internet of things - dcypher€¦ · • coursera platform • eit digital platform • 7 dtcs •...

Internet of Things

Track organisors: Patrick W.J. Essers & Oscar A. Koeroo

Entrepreneurial innovation & education driving Europe's digital

transformation

Patrick W.J. Essers | Zuiderstrandtheater, Den Haag | October 14th 2016

About EIT Digital

• Pan-European vibrant Ecosystem of Innovation Hotspots

• Leading European organisation for innovation and education in ICT

• Over 150 partner universities, research centres and companies all over Europe

• Fostering innovative technology and entrepreneurial talent for economic growth and quality of life in Europe.

The four pillars of our strategy

Deep ERB integration inside Action Lines

T-shaped talents from Education Action Lines

European eco-system of top ERB partners

Accelerated Market delivery in strategic Innovation Action Lines

Digital Infrastructure

Digital Wellbeing

Digital Cities

Digital Industry

Digital Finance *

Our Schools attract and deliver top talents

• Coursera platform • EIT Digital platform

• 7 DTCs • I&E education provided in

all DTCs. • Summer Schools for all

Action Lines (364 participants)

2015: • 13 courses (HWB,

S&P, Big Data, …) • 235 learners

• 20 of the top European Universities providing EIT labelled programs

Partner Universities Online Platforms Co-Location Centres

Master School Doctoral School Professional School

Blended Education

Applicants Enrolled Graduates Applicants Enrolled Graduates

Presentator

Presentatienotities

Security and Privacy (S&P) Why study the EIT Digital Security & Privacy programme? The EIT Digital Security & Privacy programme offers: Front line technical content within the field. Studies at two of Europe´s foremost technical universities leading to a double degree. A good integration with tailored Business courses in Innovation and Entrepreneurship. A thesis work well grounded in industrial problems. Access to the competence of eight EIT Digital innovation action lines, not least through a summer school between the two years. Access to the co-location centers and innovation ecosystems of the nine EIT Digital nodes. What is the programme all about? The programme in Security and Privacy focusses on the study of the design, development and evaluation of secure computer systems, which are also capable of ensuring privacy for future ICT systems. It follows a constructive security approach to teach the very complex and challenging field of information assurance. The aim is to provide students with an understanding of the concepts and technologies for achieving confidentiality, integrity, authenticity, and privacy protection for information processed across networks. What are the carrier opportunities for graduates from the programme? Graduates from the Security & Privacy master’s programme will qualify for jobs in international and local organizations in both technical and business roles. Typical titles are: (Cyber) Security consultant; Security Analyst; (Information) Security Architect; Operation Manager; Product Manager. Through their multidisciplinary attitude graduates are valuable in open innovation settings where different aspects (market, users, social aspects, media technologies) come together. They will easily find jobs within companies that provide value-added products and services, such as telecom companies, game companies, e-learning, web developers, and entertainment. An alternative path would be to start your own company to provide product or technology development, media content, business development or consultancy services. How is the programme structured? The programme is a double degree programme with studies at a university in one country in the first year (entry) and studies at a university in another country the second year (exit). The programme has an integrated technical content (Technical major) and business content (Innovation & Entrepreneurship – I&E minor). The I&E minor is shared between all programmes (link). An integral part of the second year is a Master’s thesis (30 ECTS). The structure and content of the technical major is given below. Where can I study if I choose Security and Privacy? Entry - 1st year UNITN in Trento, Italy UT, Twente, The Netherlands Exit - 2nd year, specialization ELTE Budapest, Hungary Saarland University, Germany TUD, Darmstadt, Germany UNITN in Trento, Italy UT, Twente, The Netherlands Specializations Cyber Security: High Tech, Human Touch (University of Twente) Information Security and Privacy (Saarland University) Advanced Cryptography (ELTE) System Security (TU Darmstadt) Applied Security (University of Trento)

