In an online version of the latest dcypher symposium, two expert panels discussed digital autonomy in the context of the cybersecurity research agenda, and lifelong learning in the context of the cybersecurity education agenda. In addition, the best cybersecurity research paper of the last year was announced. The online symposium took place on Monday, September 28, 2020. On 1 October 2016, the platform dcypher (Dutch cybersecurity platform for higher education and research), which was established in April 2016, will come to an end. Stan Gielen, president of the Executive Board of NWO, kicked off the mini-symposium and looked back on five years of dcypher. “As NWO, we are happy with the results,” said Gielen. “dcypher has impacted cybersecurity research, built bridges and created a community. But now that the community has matured, it is time for NWO to withdraw and let the community stand on its own, just like parents lets go of their child when it has grown up.”
Sebastian Österlund (lieft on photo) receives the DCSRP 2020 Certificate of Excellence from Jan Piet Barthel (dcypher). Afterwards sponsors Marcel van Oirschot (KPN Security), Petra van Schayik (Compumatica) will offer him the 1000 Euro bonus cheque. Martina Lindorfer, member of the Jury, is also present at the ceremony.
Best paper award
dcypher director Jan Piet Barthel subsequently introduced the dcypher Security Research Paper Award Ceremony. It was the sixth time that the competition took place and this time ten research papers, from a total of six universities involved, competed for the honor. An international jury selected four papers for a presentation during the symposium and ultimately chose as a winner the paper ‘RIDL - Rogue in flight data load’ by a group of researchers from the VU Amsterdam and the CISPA Helmholtz Center for Information Security of the Saarland Informatics Campus. Jury chair Martina Lindorfer of TU Wien praised the winning researchers for combining scientific insights with a major impact on the everyday world. Sebastian Österlund of the VU received a check for € 1,000 on behalf of the research team. In the paper, the researchers describe a major data breach in all Intel processors produced in the past ten years. Those processors are installed in more than eighty percent of all computers and servers. The discovered vulnerability allows malicious parties to steal data from computers by looking at the data processed by the processor. The discovery made headlines worldwide in the spring of 2019 and forced Intel to make changes to their chips later that year.
After the award ceremony, under the leadership of symposium moderator Peter Zinn, four experts shed light on the subject of digital autonomy in the context of cybersecurity: Prof. Lokke Moerel (Tilburg University), Prof. Paul Timmers (University of Oxford), Dr. Maarten Bodlaender (Philips Security Technologies) and Marcel van Oirschot (KPN Security). Against the background of a growing geopolitical battle between the US and China, there has been a call in Europe for the past two years to become less dependent in technology on these two other superpowers. Lokke Moerel outlined in her contribution that European sovereignty in the field of technology is under pressure due to three developments: cyber threats (such as theft of intellectual property and misinformation), a technological cold war (struggle to become the best in AI, 5G and chip technology), and the power of Big Tech (such as vendor lock-in, EU-data in a US cloud, and the purchase of start-up companies). “The corona crisis has only strengthened the drive for European sovereignty in the technological field,” said Moerel.
Building on Moerel’s analysis, Paul Timmers wondered in his contribution how digital autonomy should then take shape. He outlined three strategies. The first strategy is that of risk management: try to do it the best you can. “Until now, that has been the typically European approach, for example in the development of the GDPR,” said Timmers. “But who dares to take political responsibility when things go wrong? That’s a risk.” The second strategy is to enter into strategic partnerships with befriended countries (for example the Netherlands with Great Britain), supplemented by partnerships built on strategic interdependence (such as the Netherlands with China).
The third strategy is based on the idea of what is good for the whole world (global common good). “Traditionally, European R&D has focused on this: present it openly and the whole world will benefit from it. But that premise is already changing in Europe. I predict that the successor to Horizon 2020, Horizon Europe, will not be nearly as open anymore.”
Maarten Bodlaender of Philips argued that in the pursuit of digital autonomy, market parties must be explicitly included. “Philips supplies products to 80 countries. If each of those countries has different requirements and regulations, it will be impossible for us to supply for example respiratory equipment in all those countries. Then you lose scale.”
Marcel van Oirschot of KPN referred to a recent quote from Facebook boss Mark Zuckerberg that if he doesn’t like it in Europe, he can deny Europeans access to his platform. A clear illustration of the European dependence on an American platform. “There is only one solution”, says Van Oirschot: “We need much better cooperation within Europe. But so far, Europe has unfortunately not even been able to standardize the socket.” He also believes that the Netherlands and the EU should look more critically at which technology they want to sell to to the rest of the world.
The second and final panel discussion revolved around the importance of lifelong learning in cybersecurity education. Three experts participated online: Inge Bryan (Deloitte Cyber Risk Services), Jos Griffioen (Leiden University) and Tineke Netelenbos (chair of ECP and member of the Cybersecurity Council).
Bryan said that Deloitte deliberately doesn’t use job descriptions because employees encounter all kinds of problems in practice that no particular education can prepare them for. “The point is that our people have learned to learn new things.” She took her own career as an example: she graduated in history, but ended up in cybersecurity. “Something like that applies to many: you are going to do something completely different than you studied, but the most important thing is that you have learned to learn.” She also emphasized the great importance of paying attention to digital skills as early as primary education, which should include cyber security. The education sector must also be open to let people from the business world teach.
Jos Griffioen explained how important it is to create an ecosystem in which it is normal for people to continue to train and retrain throughout their lives. “For example, we have set up a Digital Forensics course at Leiden University, in which we trained employees of the FIOD. And we had Deloitte consultants in the classroom who wanted to learn how to program in Python. In the coming years universities, government and business will have to further shape this learning to learn. We should also consider offering cybersecurity education to Pabo students. That can also make the Pabo more attractive for boys again.”
Tineke Netelenbos was the last to speak. She also emphasized the importance of starting digital literacy education in primary education and the need to train more computer science teachers. As a textbook example of successful retraining, she mentioned the ‘Make IT Work’ project of the Hogeschool van Amsterdam: “This project offers university graduates who cannot find work in their own profession the opportunity to retrain to become an IT specialist. That project is very successful. The European Commissioner for Digital Economy and Society selected it as the model project for teaching digital skills. The project also succeeds in getting more women to choose IT.”
dcypher-directeur Jan Piet Barthel
dcypher director Jan Piet Barthel arranged the closing of the symposium, in which he thanked all the people and parties involved. He announced that dcypher in its current form will end on October 1, but fortunately will be continued. He called the mission that dcypher fulfilled a cyberspace mission and compared it with space missions. “Just as space missions (like Apollo and Sputnik) get consecutive numbers, it would be nice to do the same with dcypher. Then we get a dcypher 2 mission, which takes full advantage of the results and improvements that have emerged from the dcypher 1 mission." He concluded with a wish for success to dcypher 2.
Text: Bennie Mols
Photo's: Sjoerd van der Hucht