Our digital society under attack? Let's make it secure!
On March 7 2019, The Digital Society Institute of the University of Twente will have its first symposium in a series of topics on digitalization. We will open the symposium series by looking at cybersecurity.
As the digitalization of society progresses and we increasingly become more dependent on our digital environments and infrastructures, we also become more vulnerable to attacks that were previously unknown to us. For this symposium, we look closer into the evolution of attacks and how we can possibly deal with them. Specifically, we will be discussing vulnerabilities in evolving systems such as the Internet, how we can assess their impact, and ways to detect and mitigate them. Due to the growing interconnection between our physical world with the digital world, we will also be looking at relevant non-technical aspects, including legal factors and the human involvement.
The symposium will take place during the afternoon, with a renowned keynote speaker, short expert talks, and an interactive panel. We target academics and professionals working in the field of cybersecurity from different perspectives, be they technical, social, legal, or ethical. Of course, there will be plenty of time for discussions and networking.
Want to know more? Let us know by registering your interest!
Dr. Anna Sperotto
Dr. Andreas Peter
Digital Society Insitute
University of Twente
Computer Science can be radical, political, expressive, and artistic. This presentation will share my own experiences with hacking and Radically Open Security, critically reflect on Computer Science education, and suggest ways to leverage our "craft" for positive disruptive change.
Dr. Melanie Rieback is the CEO/Co-founder of Radically Open Security, the world’s first non-profit computer security consultancy company. She is also a former Assistant Professor of Computer Science at VU who performed RFID security research (RFID Virus and RFID Guardian), that attracted worldwide press coverage, and won several awards (VU Mediakomeet, ISOC Award, NWO I/O award, IEEE Percom Best Paper, USENIX Lisa Best Paper). Melanie worked as a Senior Engineering Manager on XenClient at Citrix, where she led their Vancouver office. She was also the head researcher in the CSIRT at ING Bank, where she spearheaded their Analysis Lab and the ING Core Threat Intelligence Project. For fun, she co-founded the Dutch Girl Geek Dinner in 2008. Melanie was named 2010 ICT Professional of the Year (Finalist) by WomeninIT, one of the 400 most successful women in the Netherlands by Viva Magazine (Viva400) in 2010 and 2017, one of the fifty most inspiring women in tech (Inspiring Fifty Netherlands) in 2016 and 2017, and the Most Innovative IT Leader by CIO Magazine NL (TIM Award) in 2017. Her company, Radically Open Security was also named the 50th Most Innovative SME by the Dutch Chamber of Commerce (MKB Innovatie Top 100) in 2016.
Almost nothing is used more often as a symbol for security as a lock. While mechanical locks are usually not the subject of a cyber security project, electronic door locks should of course be designed with a strong focus on security. In this presentation, I will show you an analysis of a wildly used electronic locking system which illustrates what can go wrong in various aspects of the design, how the lock can be attacked and how the shortcomings in the current design can be improved.
Since 2017, Erik Tews is an Assistant Professor at the University of Twente, working in Services, Cybersecurity and Safety group (SCS) within EEMCS. He previously worked for TU Darmstadt and the University of Birmingham in the fields of cyber-security, applied cryptanalysis, wireless protocols, privacy preserving technologies, internet and IoT security as well as the protection of critical infrastructures. He is currently working on various projects within the field of cyber-security combining technical and engineering aspects with human factors as well.
Today every firm relies on the Internet for carrying out its day to day functions. Availability of the Internet and the services based on it are of great importance to the organizations. Companies are under a constant threat of cyber-attacks. One such attack that can significantly reduce the reliability of Internet services and leave them inaccessible for the intended users is Distributed Denial of Service or popularly known as DDoS attacks. Firms can experience heavy losses due to unavailability of IT systems. But resilience (partial) of organisations against unavailability makes it tricky to estimate the economic loses. In this talk I discuss strategies to measure the economic impact of DDoS attacks on public and private firms.
