After 6 editions – held twice in Brussels, and once in New york, Iguazu, Berlin and Geneva with World-class speakers – the Trustless Computing Association is happy to announce that the 7th Free and Safe in Cyberspace Conference was held on January 29th 2020 on Paradeplatz, the financial earth of Zurich.
As in all previous editions, through 4 Challenges, we’ll explore new approaches, technologies and certifications that can radically increase the state-of-the-art of security for sensitive human digital communications and transactions – and then for other critical AI, 5G, IoT, and e-government systems – while concurrently ensuring legitimate lawful access to adequately mitigate risks for criminal abuse; in a time when even the richest person in the World, Jeff Bezos, cannot protect his digital private life.
Can both be achieved by reconceptualizing cybersecurity as the byproduct of organizational processes critically involved in the entire lifecycle of a given IT service, by eliminating all unverified trust in anything and anyone – all the way down to CPU design and fabrication oversight and ultimately standards-setting and certification governance?
Earlier on the same day, we’ll hold an invitation-only Pre-Conference, detailed below, where leading organizations will discuss and advance the main concrete initiative that has grown out of previous editions: the Trustless Computing Certification Body.
* Unable to attend last minute for bad flu in Zurich or other.
Levent J. Dobszay
President of VETRI Foundation. Former Global Chief Technology Officer Evangelist of CISCO. Renowned IT security and privacy expert and advocate.
pre-CONFERENCE - program
The Free and Safe in Cyberspace Pre-Conference, earlier on the same afternoon (3-5 pm) and at the same venue of the 7th Free and Safe in Cyberspace Conference. (5-9 pm). The Pre-Conference is a round table with mostly-Swiss entities (or in some case individuals) interested to some preliminary or to an advanced extent to join as members, partners or supporting partners of the Trustless Computing Certification Body, in technical, end-user or governance roles, and with possible partial time-limited exclusivity. Discussions will be in the format of a round table, with slides, confidential and subject to Chatam House Rules.
The Pre-Conference aims are mainly to (A) coalesce a consensus on the basic tenets and paradigms and governance of a new to-be-established Trustless Computing Certification Body, and (B) lead a few more leading large banks, private banks, mobile device/equipment manufacturers, industry associations, enterprises, open secure IT firms to join our current R&D partners, in the form of founding members of such new body to be established di Swizterland in the next 2 months.
Confidential and in progress. If interested to join, please email firstname.lastname@example.org
Round Table Program
3.00 pm – Intro to the Trustless Computing Certification Body, by Rufo Guerreschi
3.20 pm – Intro by Electrosuisse
3.30 pm – Intros and Deliberative Discussions
4.45 pm – Conclusions
5.55 pm – Final Coffee
5.00 pm – End (30minutes later starts the FSC7 Conference)
In line with the stature of the speakers to the 6 previous editions, the 7th edition be centererd on the 4 Challenges of Free and Safe in Cyberspace, but with a special emphasis on Switzerland, private banking and mobile security:
5.00 pm – Open Doors
5.30 pm – Opening Keynote by Nicolas Bürer, Digital Swizterland. “The prospects of new Swiss standards and certification initiatives and its unique role as a locus of trust and neutrality.”
- Rufo Guerreschi. Exec. Dir. of the Trustless Computing Association. Creator of the Free and Safe in Cyberspace series, and founder of the spin-off startup TRUSTLESS.AI.
- Roberto Gallo. CEO fo Kryptus. President of the Brazilian Defense Industry Association. Cofounder of the Trustless Computing Association. VideoLink
- Adrian Perrig. Director of the Network Security Group at ETH Zurich – Department of Computer Science. Founder of the SCION Project. VideoLink
- Gerhard Knecht. Former Chief Information Security Officer and Head of Information Security Services of UNISYS. Senior Advisor of TRUSTLESS.AI and Trustless Computing Association.
How can we provide ordinary citizens access affordable and user-friendly IT services with levels of trustworthiness that are radically-unprecedented and meaningfully-abiding to the UN Universal Declaration of Human Rights, at least for their most sensitive computing?
Can we re-create in cyberspace a meaningful digital private sphere? What are the key paradigms needed to achieve this goal? What is the role of uncompromisingly “zero trust” security-by-design paradigms, via transparent and extreme review and oversight of all critical lifecycle components and processes? Can we realistically secure enough CPU design and chip fabrication oversight? What are the advantages, disadvantages and limitations of free/open source software? What is the role of formal verification? What is the role of public security-review by “ethical” experts? How about quantum computing, artificial intelligence and blockchain?
Can citizen-witness and citizen-jury processes help secure the supply-chain? What is the role of certification and oversight governance? What scale of investments are needed? Can we imagine a parallel hardware and software ultra-secure computing universe, as a user-friendly supplement to every-day computing devices? Read more.
06:20 pm – Coffee break
- Adolf Doerig. Chairman of the Advisory Board of the Advanced Cyber Security of the Swiss Academy of Engineering Sciences. CEO of Doerig + Partners.
