Cybersecurity standards and certification - the challenges

Colin Whorlow has worked in the UK National Cyber Security Centre (NCSC), and its predecessor CESG, for 20 years. Now Head of International Standards he was formerly Head of International Relations where he led CESG's engagement on EU and NATO information assurance issues. Colin has spearheaded NCSC's active involvement in global security standards work including within ETSI and 3GPP. He convened the ETSI QSC ISG, now a Working Group within TC Cyber, and is a Programme Committee member for the annual ETSI/IQC Quantum-safe cryptography workshops. Colin is a member of the Management Board of ENISA (European Network and Information Security Agency) and of the SOG-IS Management Committee. He has led workshops on the impact of Cybersecurity on Critical Information Infrastructure Protection as part of the Meridian Process and at the Budapest Conference on Cyberspace. Previously Head of Export Control Colin chaired the Information Security Technical Working Group at the Wassenaar Arrangement for some years. Colin's degree is in mathematics, which he read at Oxford University.

Francesco Manca is graduated in management engineering with highest honors. He has both the master’s degree and bachelor’s degree at the university “Federico II di Napoli”. He is attracted from technology generally, from other countries’ culture and I love every music gender. Francesco is working for EY IT Risk Assurance - Cybersecurity Advisory and is involved In projects for national and international companies.

Holger Blasum is a research engineer at SYSGO and doing PikeOS verification at SYSGO. He previously studied mathematics at LMU Munich (diploma in mathematical logic). In the Verisoft XT project he has worked on static analysis of PikeOS systems code, in particular memory management, with the Verifying C Compiler (VCC). In EURO-MILS and certMILS he has supported CC artefact generation and researched on their use for compositional certification.He is active in the MILS community (http://mils.community/) and the Common Criteria User's Forum Separation Kernel Working Group. Before, he had also participated in the Formal Methods subgroup of the DO-178C.

Jon’s industry experience includes 15 years of senior business, production and commissioning roles at Channel 4.com and at BBC Online, including responsibility for operational technical and editorial quality across www.bbc.co.uk. As Head of External Supply, Jon oversaw the opening up of BBC Online’s production to a wide range of more than 500 innovative digital companies. He was also Director of Creative Economy programmes at Nesta, where he set up and ran the Creative Business Mentor Network and the Digital R&D Fund for the Arts, and funded several open data initiatives. A passionate advocate of design and media education, Jon is a board governor at Ravensbourne College of Art & Design. His role as Head of Digital Economy & Creative Industries at KTN includes coverage of Immerse UK, leading the UK’s immersive technology advancement.

Dr.-Ing. Jürgen Großmann is team leader at Fraunhofer FOKUS and member of the Competence Center "System Quality Center" (SQC). He is responsible for validation, verification and testing projects on next generation networks and software technologies for embedded systems. Jürgen Großmann is an expert on model-based development, model driven testing as well as in security risk assessment, security engineering and security testing. He has experiences in numerous standardization activities for various standardization bodies, including OMG, ETSI and AUTOSAR.

Mark Miller is the Founder and CEO of CONCEPTIVITY and is part of the cyberwatching.eu consortium.  He has over 29 years of experience in defence, security, information technology and international supply chain security issues. He brings a breadth of expertise, which addresses key areas for cyberwatching.eu. He is the Vice Chairman of the European Organisation for Security (EOS) as well a Member of the Board of Directors of the European Cyber Security Organisation (ECSO). He is a graduate of the Massachusetts Institute of Technology (MIT) holding a degree from the MIT Electrical Engineering and Computer Science Department as well as an MBA from the International Institute for Management Development (IMD). He has competed certificates in 10 areas as a cyber-security expert under the US DHS (FEMA) covering broad aspects such as policy, legislation, regulation, ethics, white collar crime, planning, prevention, mitigation, and forensics. He is also a designated expert in the ERNCIP Smart Grids and Industrial Control Systems Expert Group (under the EC JRC) addressing cyber security issues in the industrial and smart grids context. He also was an important contributor to the development of the European Security Label concept as part of ESRIF.

Paolo Balboni (Ph.D.) is a top tier European ICT, Privacy & Data Protection lawyer and serves as Data Protection Officer (DPO) for multinational companies. Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. Lead Auditor BS ISO/IEC 27001:2013 (IRCA Certified). Dr. Balboni (qualified lawyer admitted to the Milan Bar) is a Founding Partner of ICT Legal Consulting (ICTLC), a law firm with offices in Milan, Bologna, Rome, an International Desk in Amsterdam, and multiple Partner Law Firms around the world. He is the Co-Chair of the CSA Privacy Level Agreement Working Group, President of the European Privacy Association based in Brussels and the Cloud Computing Sector Director and Responsible for Foreign Affairs at the Italian Institute for Privacy based in Rome.

Scott Cadzow has over the past 20 years become a recognized standards development expert, primarily for security standards, in a number of international standards development organizations including ETSI, ITU-T and ISO. Scott has also contributed to reports from ENISA on network resilience, supply chain integrity and on measures to counter internet bullying. More recently Scott has been involved in a number of projects under the FP7/CIP/H2020 umbrella looking at security and privacy aspects of smart cities. This has led Scott to take a wider view at the whole interoperability conundrum and to address the need to look more deeply at the problems we will face with the IoT and dynamic self-configuring equipment in the world of GDPR, NIS and the CyberSecurity acts to come.