How CyberCentral Changed the European Cybersphere

Feedback is valuable information that can be used to make important decisions in the future. No matter what’s your industry, feedback is valuable and necessary. For us, “continuous improvement” is not just a showy catchphrase. It motivates us and makes us better.

We always ask our attendees and speakers for their feedback after the event. What we did well, what we should improve, what they liked/disliked. Except our usual feedback forms, this year we received an amazing letter from one of our attendees. Here it is:

“Cybersecurity can be defined as using a set of tools and measures in order to guarantee the European cyberspace copes with the elementary level of security.

In the European Union, this goal can be reached by putting in place resilient incident registrations and notification schemes.

However, there are two main issues: standard-making and information sharing policies have recently been examined on behalf of the European Commission.

Regarding standard-making, the scheme may be used by all European companies who want to set up a resilient cybersecurity model, based on shared tools, in the context of the implementation of GDPR May 2018.

There are currently plenty of standards, and the European way to tackle with standardization is to promote cooperative risk assessment. Furthermore, current analysis is based on end-users’ needs and fully involves requests from Industry in the implementation of innovative cyber security solutions by Academia.

Firstly, the studies stressed that all relevant standards in the field were from outside the EU (e.g. AES, RSA, ECC, PKCS). Therefore, the Member States seem to reach a consensus on the use of ISO 27001.

The second main lesson from the surveys, which were conducted at a European scale, is that as a predictive technique, risk analysis (on its own) has been shown not to be effective for preventing any incident organisations could suffer (black swans). To overcome preventing incidents, there is no easy way to avoid and mitigate for unpredictable events. Risk analysis should be complemented with other techniques to improve levels of cyber security.

These issues were the core of Cybercentral. The 3-day conference was held in Prague with hundreds of visitors, as well as a rich social program.

The first sensation when you enter the big conference room is the relaxing atmosphere, even if the issues addressed are very serious and sensitive.

The panelists have been conscientiously chosen by the organizers, and the result is a mixture of individual speakers and little groups interacting with each other. Clearly, the audience feels comfortable enough to interact with the panelists.

Meaningful questions -related to the cyber security field- were raised. The place seemed ideal to Academics, as well as Industry representatives. The latter had the chance to showcase their main products and innovations in the Tech Expo Zoneoutside the conference hall.

I visited the stand of DarkTrace, a UK brand which makes innovative solutions in terms of cyber protection, and talked briefly with them. Their knowledge was top-notch! I had the opportunity to talk with them about a solution I had discussed earlier with other European researchers. A virtual Faraday-cage. They explained to me how much the company has already developed and sold this solution and how it can adapt to my clients’ specific needs.

The quality of attendees is really impressive.

I also got the chance to get involved in a workshop lead by a London based white hacker, who shared with us many “tips & tricks” on how to hack others and to protect yourself against cyber-attacks. The audience was large and brilliant. Civil-servants from Europe, representatives from the Dutch Police, the European Central Bank and many more.

At the end, I attended a presentation of a member of the European Agency of Information Systems. He underlined the main points of the European Cyberspace, explained in which cases the Agency has the right to intervene, and finally clarified what the authorities should expect from the implementation of GDPR next May.

I went back home after CyberCentral with the strong believe that the security of the European computers, servers and protocols has really changed. We exchanged in an open way our knowledge and research among an amazing “audience-mix”, where the “bad guys” could also get a chance to share.”

Catherine Bodeau-Pean