Free and Safe in Cyberspace –
EU Edition 2018
Berlin, May 4th, 2018
Since its first Edition in 2015, the Free and Safe in CyberSpace event series has been catalyzing a constructive dialogue and a critical mass of suitable actors around new dual-use cybersecurity standards and certifications – and compliant open technologies and ecosystems – that sustainably and radically exceed the state-of-the-art trustworthiness and spur wide economic growth, while increasing public safety and cyber-investigation capabilities.
After 4 international Editions – twice in Brussels, and once in New York and Brazil – we are coming to Berlin to launch a new digital renaissance, by turning cybersecurity and AI from huge threats into great opportunities, for a few leading nations, regions, enterprise, banks and NGOs.
Initially targeted at the most critical computing by enterprises, financial institutions, and mission-critical NGOs. Yet, it is conceived to be affordable to all citizens, made compatible to the certifications required of dual-use governmental strategic communications systems, and extended to autonomous systems and targeted cyber-investigation systems.
Managing Director & Head of Cybersecurity at FTI Consulting. Formerly served from 2014-2016 as Director of Cyberincident Response & Cybersecurity Policy at the US National Security Council of President Barack Obama. Formerly Chief of Staff of the Cyber Division of the FBI. He played a key role in the White House mitigation of Russian attacks during the 2016 US Presidential elections. (LinkedIn)
Chief Information Officer for Austria (2001-). Since 2005 Head of the Digital Austria platform. Scientific Director of the A-SIT Austrian Secure Information Technology Center (1999-), which sets state secret cybersecurity standards (member of SOGIS). From 2007 to 2011 he was Chairman of the Board of ENISA (European Network and Information Security Agency).(online CV)
Director of the BAAINBw, the Federal Office for Equipment, Information Technology and Use of the German Armed Forces. Formerly Head of Information Superiority of the European Defence Agency. (2014-2016), and Assistant Director Research & Technology (2010-2013). (Linkedin)
(Note: “*” = speakers to previous editions that confirmed interest and are verifying dates)
In all seriousness, the World is rapidly turning into a Hacker Republic. Even the most secure IT systems – used by top executives, presidential candidates for their lawful communications and financial transactions and by critical civilian and military infrastructure – are increasingly hackable by mid-level attackers. This sorry state is due to hyper-complexity and to the fact that powerful nations are unable to safeguard the vulnerabilities and (symmetric) backdoors they insert and stockpile.
Are meaningful personal freedom and effective public safety in cyberspace an “either-or” choice? Are they not instead a “both-or-neither” solvable open challenge?
Can new dual-use cybersecurity standards, certifications, and compliant open comprehensive ecosystems – that are radically trustless and uncompromising, and complementary to ENISA, SOGIS and eIDAS initiatives – deliver both of freedom and safety in critical IT and AI and, therefore become the basis of vast economic advantage and ethical stewardship leadership for a group of leading stakeholders?
Agenda (Draft v 0.5)
- 18:00-21:00 Reception at Conference Hotel for speakers, media, and guests.
- 08:45 – Coffee
- 09:05 – Welcome by the Local Authorities*
- 09:10 – Introduction by Organizers: Rufo Guerreschi
- 09:20 – Keynote by Anthony J. Ferrante
- 09:35 – Keynote by Reinhard Posch
- 09:50 – Keynote by Michael Sieber “Prospects for dual-use pan-European initiatives to create ultra-high assurance IT and ecosystems for critical societal domains”
- 10:00 – CHALLENGE A: How can we achieve ultra-high assurance* IT security of communications?
What standards, standard setting and certifications processes can enable users to reliably assess their actual trustworthiness? What scale of investments are needed? How likely is it that they would sustainably be legally allowed?
- Moderator: TBD
- Panelists: Ferrante, Sieber, Posch, Guerreschi, Paganini,
- 10:50 – Coffee Break
- 11:00 – Keynote by Anthony J. Ferrante
- 11:15 – CHALLENGE B: How can we achieve ultra-high assurance* IT security that complies with legitimate and constitutional lawful access requests, without adding any additional risk to users’ privacy?
- Moderator: TBD
- Panelists: Chiesa, Ferrante, Sieber, Posch, Elkin, Guerreschi TBD .
- 12:00 – Keynote by Sponsor Keynote Speaker
- 12:15 – ENTERPRISES & BANKS PANEL: The Future of Cybersecurity and Blockchain for Critical Enterprise and Banking Computing The latest vulnerabilities further show how even the most secure enterprise systems are radically inadequate to protect the confidentiality and integrity of enterprises most critical data, communications, negotiations, and executives from even mid-level attackers. From next May, GDPR will mandate disclosure of internal hacks, which may be much more costly – in reputation and competitive advantage – then the loss of consumer credentials. What are the prospects of new certifications and related technologies to deliver on those needs?
- Moderator: TBD
- Panelists: TBD
- 13:00 – LUNCH BREAK for speakers, media, attendees and special guests
- 14:00 – Keynote by Roman Yampolskiy (Video conference)
- 14:20 – CHALLENGE C: How can ultra-high assurance* IT advance the security of critical autonomous or cyber-physical systems? How can AI, in turn, improve IT security?
Can ultra-high assurance IT standards, applied to their most critical deterministic sub-systems, contribute substantially or radically to autonomous and cyber-physical systems security? Can non-governmental ultra-high assurance (deterministic) IT standards – and related licensing and certification governance models – spur sustainable AI-driven economic development and foster short- and long-term AI safety and value alignment?
