© 2019 All rights Reserved.
The International Cyber Security Summer School (ICSSS) is an annual summer school, originally organised by NATO C&I Agency, Europol, the Netherlands Ministry of Defence Cyber Command, Leiden University and The Hague Security Delta. The first edition took place in 2015, starting with 40 students. Given the success, further editions of the Summer School have been hosted, allowing up to 60 students to participate in the program. The 2018 edition of the Summer School was also organised by EY.
Given the digitisation of our society, cyber security is rising on the political agenda, as the consequences of attacks, incidents and security breaches are increasing. In 2010, a cyber-attack on the Iranian uranium enrichment facilities using Stuxnet, a malicious computerworm, disrupted the operations. In 2011, Sony lost personal data of 77 million users, following the PlayStation network hack, which forced the company to shut it down for nearly three weeks, costing them 171 million dollar. In 2014, the JP Morgan Chase hack exposed the data of 83 million accounts, making it one of the largest cyber-attacks in history. In 2016 it was announced that two separate hacks at Yahoo affected over 1 billion accounts. This resulted in a $250 million discount for Verizon who were about to acquire Yahoo.
The International Cyber Security Summer School allows students and young professionals to gain deeper knowledge and understanding of cyber security concepts, as they will learn about the latest developments and the cutting edge cyber security technologies that exist today. In previous editions, students received lectures and insiders’ perspectives from a variety of industry experts, working for, inter alios, Europol, NATO, the Dutch Department of Security and Justice, The Dutch General Intelligence and Security Service, and the Amsterdam Internet Exchange (AMS-IX).
Application criteriaTo be eligible for this program, you should fulfill the following criteria:
- You have the nationality of (a) an EU Member state, (b) a NATO member state, and/or (c) a member state of NATO’s Partnership for Peace programme.
- You are (a) a PhD student or (b) in the final year of your Master’s
- You have a technical, policy and/or law related background
- You have an updated Curriculum Vitae
- You are motivated to take this course, which is expressed in a letter of motivation
The tuition fee includes:
- Some lunches on class days
- All reading material
- Excursions and site visits
- Certificate of attendance
- Networking drinks
Course Information 2018
Are you an international student in the final year of your Master’s or a doctoral student with a relevant background? Are you interested in behaviour in Cyberspace, in the understanding and visualization of the Cyberthreat landscape or in Cybercrime as a service?
Applicants became eligible to be one of 60 participants who would gain first hand experience on working in the international domain of cyber security. The six-day programme was filled with interesting lectures on the topics mentioned above, insiders’ perspectives, challenging group assignments and fun social activities, including visits and excursions to various institutions.
The following group assignments or ‘challenges’ were announced for ICSSS 2018:
- “Managing a cybercrisis” by EY: your organisation is attacked by a malicious threat actor in the cyberdomain. Deal with it, or kneel for it.
- “Cybernorms – responsible behaviour in cyberspace” by Leiden University: what should be regulated in cyberspace and how?
- “Privacy and Data Inference” by Thales: Every mobile wireless device leaves it’s electronic trace wherever it is. Therefore, anyone with a cheap (€7) software defined radio can pull signals from the air and track you. How could this be used by attackers to infer travel patterns (for example) and how could we make use of this data while protecting user anonymity?
- “Continuous updates of mobile systems in critical infrastructure” by the Nederlandse Spoorwegen (NS), the principal passenger railway operator in the Netherlands: Industrial control systems are becoming more interconnected in the mobile environment. This makes them more vulnerable for advanced cybersecurity threats. The NS recognizes the need for a more frequent update regime. Describe a cyber-secure and controlled way of working to remotely update industrial control systems.
- “Segregated physical and logical access in public areas to authorized systems and sub-locations for differentiated stakeholder groups” by the NS: Industrial control systems are used in protected sub-locations in public areas. Authorized user groups must have the right level of physical and logical access to use or maintain these systems. Unauthorized users should be kept out of these sub-locations. Describe a way to separate the authorized user groups and the unauthorized groups while restricting access.
- “Blockchain” by Certified Secure: Blockchain is gaining popularity and many organizations are turning to blockchain to solve their problems. However, the vulnerabilities regarding blockchain are little known and often overlooked. We would like to raise the awareness of blockchain vulnerabilities with an online and hands-on security challenge. Your task is to design a blockchain security challenge, similar to the challenges you might have seen on the ICSSS 2018 Certified Secure Portal or on our website https://www.certifiedsecure.com.
- “How exposed is the Dutch critical infrastructure?” by Secura: The goal of this challenge is to identify as many internet-connected bits and pieces of the Dutch infrastructure as possible, using non-intrusive techniques such as simple port and ping scans, Open Source Intel, shodan queries, google queries, registries and application banner grabbing. But more than simply performing such techniques, being innovative in how to apply them, and combining the results, is what it’s about. Can you find that SCADA system on port 38591?
- ‘T1000 Security Operations AI’ by ABN AMRO: Applying AI to reduce operational pressure. In the era of 2018, companies are finding themselves in the deep end of the data-lake. Analysts and operators could use a hand! Artificial Intelligence can help predict, learn, and take actions. Do you know that 1 golden way to apply A.I. to the security domain, but need more SME input and (bigger) data sets to really make it work? Say no more.. here it is.
- ‘Cryptocurrencies’ by EC3 Europol. TBA.
ICSSS Alumni and Speakers Network
In order to “Organize value”, the organization of the International Cyber Security Summer School created an online platform for highly motivated current and future Cyber Security professionals who want to make cyberspace safer as well as to facilitate current and future International Cyber Security Summer School alumni to engage in active discussions and to help solve Cyber related challenges enterprises are facing nowadays.
If you have any question and or suggestion please contact the manager of this group, via Linkedin.
Join our ICSSS Alumni and Speakers Network on LinkedIn