The European Union's Cyber Resilience Act (CRA) is set to take effect on December 11, 2027, posing significant compliance challenges for many organizations.

For manufacturers of industrial control and equipment, adherence to IEC 62443-4-1 and IEC 62443-4-2 product development standards satisfies most of the CRA requirements. However, there remain compliance gaps and potential risks in certain areas.

This presentation will examine these non-compliance issues in depth and propose practical and effective reinforcement strategies to help organizations fully achieve CRA compliance and enhance the cybersecurity resilience of their products.

We provide an all-in-one Matter solution to help customers speed up product development, optimize production processes, and ensure compliance with international regulations and cybersecurity standards. Through professional technical support and comprehensive solutions, we enable products to reach the market faster, enhance efficiency, and reduce costs. Moreover, our solutions comply with various national regulations and Matter Cybersecurity Standards, ensuring security and regulatory compliance for more efficient and robust products.

Cyber threats in mobile networks are spreading like a silent pandemic, posing severe challenges to Industrial IoT security. This session will analyze cybersecurity risks in distributed IIoT environments, including lack of device visibility, insufficient traffic management, delayed firmware updates, and weak attack isolation. Focusing on three critical cybersecurity defense strategies, the session will leverage real cases and technical demonstrations to showcase innovative security solutions against mobile network attacks, fortifying IIoT resilience.

1. IIoT Content Security Defense: Enhancing device visibility with high-performance Deep Packet Inspection (DPI), network micro-segmentation, and automated threat response to effectively block malicious activities and limit attack scope.

2. IIoT Zero Trust Architecture: Implementing Network Access Control (NAC) for device authentication and compliance checks to mitigate internal security risks.

3. IIoT Device Security Design: Centering on "secure-by-design" principles, integrating international security certification standards and policy frameworks to strengthen IIoT device protection.

As global semiconductor equipment sales continue to reach record highs, the industry has become a target for threat actors. To enable automated data transfer between different equipment, almost all advance semiconductor fabrications follow to the SECS/GEM standard. However, since this standard was not preliminarily designed with cybersecurity, it's difficult for fabrications to mitigate cyber threats through a single solution.

Although the SECS/GEM standard is crucial for advance semiconductor fabrications, there has yet to be a comprehensive threat study based on the SECS/GEM standard. Therefore, this research will explore the SECS/GEM standard and its communication protocols. When advance fabrications face cyberattacks, it directly impacts global chip production and cycles. To mitigate the threats posed by threat actors to the semiconductor industry, this talk will also analyze the cybersecurity standards for semiconductor fabrications and provide recommendations for protection strategies.

In today’s rapidly accelerating digital transformation and increasingly severe cybersecurity threats, ensuring the security of every link in the supply chain has become a critical challenge for industries such as electronics manufacturing, the Internet of Things (IoT), automotive electronics, and industrial control. With the rise of quantum computing, traditional encryption technologies are facing unprecedented threats. As a result, hardware security key (PUF) technology, with its inherent and non-replicable characteristics, has become one of the key solutions to enhance cybersecurity protection capabilities.

This presentation will focus on the application of PUF technology in industries with high cybersecurity demands, exploring how to implement enhanced security protection from chip to system level. It will also delve into the practical applications of PUF in areas such as authentication, device certification, key management, and post-quantum cryptography (PQC). Through specific case studies, we will demonstrate how PUF technology can effectively improve the security of IoT devices, industrial control systems, automotive electronics, and data centers, strengthening the ability to prevent future cybersecurity risks. Finally, the presentation will provide industry trends and insights to help businesses select the most suitable hardware security solutions for their cybersecurity needs, ensuring the integrity of their systems and data security.

As vehicles become smarter and more connected, ensuring the security of automotive electronics is more critical than ever. Winbond is committed to developing innovative, automotive-grade secure flash memory solutions that deliver reliable solution for the industry.

This presentation will cover:

1. The importance of security in automotive electronics
2. The role of flash memory in automotive security
3. Advancements in secure flash memory technology
4. Applications and emerging trends
5. An overview of Winbond’s secure flash memory solutions

You will learn about the latest cybersecurity issues, and how we can secure better cyber protection together:

• What threats should you look out for?
• What considerations should end users undertake to mitigate security risks?
• What do you need to know about your surveillance partners and their supply chain?
• How can a hybrid architecture with a powerful edge enhance resilience and reduce cloud-related vulnerabilities?
• Why is effective lifecycle management critical for cloud-connected devices?

Amid the wave of digital transformation, enterprises face not only challenges in surveillance management but also increasing cybersecurity threats. This session will explore how surveillance systems can enhance security protection during cloud migration and introduce how VIVOTEK leverages AI and cloud platform technologies to help businesses build a secure and efficient video surveillance solution.

Smart connected devices have become an indispensable part of daily life. From smart cameras, smart toilets, and smart cats to drones, these technological products may harbor cybersecurity risks that are not fully addressed. In recent years, the government has banned network communication equipment manufactured in certain countries, promoting domestically produced high-quality products as the preferred choice. However, does being domestic and certified truly equate to being secure?

