements about the expected business impact.
Crucial stuff to understand current developments regarding cybersecurity in the EU that will impact the day-to-day business tomorrow.
Ruud Kerssens RE RA CISA CRISC (Senior Cybersecurity Certification Auditor at the Radiocommunications Agency (AT)) is an experienced IT auditor in the area of cybersecurity. His credo is to be challenged every day with new developments, scenario’s, implementations etc. Operating on the edge of auditing and advice. Within his broad range of interests he likes to dig deeper and to find the right level of communication to coach stakeholders and organization to improve their insights and level of control.
Since March 2021 an AT expert on cybersecurity and audit. Active within the NOREA (Professional organization of IT Auditors in the Netherlands) in several professional committees and working groups. Area’s of interest to mention: privacy, auditing, certification, SAP security, Artificial Intelligence, digital infrastructure, security architecture, cybersecurity in control.
At AT setting up the NCCA certification team and quality system. Involved in the AdHoc Working group for cloud services at ENISA. Member of NEN norm commissions, CEN/CENELEC and ETSI.
Ruud has lectured at the VU Amsterdam in the postgraduate EDP auditing course and has provided training in the areas of IT auditing, privacy by design, DigiD assessments, SAP security audits and IT auditing as part of the annual accounts audit.
18 January 2022 | 4 pm CET | Michele Molè: Welcome to the era of the 'datafied' workplace: risks and opportunities of the new surveillance through AI and IoT
The new workplace surveillance through Artificial Intelligence and the Internet of Things opens up innovative organisational and cyber security possibilities for companies. However, not all that glitters is gold: what are the implications for employees' privacy? How can it affect the exercise of trade union freedoms and protection from discrimination? Codetermining workplaces' datafication is the key for answering these questions while fostering employees’ fundamental rights and businesses' innovation.
Michele Molè is a PhD candidate at the University of Groningen. He holds a Master's degree in Law from the University of Milan and has been researching workplace surveillance since 2018 between Italy and Belgium.
25 January 2022 | 4 pm CET | Jurjen Jansen: Cyber Resilience: a Closer Look at the Human Factor
In this mini lecture, we zoom in on the human aspects of cybersecurity. More specifically, a case is made that we need to move away from the perspective in which we view the end user as a weak link, but rather to the perspective in which we see the end user as an essential, strong link in cybersecurity.
Jurjen Jansen PhD is a senior researcher at the Cybersafety Research Group of the Thorbecke Academie (NHL Stenden University of Applied Sciences), where he has been working since 2010. Jurjen’s research focusses on issues regarding cyber resilience of people and organizations, such as police, municipalities and small and medium sized enterprises. His main research interests include human aspects of cybersecurity, cybercrime, victimization, social cognition and human-computer interaction. In 2018, Jurjen obtained his doctorate in the field of behavioral information security at the Open University of the Netherlands. His PhD research focused on strengthening the cyber resilience of end users in the context of online banking. In addition, Jurjen led and collaborated in various projects about cyber resilience e.g., the role of encryption in police investigations (currently), the digital safety of smart cities (currently), cyber crises in municipalities (2021), knowledge for police work in a digital society (2020), and disrupting online purchase fraud (2019).
4 February 2022 | 11 am CET | Fatih Turkmen: Attacking Machine Learning Systems and an Overview of Security/Privacy Research at RUG
Please note that this lecture is taking place on Friday, February 4th at 11 am.
In this mini lecture, Fatih will mostly focus on two lines of (technical) security research we conduct at the University of Groningen. The first one is related to the security and privacy of Machine Learning (ML) systems where an attacker tries to attack an ML system to infer information about the training data (or the parameters) from a given ML model and/or manipulate the execution results, e.g. incorrect predictions. Examples of such attacks include membership/property inferences and backdoors. The second line is about our work on fuzzing, a fundamental security testing technique, and its integration to recent software development paradigms such as CI/CD. Our recent work has focused on the tension between fuzzing, which is costly, and the agility of CI/CD where the things move very fast and are highly automated. If the time permits, Fatih will provide a quick peek at our recent research work on the use of blockchain technologies for handling genomic data.
Fatih Turkmen is an Assistant Professor at the University of Groningen since 2019. His research interests include access control, formal/empirical methods for security analysis and security/privacy of machine learning. He has broad experience in the design and development of security infrastructures related to authentication and authorisation when accessing sensitive data or services. In recent years, he developed an interest in genomic data privacy trying to answer questions like: "How do we ensure the protection of genomic data once it starts being used on a daily basis?". The research in this area involves the use of privacy-enhancing technologies and machine learning. He has been involved in various international projects (e.g. EU Cyclone) related to these topics, is one of the Workshops chairs of SecureComm'22 conference and is an active member of respective national (e.g. Dutch AVR challenge) and international communities.
