This international and interdisciplinary workshop is part of a series of events organized by the Horizon 2020 project CANVAS. The goal of CANVAS is to inform deciders and policy makers about issues at the intersection of ethics and cybersecurity by creating briefing packages, whitepapers, and materials for teaching (MOOC, reference curriculum, and a book). Our event brings together scholars and practitioners. This includes actors who need protection for themselves or for their organization as well as those who have to deal with the consequences of untraceability and online anonymity.

Our international workshop on “Ethical dilemmas in strategical and operational cybersecurity at State level” in Lausanne, Switzerland will begin with a focus on ethical issues in day-to-day operations for penetration testers, operators of critical infrastructure, and CERTs providing technical reaction to threats. Towards the end, we will broaden the scope to furthermore look at value-driven creation of new regulations and standards. The outcomes of the workshop will serve as input for the deliverables of CANVAS.

Topics Overview

We need more security! Protecting high-value secrets and vulnerable humans. Operational security training I: Why is it so difficult to get it right? Hacking to help: moral and legal difficulties of independent security research. Anonymity on the internet: challenges for activists and law enforcement. Exploits and exploration: balancing harm and utility in academia and practice. Your privacy is important to us: conflicts in the corporate environment. Operational security training II: pragmatic recommendations for the paranoid.

four thematic sessions spread over two days

World-class presenters

Melanie Rieback CEO/Co-founder Benjamin Kunz Mejri Founder and managing director Stephane Bortzmeyer Research engineer Tomi Tuominen Practice Leader Technical Security Consultancy Reto Inversini and Andreas Greulich Security Officer and Technical Analyst Richard M. Stallman Chief GNUisance Manuel Suter Koordinator Nouschka Auwema Senior Advisor Cybersecurity Juha Röning Professor Harald Zwingelberg lawyer Stephan Walder stv. Leitender Staatsanwalt Daniel Plohmann Researcher Martin Dion Global Chief Information Security Officer (CISO) & VP EMEA Delivery

Workshop Program (as PDF)

Monday – 13 May 2019

9.00

Welcome and Introduction

ESC, University of Lausanne
Welcome

9.30

Session 1a

Ethical dilemmas for pen-testers and operators of critical infrastructure.
Melanie Rieback
Radically Open Security
Ethics and Pentesting
Benjamin Kunz Mejri
Evolution Security GmbH
Intelligence Vulnerability Management, Databases & Models

10.45

Coffee Break

Coffee is served on site (for all registered participants).

11.15

Session 1b

Ethical dilemmas for pen-testers and operators of critical infrastructure.
Stephane Bortzmeyer
AFNIC
Rendez-vous techniques: the weakest link? The example of the DNS.

12.00

Lunch Break

Lunch is served on site (for all registered participants).

13.30

Session 2

Ethical dilemmas during technical reaction
Freddy Dezeure
Independent management consultant
Ethical challenges in incident response
Tomi Tuominen
F-Secure
Ghost story
Reto Inversini and Andreas Greulich
MELANI
Ethical and legal dilemmata during operations against APT groups

15.45

Coffee Break

Coffee is served on site (for all registered participants).

16.30

Keynote

This talk will be in room 1031 at the Antropole (a 15 minutes walk across campus)
Richard M. Stallman
The GNU Project
Cyberpeace requires Free Software

18.00

Closing of Day 1


19.00

Dinner

For speakers only. Location will be announced at a later time.

Tuesday – 14 May 2019

09.00

Session 3

Protecting values in strategic plans for better cyber security
Manuel Suter
National Coordination Center (Switzerland)
Building national Cybersecurity Strategies: democratic challenges
Nouschka Auwema
NCSC-NL
I hacked the Dutch government and all I got was this lousy t-shirt

10.30

Coffee Break

Coffee is served on site (for all registered participants).

11.00

Session 3

Protecting values in strategic plans for better cyber security
Juha Röning
Universtiy of Oulu
AI: Is it a fair play on software security?

12.00

Lunch Break

Lunch is served on site (for all registered participants).

13.30

Session 4

Enforcing the law in cyberspace
Harald Zwingelberg
ULD Schleswig-Holstein
Enforcing data protection in cyberspace - Challenges and strategies
Stephan Walder
Staatsanwaltschaft II des Katons Zürich
Cybercrime - possibilities and limitations of penal prosecution

15.00

Coffee Break

Coffee is served on site (for all registered participants).

15.30

Session 5

Approaches for knowledge-based collaborative solutions
Daniel Plohmann
Fraunhofer FKIE
1+1=3? Experiences with Fostering Collaboration in Cybersecurity
Martin Dion
Kudelski Security
Securing the State & the People in Cyberspace – An ethical dilemma or just a big misunderstanding?

16.30

Closing of Day 2


Venue

The workshop takes place at University of Lausanne in room 414 on the second floor of the Amphimax. Information on how to reach Lausanne can be found on the website of the university.

Address of the Amphimax:
Quartier Sorge, 1015 Lausanne, Switzerland
Building Amphimax
© University of Lausanne

Accomodation and Sights

We recommend you stay at the nearby Swisstech Hotel. You may find cheaper options on your favorite hotel booking portal. Consider the following table for hotels and rates.

Name Rate Comments
Swisstech Hotel 112 CHF Last checked 1.4.2019
Save some time for exploring the area!