security essen: 

DNS Conference

The Digital Networking Security Conference will take place on the first and second day of security essen in Hall 7 and is free of charge for trade fair visitors.

IOT devices and Internet connections of products and services, which were previously purely physical or self-sufficient, are creating new possible targets for cyber criminals. Smart homes, digital company buildings, video surveillance and access control in the cloud are just a few examples of the fact that the confrontation with data protection and information security is inevitable in the future - even for the previously purely physical world of security.

The program of DNS Conference to download .

At the Digital Networking Security Conference, experts will report on current incidents, important interfaces between corporate and IT security, legal requirements that affect both worlds and practical implementation examples - both for those responsible for security in companies and public authorities - as well as for suppliers and installers of security technology.

Target groups

  • Large companies, industry, municipalities and authorities
  • Installers, planners, engineers, general contractors
  • Small and medium-sized enterprises, security service providers, security trade

Program of DNS Conference

1st day, 20.09.2022
10:00 am -10:45 am Between cybercrime and cyberwarfare - why cybersecurity is a matter for the boss
Thomas Köhler, non-fiction author

Thomas Köhler uses current case studies to show what the main dangers are for companies, what risks are looming in the Internet of Things, why factory automation and logistics are becoming the new playing fields of the cybercrime scene, and how you can best protect yourself and your employees.
10:45 am -11:30 am Roundtable: Cyber security in the security world: How far have we come and what still needs to be done?
Moderation: Holger Berens

Participants: Peter Vahrenhorst, LKA NRW; Werner Metterhausen, VZM; Prof. Timo Kob, Board of Directors, HiSolutions AG
11:45 am -12:30 pm Basic IT protection and basic business protection - or: why Einstein was not a security expert
Prof. Timo Kob, Board of Directors, HiSolutions AG

Albert Einstein once said "What costs nothing is worth nothing". If he had known about basic IT protection and basic business protection, he probably would not have said this. With the IT-Grundschutz, the BSI has created a work that is probably unique in its breadth and depth and free of charge in order to provide organisations of all types and sizes with an indispensable tool for increasing their own IT security. On the initiative of the ASW Federal Association in cooperation with the BSI and the BfV, this was supplemented by security aspects beyond IT in the basic business protection.
12:30 pm-01:15 pm Successful attack detection in accordance with IT Security Act 2.0
Sascha M. Zaczyk, Manager information security, EnBW Cyber Security GmbH

The IT Security Act 2.0 requires CRITIS institutions to introduce attack detection systems on time and also specifies requirements for operation. But the road to this goal is rocky. The associated presentation sees itself as a pilot that illuminates key success factors, provides practical set-up assistance and useful tips for lasting success in attack detection. From practice for practice.
02:10 pm -02:50 pm DDOS attacks via IOT devices
David Walkiewicz, Director Test Research, AV-TEST GmbH

Almost 9 billion IOT devices were installed at the end of 2020, and over 30 billion devices are expected by 2025. Unfortunately, security problems are often pre-programmed with these "small computers". Outdated hardware is used, software libraries that have long since been discontinued are used in development, and an update or even security concept is not even considered. It is therefore no wonder that attackers repeatedly succeed in setting up botnets consisting of tens of thousands of devices or more in order to cause damage: All too often, these are DDOS attacks designed to bring website operators to their knees and extort a ransom. In this talk, we will show various examples of how attacks are carried out on IOT devices and then end up in botnets such as Moobot or Glupteba to carry out DDOS attacks. A short excursion to the "hacker search engine" Shodan illustrates how easy it is made for attackers and how clueless manufacturers and users still deal with the topic.
02:50 pm -03:30 pm IT forensics: Hacked - and now? Learning from penetration tests, "real"
attacks and mistakes

Martin Wundram, CEO/Partner, DigiTrace GmbH

Making mistakes is human and mistakes happen! However, it is better not to make the same mistake several times. This presentation looks beyond the many IT security solutions and techniques already available, such as ISMS, SoC, endpoint protection, etc., and considers what it means when the AD admin password is still 'gandalf', unchanged for years...The presentation combines experiences from IT security and IT forensics with illustrative case studies.
03:30 pm -04:10 pm Next Level Security Awareness Training
Alex Wyllie, Founder and Managing Director, IT-Seal

