Category

Cyber-security

TCAB participates in the event on the Cybersecurity Regulation organized by AMETIC

By | Acreditación, AMETIC, Auditoría, Centro Criptológico Nacional, Cyber-security, Cybersecurity, ENISA, EU Cybersecurity | No Comments

AMETIC, the Spanish ICT Business Association has organized an informative event on the new European regulation “Cybersecurity Act”, which from June 2019 will regulate the implementation of a common European framework for the certification of “Cybersecure” ICT products and services to promote cybersecurity of online services and consumer devices.

This European regulation not only seeks to increase the confidence of users in relation to the use of connected devices, but also to strengthen the European cybersecurity industry and the European Single Market, positioning it as a reference worldwide, in line with other markets such as the United States or China. The European Union Agency for Network and Information Security (ENISA), which through this regulation will be named as the new European Agency for Cybersecurity, will coordinate and harmonize policies at European level, and will support Member States in the implementation of plans and national strategies in the fight against threats and cybersecurity attacks.

Antonio Cimorra, director of Information Technologies and Digital Agenda of AMETIC, highlighted during the opening of the session the advances that the digital transformation has introduced in society, as well as the importance of ensuring cybersecurity. He also commented on the measures that, from AMETIC, and particularly from the Cybersecurity Commission where important suppliers of this technology meet, are being developed in this field. Cimorra also highlighted the association’s support for the new European initiative.

Later, Ignacio Pina, Technical Director of the National Accreditation Entity (ENAC), explained that, “although the regulation will not be mandatory at the beginning, as far as certification is concerned, it is spected that the market will regulate itself fostering its adoption “. Pina added that “certification in itself does not generate security, but rather seeks to build trust among consumers”. In this regard, he commented that “the transition between current national certification schemes in force and the new common European framework will be gradual”. On the other hand, he stressed that “the role of the industry in defining the certification schemes that derive from this regulation, is essential for them to be aligned with market needs.”

Implications of “Cybersecurity Act”

Next, Cybersecutity focused round table was held witht the motto “How does the Cybersecurity Act impact on companies in the digital sector ?”.

Round table was presented by David González, president of the AMETIC Cybersecurity Commission and Head of Sales for Europe and North Africa of G & D. The participants were Mariano José Benito, CISO of GMV; Jesús María Alonso, Head of Consulting Spain of ATOS; Ainhoa ​​Inza, CEO of TCAB (Trust Conformity Assessment Body), and Miguel Bañón, CEO of EPOCHE & ESPRI.

They discussed the implications of the certification regulation for the activity of companies in the digital sector, and the following steps to address in this new scenario.

In general, the participants commented that it is a very positive initiative since, despite being a voluntary regulation for the time being, it is expected that its impact on the market will increase the number of certified secure ICT products in a significant way. They also highlighted that, for Spain, it is an opportunity for consolidation at the European level in terms of cybersecurity, taking advantage of the fact that the Spanish certification ecosystem is among the best considered in Europe.

On the other hand, it has been highlighted that, since there is no penalties framework within the regulation, it is important for companies to detect the benefit of certification, such as the impact on the consumer in terms of trustworthiness. They have also commented that the objective of this initiative is that consumers “get used” to verify that those ICT products or services that they buy or consume, carry the seal of safety certification.

Finally, the presentation by the expert representative of the National Cryptological Center (CCN), an entity that currently coordinates the work of certification in cybersecurity at the national level, addressed how the new Scheme will be adopted in Spain. CCN has coincided with other speakers in the great opportunity that “Cybersecurity Act” supposes for the European and Spanish cybersecurity industry when it comes to positioning Europe in line with other markets.

Event on cybersecurity held by ENISA last April 24th

By | Ciberseguridad, Cyber-security, Cybersecurity | No Comments

On April 24th, a new edition of the event on cybersecurity organized by the European Network and Information Security Agency, ENISA, took place in Brussels (Belgium).

The conference was aimed at small and medium enterprises (SMEs), professional associations and public bodies related to the Internet of Things (IoT) and certification activities.

The objective of the event was, on the one hand, to increase awareness and deepen knowledge of the IoT and Industry 4.0 and its effect on the European cybersecurity market. On the other hand, it sought to increase collaboration among the members of ENISA by identifying common interests.

In addition, the ENISA Industry Event provided participants with an overview of the EU Certification Framework and its relationship with the European cybersecurity industry.

About “ENISA Industry Event”

The event, organized since 2015, serves to share knowledge about the cybersecurity sector. The fundamental objective of this activity is none other than to build a community in the cybersecurity sector in both the public and private sectors of the EU.

If you want more information about the event, please click here.

To consult the agenda of the day, please click here.

