Cyber espionage actors from China are challenging defenders globally with vastly improved capabilities. This evolving threat is particularly relevant to Taiwan where these actors are highly focused. In her presentation, Sandra Joyce will highlight multiple improvements these actors have made to achieve greater stealth and complicate attribution. Her presentation will detail the focus on 0-days in security devices, the use of IOT botnets for infrastructure, and the adoption of living-off-the-land techniques by these actors. Additionally, she will detail the information operations campaigns which have targeted Taiwanese audiences in recent years.

Security bugs in software have a lifecycle-they go from discovery to exploitation to patch and then-usually-they go away. At each stage of this lifecycle, organizations can take different approaches to minimize the risk to themselves and their customers. Unfortunately, many industries find themselves with unique challenges when trying to respond to vulnerabilities due to the nature of their products and manufacturing processes. For example, vehicles have complicated supply chains and many third-party components that must be kept current and harden to defend against modern attacks.

This presentation examines some of these unique areas that various industries should be aware of when it comes to handling vulnerabilities and monitoring the threat landscape. Based on lessons learned from Trend Micro’s Zero Day Initiative, the world’s largest vendor-agnostic bug bounty program, along with the Pwn2Own hacking contest, we examine how industries have tackled these challenges, where they were successful, and where they failed. Finally, we highlight some recommendations hardware and software manufacturers should consider when managing the lifecycle of vulnerabilities.

In this session, we'll delve into the evolution of cybersecurity witnessed over the past decade at the Taiwan CYBERSEC conference, from the speaker's perspective. In this era of rapid development, cybersecurity technology has shifted from various threat detection products to the prevalence of various defense methodologies. However, amidst this evolution, there's a concerning trend: cybersecurity services are gradually gaining importance, indicating a growing need for external assistance in combating threats. Furthermore, recent years have seen the proliferation of artificial intelligence automation technology, bringing both promise and peril to the cybersecurity landscape. Let's brace ourselves as we explore the potential challenges and disruptions awaiting the cybersecurity industry in the next decade.

This speech will give you general overview in The Netherlands public private partnership approach in the context of growing cyber security threats, changing global politics and upcoming new rules and regulations such as the NIS2 directive on cyber resilience and the EU cyber security act for safe and cyber secure products. Giving insights from the perspective of a foundation not for profit that operates as an eco-system orchestrator where about 300+ Dutch partners form government, knowledge institutes and businesses collaborate and innovate together towards a more secure digital society. One of the showcases is about the setup and network on cyber resilience centers for the horticulture and manufacturing sectors. Moreover about the work on international knowledge bridges and business alignments, also between Taiwan and The Netherlands.

This presentation commences with a retrospective look at recent Tesla recalls, pairing with scenes from the movie 'Leave The World Behind', illustrating potential scenarios of ADAS being misused by hackers. It then delves into the principles and recent advancements of ADAS technology. Following this, it delineates the three major types of ADAS systems, 28 attack vectors/ paths, and concludes with insights into ADAS security protection and the safety requirements from US government.. Aiming to both the general audiences interested in autonomous driving technology and developers in the field, the presentation aims to raise awareness of the security risks inherent in autonomous driving scenarios, and to provide guidance on essential security tips for a safer autonomous driving technology.

As the cybersecurity landscape grows more complex, the responsibilities of the Chief Information Security Officer (CISO) have evolved significantly. New CISOs face challenges such as advanced cyber threats, regulatory pressures, and technological changes while working within tight budgets. This keynote presentation discusses the effective CISO journey in three key areas: visionary leadership, strategic risk communication, and adaptive change management.

Drawing on personal experiences from leading a global cybersecurity team and interviews with global CISOs, this talk will outline practical strategies for:

1. Building and leading teams with a clear and compelling vision.

2. Articulating and negotiating cybersecurity risks with senior stakeholders to facilitate informed decision-making.

3. Embracing technological and regulatory changes as opportunities for innovation and improvement.