This presentation will analyze several real-world CVE cases, revealing often overlooked security issues in IoT devices. We will explore essential cybersecurity challenges and vulnerability management strategies from a national level down to individual households. Additionally, this session will disclose the difficulties associated with current cybersecurity standard certifications, along with secrets and ghost stories about vulnerability reporting. Participants will learn how to select appropriate and secure cybersecurity devices and manage them properly.

As confidential computing continues to grow, AMD SEV-SNP has evolved within the open-source community and is now supported by major cloud providers such as AWS, Google Cloud, and Azure. By encrypting memory, SEV-SNP ensures that a virtual machine’s memory remains accessible only to itself, protecting sensitive workloads in virtualized environments. This session provides an in-depth exploration of AMD SEV-SNP, focusing on its integration and implementation within the Linux kernel, QEMU, and OVMF. Attendees will gain insights into SEV-SNP’s role in confidential computing, recent advancements in open-source development, and the security guarantees it offers. We will also examine the limitations of its protections and discuss whether adopting this technology is essential for enhancing system security.

Introduction to major cybersecurity certification in different countries. In addition, the new certification requirement for different levels are also mentioned, especially after quantum computing and the raise of AI.

The speaker, originally from an AI neural network laboratory, has dedicated 25 years to cybersecurity, specializing in smart cards (Smart Card), secure microcontrollers (Secure MCU), and authentication chips (Authentication Chip), along with international certifications such as ISO 15408, FIPS 140, ARM PSA, and SESIP. Currently, he focus on Data Brushing techniques for AI DL/LLM/LMM and related AI security protection designs.

🔹 WHY

The rise of quantum computing poses unprecedented challenges to existing encryption standards. This talk explores how post-quantum cryptography (PQC) impacts chip security lifecycle planning and how industries can prepare for future quantum threats from both cybersecurity and semiconductor perspectives.

🔹 WHAT

The session will cover PQC’s historical significance in cryptography and analyze the impact of quantum computing on RSA, ECC, and other mainstream encryption methods. It will also examine chip security threats, including invasive and non-invasive attacks, and discuss how secure design, quantum-resistant key management, and encryption algorithms can safeguard chips throughout their lifecycle—from design and mass production to deployment. Additionally, the session will explore how high-performance AI accelerates the development of edge-embedded security chips.

🔹 HOW

With NIST's August 13, 2024 release of the PQC international standards, cybersecurity and semiconductor industries face both challenges and opportunities. Taiwan's critical role in the global semiconductor supply chain positions it for a new wave of security chip advancements. This session will provide insights into industry trends, practical security strategies, and an overview of upcoming government initiatives in security chip ecosystem planning, helping businesses navigate future risks and opportunities.

In the post-quantum era, traditional security mechanisms will become ineffective and ZTA will become the new standard. Dynamic PUF provides multiple roots of trust and combines with post-quantum cryptography (PQC) to ensure identity authentication and data security. It is applied in IoT, industrial control, FIDO2 and other fields to help enterprises plan for future information security.

1. Introduction to CMMC 2.0 and Latest Trends

 The role of CMMC in national defense and enterprise supply chains  

 Key requirements and levels of CMMC 2.0 (L1-L3)  

2. Security risks and compliance challenges for Edge AI 

 The shift of AI computing from cloud to edge  

  Common cybersecurity threats to Edge AI devices (unauthorized access, data breaches, hardware implants)  

  CMMC regulates data protection in Edge AI environments  

3. Building a CMMC compliant security architecture with Root of Trust (RoT) 

  Ensuring system integrity through FIPS 140-2 certified hardware encryption  

  Implementing identity authentication and device protection with MX+ solutions to meet CMMC requirements  

4. End-to-End data protection and CMMC Compliance

  Data at Rest (DAR): FIPS 140-2 L2/L3 encrypted storage to secure sensitive data  

  Data in Transit (DIT): Secure communication and end-to-end encryption via APIs to prevent middle attack  

  Data in Use (DIU) security mechanisms: Protecting AI models and inference results from unauthorized access 

As AI, 5G, and smart cities evolve, critical digital infrastructure increasingly relies on public mobile networks for deployment, including EV charging stations, smart grids, transportation, and smart poles. However, this shift in Industrial IoT for public mobile environments exposes more devices to external threats, expanding attack surfaces, accelerating real-time threats, and heightening potential risks. Cyberattacks on IIoT infrastructure—such as power grids, transport, and communications—could cause severe disruptions. This session explains the security gap between IIoT and enterprise networks, presenting a strategic defense framework to strengthen IIoT resilience against evolving cyber threats.

This agenda will discuss the common communication architecture of smart substations, and understand the communication requirements and challenges of deploying network security solutions in smart substations from the communication architecture.

The agenda will refer to the IEC 62443 standard concept, analyze it through Purdue Model and Attack Vectors, and combine it with the strategy of defense in depth, gradually leading the audience to build a smart substation with high availability, network security and long-term maintenance.