Follow (ISC)² NL

IoT: things and tinkering

More and more things are connected the Internet. In addition, the rules that we have been using for years in our beautiful profession are sometimes forgotten. There is often something wrong: DDoS attacks from digital video recorders, ransomware on control units of conveyor belts, container transport brought to a halt through malware – and more. Why? Are the old rules of play perhaps incompatible with the new stuff? Or do things require more, less or different rules?

Our speakers try to answer that in three talks. In an engaging program they take you through the wonderful world of IoT – a world that has much more influence on information than you might have thought.

what IoT: things and tinkering
when 20/02/2018
where Snow BV, De Ooyen 11, 4191 PB Geldermalsen


17:00 Arrival and registration
18:00 Diner
18:30 Opening

Eric Nieuwland – chairman, board member (ISC)² NL

Presentatie (ISC)² NL
18:45 The Horus Scenario

Willem Westerhof – Security Engineer at ITsec Security Services B.V.

This talk will explain how PV-installations can be used by hackers to cause large scale power outages in the european powergrid.

This includes: context on the inner workings of PV and the powergrid. Theoretical & mathematical evidence that it is possible to cause these power outages. As one can imagine, this isn’t something we can truly test in practice.  Practical evidence that I (as a graduate) succeeded in discovering a large number of vulnerabilities in one of the top (and most secure) vendors and that other vulnerabilities are very likely to still exist. Conclusions regarding our current situation. An expected overview of costs and disturbances in best and worst case scenario.  Possible fixes and recommendations. Additional context on what has been done/is being done to fix these issues and prevent them in the future. Expected/heard off vulnerabilities in PV. Context within IoT, showing that this is just one way of affecting the powergrid, but many more options still remain undiscovered.

Language of presentation: English

Presentatie Willem Westerhof
19:30 TTN volioti - danger ahead!

Henk Klöpping – Senior Consultant at Snow BV

Met enthousiasme en wilskracht werd in 2016, vanuit Amsterdam, een door vrijwilligers gedreven IoT netwerk opgezet, ‘The Things Network’. De bedoeling is om een gratis netwerk te bieden, gedreven en betaald door de vrijwilligers. Het netwerk kan misschien zelfs gebruikt worden om mensenlevens te redden, bijvoorbeeld door brandmelders of alarmknoppen te faciliteren. Maar is het netwerk wel voldoende veilig om dat te aan te kunnen en realiseren de eindgebruikers zich wel welke risico’s ze nemen? Is wel gekeken naar wet- en regelgeving, voldoet dit netwerk wel aan de eisen voor een regulier publiek netwerk? Hoe zouden wij vanuit onze ervaring kunnen helpen om het netwerk inzichtelijker te maken en voldoende veilig?

Presentatie Henk Klöpping
20:15 Break
20:30 Internet of Things @ Hitachi Vantara

Ashok Nirsoe – Solutions Architect at Hitachi Vantara

Some recent experiences.

Presentatie Ashok Nirsoe
21:15 Talks and drinks
22:00 End


This event was sponsored by:


Willem Westerhof

As a graduate with honours this (former)student performed serious ethical hacking work on PV-installations. He ended up disclosing a large number of vulnerabilities to the specific vendor, and mathematically proving that it was possible to cause large scale (nation-wide/continental wide) power outages using the discovered vulnerabilities. This attack is called the Horus scenario. Following his study he has worked as an ethical hacker/security specialist and done work on a large number of companies, different sectors, and specific products. He was also requested to advise the dutch national government (de 2e kamer) department of justice and safety regarding cyber security issues and how to deal with them. He currently leads a small team of ethical hackers for the offensive security centre at ITsec security services. In addition, he provides workshops and trainings, performs penetration tests/vulnerability assessments, does research on password cracking and public speaking from time to time.

Henk Klöpping

Vanaf 1978 werkt Henk met computers, vanaf 1984 wordt hij er voor betaald en vanaf 1997 verdiepte hij zich in informatiebeveiliging. Recent studeerde hij in dit vak cum laude af aan de Royal Holloway universiteit, onderdeel van de Universiteit van Londen. Hij verdiepte zich in het kader van zijn studie in de beveiliging van door vrijwilligers gedreven draadloze IoT netwerken. Henk werkt als senior consultant bij Snow BV, in de security groep.

Ashok Nirsoe

Ashok Nirsoe is an experienced Solution Architect at Hitachi Vantara, with broad spectrum of in depth and hands-on domain expertise, technical knowledge, and proven success in bringing measurable added value to fortune 500 companies, across multiple industries (finance, retail, healthcare, Internet, media, utility, IT, security) and domains (data science, machine learning, computer science, business intelligence, statistics, applied mathematics, cloud services and IoT). Ashok has previously served as a member of the Social Innovation/Hitachi Insight Group in Santa Clara/US and has been involved in multiple IoT projects world-wide. He has been at Hitachi Vantara for more than 10+ years and has worked in a number of customer-facing roles with large global clients as an Architect in both the private and public sector. His career in IT includes a variety of engineering, architecture and consulting roles in the industry as well as positions at Liberity Media, Rabobank International and KPN/Getronics. He has currently adopted The Netherlands as his home.