| Theme: | Act now, not later: "SAIL Europe!" |
| Date and time: | Tuesday December 3, 2024 |
| Location: | Amare, Spuiplein 150, Den Haag |
| 09:00 - 09:30 | Walk in with coffee and tea |
| 09:30 - 09:45 | Welcome and Opening |
| 09:45 - 10:15 | Nitesh Bharosa (TU Delft): |
| The Process and Policy of the PQC Migration | |
| 10:15 - 10:45 | Maaike van Leuken (TNO), Marc Stevens (CWI) & Anita Wehmann (MinBZK): |
| The PQC Migration Handbook – Revised and Extended Second Edition – & Cryptographic asset discovery | |
| 10:45 - 11:15 | Bas Dunnebier (AIVD), Ton de Kok (CWI) & Maarten Tossings (TNO): |
| Introduction to the presentation of the PQC Migration Handbook – Revised and Extended Second Edition | |
| 11:15 - 11:30 | Zsolt Szabó (State Secretary for Digitalisation and Kingdom Relations) is presented with the PQC Migration Handbook – Revised and Extended Second Edition |
| 11:30 - 12:00 | Break |
| 12:00 - 12:30 | Stephan Ehlen (BSI), Marine Goninet (ANSSI) & Anita Wehmann (MinBZK): |
| Developing the European roadmap on PQC; we have started sailing! | |
| 12:30 - 13:00 | Martin Bowyer (Cabinet Office - Central Digital & Data Office): |
| Kick starting the Post Quantum Cryptography Migration for Government | |
| 13:00 - 14:00 | Lunch |
| 14:00 - 14:30 | Itan Barmes (Deloitte): |
| Getting government and industry to act on quantum risk in the US | |
| 14:30 - 15:00 | Ellen Wesselingh (Fox Crypto): |
| Upcoming IT legislation - are you ready?
(abstract)
Abstract:
In this talk, I will first discuss the Network- and Information Systems Security Directive (NIS2) and what it means for policy makers, essential and important entities, and product developers. Spoiler: for policy makers this means making implementation law, and assure enforcement. For essential and important entities this means implementing risk based security policies and measures. For product developers this will probably mean that liability of essential and important entities will be passed down the supply chain. The talk will focus on what essentially changes for these three categories of organisations. With regard to the financial industry, this industry has its own regulation (DORA), which I will not specifically discuss. However, DORA and NIS2 have many similar aspects.
Second, I will discuss what is coming up next: the Cyber Resilience Act (CRA). This is an EU regulation, which means that it is directly applicable in the entire EU once formally published. It is expected to be fully in force in 2027, pending official publication in Q4 2024. The CRA addresses essential security requirements for all products with digital elements. It addresses all types of IT products, from doorbell camera to nuclear process monitoring systems and anything in between. I will highlight what this means for developers of these products. Spoiler: all products will have to be evaluated from a security perspective, either by self-assessment or an independent assessment.
There are many more EU directives and regulations upcoming, I will not discuss these due to time constraints, and these being less directly relevant for all three audiences. National legislation, which addresses national security, is not part of this talk. However, questions to this regard may be asked.
| |
| 15:00 - 15:30 | Break |
| 15:30 - 16:00 | Thom Wiggers (PQShield): |
| How are we going to afford post-quantum authentication?
(abstract)
Abstract:
Even before the NIST PQ standards came out, Google, Cloudflare, Apple, and Signal Foundation turned on Kyber PQ key exchange in their products used by billions of users. We appear to have solved PQ confidentiality and the harvest-now-decrypt-later (HNDL) threat: you just add Kyber. The glaring omission is that everyone is postponing PQ authentication. Why is this seemingly so difficult? In this talk, I will go over why PQ authentication is not something that we can afford to not be thinking about. Even though it does not seem as urgent as it’s not sensitive to HNDL attacks, PQ authentication is much harder and much more expensive to achieve. Along the way, I will discuss the NIST call for additional PQ signature algorithms (and why it is probably not worth waiting for its results). Finally, we will briefly go beyond “boring” cryptography and see that even after the NIST competition, we’re nowhere near able to solve all problems by “just replacing the algorithms”.
