DeepSec 2024 press release: Sluggish NIS2 implementation as a security risk. DeepSec conference presents remedies against the shock paralysis in companies
Directive (EU) 2022/2555, abbreviated as the NIS-2 Directive, should strengthen resistance to digital attacks by potential targets in the European Union. Certain companies of a certain size in defined sectors are required to implement the directive. The directive targets critical and important companies. This year’s DeepSec conference, together with sematicon AG, will present a practical approach to implementation.
Checklists and metrics are not enough
Implementing security measures always requires a certain amount of preparation. A good deal of already fail at this first hurdle, because the exact knowledge of your own network and all the devices in it can vary depending on the counting method. Is a control or measuring device just a device or a full computer with operating systems? The classification determines many of the consequences when securing such devices. Correctly categorizing them as operating systems and computers would suddenly create many devices in the inventory, even if they only operate machines or displays. Honesty is key when recording data, as incorrect classifications inevitably lead to incorrect security measures.
The many fabulously advertised products in this area often prevent networks from being clearly documented and organized. The labels ‘next generation’, ‘smart’, any product that supports appropriate network protocols and standards can often replace ‘cloud’ or ‘AI’. Ultimately, it is always about segmenting your own networks and controlling and logging the transported data. If you draw skilful network topologies but do not know what is going on in the networks, you have no useful documentation for protection. Products advertised as magic or statements such as ‘Yes, of course we can do OT too’ rarely fulfil expectations. What counts here is real expertise! This applies to all network architectures, regardless of the technology used.
Anomalies ahead – follow the sequence!
Ambitious security projects often come to nothing because people want to implement the last steps first. Central monitoring systems that can recognise anomalies and manage security events are sometimes required, but they are the last step in implementing security measures. You can only recognize anomalies if you know the normal state. Even adaptive algorithms cannot learn anything from the normal state without the boundary conditions and comparative data.
Even the manufacturers do not know what is normal or suspicious for customer systems. We need to develop this knowledge internally or make it available. The same applies to the term security incident. If someone suddenly encrypts the inventory data, then the criterion is clear. If an internal system sends only a few kilobytes to the Internet from time to time over a period of months, then we must first identify this behaviour. Attackers who leave few traces only become apparent after six months or later.
Security monitoring and anomaly detection are always the end of a security project. Preparation also includes the collection and processing of all relevant log data. What logs are relevant and where can we find them? Unfortunately, this is also a highly topical problem in many companies.
Industry 4.0 with security
Together with sematicon, the DeepSec conference has created a contact point for secure design and secure coding in software development. Code does not become secure by itself. Many existing programming languages can be used to implement secure code. As with the IT infrastructure, the prerequisite for this is precise knowledge of the strengths and weaknesses of the language used. At the DeepSec conference, DeepSec and sematicon will present on secure coding, offering insights into modern software development. The presentations will take place on the third track of the conference, which offers space for discussions without recordings.
Programme and booking
The DeepSec 2024 conference days are on 21 and 22 November. The DeepSec training sessions will take place on the two preceding days, 19 and 20 November. We intend to hold all training sessions (with announced exceptions) and presentations as face-to-face events, but we may hold them partially or completely virtually if necessary. For registered participants, there will be a stream of the presentations on our internet platform.
The DeepINTEL Security Intelligence Conference will take place on 20 November. As this is a closed event, please send direct enquiries about the programme to our contact addresses. We provide strong end-to-end encryption for communication: https://deepsec.net/contact.html
You can order tickets for the DeepSec conference and training sessions online at any time via the link https://deepsec.net/register.html. Discount codes from sponsors are available. If you are interested, please contact deepsec@deepsec.net. Please note that we depend on timely ticket orders because of planning security.