IT-Defense 2022Presentations

Presentations – IT-DEFENSE 2021

Critical Infrastructure Protection according to the IT Security Act – Basics, Implementation and Developments – Dr. Christoph Wegener

According to the IT Security Act (ITSiG) of 2015 and the related BSI-Kritis Ordinance (BSI-KritisV) of the years 2016 and 2017, operators of critical infrastructures are obligated to take appropriate, state-of-the-art technical and organizational measures to ensure the security of their IT infrastructure. Moreover, the measures implemented must be audited every two years, and the operators have the obligation to report security incidents to the Federal Office for Information Security.

This presentation shows what requirements exist, how they can generally be put into practice and what extensions are now planned with the IT Security Act 2.0. The question of appropriateness and of requiring state-of-the-art measures will also be discussed. An insight into the threshold values of BSI-KritisV and an outlook on possible future developments will round off the presentation.

SAP as a Cyber Weapon – Andreas Wiegenstein  

SAP security talks have a lot in common with Gin. They are quite dry and quickly get you dizzy. And once they are finished, you're having difficulties remembering that last hour or so. That's because SAP security is considered to be quite meaningless by 99% of the infosec community. But what 99% of infosec community don't know: if I break into your SAP system, I may not be after your SAP data, but after the rest of your network.

This talk illustrates the attack potential of a hacked SAP installation against your company's network. Watch common defense mechanisms get bypassed and fail. And maybe have a Gin afterwards...

From CISO in an Enterprise to CIO/CDO of a Federal State: Experiences and Daily Challenges – Stefan Krebs

Following a brief overview of the current threat situation, the speaker will go into the Emotet attacks in Hesse and deal with the question: “Why the city of Frankfurt has done everything right and it still was wrong.” The second part of the presentation will examine cybercrime in the time of corona. From the risks of working from home to “corona ransomware with chat features” and CEO fraud – cybercriminals have not taken a coronavirus break. The third part is dedicated to the inventors of working from home – hackers. Besides providing the latest insights into the Elcatel case and the bulletproof hoster from the village of Traben-Trabach, there will be a short trip to the darknet.

On the Economy of Attention – Prof. Dr. Gunter Dueck

Attention wins, no matter what kind – as long as it is shrill or sensational, breaking taboos or representing alternative facts. World conspirators, politics liars and professional insulters are clouding every state of facts, are driving ill-fated politics and are making clear assessments of situations more difficult. Hundreds of millions are made in the economy by hyping or dissing shares, and marketing campaigns are also increasingly overstepping boundaries. Particularly popular: statistical creativity. Sober truths, however, are sober; facts are dry. What’s going on here? We have arrived in an attention economy, in which the communication possibilities of the Internet have led us. What counts are clicks, views and likes. This presentation reflects on the background and gives an insight into the attention chaos.

Exploiting Trust: The Human Element of Security – Rachel Tobac

Security protocols are often built on trust - trust which is exploited by hackers like Rachel Tobac. From email to phone communications, attackers study how to insert themselves within your trusted circle to leverage that trust against you. This keynote will dive into the anatomy of trust exploitation in real world social engineering attacks, walk through step-by-step examples of attacks happening during COVID-19, and the steps you can take to protect your data, money, security, and privacy from real world attackers, even during a pandemic.

Dealing with IT Disasters Legally – Preparation, Reporting Obligations and Fines – Joerg Heidrich

Open servers with customer data, freely accessible video surveillance, ransomware: IT security has long since become part of data protection, and IT accidents usually also indicate a breach of the strict General Data Protection Regulation. This starts with the question, which data can be stored at all and how long, it affects the requirements of an IT security concept and ultimately also the challenges of dealing with such a catastrophe. Looking at the potential fines and the potential claims for damages of those affected shows how unpleasant such an accident can become. As the data protection officer of Heise Medien and a specialist lawyer for IT law, Joerg Heidrich was involved in the research and evaluation of numerous IT disasters. Using practical examples, he will talk about his insights and the lessons he learned.

5G Security! Where are we standing – Altaf Shaik

This talk provides practical insights into the first phase of commercial 5G networks across the world. The emphasis is placed on the security issues that have been identified in the previous generations and fixed in 5G networks. Although major security improvements have been carried out by the standardization bodies, they differ in implementations. Experimental findings are provided to illustrate how secure 5G networks are compared to their previous generations and what to expect in the second phase of 5G networks.

Big-Game Hunting – Volker Kozok

Colonial Pipeline, Emotet – the city of Frankfurt and the Berlin Court of Appeals, Korean hacker groups hunting for bitcoins, research results from universities – the targets of criminal and state-controlled hacking attacks are getting better and better, their objectives bigger and bigger. While ransomware attacks have so far been aimed at “end customers”, they are now targeting renowned enterprises and large organizations. Meanwhile, “crime as a service” offerings are getting more professional. This presentation gives insights into the latest attacks and shows exemplary procedures of different hacker groups.