| |
| 16:00 - 16:30 | Christine Cloostermans (NXP): |
| The First Generation of PQC-enabled Chips: Lessons Learned | |
| 16:30 - 17:15 | Panel discussion |
| 17:15 - 18:00 | Drinks |
 |
Chris van 't Hof Chris van ’t Hof is an independent researcher, writer and presenter in information technology. With his background in both electrical engineering and sociology, he analyses the interaction between human and electronic networks. With his company Tek Tok, he makes complicated matters in science and technology fun. Since January 2022, he is director of DIVD, the Dutch Institute for Vulnerability Disclosure. |
 |
Nitesh Bharosa Nitesh Bharosa is professor of ‘GovTech & Innovation’ at the Faculty of Technology, Policy and Management of Delft University of Technology. Nitesh is also the academic director of Digicampus – a multi-helix partnership for public service innovation. At Digicampus, public agencies, companies, research institutes, and civic groups co-create and experiment with GovTech to explore the next generation of public services. Nitesh is also one of the lead researchers in the HAPKIDO consortium that aims to develop a roadmap for the transition to quantum-safe Public Key Infrastructures (PKIs). |
|
 |
Maaike van Leuken Maaike van Leuken is a researcher and the portfolio manager for Quantum Safe Technologies at TNO. Her focus is on the migration towards quantum safe cryptography. She graduated in computing science, cyber security and cryptography from Radboud University in 2021. |
|
 |
Marc Stevens Marc Stevens is researcher at the Cryptology Group at CWI. His research focuses on cryptanalysis of hash functions and post-quantum cryptography. He is co-author of the PQC Migration Handbook, the PQC Choice tool and co-organizer of the PQC Symposium series. |
|
 |
Anita Wehmann Anita Wehmann is Program manager Digital Resilience Central Dutch Government at the Ministry of the Interior and Kingdom Relations and she initiated the Dutch Quantum-secure Cryptography Government program. She is also a member of the French-Germain-Dutch co-chairing team for the EU-workstream which aims to achieve the goals of the EU Recommendation on a Coordinated Implementation Roadmap for the transition to Post-Quantum Cryptography. She has been working in the field of Cybersecurity and integrated security since 2009 for several organizations within the Dutch government. It is her passion is to make the Dutch Government and society more cyber resilient through collaboration. |
|
 |
Bas Dunnebier Bas Dunnebier is the Chief Science and Technology Officer (CSTO) of the AIVD, the General Intelligence and Security Service of the Netherlands. The CSTO plays into the opportunities and challenges that technological and scientific innovation entails, including for the offensive and defensive tasks of the service. Dunnebier previously held various other positions within the AIVD, including that of head Unit Resilience. He has therefore developed broad expertise in the field of (cyber) resilience, intelligence, and technologies such as AI, quantum and cryptology. He studied Applied Mathematics at the University of Twente, and Information and Communication Technology at the Eindhoven University of Technology. Before Dunnebier came to work at the AIVD, he worked under more at Thales, TNO and Technolution. |
|
 |
Ton de Kok Ton de Kok has been the director of the national research institute for mathematics and computer science in the Netherlands (CWI) since the end of 2020. He is a part-time professor of Quantitative Analysis of Logistic Control Systems at the School of Industrial Engineering, Eindhoven University of Technology (TUE), a role he held full-time from 1992 to 2020. He served as the scientific director of the Beta Research School from 2003 to 2008. At TIAS Business School, he was the academic director of the MSc programme in Management of Operations and Supply Chains from 2007 to 2021. |
|
 |
Maarten Tossings Rear Admiral Maarten Tossings has been a member of the TNO Executive Board and is Chief Operating Officer since March 2019. Before joining TNO, he served as the Chief Information Officer of the Ministry of Defence and was member of the Defence Board. |
|
 |
Stephan Ehlen Dr. Stephan Ehlen is a cryptography expert at the German Federal Office for Information Security (BSI) since 2021. He works on post-quantum cryptography with a focus on lattice-based schemes, and is editor of an amendment to ISO/IEC 18033-2 which will include post-quantum key encapsulation mechanisms and a member of the French-Germain-Dutch co-chairing team for the EU-workstream on PQC. Stephan holds a Ph.D. in pure mathematics (Number Theory) and is an assistant professor (Privatdozent) in Mathematics at University of Cologne in Germany. |
|
 |
Marine Goninet Marine has been working in cybersecurity since 2015, and at French Cybersecurity Agency for 7 years, in the Industry and Technologies division. She is the coordinator of industrial orientations, working especially on PQC, and a member of the Franco-German-Dutch co-chairing team of the EU workstream on PQC. |
|
 |
Martin Bowyer Martin is a cyber and digital leader working at the heart of the UK Government. His particular focus is on Securing Government Services and Technical Resilience. As part of the digital centre of Government, he works across Central Government and the wider public sector to increase the UK’s resilience to cyber and technical resilience threats. |
|
 |
Itan Barmes Itan is the Global Quantum Cyber Readiness Capability Lead at Deloitte, where he spearheads the integration of quantum resilience into cybersecurity practices. At the helm of a dedicated team, Itan focuses on advancing Public Key Infrastructure (PKI), key management, and encryption solutions, with a particular emphasis on quantum risk mitigation. Itan’s team is helping clients prepare for and navigate the cybersecurity challenges posed by the advent of quantum computing. |
|
 |
Ellen Wesselingh Ellen Wesselingh was educated as mechanical engineer with a focus on automation and control systems, and landed a job in the IT industry. She also holds a degree in law, and has a special interest in the interplay of law and IT. She has a background in IT security evaluation, and is currently senior architect at Fox Crypto. In this role, she works on all kinds of projects that improve the efficiency of security certification of the products that Fox Crypto develops. |
|
 |
Thom Wiggers Thom is a senior cryptography researcher at PQShield. His research focuses on how to make cryptographic protocols post-quantum, or phrased differently: how to put big, post-quantum cubes in round, elliptic-curve shaped holes. Thom obtained his PhD with his thesis titled Post-Quantum TLS from Radboud University in January 2024; recently, he has started investigating secure messaging. Thom is also interested in standardization of cryptographic algorithms, including KEMTLS, a KEM-based authentication mechanism for TLS, which he developed as part of his thesis. |
|
 |
Christine Cloostermans Christine Cloostermans is a Principal Cryptography Architect at NXP Semiconductors, where her main work is in Post-Quantum Cryptography (PQC) team. She works mainly on side-channel protection and migration aspects of PQC on embedded devices. |