Action Lines deliver innovations to market, supported by our Accelerator

Idea Challenge 2016: 234 submissions

195 start-ups employ 1800 valuation 2015 € 800 Million

2016: 4 High Impact Initiatives & 38 Regular Activities

Call for proposals 2017: 94 submissions

2016: 50 new products & 87 new start-ups

Scaling up, Funding rounds, Customer acquisition, Exit

Digital Infrastructure

Digital Wellbeing

Digital Cities

Digital Industry

Digital Finance *

Presentator

Presentatienotities

PST has been one of the action lines driving innovation & entrepreneurship strategy of EIT Digital. Currently it is integrated in the action line Digital Infrastructure. According to the priorities set by the action line, the most promising research results, disruptive technologies and business strategies are selected from EIT Digital ecosystem and beyond each year through the Call for activities. They are “packaged” in Innovation Activities and start-ups with ambition to drive these innovations to succeed in world markets and become European success stories. One of the projects, with Dutch participation of TNO is just one example of the way we can valorise the research activities to a product/service into the market. Federated Identity Management System (FIDES) – Phase II: finalization and deployment of an EU-wide platform for federated identity management, which may constitute a unified tool to access the EU Digital Single Market.

Deep ERB integration inside Action Lines

Entrepreneurship Innovation

Education

Business Communities Startups in Inno Activities

EIT Digital Accelerator Dedicated team + partner incubators

Countries with Arise Incubator partners

EIT Digital countries with Co Location Centres

Eligible EU 28 countries

Working together is creating success

The security by design challenge Securing all the things

Oscar Koeroo | Zuiderstrandtheater, Den Haag | October 14th 2016

Our KPN CISO mission Mission Our mission is to keep KPN reliable & secure and trusted by customers, partners and society

How Use the prevent-detect-respond-verify security life cycle

What Delivering secure products &

services to our customers Providing thought leadership

in the field of security.

Threat landscape @ KPN Actors Motivation Threat vector Impact Individual Hacker -Opportunistic

-Disenfranchised

-Opportunistic vulnerabilities -Insider

-Integrity of systems and data -Reputational and Brand loss -Regulatory

Hacktivists

-Targeted -Ideological -Political cause -Malicious havoc

-Compromise of 3rd Party & Service Provider -Volume, Targeted attack -Opportunistic vulnerabilities

-Disruption of operations -Defacement of public sites -Reputational and Brand loss

Cyber Criminal

-Illicit gain -Fraud -Identity Theft -Competitive Intelligence

-Insider -Data Breach -Intellectual Property theft

-Customer Privacy -Financial impact -Intellectual Property loss

State Actor -Geopolitical target -National Security gain -Disrupt others Critical Infra -Economic Espionage

-Advance Persistent Threat (time/assets) -SCADA/ ICS -3rd Party & Service Provider

-Critical Infra damage -Intellectual Property theft - Economic & Political destabilization

Real world examples – DDoS by webcams Graph source: cloudflare

IoT connectivity

IoT in healthcare

The connected/smart <anything>

The connected cow

Challenges today Communications • Authenticity

– Bootstrapping – Scale

• Integrity – Manipulation

• Confidentiality – Encrypted?

• Monitoring – Who sees what and where?

• Side channel attacks – Physical – Crypto based – Protocol based – Memory manipulation

Control • Upgrades • Always on • Key management • Trust in data

Accountability Service provider • Accountable for which

aspect? • Accountable how long?

End-user • I desire to do what I want

with my product. • ‘It still works, don’t touch it’

Challenges ahead • Hardening of device

– Software – Hardware

• Long term support models – Upgrade of firmware – Upgrade of hardware

• Trust models for IoT – Carrier security – Owner/fleet control – Application security

• Key mngmt is complicated

• Secure bootstrap of IoT device in its eco-system

• Reliable data/integrity • Defense opportunities

– Detect being part of a botnet • Uniform/standardized m2m

communications • Crypto-agility

– Quantum Computers will become commodity

• Always available

internet of things - dcypher€¦ · • coursera platform • eit digital platform • 7 dtcs •...

Documents