In the age of Industry 4.0, increasing digitalization poses new challenges for industrial cyber security.Session 1: Efficient risk minimization through CERT@VDEWhile large companies often already have their own Computer Emergency Response Teams (CERTs) and specialized Product Security Incident Response Teams (PSIRTs), small and medium-sized enterprises (SMEs) usually do not have them or only have limited resources. In addition, they often lack routine in dealing with vulnerabilities, creating security alerts (advisories) and communicating, e.g. with external security researchers or other CERTs, such as the ICS-CERT in the USA. In addition, most manufacturers have so far been working on a solution on their own. As a rule, there is no cross-company exchange, although a vulnerability often affects different manufacturers and synergy effects can be exploited through cooperation. In the event of a serious vulnerability, SMEs lack the experience, expertise and information to deal with the acute threat situation in a confident, coordinated and comprehensive manner.
CERT@VDE is the first platform in Germany for coordinating IT security issues specifically for SMEs in the industrial automation sector: It offers manufacturers, integrators, plant constructors and operators from the industrial automation sector the opportunity for an intensive and trusting exchange of information and concrete support on the topic of cybersecurity.
Speaker
Andreas Harner, Abteilungsleiter CERT@VDE & Cybersecurity, VDE Verband der Elektrotechnik Elektronik Informationstechnik e. V.
Session 2: Responsibility for IT products: Obligation to update or updating freestyle?
IT security is an ongoing process - this also applies to software updates for products that affect IT security. Welche rechtlichen Anforderungen gelten hier jetzt und zukünftig? In welchem Umfang muss ich Updates bereithalten, und eventuell sogar kostenfrei? Diese und weitere Fragen soll der praxisnah gestaltete Vortrag klären.
Speaker
Dr. Dennis-Kenji Kipker , Legal Advisor, CERT@VDE
Session 3: Of 0days and exploits - vulnerabilities in software and their remedies
There is a lot of talk about vulnerabilities in software products, often highlighting individual vulnerabilities in detail. However, the actual problems differ greatly in terms of both their effects and their causes. We provide an overview of the different types of security vulnerabilities in software, how they arise and how they can be prevented in a modern, agile development model.
Speaker
Jan Münther, Head of Digital Product Security, OSRAM GmbH
The webinar will take place on April 13, 2021 from 10 am to 1 pm and is part of the three-part event series "Between Law and Technology - Cybersecurity in Business Practice" by reuschlaw Legal Consultants and the VDE.
Tickets cost 99,-- € plus taxes and fees and can be purchased at Eventbrite.