- Moderator: TBD
- Panelists: TBD
- 15:10 – Coffee Break
- 15:25 – Keynote by TBD
- 15:35 – CHALLENGE D: How can new standards, certification and public-private cluster initiative around ultra-high assurance IT and AI catalyze a very substantial economic development and employment for a few EU leading regions?
- Moderator: TBD
- Panelists: Guerreschi, TBS
- 16:10 – Keynote by TBD
- 17:10 – Closing Keynote by Anthony J. Ferrante
- 17:25 – Closing Keynote by Michael Sieber
- 17:40 – Closing by organizers.
- 19:00-23:00 – Dinner for panelists, media, speakers and special guests.
CYBERSECURITY: THREATS AND OPPORTUNITIES
Nearly all IT systems today, even those for the most sensitive uses, are hackable by even mid-level attackers, due to hyper-complexity of even high assurance systems, and that powerful nations have stockpiled vulnerabilities and backdoors that they were unable to keep for themselves.
The World is turning into a Hacker Republic, where the most economic and political power accrues to those actors that have hacking and informational superiority in IT and AI, even more than to those formally owning mainstream IT systems and services.
The cybersecurity market has grown 30 times in the last 10 years to $120 billion, yet the cost of cybercrime will accrue to $8 trillion by 2022.
While Enterprises are spending more and more for the security of their critical IT systems, awareness is fast emerging – via scandals like Spectre and Meltdown and CIA Vault 7 – about how their most critical systems are scalably vulnerable to even non-state mid-level attackers that too easily get access to state-grade hacking techniques and tools. While most internal hacks have remained undisclosed, the new GDPR regulation will mandate from May 28th their disclosure within 72 hours, posing a great reputational and stock quotation damage.
Meanwhile Financial institutions are ever more victim of fraud and privacy abuse of their customers, with mounting cash and reputational costs. Their historical role, as provisioners of core trustworthy financial services, is being gravely threatened by cryptocurrencies and blockchains – perceived as potentially safer and cheaper long-term stores of value – and by small and large competitors, unleashed by the EU Directive PSD2, who will be able to offer e-services “over the top” while claiming as much or higher trustworthiness than banks.
Hacking of electoral and primary democratic processes, critical autonomous systems, and social media are fast becoming the military weapons of choice of nations willing to subvert, subjugate and destabilize other nations. Military systems are no less vulnerable, but less is publicly known since the most serious hacks become state secret when they happen.
Meanwhile, security agencies wildly overstate the security of secure apps and devices to push less expert criminals to use them. Not to mention that our democracies appear increasingly held for ransom by the best hackers.
How did we get here and what can we do about it? For starter, the speed of IT for everyday computing requires complexity that is hopelessly incompatible with ultra-high assurance* IT security and privacy. There is nothing we can do about it, democracies will need to adapt their rules around it, but we are ready to accept that for 99% of our computing. But then again, there is a 1% of sensitive critical functions where citizens, enterprises, and governments have a huge need and demand for IT and AI with ultra-high levels of assurance, even if it requires a great sacrifice in speed, features, and cost.
But then why are these not available even for nearly all the richest and most powerful? Because powerful nations understandably felt the need that every IT system and all times is promptly hackable – in an era of rampant terrorism, unbreakable encryption, and lack of remote lawful access mechanisms. They resorted stockpiling discovered vulnerabilities instead of fixing them, promoting inadequate and flawed standards, and outright inserting backdoors all the way down to CPU and chip fabrication.
Can ultra-high assurance IT be transparently reconciled with lawful access, so that it can be made available to our institutions, enterprises, and citizens without creating a public safety risk? Can we be both Free and Safe in Cyberspace? or do we have to choose? Can we even choose, really, or is it a “both or neither” challenge?
Can a few nations, regions and stakeholders lead by leveraging open innovation and open components to build an entire new ultra-secure computing ecosystem and standard – parallel and not alternative to everyday IT devices – whereby transparency, oversight, accountability, and extreme levels of security-review in relation to complexity, become the secret sauce to ensure both the individual freedom, lawful access and public safety?
*Definition of “Ultra-high assurance“: In civilian and military IT security, “high assurance” is used to refer to systems of the highest trustworthiness in confidentiality, integrity and/or availability. Perfect trustworthiness will never exist but we have learned that even current “high assurance” technologies, standards and certifications are radically inadequate for the needs of citizens, enterprises, democratic institutions, critical societal systems, and autonomous systems.
Scientific Director of Master in Sicurezza Informatica e Cybersecurity al Link Campus. CTO at CybSec Enterprise. Member of ENISA Threat Landscape Stakeholder Group. Former CISO at Bit4D, leading Italian ID tech provider. Editor at Securityaffairs.co. Formerly a senior engineer at ST-Microelectronics. (Linkedin)
Deputy of the Italian Republic. Chairman of Steering Board of Italian Digital Agency. First signer of the 2014 national legislative proposal of “technological sovereignty and documented hardware”(url). Co-founder of the Italian IT security associations CLUSIT and AIPSI. Formerly professor of Computer Security. Formerly head of IT Section of the Italian main financial newspaper (Linkedin)
Exec. Dir. of Trustless Computing Association. which promotes the Free and Safe in Cyberspace event series, and wide R&D initiatives to solve its “Challenges”, the spin-off startup TRUSTLESS.AI, and the Trustless Computing Cluster and Campus project, to build a public-private geo.locater cluster to lead globally in cybersecurity levels of communications and artificial intelligence. (Linkedin)
President of Security Brokers.The most famous Italian hacker over the last 30 years. Head of Community relations and Board Member of the Italian AIIC – Associazione Italiana Esperti in Infrastrutture Critiche. Formerly consultant and advisor to ENISA, Nato, Italian Ministry of Defense, United Nations UNICRI. (Linkedin)