- Paolo Lezzi. Founder & CEO of In The Cyber Group, cybersecurity group owner of Hacking Team. Chairman of the Cyber Warfare Conference. VideoLink
- Rufo Guerreschi. Exec. Dir of Trustless Computing Association and CEO of its spinoff startup TRUSTLESS.AI
- It is becoming evident that availability of IT for human communications, that provide constitutionally-meaningful levels of digital privacy, cannot be expected unless these will be reliably subject to government interception when legitiamately authorized to do so.
- Can providers of ultra-high assurance IT reliably and voluntarily (i.e. in addition to what is requried by law) offer compliance mechanisms for legitimate lawful access needs, while overall reducing risks for both privacy of users and public safety?
- If so, how? What novel paradigms, safeguards or certification processes are needed?
- Can the same extreme technical and human organizational safeguards – that are needed to ensure ultra-high levels of IT assurance – also enable “safe enough” voluntary compliance to lawful access requests – at least in some EU states – that overall reduce the risk of privacy rights abuse of end-users by anyone to levels that are radically or substantially lower than any of the other alternative secure IT systems (existing or in development) which do not offer such voluntary processing?
- Could the inevitable added risk be essentially shifted from technical systems to novel highly-resilient organizational processes? Could or should such processes rely on a IT provider-managed data/key recovery schemes that are certified and overseen by a (primarily non-governmental) radically citizen-accountable, independent and competent international certification body?
- Read more
06:50 pm – Coffee break
- ANNETT VIEHWEG. CEO and Chairman for Switzerland of Sberbank, the largest bank in Russia.
- PAUL FOSTER: Head of Strategy of TRUSTLESS.AI. Former Group Chief of Endpoint Security at HSBC Bank. VideoLink
- KAI SCHRAMM. Vice President of Security Architecture of Credit Suisse.
Specialist in Smart Card Security, side-channel attacks and research. Holds a PhD in Electrical engineering in embedded systems and applied cryptography.
ARIE MALZ. Special Adviser to the Swiss Ministry of Finance. Formerly Head of the Secretariat of the Commission on the Future of Data Processing and Data Security of the Swiss Federal Council. VideoLink
- Information and IT Security is a major and unsolved challenge for the SME in Switzerland. This is a crucial issue because SME are the backbone of the Swiss economy. On the other hand, the larger SMEs are forced to invest in digitization and digitalization to remain competitive. This creates an environment of great risks for IP theft, blackmail, insecurity, unknown risks, and long-term distrust, in B2C as well as in the B2B context. Yet, up to now the overwhelming majority of their cybercrime costs for these companies undiscovered or undisclosed underreported to avoid reputational damage resulting in the fact that a vast majority of the SME either underestimate the risk, underinvest and primarily misallocate investments in capabilities and know-how to cope with these challenges.
- Can the application of uncompromising security-by-design be the answer to protecting at least the most sensitive SME data and processes? If so how do we define it and measure it? What is the role of proper standards-setting and certification bodies?
- Umberto Annino. President of the Information Security Professional Association, the largest in Switzerland. Principal Cyber Security Consultant at InfoGuard. VideoLink
- Monique Morrow. President of VETRI Foundation. Former Global Chief Technology Officer Evangelist of CISCO. Renowned IT security and privacy expert and advocate. VideoLink
- Roberto Gallo. CEO fo Kryptus. President of the Brazilian Defense Industry Association. Cofounder of the Trustless Computing Association.
Current attempts to radically increase the trustworthiness of critical IT systems are often centered on the pursuit of scientific breakthroughs in the area of artificial intelligence, quantum computing and cryptography, blockchains, and new protocols, such as zero-knowledge proof, and end-2-end and homomorphic encryption. Meanwhile, a few security-by-design or blockchain initiatives are taking a more holistic, short-term and trustless approach, centered on open, time-proven, battle-tested – yet future-aware – technologies and processes; transparent oversight down to critical hardware design and fabrication; a transparent resolution with extreme safeguards of the lawful access needs; and more accountable and resilient certification and ecosystem governance models.
07:50 pm – Coffee break
- Frank-Jürgen Richter, Chairman of the Horasis Global. Former Head of Department at Bosch. Former Director at World Economic Forum.
- Levente Dobszay. Cybersecurity Specialist at Electrosuisse. Dobszay has been leading Electrosuisse expansion from standards-setting and certification of safety-critical Swiss energy infrastructure to that of its most critical IT systems for human computing.
- Rufo Guerreschi. Exec. Dir. of the Trustless Computing Association. Founder & CEO of its spin-off startup TRUSTLESS.AI. Creator of the Free and Safe in Cyberspace series.
- Uwe Kissmann. Accenture Europe Lead for Cyber Defence Services and as president of the national Swiss Cybersecurity Commission of ICT Switzerland
Recent calls for international treaties or new ethics for the trustworthiness of IT or AI systems – such as Tech Accord, Charter of Trust, Call of Paris or a Digital Geneva Convention – are crucial to raising awareness. Yet, none of them tackles head-on the need for trustworthy cybersecurity certifications to enforce the oversight of treaties or enact the principles of such declarations.
How can such certification bodies increase the resilience and “forensic friendliness”, to radically improve resistance against attacks and confidence about attacks attribution? What constituent processes can ensure a timely, effective and democratically-efficient implementation – by a critical mass of actors – of meaningfully-enforceable national policies or international treaties for ultra-high assurance IT standards-setting and certification processes?
8.30 pm – Drinks & Networking