Taylor Swift Can Save Us
‘Only Taylor Swift can save us now’ is the powerful quote that best summarises the GÉANT Security Days’ (9-11 April 2024, Prague) closing keynote Lies are (not!) everywhere by the Czech TV journalist Daniel Stach, host of the popular prime time science programme Hyde Park Civilisation. Daniel delved on the impact of AI on our ability to recognise false information. The keynote highlighted the recent events that prompted the introduction of a US bill addressing nonconsensual, sexual deepfakes—following the proliferation of AI-generated pornographic images featuring singer Taylor Swift on social media. He emphasised individual responsibility in navigating this complex landscape, recognising that the ultimate solution lies not solely in technology, but also in our discerning ability and rational skills.
A ‘fil rouge’
Collaboration, sharing experiences, best practices and knowledge: these are the common threads arising from the majority of talks and discussions at Security Days since the very start, but let’s have a good look at the conference programme to find out more. Day one comprised two parallel tracks with side meetings and workshops that stimulated engagement and debates among the 150 cybersecurity experts from across the international research and education community. One track, entirely dedicated to the Special Interest Group-Information Security Management (SIG-ISM) meeting, was structured around the four core areas of cybersecurity: legislation, implementation, monitoring and training & awareness.
Ana Alves, CISO for GÉANT and her meeting co-chair, Rolf Sture Normann from Sikt, kicked off the meeting: “Our aim is to identify with all of you the essentials to build up, strengthen our network and become more resilient against the ever growing and evolving cyber threats”.
The other track comprised a Cyber Threat Intelligence (CTI) workshop where NREN participants from the Netherlands, Cyprus, Ireland, Sweden and Poland presented use cases for threat intelligence and their individual journeys and experiences. The workshop was followed by an interactive and dynamic session on products and services giving insights into which kinds of security products and services NREN create, develop and deploy for their members.
Cybercrime knows no borders
On day two, the conference’s opening plenary started with a welcome address from Klaas Wierenga, GÉANT CITO. Underlining the growing importance of security for Research & Education (R&E) globally, Klaas looked at international developments and also highlighted some of the most significant changes on the horizon that will affect NRENs such as the European NIS2 legislation, EuroHPC and EOSC.
Klaas closed: “Cybercrime does not stop at borders: cybercriminals, targets and technical infrastructure span multiple jurisdictions, bringing many challenges. We need to collaborate closely in the months to come, collaboration and global information sharing can make a real difference in our fight against cybercrime.”
What is your mission?
Andrea Kropacova from CESNET, the National Research and Education Network of the Czech Republic took the stage to add her warm welcome to Prague highlighting CESNET’s history, their top priorities, security being one of them, and outlined the NREN’s security portfolio of services, stressing the importance of the role that her small, but efficient security team plays for R&E in Czechia.
Andrea concluded: “What is your mission? Mine is to maintain quality of the security services provided by the Czech NREN, to support IT personnel from connected institutions and to educate a new generation of experts.”
Getting ready for the post-quantum age
The long-awaited opening keynote ‘Moving the goal to post-quantum’ by Professor Roland van Rijswijk from the University of Twente, starting from the premise that public key cryptography is the security foundation that trust and confidentiality online are built on, warned that it is under threat from being broken by powerful quantum computers. Fortunately, the academic research community has been working hard on quantum-safe cryptographic algorithms that remain secure even if practical quantum computers become a reality. Transitioning the whole internet to these new cryptographic algorithms, however, is a major undertaking that comes with many challenges. Roland explained the basic need for post-quantum cryptography and highlighted, using examples from R&E networking, what challenges we are likely to face in the coming years. ‘We have time, but have to start preparing’.
Humans and cybersecurity
The Human Factor session on day two reminded us that managing human risk has become more critical in today’s interconnected world and highlighted that a human-centric approach, where employees are at the heart of an organisation’s security strategy, is a key success factor to empower the community in the face of evolving cyber challenges. The session also took a deep dive into common pitfalls brought by a user-blaming and punitive cybersecurity culture, but also presented concrete examples on how NRENs can be at the forefront of cultivating a positive and open cybersecurity culture.
Have you got five minutes?
The Lightning Talks plenary session closed Security Days day two with thirteen lively, informative and animated five minute presentations which offered great content, perspectives, insights and ideas on various aspects of cybersecurity. From external communication during a cyber crisis, on how to deal with a ransomware attack, from novel security awareness approaches to innovative tools and a vision of the Security Operations Centre (SOC) of the future. The room was buzzing, what a great way to close the day.
Security: we cannot do this on our own
Day three opened with a session on operational security: with the growing number of threats, the developments in technology and the fast rise of AI, cooperation in operational security has become crucial. Notwithstanding the high levels of confidentiality of some individual incidents, NRENs also need to learn from their peers in the community to be able to efficiently and effectively protect assets and users. In a very honest and humorous talk, presenters form SURF demonstrated that although management and technical staff may not seem to speak the same language at times, only via regular and open communication they are able to address otherwise unsurmountable and complex issues. The session also highlighted, in a passionate talk by Brian Nisbet from HEAnet, that a SOC cannot be built without intense interaction with other NRENs and users, because only interactions make miracles happen. But speaking oft miracles, could the ultimate one be a large virtual pan European collaboration: the R&E security intelligence hub?
CISOs, wizards and professors
The closing plenary had plenty of food for thought in store for us all. What does it take to be a CISO? Simple, be a multitasking master, bring everybody onboard, communicate and share, monitor legislations and compliance and ultimately make the organisation secure with a solid and pragmatic approach to cybersecurity; according to Ana Alves, GÉANT CISO. The session continued with a talk by Jan Kolouch from CESNET, which by identifying Prague as the real Ankh-Morpork, the imaginary city-state of many Discworld novels by Terry Pratchett, recognised librarians, wizards and professors in the world of NRENs and their constituencies. Jan captured and engaged the audience with national case studies and closed with the recommendation not to succumb to the illusion of technology when looking for solutions, to choose diversification and look for a balance between the fulfilment of formal requirements and the reality of what can be achieved.
Alf Moens, Security Lead from GÉANT closed the conference: “Collaboration at all levels and across national borders, the need to share experience and expertise, and the importance of the human factor in such a technical environment are the most discussed and key takeaways of Security Days 2024. I am impressed with the active participation and great engagement of all delegates and hope that Security Days will help to make the community better prepared and more resilient against cyber risks.”
Social engineering R us
Security Days’ participants were invited to take part in a social engineering exercise during the event social and into the morning of the next conference day.
Curious? Read the brilliant write up by Nicole Harris.
To find out more about Security Days 2024 programme and download the presentations, visit: GÉANT Security Days – GÉANT Security (geant.org)
Will there there be a Security Days in 2025? Stay tuned and watch all the GÉANT communications channels for updates.
This article is featured on CONNECT 46, the latest issue of the GÉANT CONNECT Magazine!
Read or download the full magazine here