For your convenience, you can attend the roundtable via Cisco’s Webex Teleconference system.

  • Date: 27 September 2017
  • Location: Cisco Belgium, Diegem
    or via Webex
  • Duration: 8.30 - 15.00
  • Attendance: In person
    or online
  • Fee: Free of charge
▲ Back to Top

Overview

Overview

• How to identify genuine and trustworthy IT hardware?
• What are the true benefits and value-add of the manufacturer's authorized sales channel?
• How can procurement processes of IT hardware affect the security of an organization?
• Why make a health check of legacy IT hardware? Aren’t we getting paranoid?

These are the type of questions that we will discuss during the roundtable, organized by Nanac and Cisco, on September 27.

'Cybersecurity begins with hardware integrity' is an interactive event that will gather procurement managers, risk and insurance managers, data protection officers, IT managers and cyber security experts from the Public and Private sector.

Join us on September 27, you will have the opportunity to share your expertise, address your key challenges and learn from your peers’ experience.

▲ Back to Top

Agenda

8.30 - 9.00:

Welcome breakfast

9.00 - 9.15:

Introductory remarks

9.15 - 9.45:

Hardware innovations and customer’s trust

9.45 - 10.15:

Roundtable and Q&A

10.15 - 10.45:

Public sector and cybersecurity

10.45 - 11.15:

Roundtable and Q&A

11.15 - 11.30:

Refreshment break

11.30 - 12.00:

Hardware designed for data privacy

12.00 - 12.30:

Roundtable and Q&A

12.30 - 13.30:

Lunch

13.30 - 14.00:

How to procure networking hardware safely?

14.00 - 15.00:

Roundtable, Q&A and closing remarks

▲ Back to Top

Speaker and Moderators

Arnaud Spirlet, General Manager, Cisco BeLux
Anthony Grieco, Senior Director and Trust Strategy Officer, Cisco
Jiri Kocab, Brand Protection Manager, Cisco EMEAR
Lorena Marciano, Data Protection and Privacy Officer, Cisco EMEAR
Marc Vael, President of ISACA Belgium
Mathieu Maes, Secretary General ICC Belgium
Luc Van de Velde-Poelman, Adviser-General Head of Disputes Administration, General Administration of Customs and Excise
Tom Peperstraete, Economic Inspection of the Ministry of Economy
Ivan Vandermeersch, Secretary General at the Belgian Association of Marketing

Organisers

Nanac (www.nanac.be) and Cisco (www.cisco.com)

Participation in the event is free of charge

▲ Back to Top

Register

Registration

'Cybersecurity begins with hardware integrity' is an interactive event that will gather procurement managers, risk and insurance managers, data protection officers, IT managers and cyber security experts from the Public and Private sector.

Seating is limited to 30 attendees. You can attend the event via teleconference. Please note that your registration will be final upon reception of a confirmation by email.

▲ Back to Top

Background information

Hardware designed for data privacy

From Hardware to Software, data breaches happen by overlooking the necessary safeguards that keep our most valuable data assets safe from deliberate access. If we are to safeguard data against theft and attacks properly, we must invest in knowing what data we are collecting, how we are collecting it, where do we keep them, and how we are keeping it safe, at rest, in use and in motion, not just investing in how we solve the problem after the fact. This is what we call “Privacy Engineering”. Is your Hardware encrypted, do you have a RM process that eliminate the data before refurbishing, retiring, reusing? And if stolen, do you know what was in there? When you are designing your Software, do you think about what data do you need, for how long, and who has access to? We at Cisco are investing in injecting these questions at the core of our product lifecycle to make sure that the data of our customers and our data are protected by educating on and automating data protection controls as part of our privacy engineering effort.

How to procure networking hardware safely?

The presentation will focus on what may be the legal and practical consequences of buying IT products from outside the authorized channel of the manufacturer. We will discuss procurement best practice, how the customers may protect themselves prior to purchasing, and how they can verify the reputation of the seller. Real life examples will highlight the added value of the manufacturer’s authorized channel, and importance to rely on hardware products eligible for manufacturer’s support. Audience will learn about parallel imported, counterfeit and unlawfully modified products. We will also bring attention to manufacturer’s apps and web-service helping customers to verify the product’s origin prior to purchase.

The importance of hardware in terms of cyber security

The pervasiveness of technology at all levels of our life has important implications, and certainly for business, with increasing expectations and responsibilities for cyber security, including data protection and privacy. What we can observe so far in terms of securing IT systems and prevention campaigns in this area is an attention focused mainly on software, passwords and user behavior. With regard to software, common practice could be summarized as "patch and pray". Nevertheless, as recently stated by Dr. Linton Salmon of DARPA, the US agency for advanced defense research projects, "This race against ever more clever cyber intruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software".

It should be of paramount importance that any hardware used can be properly assessed not only when it is purchased but throughout the supply chain. Both consumers and businesses are confronted with the need to trust electronic systems and devices that in many cases perform essential functions in areas such as telecommunications, defense and health. For this reason, it is of the utmost importance that the electronic components they contain are safe. Any of these devices could, for example, be equipped with a hardware or software backdoor with serious repercussions. The presence of hardware backdoors in particular presents a challenge for security experts.

Thus, it is essential for businesses to select hardware manufacturers with the most rigorous control of their production, and with an appropriate brand protection policy as well. Budgetary pressures can make it very tempting to avoid authorized resellers in favor of attractive offers, especially on the Internet. This is where, for various reasons, criminal organizations that are contravening legislation, particularly intellectual property, are selling dangerous IT equipment. It is not a question of mistrusting only certain undemocratic regimes that might see an advantage in installing backdoors for attacks on western companies, there are also threats that can be revealed from anywhere. Indeed, the alteration of the smallest component could expose a company to espionage or sabotage.

Another example of hardware vulnerabilities can be Trojans at the level of integrated circuits, which can be installed at different stages of the supply chain. This relatively recent threat is sometimes contained in a single component added to the overall structure of the microprocessor. Almost indistinguishable from the rest of the components, it is secretly designed to function as a capacitor - temporarily storing electrical charges - rather than managing regular functions. Thus, when a malicious script from a website or application triggers a certain command, the capacitor captures a small electrical charge and stores it in its wires without affecting the power or performance characteristics of the chip. Once the chip reaches a predetermined threshold (after a few thousand small events), the capacitor switches to a logical function and takes control of the operating system.

Other forms of attack at lower levels can affect the work of microcircuits, which are the fundamental components of any electronic device. Recently researchers have explored the possibility of modifying the behavior of the material by affecting the concentration of doping in electronic components or by changing its polarity.

In short, the objective and interest of criminal organizations selling dangerous IT equipment is found either in the placing on the market of counterfeit products sold well in excess of their real value, or in appropriating sensitive information to be resold, or for the purpose of simply being able to damage the operation of a network.

For businesses, taking responsibility for cyber security, including data protection and privacy, also means paying particular attention to its IT hardware supply chain, making sure to select suppliers that have the best control of their manufacturing process and to maintain its equipment in the conditions of eligibility for the warranty of the manufacturer. This could involve some preference for authorized resellers, and the use of a standard clause requiring genuine hardware in supply contracts.

It should not be forgotten that this concerns the company's IT network in the broadest sense, ie including all access control systems, all devices connected to the network, the Industrial Control System, surveillance systems and the entire communications infrastructure (including mobile phones and tablets, of course).

▲ Back to Top

Location

Location

Cisco Systems Belgium

De Kleetlaan 6,
1831 Machelen,
Belgia

Share

Co-organiser

  • NANAC