8 February 2022 | 4 pm CET | Evgeni Moyakine: The Never-ending Quest for Attribution of Cyber Operations to States and the Issue of State Control over Non-State Actors in Cyberspace
In today’s highly digitalized and globalized society, cyber operations – including distributed denial-of-service and malware attacks – are carried out by both State and non-State actors and pose significant threats and challenges to cybersecurity of practically all countries around the globe. Under international law, these operations can be qualified as the use of force that is prohibited under Article 2(4) of the UN Charter or can fall below this threshold landing in a gray unexplored area between war and peace. In this contribution to Cybertalks building on the research conducted by Evgeni Moyakine at the University of Haifa in Israel, the issue of international responsibility for the involvement of States in cyber operations will be investigated from the perspective of legal attribution. It will explore the level of control that must be exercised by States over non-State actors engaging in cyber acts in order to make these acts emanating from cyberspace attributable to the States in question and es-tablish international responsibility.
Evgeni Moyakine is an Assistant Professor in the field of IT Law at the University of Groning-en and an associate member of the Security, Technology & e-Privacy (STeP) Research Group of the same university. Separately and in cooperation with his colleagues, he has been ac-tively involved in various international projects, participated in diverse conferences and pub-lished on a range of topics in multiple areas of law. His research interests include interna-tional law, European law, IT law, biometrics, cybersecurity, data protection, privacy and sur-veillance.
15 February 2022 | 4 pm CET | Michel Van der Plas: Consumer cyber(in)security in a world of FinTech: The case of comparison tools and financial aggregator platforms
Consumers today are using mobile apps and online platforms to make investments, obtain credit and take out insurance. These new phenomena bring cybersecurity risks in the traditional sense; for example, it might become harder for the financial institution (or regulator) to detect cybersecurity issues in the fragmented value chain of ‘Open Banking’. Additionally, it brings cyber-insecurity risks like a lack of (fee) transparency, conflict of interest, exploitation of behavioral bias and unsolicited targeted advertisement on the basis of consumer data. For his presentation, Michel is going to give his preliminary findings on the risks, the applicable legal framework and the legal bottlenecks in relation to the new way of marketing financial products and services with the use of new consumer platforms/interfaces in the context of ‘Open Banking’.
Michel van der Plas works as a PhD researcher at the Law faculty of the University of Groningen, at the Department of Private Law and Notarial Law. Michel holds a master degree in private law, in particular commercial practice, and he obtained a second master degree in Financial law at Leiden University. During his studies, Michel has developed a passion for these areas of law and the way they interact with each other. His research focuses on FinTech and Consumer law.
22 February 2022 | 4 pm CET | Marco Vellinga: Walk the Line: How a Telecom Company Secures Customer Data While Staying on the Right Side of the Law
Telecommunication security requirements have been heavily influenced by law even long before the introduction of the GDPR. But those laws also force you to hand over customer information to certain government agencies. So how do you walk the very thin line between securing your customers’ data without violating the law? This lecture aims at providing insight into the measures and considerations it takes to secure a telecommunications company and the threats we face.
Marco Vellinga is a Software Engineer at Devhouse Spindle and Voys with an above average interest in cyber security. Aside from building software, he is also one of the Security Officers within the company. Security and Privacy are important to him and he loves spreading awareness about these topics.
1 March 2022 | 4 pm CET | Erik Rutkens: You will be hacked!
Erik Rutkens, in his presentation, keeps us up-to-date with the latest cybersecurity threats and what you can do to increase your digital resilience. From the latest ransomware attacks to vulnerabilities in IoT, he explains the need for secure software and why we should embrace hackers. The question is not whether you will be hacked, but when and how often.
Erik Rutkens, practitioner of digitally secure hardware and software at Noorderpoort, founder, owner and director of Zerocopter and one of the initiators of a public-private partnership in the North of the Netherlands to increase the resilience of SMEs, among other things. He is also the founder of Qbit Cyber Security, where he was a CEO for over 10 years. Erik studied business administration at the University of Groningen.
8 March 2022 | 4 pm CET | Tatiana Nascimento Heim: The Global Governance of Cybersecurity
This lecture intends to discuss the global governance of cybersecurity from a holistic perspective, by understanding existing norms of cybersecurity and their arrangement, as well as the main actors in this process. The aim is not to ask who should control the internet, but how it is governed in a multi-actor and multi-level setting and what the implications are for the current governance structure.
