Volg (ISC)² NL



IoT: spullen en spelregels

Meer en meer spullen worden aan het Internet gehangen. Daarbij worden de spelregels die we al jaren hanteren in ons mooie vak nog wel eens vergeten. Er gaat dan ook nogal eens wat mis: DDoS attacks vanuit digitale video recorders, ransomware op stuureenheden van lopende banden, containervervoer dat plat komt te liggen door malware – en meer. Waarom is dat? Passen de oude spelregels misschien niet bij de nieuwe spullen? Of vereisen spullen meer, minder of andere spelregels?

In drie lezingen proberen onze sprekers daar antwoord op te geven. In een enerverend programma voeren ze u door de wondere wereld van IoT – een wereld die veel meer invloed heeft op informatie dan u misschien wel dacht.

wat IoT: spullen en spelregels
wanneer 20/02/2018
waar Snow BV, De Ooyen 11, 4191 PB Geldermalsen

AGENDA

 
17:00 Inloop en registratie
 
18:00 Maaltijd
 
18:30 Opening

Eric Nieuwland – dagvoorzitter, bestuurslid (ISC)² NL

Presentatie (ISC)² NL
 
18:45 The Horus Scenario

Willem Westerhof – Security Engineer at ITsec Security Services B.V.

This talk will explain how PV-installations can be used by hackers to cause large scale power outages in the european powergrid.

This includes: context on the inner workings of PV and the powergrid. Theoretical & mathematical evidence that it is possible to cause these power outages. As one can imagine, this isn’t something we can truly test in practice.  Practical evidence that I (as a graduate) succeeded in discovering a large number of vulnerabilities in one of the top (and most secure) vendors and that other vulnerabilities are very likely to still exist. Conclusions regarding our current situation. An expected overview of costs and disturbances in best and worst case scenario.  Possible fixes and recommendations. Additional context on what has been done/is being done to fix these issues and prevent them in the future. Expected/heard off vulnerabilities in PV. Context within IoT, showing that this is just one way of affecting the powergrid, but many more options still remain undiscovered.

Language of presentation: English

Presentatie Willem Westerhof
 
19:30 TTN volioti - danger ahead!

Henk Klöpping – Senior Consultant at Snow BV

Met enthousiasme en wilskracht werd in 2016, vanuit Amsterdam, een door vrijwilligers gedreven IoT netwerk opgezet, ‘The Things Network’. De bedoeling is om een gratis netwerk te bieden, gedreven en betaald door de vrijwilligers. Het netwerk kan misschien zelfs gebruikt worden om mensenlevens te redden, bijvoorbeeld door brandmelders of alarmknoppen te faciliteren. Maar is het netwerk wel voldoende veilig om dat te aan te kunnen en realiseren de eindgebruikers zich wel welke risico’s ze nemen? Is wel gekeken naar wet- en regelgeving, voldoet dit netwerk wel aan de eisen voor een regulier publiek netwerk? Hoe zouden wij vanuit onze ervaring kunnen helpen om het netwerk inzichtelijker te maken en voldoende veilig?

Presentatie Henk Klöpping
 
20:15 Break
 
20:30 Internet of Things @ Hitachi Vantara

Ashok Nirsoe – Solutions Architect at Hitachi Vantara

Some recent experiences.

Presentatie Ashok Nirsoe
 
21:15 Napraten en netwerkborrel
 
22:00 Sluiting gebouw
 

SPONSORS

Dit event werd gesponsord door:

SPREKERS

Willem Westerhof

As a graduate with honours this (former)student performed serious ethical hacking work on PV-installations. He ended up disclosing a large number of vulnerabilities to the specific vendor, and mathematically proving that it was possible to cause large scale (nation-wide/continental wide) power outages using the discovered vulnerabilities. This attack is called the Horus scenario. Following his study he has worked as an ethical hacker/security specialist and done work on a large number of companies, different sectors, and specific products. He was also requested to advise the dutch national government (de 2e kamer) department of justice and safety regarding cyber security issues and how to deal with them. He currently leads a small team of ethical hackers for the offensive security centre at ITsec security services. In addition, he provides workshops and trainings, performs penetration tests/vulnerability assessments, does research on password cracking and public speaking from time to time.

Henk Klöpping

Vanaf 1978 werkt Henk met computers, vanaf 1984 wordt hij er voor betaald en vanaf 1997 verdiepte hij zich in informatiebeveiliging. Recent studeerde hij in dit vak cum laude af aan de Royal Holloway universiteit, onderdeel van de Universiteit van Londen. Hij verdiepte zich in het kader van zijn studie in de beveiliging van door vrijwilligers gedreven draadloze IoT netwerken. Henk werkt als senior consultant bij Snow BV, in de security groep.

Ashok Nirsoe

Ashok Nirsoe is an experienced Solution Architect at Hitachi Vantara, with broad spectrum of in depth and hands-on domain expertise, technical knowledge, and proven success in bringing measurable added value to fortune 500 companies, across multiple industries (finance, retail, healthcare, Internet, media, utility, IT, security) and domains (data science, machine learning, computer science, business intelligence, statistics, applied mathematics, cloud services and IoT). Ashok has previously served as a member of the Social Innovation/Hitachi Insight Group in Santa Clara/US and has been involved in multiple IoT projects world-wide. He has been at Hitachi Vantara for more than 10+ years and has worked in a number of customer-facing roles with large global clients as an Architect in both the private and public sector. His career in IT includes a variety of engineering, architecture and consulting roles in the industry as well as positions at Liberity Media, Rabobank International and KPN/Getronics. He has currently adopted The Netherlands as his home.

FOTOIMPRESSIE