It is well known that in 9 out of 10 cases, a cyberattack within a company is due to the ignorance of the employees. IT security managers are faced with the challenge of creating and constantly maintaining a high level of IT security awareness among their employees. However, measures such as e-learning or online training are far from sufficient for effective attack detection by their staff. Learn what additional measures are needed and how to get your staff on board to build a sustainable security culture.
2nd day, 21.09.2022
10:00 am -10:45 am Live Hack: IoT - gaping security holes lure data-hungry hackers
Sarah Mader, IT-Security Analyst, NSIDE ATTACK LOGIC GmbH

In this presentation, NSIDE will explain the problems and dangers that can arise from the operation of IoT devices and demonstrate this on stage using live examples of publicly discoverable IoT devices on the Internet, as well as the live hacking of a surveillance camera that serves as a springboard into a foreign network.
10:45 am -11:30 am Seven deadly sins in cyber crisis management
Dr. Holger Kaschner, Information Security Consulting, DCSO German Cyber-Sicherheitsorganisation GmbH

Cyber attacks are ubiquitous in the media and increasingly endanger the business existence of their victims - not to mention human lives. Crisis teams of companies and authorities, however, are seldom aligned with the management of cyber attacks and their effects along the supply chain due to their traditional problem definitions, while classic IT emergency organizations, in turn, sometimes lack the strategic perspective. Do you provide the traditional crisis team with necessary cyber competencies, or is it better to provide the IT emergency organization with a strategic lens? Or does the truth lie somewhere in between, for example at the interfaces of the individual disciplines and committees? All variants are possible - but each comes with pitfalls. Knowing these pitfalls is a good first step in avoiding the seven deadly sins in cyber crisis management.
11:45 am-12:30 pm Cybersecurity for buildings
Werner Metterhausen, Computer Scientist, Senior Consultant at VON ZUR MÜHLEN'SCHE GmbH, BdSI, Security Consulting - Security Planning - Data Center Planning, Bonn

Modern buildings only function when the IT is working, controlling and monitoring the functionality and security of the building. Ventilation, heating, elevators and blinds and every other building technology as well as security systems such as access control, video technology, communication and control systems are controlled by computers and are networked. Taken together, they form Operational Technology (OT), a specialized type of information technology. The ever-increasing penetration of Operational Technology (OT) in building technology and equipment is forcing all parties involved to broaden their view of security planning and the secure operation of buildings to include the topic of cyber security.
12:30 pm -01:15 pm Potential security vulnerabilities in cctv systems
Fabian Roth, Concepture GmbH
02:10 pm -02:50 pm Secure use of cloud applications
Oliver Dehning, Head of TeleTrusT AG Cloud Security

Cloud computing has become a widely accepted IT operating model. At the same time, the threat landscape has also changed: Cloud platforms are increasingly in the sights of cybercrime. For users, the security of cloud applications is therefore coming into focus. The presentation discusses the specific risks of cloud computing and shows measures for secure use.
02:50 pm -03:30 pm Cybercrime in the corporate context and solution approaches for installer companies
Philipp Christopher Rothmann, Owner and Executive Coach, itsecuritycoach

The lecture cybercrime in the corporate context points out the dangers for companies (no matter if big or small) in the net, sensitizes and presents solution approaches especially for installer companies.
03:30 pm - 04:10 pm Cyber Insurance and the "State of the Art" - Current Developments in Cyber Insurance
Dr. Lutz Martin Keppeler, specialist attorney for information technology law, HEUKING KÜHN LÜER WOJTEK and Dr. Stefan Jöster, specialist attorney for insurance law, HEUKING KÜHN LÜER WOJTEK

After the initial hype surrounding cyber policies, it is now becoming much more difficult to insure against cyber risks on acceptable terms. Among other things, insurers expect significantly more IT security measures than before, and in the event of a loss, they are very closely scrutinizing whether these security measures and the "state of the art" in general have been complied with. The presentation will shed light on this development and explain individual aspects using concrete examples.

Please note that further updates of the programme will follow.