Page 1

EVENT AGENDA Registration

09:00 – 09:30

Future of cyber security 09:30 – 10:30

Dorothee Belz, Vice-President Legal and Corporate Affairs Europe, Microsoft


Scott Charney, Vice-President Trustworthy Computing, Microsoft


Ivailo Kalfin, Member of the European Parliament Maciej Popowski, Deputy Secretary General, European External Action Service

Coffee Break

10:30 – 11:00

11:00 – 12:30

Threat landscape and the paradigm

Transparency through certification:


shift in becoming resilient

Data, Cloud & NIS standards

sessions (13:00) Flash Session: “Developing a National 12:30 – 13:30

Strategy for Cybersecurity: Foundations for

Networking Lunch

Security, Growth, and Innovation” Security frameworks for critical infrastructure Gintaras Čiurlionis, Director of the ITC Department, MoI, Lithuania 13:30 – 15:00

Mark Clancy, Managing Director and Corporate Information Security Officer, DTCC


Tom Robertson, Vice-President and Deputy General Counsel, LCA, Microsoft


Matthew Scholl, Deputy Chief of the NIST Cybersecurity Division, US Giles Smith, Deputy Director Cyber & Information Economy BIS, UK Paul Timmers, Director Sustainable & Secure Society, DG CONNECT, European Commission Moderator: Ambassador Jean de Ruyt, Senior Public Policy Advisor, Covington

Coffee Break

15:00 – 15:30 15:30 – 17:00

Information sharing: how to build a

OECD: Cybersecurity for Economic and


trustworthy system?

Social Prosperity

sessions 17:00

Conclusion & Reception


Keynote session: Future of cyber security Welcome: Dorothee Belz, Microsoft. Keynoters: Maciej Popowski, European External Action Service; Ivailo Kalfin, European Parliament; Scott Charney, Microsoft.

11:00 – 12:30

Break out session 1: Threat landscape and the paradigm shift in becoming resilient Microsoft experts will give insight into new threats on the horizon and discuss findings from Microsoft’s Security Intelligence Report. This session will dive into the paradigm shift from protection to resilience and the necessary organizational changes. Priorities of threats as well as the top-level strategic objective of risk management towards the concept of “Prevent, Detect, Respond and Recover” will be discussed. Defined as the ability of a system to withstand and recover from adversity, the concept seems particularly useful for informing current policymaking. Participants: Karel Dekyvere, Microsoft; Reto Haeni, Microsoft; Paul Nicholas, Microsoft.

11:00 – 12:30

Breakout session 2: Transparency through certification: Data, Cloud & NIS standards Visibility into a cloud provider’s security controls remains a major priority for organizations looking to move applications and services to the public cloud model. There is no standard way for companies to evaluate a cloud provider’s security or for providers to document their controls, but there are efforts underway to create transparency and data security through standards outlined in the draft privacy regulation, the European Cloud Strategy and the draft Network and Information Security Directive. This session will recapitulate the current state of play and discuss the implementation of controls by business. Participants: Lionel Dupré, Enisa; Tjabbe Bos, European Commission; Christoph Rechsteiner, SAP; Mark Estberg, Microsoft; Daniele Catteddu, Cloud Security Alliance; Andreas Fuchsberger, Microsoft.

13:30 – 15:00

High level panel: Security frameworks for critical infrastructure In many geographies, new security frameworks are under discussion. The panelists will share their experience and exchange views on existing and evolving security frameworks that offer a regulatory basis for the critical ICT infrastructure. The focus is set on the trust and confidence in cyberspace that requires strict protection of critical information by means of standardization, secure access, and transmission. Panelists: Matthew Scholl, NIST; Paul Timmers, European Commission; Mark Clancy, DTCC; Giles Smith, BIS, UK; Gintaras Čiurlionis, MoI, Lithuania; Tom Robertson, Microsoft.

15:30 – 17:00

Breakout session 3: Information sharing: How to build a trustworthy system? This session will present emerging initiatives of information sharing schemes from different countries and explore the challenges of sharing very sensitive and current information on actual attacks on specific networks. What is the right approach to span these key sectors,

from Retail and Finance to Transport and Defence, as well as cross-border? Participants:

Reto Hani, Microsoft; Jakub Boratynski, European Commission; Steve Purser,

Enisa; Gary Payne, Cabinet Office, UK; Paul Nicholas, Microsoft. 15:30 – 17:00

Breakout session 4: OECD: Cybersecurity for Economic and Social Prosperity The OECD is currently reviewing its 2002 Security Guidelines which provide a set of high-level policy principles for the management of security risk in the Internet economy. In this context, this session will discuss best practices from government and business for ensuring cybersecurity that serves economic and social prosperity, consistent with the OECD mandate. Participants: Laurent Bernat, OECD; Stefanie Frey, MELANI, Switzerland, Giles Smith, BIS, UK; Aku Hilve, Ministry of Finance, Finland.

Event agenda - Cybersecurity Forum