The world is an imperfect place: it is full of failures. Cybersecurity is no different: it’s become a widely accepted mantra that experiencing a cyber breach is a question of when and not if. And after the when, we know that it is better to be transparent, acknowledge failures and learn from them than it is to ignore them. In a highly networked world, this is not only true within, but especially across organizations. But while we all agree with the need for transparency in the abstract, most organizations shy away once they fall victim to an attack. Due to shame, fear of litigation, fear of reputation loss, or other reasons. This has to change. In this talk, Frank and Erik will address the topic of transparency from two angles. At a macro level, they will discuss the current trends that hinder or facilitate transparency and they will conclude that increased transparency is inevitable. At a micro level, they will dissect the MiTM attack that Fox-IT fell victim to in September 2017 and discuss what transparency actually means when faced with a successful attack.


time: 14:00

Other sessions:

Professionalizing Incident Response & Network Defense Ethics, Standards and Self-Governance

Security for Safety, the holy grail of ICS is coming under attack

Multi-party Vulnerability Disclosure: How we got here and where we are going (panel discussion)

Operating Large-scale Honeypot Sensor Networks For Fun and (non) Profit

Abuse mitigation: an integrated approach