We are pleased to welcome you to the DNV Cybersecurity Research Day. This year’s event is dedicated to cybersecurity assurance through continuous risk management and certification.
Cybersecurity assurance is the act of providing confidence to an organization that their digital systems, infrastructure, data, and processes are protected and functioning as intended, even in the face of cyber threats. Cybersecurity assurance must be continuous and cannot be done at isolated points in time only. Technologies, vulnerabilities, and threats are constantly changing, and stakeholders like vendors and system owners need continuous insight into the cybersecurity state of their systems. Emerging regulations like the EU AI Act and Cyber Resilience Act, introduce new compliance requirements for both providers and owners of digital systems and services.
DNV is currently conducting research addressing these challenges, and we dedicate this day to sharing the latest research results and discussing the road ahead. We invite research partners, authorities, and industry representatives to participate.
The event will be held in person only, and will not be streamed for external participants.
You will learn about the latest knowledge and tools developed through research, and we will facilitate discussions among participants on challenges, needs, and recommendations for the future.
Who should attend
This event is relevant for industry leaders and specialists, CISOs, researchers, authorities, and other experts concerned with cybersecurity risks, resilience, and compliance.
Registration
Please note that this is an in-person event only. Participation is free, but advance registration is required. Seating is limited and allocated on a first-come, first-served basis, with priority given to external (non-DNV) participants.
Please complete the registration form at the bottom of the page. If you need to cancel after registering, we kindly ask that you let us know.
TENTATIVE AGENDA
08:30 Registration and coffee
09:00 Welcome
PART 1: Regulatory framework, legal requirements, authorities
09:10 Mapping the Maze of EU Cybersecurity Regulation (Lee Bygrave, Dept. of Private Law, University of Oslo)
EU cybersecurity regulation has grown immensely over the last decade. This has resulted in a large number of regulatory instruments which, together, resemble a vast, complex, confusing, and sometimes disjointed maze. This presentation provides an overview of these developments, focusing on key pieces of legislation and their interaction with technical standards. Additionally, the presentation considers recent reform proposals aimed at simplifying yet strengthening the cybersecurity regime, also in light of ongoing technological developments, such as quantum technologies
09:35 Nkom as Supervisory Authority for the Cyber Resilience Act (Tor Bringsverd, Chief Adviser, Nkom)
The Cyber Resilience Act (CRA) marks a major shift in how cybersecurity is regulated for digital products in Europe. With the Norwegian Communications Authority (Nkom) designated as the supervisory authority in Norway, new responsibilities are placed on regulators and new obligations on manufacturers, importers, and distributors. This presentation explores Nkom’s role under the CRA, what the new supervisory framework entails, and how it will contribute to safer digital products and stronger protection for consumers and society
PART 2: Results from research – methods and tools in the making
09:55 EU Research project: CertifAI (Jose Arias, Tecnalia; Ahmed Walls Amro, NTNU; Per Myrseth, DNV)
Agile conformance assessment for cybersecurity CERTIFication enhanced by Artificial Intelligence. https://certifai.info/
10:50 Coffee break
11:10 EU Research project: CyberNEMO (Andreas Papadakis, Synelixis; Antonio Pastor, Telefonica; Ilias Seitanidis, Synelixis; Marcio Mateus, Unparallel; Alexandru Plesa, Siemens; Dimitris Skias, NetCompany; Per Myrseth, DNV)
End-to-end Cybersecurity to NEMO Meta-OS (sensor-edge-cloud continuum) https://cybernemo.eu/
12:10 Lunch
PART 3: From research to practice – what does the industry need to succeed with cybersecurity assurance and compliance?
13:00 Research needs in Statnett: From research to practice … and back again ( Stian Antonsen, Statnett)
Where will regulations like NIS2 push the boundaries of risk management? Where can Statnett make use of research to utilize the opportunity, and how do we need research to be done to be useful to us?
13:15 Advisory and notified body – the team-work angle (Jussipekka Leiwo, DNV Cyber – Certification)
Notified bodies are a critical tool in the demonstration that the products with digital elements brought to the market in the European Union (EU) meet the requirements of the Cyber Resiliency Act (CRA). DNV is building capabilities to become a notified body for the CRA. This aligns the assessment and certification capabilities of DNV with the changing and emerging EU regulation. This presentation explores the DNV notified body under the EU CRA and demonstrates how the operational and organizational independence is achieved. The presentation then explores the avenues for team work between a notified body and the advisory services, and the offering of complete services without breaching the independence of the notified body.
13:30 Panel discussion (Moderator: Maria Bartnes, DNV. Panelists: Stian Antonsen, Statnett; Kenneth Kvinnesland, DNV; Tor Bringsverd, Nkom; Tone Thingbø, Statkraft)
What is needed for industry to succeed with cybersecurity resilience and compliance in the years to come? What new knowledge do we need to develop? How can research help businesses improve their cybersecurity posture? How will AI change the cybersecurity landscape? What is needed to manage cybersecurity risks for your business in the decades to come? These and similar questions will be addressed in the panel discussion where representatives from the energy sector look into the cybersecurity crystal ball.