Keynote
Speaker: Daniel dos Santos, Sr. Research Manager - Forescout Technologies
Bio: Daniel dos Santos holds a PhD in computer science from the University of Trento, Italy, has published over 30 journal and conference papers on cybersecurity and has spoken at hacking conferences such as Black Hat, Hack In The Box, and x33fcon. He has experience in software development, security testing, and research. He is now a Sr. Research Manager at Forescout Technologies, leading a vulnerability and threat research team, as well as collaborating on the research and development of innovative features for network security monitoring.
Title: Analyzing the Impact of Software Supply Chain Vulnerabilities on Critical Infrastructure
Abstract:
Over the past 18 months, the Forescout Research Labs team has analyzed, discovered and disclosed close to 100 vulnerabilities on 14 different implementations of embedded TCP/IP stacks. These stacks are foundational software components used in everything from networking equipment and medical devices to industrial control systems. The currently opaque nature of software supply chains makes it challenging to understand the real impact of these vulnerabilities, which in turn complicates vulnerability management for network defenders.
In this talk, we will overview the techniques used in our security analysis, the implementation anti-patterns we observed, the results we obtained and, most importantly, the impact that this research has on critical infrastructure networks and what that means for their protection. We will dedicate part of the talk to one specific critical infrastructure sector: healthcare. We will discuss how our data shows that healthcare organizations are among the most affected by this type of vulnerability and how they often have a combination of diverse vulnerable devices and network misconfigurations that put them in danger.
Program
Friday, 8th October 2021
09:00 – 09:45
General Welcome (Introduction to the Workshop) [presentation]
Chair: Habtamu Abie
Keynote
Chair: Silvio Ranise
Invited Talk Title: Analyzing the Impact of Software Supply Chain Vulnerabilities on Critical Infrastructures [presentation]
Speaker: Daniel dos Santos, Sr. Research Manager - Forescout Technologies
9:45 – 10:30
SESSION 1: Resilience
Chair: Silvio Ranise
-
Resilience quantification for critical infrastructure: Exemplified for airport operations [presentation]
Corinna Köpke, Kushal Srivastava, Natalie Miller and Elena Branchini -
PRECINCT - A collaborative Ecosystem Platform for increased resilience of connected Critical Infrastructures [presentation]
Jenny Rainbird, Inlecom Commercial Pathways -
CyberSANE - Cyber Security Incident Handling, Warning and Response System for the European Critical Infrastructures [presentation]
Eleni - Maria Kalogeraki, Ubitech & Thanos Karantjias, Maggioli
10:30 – 11:00
Coffee break
11:00 – 11:45
SESSION 2: Threat and Vulnerability
Chair: Habtamu Abie
-
Severity level assessment from semantically fused video content analysis for physical threat detection in ground segments of space systems [presentation]
Gerasimos Antzoulatos, Georgios Orfanidis, Panagiotis Giannakeris, Giorgos Tzanetis, Grigorios Kampilis-Stathopoulos, Nikolaos Kopalidis, Ilias Gialampoukidis, Stefanos Vrochidis, and Ioannis Kompatsiaris -
Diminisher: A Linux Kernel based Countermeasure for TAA Vulnerability [presentation]
Ameer Hamza, Maria Mushtaq, Khurram Bhatti, David Novo, Florent Bruguier and Pascal Benoit -
The Rise of ICS Malware: A Comparative Analysis [presentation]
Yassine Mekdad, Giuseppe Bernieri, Mauro Conti and Abdeslam El Fergougui
11:45 - 12:00
Coffee break
12:00 – 12:45
SESSION 3: ECSCI Projects Presentations I
Chair: Rita Ugarelli, SINTEF
-
SOTER - human factors in cybersecurity [presentation]
Robin Renwick, Trilateral Research -
EnergyShield [presentation]
Otilia Bularca, SIMAVI -
ENSURESEC - Securing the e-commerce ecosystem from cyber, physical and cyber-physical threats [presentation]
Luís Júdice Sousa, INOV
12:45 - 13:30
LUNCH BREAK
13:30 - 14:15
SESSION 4: ECSCI Projects Presentations II
Chair: Habtamu Abie
-
7SHIELD project - A holistic framework to protect Ground Segments of Space Systems against cyber, physical and natural complex threats [presentation]
Gerasimos Antzoulatos, Centre for Research and Technology-Hellas (CERTH) -
SPHINX - A Universal Cyber Security Toolkit for Health-Care Industry [presentation]
Stylianos Karagiannis, PDMFC
14:15 - 14:30
Panel: CONCLUSION & PLANNING
Chairs: Habtamu Abie & Silvio Ranise