Basque Cyber Security Centre - Centro Vasco de Ciberseguridad

Over 3,750 participants, from companies, technological centres and entrepreneurs, gather to celebrate Basque Industry 4.0 and to consolidate the Basque cybersecurity ecosystem

Basque Industry 4.0 y Basque Cybersecurity Day come together and restate their objectives, giving more space to showcase companies, technological centres and BIND 4.0 start-ups.

Cybersecurity is one of the essential questions to bear in mind when applying digital technologies in industry.

The Basque Cybersecurity Centre (BCSC) invited members of FIRST, the international forum for cybersecurity incident response and security teams, to this event, which served as a meeting point for the team members.

Over twenty of the Basque Country's most important cybersecurity companies, leaders in the field, accepted the invitation to join the Expo section of this benchmark event in Euskadi for Industry 4.0 and industrial cybersecurity, the Basque Industry 4.0-The Meeting Point

This year the event has been incorporated into the Basque Cybersecurity Day, a logical addition given that Cybersecurity forms part of Industry 4.0, and the technology it represents is vitally necessary on an organisational and control level, extending across the value chain from technical and operational specifications, through the various stages of orders, production, delivery, support, maintenance and, finally, recycling.

This event has also served as a meeting point for members of FIRST, the international forum for cybersecurity incident response and security teams. The format chosen by the Basque Cybersecurity Centre (BCSC) for this FIRST Bilbao Technical Colloquium has been to organise open sessions, led by security experts working with participants on a range of technical topics. 

Cybersecurity Talks

On the 20th November, the Director of Information Security Consulting Iberia Practice Leader - GARTNER Consulting, Daniel Madrid, opened the event with his session entitled "How to build a cybersecurity model capable of withstanding an economic crisis scenario".

The cybersecurity sessions continued on the 21st November with Andrew Bochman (Senior Grid Strategist - US Dep. of Energy) and Samuel Linares (Managing Director - Europe and Latin America ICS Security Lead for Energy, Utilities, Chemical and Natural Resources - ACCENTURE) and their talk: "Cybernetic risk engineering - protecting what's most important".

This was followed by Amanda Wallace (Managing Director - JP Morgan) presenting "Cybersecurity and the implications for private investment in critical infrastructures".

Godfrey Gaston (Director - Centre for Secure Information Technologies), Katie Stebbins (Vice President of Economic Development - University of Massachusetts) and Roni Zehavi (CEO Cyberspark - Rontali Cyber Projects) spoke about "Global EPIC - Building a global network of cybersecurity centres".

"Cybersecurity for robotic systems" given by Endika Gil-Uriarte (Alias Robotics), Bernhard Dieber (Head of the robot systems research group - ROBOTICS) and Thomas Ryden (Managing Director - MassRobotics), was followed by a session given by Marina Krotofil (Senior Security Engineer - BASF): "Through a hacker's eyes. Designing integrated systems exploits for ICS".

The talk offered by Ana Ayerbe (Director of the Business Unit at TRUSTECH - TECNALIA), Camille Johnston (Managing director and founder of Ascent Global Security LTD) and Nina Hasratyan (Policy Manager & Liaison with Stakeholders - European Cyber Security Organisation) entitled "Talent and diversity: the role of women in cybersecurity" was especially noteworthy.

The stream of cybersecurity talks was closed by Sergio Lomban (Vice-president of Digital Trust Services - SGS Group), David González (Industrial Security Team Leader - IKERLAN) and Carlos Abad (Director of Ziur) and their talk on "Certifying cybersecurity products for connected industrial apparatus".

FIRST Bilbao TC Talks

The FIRST Bilbao Technical Colloquium took the form of a discussion forum for FIRST members and guests, where information was shared about vulnerabilities, incidents, tools and related problems facing the day-to-day operation of incident response and security teams. 

On November 20th, Mikel Gastesi (Senior Threat Analyst Countercraft) started off the series of talks with , "TTPs: intel? actionable? useless?", followed by Gerard Vidal (founder of Enigmedia)'s presentation, "Measuring the efficiency of solutions to risks faced by industrial systems used in critical water infrastructures".

Mariano Palomo (a malware analyst) took over with his talk, "Don't try to rob a malware analyst or this will happen..", followed by Adrián Antón (also a malware analyst) with "Digital monitoring during election campaigns". The session entitled "Massive Cloud Compromise", given by Gorka Gonzalo (Cybersecurity Auditor and Penetration Tester for ITS Security), preceded by Ramón Sáez (Incident and Alert systems Manager for CCN-CERT) with "Threat hunting with Carmen and Claudia".

The first day of talks closed with Roberto Velasco (CEO and founder of Hdiv Security) and his session "How to automate software security", and finally, Angel Alonso (Chief Information Officer at Dikar S. Coop and member of the security association EuskalHack) with "EuskalHack Social Engineering Capture The Flag".

The 21st November opened with Alejandra Ventura (Cybersecurity researcher, INCIBE)'s session "Threat hunting with open-source tools, and this was followed by Xabier Panadero (Director of CERT, CESICAT) and Alberto Magallón (Head of Threat Analysis. CESICAT) and their presentation, "[email protected]".

Francisco Montserrat (Security technician, REDIRIS) gave a talk entitled "DDOS attacks at ISP level", followed by Luis del Valle (CEO, Sealpath) and "Protecting CAD and intellectual property in the supply chain".

The day ended with Pablo Estevan Fernández (Systems engineering executive for RSA Security), Jonathan Hurtado Yrula (Business development in IoT-Dell Technologies) and Alicia Peña Guirado (Dell Technologies) presenting "New technologies for the development and securitization of IoT Edge".

Cybersecurity Workshop

José Valiente (Director and Coordination and Communication Manager at the Centro de Ciberseguridad Industrial (Centre for Industrial Cybersecurity)) and Javier Zubieta (Cybersecurity Business Development Manager at GMV and lecturer on the Cybersecurity and Privacy Masters' programme at the  Universidad Rey Juan Carlos) led a workshop on Cybersecurity in the field of industrial automation.

The workshop, which was structured in order to demonstrate how to apply a cybersecurity diagnosis, was very well received.