Impressions on Mundo Hacker Day 2018

By | Ciberseguridad, Cyber-security | No Comments

Mundo Hacker Day 2018Mundo Hacker Day 2018, the reference event on cyber-security in Spain, brought together professionals and experts in the field of cyber-security on April 25 in Madrid.

In this fifth edition, attended by more than 2,000 people, different experts from both Spain and Latin America exposed various relevant issues that affect the world of cyber-security at this time.

Among others, the following talks stood out:

  • The Upside Down World (Stranger Things). Antonio Ramos, Professor, presenter, writer and expert in Hacking and Computer Security.

Antonio Ramos exposed the advantages and disadvantages of the digitalization of society. In his opinion, automation is a positive step for modern societies but, if people are eliminated, digitization would be incomplete.

  • Round Table:

Kasperski: Dani Creus, Senior Security Researcher, Global Research & Analyst Team (GReAT), Kaspersky Lab / ESET: Josep Albors, ESET Spain Responsible for Research and Awareness / Panda Security: Conrado Crespo, Global Presales Consultant Panda Security / Viewnext: Antonio Navas Casado, Director of IS / HP Services: Melchor Sanz, CTO and HP / Sophos Presales Manager: Alberto Ruiz Rodas, Presales Engineer for Spain and Portugal at Sophos / Modera: Daniel de Blas.

  • Ay, ay, ay …. giving the bad guys where it hurts the most! David Conde, SOC / CERT Manager at S21sec

The speaker explained the field experience of the incident response service of S21sec in the fight against some of the most sophisticated organized groups operating in the international arena.

  • Round Table Hack Woman

Silvia Barrera – [IN] IT Security, Researcher, Cybercrime Specialist and Writer / Tamara Hueso – Senior Cybersecurity Analyst (IT-ERS) at Deloitte / Rosa Díaz – General Director Iberia Panda Security / María José Talavera – General Director IBERIA VMware / Albora Trimiño Díez – Cybersecurity Operator, IT Risk Fraud and Security / Miriam Martínez Muñoz – Member of HoneySec, Professor and Researcher at the University of Alcalá / Pilar Vila – Computer forensic expert / María José Montes – Head of cybersecurity of ESET Spain / Moderator: Desireé Rodriguez.

  • Digital Molotov. Gabriel Lazo Canazas.

This expert in cyber-security talked about the dangers of cyber-crime and the Deep Web.

  • Trape: The phising evolution. Jose Pino. Leader of the “TRAPE” development team.

Colombian researcher José Pino presented a TRAPE tool, developed by him, that allows people to track and execute intelligent social engineering attacks in real time.

  • When the threat is inside: detection and early response to attacks with Aruba Introspect. Artur Gradoli, Aruba Solutions Architect, Hewlett Packard Enterprise.

The conference was directed towards large companies. Artur Gradoli explained the importance of monitoring the internal network in the detection of exceptional events.

  • Advanced Digital Threats: Perspective from the trenches. Dani Creus, Senior Security Researcher, Global Research & Analyst Team (GReAT), Kaspersky Lab.

The researcher spoke about the origin of threats in large organizations: 90% are routine threats, 9.9% are directed attacks and only 0.1% are carried out with digital weapons (such as Stuxnet, among others).

  • Recon Tactics . Simón Roses Femerling, CEO of VULNEX.

This expert exposed the methods to train the “blue teams” in companies to deal with external attacks.

  • Ensure Cyber Risk: Ciber Policies , from large multinationals to SMEs, what do they protect? Manuel Huerta, CEO of Lazarus, Expert in Forensic Computing and Professor of Electronic Probatory and Digital Research.

The cyber-risk policies represent a great business opportunity at present, due to the increasing threats to the protection of the data. Faced with an exfiltration of data, companies must face fines of 2% of turnover or 10 million euros if they are SMEs, or 4% of turnover or 40 million euros if they are medium or large companies.

  •  Security operations guided by Intelligence: what is the pyramid of pain? Jorge Hurtado, VP Managed Services & Advanced Cybersecurity Services at S21sec.

Jorge Hurtado spoke about the possibilities that exist to anticipate, detect and react to threats effectively. For this expert, security operations must go hand in hand with the intelligence strategies of the companies’ cyber-defense.

  •      Secret communications and “Stay-Behind” networks: the “Harpoon” project. David Marugán.

This cyber-security consultant gave a brief historical introduction about the Stay-Behind clandestine networks. In addition, he explained the operation at the technical level and of COMSEC (Security of Communications) of the secret espionage networks. He used as an example the FS-5000 transponder equipment “HARPOON”, used since the end of the Cold War for encrypted communications.

If you wish to visualize the agenda of the event, click here.