Abhishta Abhishta is a PhD candidate at the Industrial Engineering and Business Information Systems group at University of Twente, The Netherlands. His research involves analysing the economic and social impact of distributed denial of service (DDoS) attacks. He is a participant of D3 project and has published several papers in security conferences, workshops and journals during this period. Some of his work has been covered by technical news outlets such as MIT Tech. Review.
This talk will introduce the cybersecurity center for the manufacturing industry, a joint initiative of Novel-T, FME, Metaalunie, VMO, OostNL, and CIO Platform. It aims to provide specific advice and relevant information about questions in the area of digital security, raised by inter alia the National Cyber Security Center (NCSC). Together with the CSCM, we will be starting up ISAOs (Information Sharing and Analysis Organizations), where businesses and experts share their knowledge and experience of cyber threats. There is also a link with DTC/NCSC for urgent Cybersecurity measures.
Jasper Hofman works at Novel-T, a Twente-based initiative that supports startups, researchers, and entrepreneurs in creating impact with new innovative business ideas. He is the project leader for the cybersecurity center for the manufacturing industry.
In this talk, we introduce the idea of pro-active threat detection using active DNS data. We give examples on how pro-active detection approaches can be applied to different types of attacks. We will shed light on snowshoe spam in particular, for which we have developed a pro-active detection approach, currently in use in the mail filter of a large Dutch operator. Snowshoe spam is a hard to detect type of spam based on a large number of low-volume spammers, which typically evade traditional spam detection methods. We uncovered that domains set-up for snowshoe spam differ significantly from regular, benign, domains. We are not only able to detect those domains, but we show that we can do that considerably earlier than regular spam detection methods.
Olivier van der Toorn is a Ph.D. student from the Design and Analysis of Communication Systems (DACS) group at the University of Twente. He is working on malicious domain detection through active DNS measurements, for the last two years. Next to his Ph.D., Olivier is a voluntary system administrator at two study associations since the last five years. Because of his Ph.D. work he is closely involved with the OpenINTEL measurement project. This project is well established within the academic community, OpenINTEL data has been used in more than 20 academic published papers and helped in establishing academic collaboration worldwide.
During the talk, Peter Wagenaar will take the audience through the investigation of an internal fraud case where the investigative team had hacked their way into the client’s own network and investigate the IT department itself to find the culprit.
Peter Wagenaar is one of the incident coordinators at Northwave, helping Northwave’s clients to get back to business when they are hit by a cyber incident. He is a Kerckhoffs’ MSc graduate with several years of experience dealing with cybercrime investigations at both the Dutch National Police and Northwave.
A former employee at the UK’s Government Communications Headquarters (GCHQ), Assistant Professor Kevin Macnish joined the University of Twente in 2017. Prior to that he was a Teaching Fellow and Consultant at the University of Leeds. Kevin’s research focuses on ethical issues arising from surveillance, security and automation. He has given evidence to the UK House of Commons select committee on Science and Technology and been interviewed on national television and radio. Kevin’s book, The Ethics of Surveillance: an introduction was published by Routledge in 2018. He is currently leading the University of Twente’s contribution to the Horizon2020 SHERPA project, investigating the ethical implications of AI and big data.
dr.ir. Roland van Rijswijk-Deij
Roland van Rijswijk-Deij is principal scientist at NLnet Labs, where his research focuses on large scale measurements of core Internet protocols such as DNS, BGP and IPv6. He engages about his work in venues such as the IRTF, RIPE and ICANN. Next to his work at NLnet Labs, Roland is assistant professor of computer network security at the University of Twente. Roland obtained an M.Sc. in computer science from the University of Twente in 2001 and a cum laude Ph.D. in computer science from the same university in 2017. Prior to working for NLnet Labs, Roland spent a decade working for SURFnet, the National Research and Education Network in The Netherlands, where he was responsible for DNS operations and innovation and other innovation projects involving applied cryptography.