Launching the NIS2/Cbw control framework: a practical evaluation tool.
By 2026, Dutch organizations must comply with the Cyberbeveiligingswet (Cbw) and Cyberbeveiligingsbesluit (Cbb) — the national implementation of the EU’s NIS2 directive. While the exact enforcement date is still pending, the impact on organizations will be substantial. At the same time, sector-specific requirements such as BIO2 (for the public sector) and DORA (for financial institutions) are being […]
Hunting at scale, identifying Internet connected OT devices
Have you ever been on an Internet safari? Join us on an expedition into the world of internet-connected OT-devices! We’ll introduce you to our OT Big Five and share fascinating cases we have encountered. We’ll also explore the motivations behind our research, how the NCSC identifies OT-devices at scale using repeatable methods, and the legal […]
Late to the game? A View on Civil-Military Cooperation in the Cyber Domain
With NATO and its member states recognizing cyber as a warfighting domain, discussions are increasing about what this means for civil-military cyber collaboration, with a specific focus on improving the ways in which defence forces work with civilian partners to protect critical civilian infrastructure. As the cyber domain is almost completely run by civilian entities, […]
From due diligence to resilience: how to secure your most critical suppliers
Many organizations rely heavily on their suppliers. In some cases, critical suppliers are even more important than an organization’s own business units. Despite the importance of certain suppliers, we often treat critical suppliers very differently compared to our own organization’s critical business units. In this talk we discuss why this gap can be problematic and […]
Operation Heart Blocker – Disrupting the market of a cybercrime syndicate
In Operation Heart Blocker, we dealt a major blow to one of the largest “Cybercrime As A Service” networks. The organization behind this network had dozens of webshops where cybercrime tools were offered and operated as a professional company. This presentation explains how we ultimately mapped out a complete worldwide network of malicious webshops and […]
ReArming Europe: Cyber Sovereignty Starts Now
Europe faces a decisive moment in cybersecurity. As digital threats escalate and alliances shift, the question is whether Europe will lead in cybersecurity or stay dependent. The EU’s ReArm Europe / Readiness 2030 shows intent, but funding alone won’t deliver sovereignty. Drawing on experience from U.S. Cyber Command, NSA, and the Defense Intelligence Agency, and […]
The Digital Edge in Modern Battlefield Conflict
This presentation explores the evolving role of cyber operations in modern conflict. It discusses cyber’s influence as the “5th domain,” leveraged by Russian aligned actors during the invasion of Ukraine. It delves into the nature of cyber operations, in alignment with kinetic actions. Additionally, highlighting their use in disrupting command and control, targeting critical infrastructure […]
Following modern attacks into the cloud and beyond
Over the last years adversaries have been developing their tradecraft and at CrowdStrike we are calling this the year of the enterprising adversary. They are moving away from pure end point exploitation to increased use of voice-based phishing techniques, compromising the cloud and penetrating SaaS services. Defenders need to learn from the adversary and adapt […]
Hack the Hospital – A Deep Dive of ON2IT and Haaglanden Medical Centre (HMC)
Hack the Hospital: When Cyber Threats Turn Physical Hospitals are increasingly at risk—not just from data breaches, but from digital attacks that disrupt physical systems. In this live, on-stage demonstration, ON2IT and HMC reveal how attackers exploit overlooked infrastructure like HVAC and water systems to cause real-world impact, from postponed surgeries to compromised patient safety. […]
How to develop secure software
Secure software development frameworks and methodologies have been around for 20 years. Yet, despite many companies committing to them, we still have vulnerable software that enables devastating cyberattacks. Therefore, many organizations question the value of secure software development processes and do not know how to organize their software development to be secure-by-design. In this talk, […]
