Midnight Sun Archive

Midnight Sun 2021

The first conference was held alongside CTF.

CTF Qual Teams
349
CTF Qual Rating
50,32/100
CTF Finals Rating
52,92/100
Talks

Policies in place – how European and national cybersecurity strategies and policies promote an open and resilient society

Friday - 09:15

Late 2020, the European Commission presented a new EU Cybersecurity Strategy, aimed to strengthen resilience against cyber threats. The EU Council adopted conclusions on the strategy in March 2021, and EU ministers underscored the need for strategic autonomy while preserving an open economy. This presentation outlines the set of strategies and policies in place, and planned, for a range of activities in EU and Sweden, and touches on the implementation in a Swedish context. Topics covered include EU-wide cybersecurity certification schemes and the new, stronger role of the EU Agency for Cybersecurity. The presentation will also give an overview of other related policy initiatives in cybersecurity, and their implications for companies and public sector in the coming years.

Dr. Anneli Hagdahl
Deputy Director of R&D; Cybersecurity - Swedish Ministry of Defence

Dr. Hagdahl works as a policy advisor in cybersecurity and digitalization since more than ten years. She has a Ph.D in informatics and has previously worked in the private sector with project management, standardisation and programming.

If cyber crisis comes: CERT-SE can support you in case of incidents

Friday - 10:15

In July, Coop's grocery stores suffered extensive disruptions to their payment systems due to a exploit of a critical vulnerability in the Kaseya VSA platform. This presentation will, based on the Coop incident, provide clarity on what the incident is about, but above all describe how a national CSIRT and MSB work in the event of an IT-related societal disturbance. This will give you an overview of how an affected organizations can be supported by CERT-SE in its incident response. This applies both to individual organizations have been affected or when the incident becomes more extensive and perhaps affects an entire business sector.

Peter Jonegård
CERT-SE

Peter Jonegård has been working at the Swedish National CSIRT, CERT-SE, for five years. Having held different positions att this supporting element in swedish IT security, Peter has gained insights in the challenges of the field and the handling of large incidents.

From cloud to mountains

Friday - 11:15

We all depend on free, open source software (FOSS) - that is a fact that we have to deal with in today's software industry. But can we be certain that no vulnerabilities or malicious code enter our products and development environment? Not really - but there are ways of increasing the security and integrity. Welcome to Saabs Software Supply Chain solution.

Ingela Persson
DevOps Specialist - Saab, Surveillance

Mrs. Persson is a strong DevOps practitioner, bringing Development and Operations together in the critical supply chain of software for one of Saab's main software products. She works to introduce DevOps practices for teams and management in the organization and via education and training, tools and best practices implements the company DevOps goals.

The GDPR, the whole Schrems and nothing but the FISA 702

Friday - 13:15

Since the beginning of 2018 things have changed drastically if you want to use cloud services from American companies. We got the CLOUD Act, GDPR, reports from eSam and the Schrems II judgement. Things are not exactly easy nowadays. And one thing hovers above all this, the FISA 702. Why did all this happen? What does different organizations do? Any open paths to go forward?

André Catry and Daniel Melin

André Catry is a Senior Advisor in IT-/information security and cyber risk. André has more than 25 years of experience in advanced offensive and defensive cyber risk management. He has been doing assignments for the Swedish Defense Forces related to concept development on IT-försvarsförbandet (ITF). In addition, he has acted as a principal administrative director at the Swedish Security Service. André has several years of experience as a senior IT-security consultant and has worked on many high-profile cases and investigations. Furthermore, he has participated as a technical expert in eSams work on the conditions for authorities to use cloud services legally and appropriately. André is the author of the book Honungsapan.

Daniel Melin works with strategic issues around IT operations, datacenters and cloud services at the Swedish Tax Agency. Daniel has a governmental assignment to monitor ENISA's work with the cyber security certification for cloud services and also leads the governmental assignment to monitor the European project Gaia-X. Daniel has a background as a procurement officer at Kammarkollegiet and as a IT-consultant. Daniel was also the main researcher in the governmental study regarding a governmental cloud.

Cybersecurity Threat landscape and actions – views from critical functions for society and infrastructure

Friday - 14:15

The high speed of digitalisation and new ways of working during the pandemic has brought new threats and highlighted the existing ones. Cyber attacks today affect organizations that are responsible for socially and infrastructurally critical functions globally. Thousands companies are affected today cross industry and authorities. We also see an increased and continued trend with 3rd party "supply chain" attacks that affects thousands of customers and companies. The increased threats have made companies more aware of the reasons for working actively with cyber security, which today is central in most companies' risk strategies. Which are the threats and risks? How should you think and act in the new threat landscape? You will learn more about the importance of adapting to a new age of technology and the challenges that arises with it. This presentation outlines the treat landscape for vital functions in the society, risks and potential actions.

Post-talk panel participants:

  • Tony Kylberg (Head of Group Security & Cyber Defence at SEB)
  • Ulf Larsson (Group Chief Security Architect at SEB)
  • Kevin Aytap (CISO, Sveriges Riksbank)
  • Åke Holmgren (Director, head of Cybersecurity and secure communications department at the Swedish Civil Contingencies agency)

Moderated by Jonas Gudmunsson (Cparta Cyber Defense).

Tony Kylberg
Head of Group Security & Cyber Defence - SEB

Tony Kylberg has a broad background and has hold positions as Lawyer at a Business Law Firm, Head of Legal Department and Head of a Sales Department within the finance industry, CEO of IT-Companies and of a Business Incubator and Partner/Investment Manager within a venture capital company. The last ten years he has been working as Head of Legal Baltic, Head of Procurement and CSO/CISO, Head of Group Security and Cyber Defence, within SEB.

GNSS security

Friday - 15:30

Global navigation satellite systems (GNSS) have helped transform many sectors of economy and made our lives easier. Many applications obtain precise position and time provided by GNSS, with GNSS receivers embedded in a multitude of devices. Characteristic examples: smartphones, cars, telecommunication base-stations. However, the more we rely on GNSS the more likely it is that disruptions or attacks can deteriorate or disable services. With a lot of research towards making GNSS-based applications more resilient, the experts in this panel discuss the current state of affairs and future challenges.

Post-talk panel participants:

  • Dr. Daniele Borio (Joint Research Centre of the European Commission)
  • Dr. Beatrice Motella (ISMB, Torino)
  • Prof. Erik G. Larsson (LiU)
  • Dr. Gianluca Caparra (European Space Agency - ESA)

Moderated by Panagiotis Papadimitratos (Professor, Networked Systems Security (NSS) group, KTH).

Panagiotis Papadimitratos
Professor - KTH - Networked Systems Security (NSS) group

Panos Papadimitratos earned his Ph.D. degree from Cornell University, Ithaca, NY. At KTH, Stockholm, Sweden, he leads the Networked Systems Security lab, and he is a member of the steering committee of the Security Link center. He has delivered numerous invited talks, keynotes, panel addresses, and tutorials in flagship conferences. He serves or served as: member of the PETS Advisory Board and the ACM WiSec and CANS conference steering committees; program chair for the ACM WiSec'16, TRUST'16, CANS'18 conferences; general chair for ACM WISec'18, PETS'19, and IEEE EuroS&P;'19; and Associate Editor of the IEEE TMC, the ACM/IEEE ToN and the IET IFS journals. He is a Fellow of the Young Academy of Europe, a Knut and Alice Wallenberg Academy Fellow, an IEEE Fellow, and an ACM Distinguished Member.

Sponsors