10th IT Business Talk: No Security Without Business
Security researcher Adrian Dabrowski provided a humorous-scientific introduction to the subject with his “Hollywood Hacking”: Starting with the transported image of the hacker up to his – usually very unrealistic – methods, he wittily explained why security experts often just shake their head about hacking scenes in films.
But even in the real world, security experts like Adrian Pinter from Siemens Austria sometimes happen to not come out of the head shaking. He has already experienced quite a bit in his many years of auditing and was therefore able to report first-hand how security measures can be sustainably improved in the industrial environment and in plants with simple measures – and that the standards that apply to IT security cannot be transferred 1:1 to a 24h production operation.
Peter Dorfinger from Salzburg Research explained the difference between security and safety in detail. He emphasized that in industry one thing cannot be done without the other, highlighting the problems and dangers that can arise in wirelessly communicating production machines.
In the subsequent coffee break, there was a sweet surprise: Nic.at Managing Director Richard Wein and Salzburg research Managing Director Siegfried Reich cut the birthday cake for the 10th IT Businesstalk together.
In the second part of the event different levels of security were highlighted. CERT.at was headed by Otmar Lendl, who reported on the recently adopted NIS law and the structure of the Austrian cyber security apparatus. What is new is that “operators of essential services” are subject to a statutory reporting obligation in the event of IT security incidents and that the nic.at-based CERT.at is now by decision the neutral registration office to be informed in Austria.
Martin Herfurt from Greenbone Networks once again provided very concrete and vivid tips as to which five rules of thumb SMEs have to take into account if they want to be well-prepared in terms of safety. He also cleaned up with the ten most common myths about security and thus had some smirk on his side.
It ended with Alexander Mayrhofer, head of the nic.at R&D department, with a topic that many have not yet had on radar when it comes to Internet security and privacy: The Domain Name System. It’s a nearly 30-year-old, unencrypted protocol that lets clients and name servers communicate with each other. Sicne very action on the Internet is connected with countless DNS queries, many conclusions can be drawn here on the user. Two ecryption technologies provide DNS over TLS and DNS over HTTPS. He was able to explain the advantages and disadvantages of these two technologies in an impressive way.
The presentation slides of the speakers are available for download at www.it-businesstalk.at.
Text: Monika Pink-Rank, nic.at; Photos: wildbild, Salzburg Research