Press Release: Intensive Courses for crisis-proof Digitisation taking place in Vienna
DeepSec security conference focuses thematically in depth on critical dangers for IT.
As is well known, the digital world never sleeps. The last few months have shown that society and the economy are more dependent than ever on globally networked technology. The worldwide spread of SARS-CoV-2 has given telecommunications an enormous boost. The home office, already known before, teleconferencing systems and internet applications had to stand in for physical meetings and enable the exchange of information. As the use of these technologies increased sharply, security problems were of course discovered. Zoom is a prominent example. However, only the tip of the iceberg was analysed. Many vulnerabilities are still waiting to be discovered around the world. Anyone who demands more digitisation is actually talking about information security. Precisely for this reason, the DeepSec Security Conference in November would like to deal with this topic in Vienna as usual, as an on-site event, with health protection measures. The preliminary program of the conference has been published and offers exciting topics.
Digital Foundations have to bear the brunt
Due to the measures taken against the spread of COVID-19, telecommunications had an important task. It had to support business processes where meetings previously took place in physical space. This has also led to discussions about information security, because companies and people have secrets. Before the pandemic, for example, hardly anyone had discussed encrypted group video conferences. Group conversations are technically demanding because multiple endpoints need to be connected securely and in real time. The compulsion to use online services has led to a critical questioning of the technologies used. In terms of security, one looks in vain for progress if modern infrastructure can not replace the security of a closed room in virtual conversations. Meeting points and meeting rooms in the real world have a long tradition – and, if necessary, correspondingly sophisticated security concepts. This is still uncharted territory on the internet. The discussions held in the first half of the year about security due to forced use increased awareness of unsafe solutions in everyday life. For security experts, however, the shortcomings of current software are nothing new.
The keynote address by Gabriele Kotsis, the new President of the Association for Computing Machinery (ACM), therefore immediately raises the question of whether the digital world can be a supplement or a replacement for what already exists. Not everything can be replaced at will. Furthermore, what we now use in everyday areas, the Internet, was originally born as a system for exchanging information in research. The Internet now performs many more tasks than distributing virtual articles. Video streaming, audio applications, networked entertainment, control systems, news, newspapers, vehicle control, telemetry, shopping streets and much more. Ms. Kotsis will discuss the line between supplementation and replacement and will outline ways into the future.
Lectures for further Education
In addition to specialist lectures, the DeepSec program offers several options for further training. There are presentations on the security of mobile applications, the security concept of end devices and insights into secure software development. Anyone who implements digital solutions will benefit greatly from the insights. Contrary to popular belief, security gaps cannot be found and tackled only after the software has been published. Protective measures can be implemented much earlier, starting with the programming itself. Modern development tools offer ways to identify weak points at an early stage and to avoid them.
The analysis of threats is another focus. Defence is only possible if you know your opponents. The spectrum ranges from digital espionage and the analysis of documented attacks to the systematic analysis of threats in order to be able to counter them better. In that respect the use of freely accessible information is an important issue. The method of Open Source Intelligence (OSINT) leads this information to a classification and investigation, which is evaluated in a certain context. The difference to the purely structureless data collection is the evaluation and the correct assembly of individual pieces of the puzzle. Robert Sell from Trace Labs gives an insight into how to acquire the right approach. He also holds a two-day training session in which you can deal with this aspect in detail. The effort of OSINT is very low compared to its benefit, if you know how to do it.
Pre-Conference Trainings
The DeepSec conference is accompanied by two-day training courses, taking place on the two days before the conference, which enable a deeper understanding of the subject areas offered. As a trainer, Dawid Czagan addresses developers, who need to develop modern applications from databases to web interfaces. This type of software is very complex because it uses technologies from the server infrastructure through the network to the end device that must be well understood. This process is therefore called “full stack development”. Dawid Czagan shows with examples of real applications how to find and avoid weak points.In addition, topics such as open hardware hacking for testing security measures, open source intelligence analysis, management of security incidents and safeguarding industrial control systems can be found in the program. All training courses focus on one area that is intensively worked on in two days. The safety of industrial control systems in particular is an important issue because it also affects the critical infrastructure. In the OSINT course, Robert Sell will teach how to get information, how to relate it and how to benefit from it for the security of your own company. During the conference there will also be an OSINT competition with a real scenario.
ICS – advanced Training for the Industry
The security of Industrial Control Systems (ICS) is the focus of the “ICS Village” at this year’s DeepSec. Together with the experts from Sematicon AG, we would like to enable everyone who develops and implements these systems to exchange ideas with experts from information security. The “ICS Village” serves as a forum where participants can exchange ideas directly with one another. The motivation is to improve existing and future designs. Attacking implementations is important for uncovering weak points, but the work for real information security only begins then. Here the DeepSec conference aims to make an important contribution to secure digitization.
The focus is on the exchange. Security conferences often have the reputation of presenting only well-staged security gaps. The DeepSec Conference has always gone one step further since it was founded. Finding vulnerabilities is only the first step. Then it is about how to remedy the situation, avoid similar mistakes and securely design digital solutions. Sustainability is the order of the day when digitization has to be secure and reliable. For this reason, developers, technicians, security researchers, users from industry and researchers are explicitly addressed. Security can’t pause.
Programs and Booking
The DeepSec 2020 conference days are on November 19th and 20th.
The DeepSec trainings will take place on the two preceding days, November 17th and 18th.
Due to the restrictions on travel and a reliable organisation, some of the training courses are of a virtual nature (please refer to the program for details or contact us directly).
The DeepINTEL Security Intelligence Conference will take place on November 18th. Both events are carried out under COVID-19 health measures, which we publish constantly updated under this link https://deepsec.net/docs/Counter_Covid-19.pdf.
The venue for the DeepSec and DeepINTEL event is The Imperial Riding School Vienna
– A Renaissance Hotel, Ungargasse 60, 1030 Vienna.
You can order tickets for the DeepSec conference itself and the training courses at any time under the link https://deepsec.net/register.html.
Please note that due to planning security we are dependent on timely ticket orders.