Tatiana is a PhD candidate at Twente University’s Department of Public Administration. Her research focuses on international law, global governance and cybersecurity. Tatiana holds a master's degree in public governance at the Technological University Federal of Paraná. Separately, Tatiana works as a lawyer in the Heim & Santos Law Firm.
15 March 2022 | 4 pm CET | Rix Groenboom: How to validate your software & IT
Software is the core part of all modern infrastructure and the main driver behind innovation in many (if not all) industries. And for safety and mission critical applications, software quality is paramount. This holds for so-called functional as well as non-functional aspects (such as security, performance, and compliance to quality standards).
This presentation will give an overview of the methodologies and technologies that are applied to guarantee the correct functioning of core IT infrastructure. It will link the formal and legal requirements of software systems to practical and operational to ways how these requirements can be enforced.
In particular will take a close look in how distributed systems are validated to demonstrate their correctness in context of its environment. For these API driven applications, so-called "sandbox" environments are used that allow for the validation and certification of the information exchange. This concept is explained by using examples from different domains: banking (the PSD2 standard), eHealth (the Dutch MedMij framework) and the energy market.
Rix Groenboom is lector (research professor) at the Hanze University of Applied sciences in the area of Digital Transformation. The research group, New Business and ICT, focusses on innovation using software in areas such as 5G, Cyber Security, eHeath and Smart Industry. Before joining the Hanze, he has spent over 20 years in the software quality industry in international technical sales and marketing positions, most recent as Strategic Innovations Manager for Parasoft. He is specialist in testing and validation of modern SOA, SaaS and cloud architectures. He has written a large number of technical articles and presented on many IT conferences. His core expertise is specification, design and validation of software applications. An overview of his publications can be found here.
22 March 2022 | 4 pm CET | Bart Gijsen: Immune system inspired self-healing for cyber security
In the continuous battle against cyber attackers, inspiration can be found in the human immune system. This perspective provides key insights into how self-healing features can be added to modern IT. This session will clarify how emerging technology can be integrated to create a platform for regenerating and adaptive, self-healing containers.
Bart Gijsen is a senior consultant in TNO's Cyber Security & Robustness department. With a background in computer science and mathematics, he works as researcher, consultant and project leader on projects aimed at improving the robustness of critical ICT infrastructures, such as telecom networks, internet infrastructure and air traffic control and financial transaction systems.
25 March 2022 | 4 pm CET | Jelle Nauta: Automated vulnerability discovery in IoT-development
This talk showcases how "fuzzing" (a modern technique for vulnerability discovery) can be applied to continuous IoT-development and -deployment. Jelle will explain the basic concepts behind this and will demonstrate the automatic discovery of a bug in the ESP8266 WiFi-module, an outcome of the Cyber Security Noord-Nederland program. Finally, we will have a discussion on techniques and best practices for security in modern software development.
Jelle works as an innovator in the CyberSecurity & Robustness department of TNO. His research interests are in software vulnerability discovery with an emphasis on binary analysis, fuzzing, and the automation of it all.
29 March 2022 | 4 pm CET | Stephen McCombie: Threats to Maritime Cyber Security
The criticality and fragility of our supply chains has been clearly demonstrated during COVID-19 Pandemic. This is particularly evident within the Maritime Transportation System (MTS). At the same time cyber-attacks by nation states and criminal groups are increasing targeting ships, ports and associated infrastructure. In this talk we will review those threats and discuss research initiatives aimed at better understanding their impact and drive cyber resilience within the MTS.
Stephen's current research interests are in maritime cyber threats, cyber crime, digital forensics, cyber threat intelligence and cyber conflict. His research draws on a diverse background in policing, security and information technology. His PhD thesis examined the impact of Eastern European cybercrime groups on Australian banks. Over the last 20 years he has held management roles with a number of organisations including IBM, National Australia Bank, and RSA Security and he has also been an active researcher and academic over that period. He currently works as a Professor of Maritime IT Security at NHL Stenden University of Applied Science. Stephen prior to working in industry and academia spent 14 years in the NSW Police as a Detective and was instrumental in the establishment of their first computer crime investigation team. He has also lectured on cyber security and digital forensics over a number of years at Macquarie University, Charles Sturt University and National University of Singapore and published a large number of research articles on those topics. He is also currently a Certified Information System Security Professional (CISSP), a Certified Fraud Examiner (CFE) and an Information Systems Security Management Professional (ISSMP).
Last modified: | 20 March 2023 08.28 a.m. |