Moving forward with lessons learned from 30 years of working together!

The OCSC is a unique event to celebrate 30 years of international collaboration of European cyber security and incident management teams within a truly global community of trusted practitioners. But instead of looking back, the conference will focus on the future of security incident management and how to address the challenges ahead.

Submission Guidelines

A submission should typically answer the following questions:

• What is the impact of both the issue/topic addressed and the proposed solution?
• Who will benefit from the work you are presenting? and
• How will you bring your points across and convince the audience?

The organisers require a non-exclusive copyright license for all materials delivered at the conference. Where employer, client, or government authorisation is needed, it is the responsibility of the author(s) to obtain that authorisation ahead of the conference.

All materials (PDF only) and proposals must be submitted through the EasyChair site!

Submissions received after the deadlines (see "Important Dates" below) may not be considered. Contact the Program Committee Co-Chairs for cases of exceptions.

Presentation Styles and Formats

The conference will comprise of two training days with multiple offerings in parallel. The presentations will be offered on three days in two parallel tracks. The official language of the OCSC is English. However, please keep in mind that many participants will not be native English speakers.

Submissions should propose one of the following formats (note that the Program Committee may contact you to suggest a different timing / format for a talk or session):

• Presentations (30 or 45 minutes, inclusive of Q&A): conventional presentation to a theatre audience of up to 300-500.
• Tutorial/Workshops (180/360 minutes): hands-on practical workshops for a class of up to 50-100. Must include a statement of any prior knowledge/skills that attendees will be assumed to have.
• Panels (90 minutes, inclusive of Q&A): must include details of the moderator, suggested duration, and tentative list of panellists.

Speaker Privileges

Accepted submissions of workshops, papers, trainings, and presentations will receive a complimentary registration. This offer extends to a maximum of one co-presenter, or two co-presenters for a full-day tutorial.

List of Topics

The following list is not exhaustive, but indicates the wide range of topics that are considered of interest to the global audience representing the variety of global cyber defence entities including but not limited to: CSIRTs, PSIRTs, ISACs, SOCs:

• Team Set-up and Maturity
  • Setup of mature and resilient cyber defence entities
  • Dealing with limited resources and unlimited needs
  • Standardisation and life cycle
  • Defining and measuring relevant metrics for entities, processes, and/or co-operation
  • Build vs. run activities: detection continuous improvement vs. increasing number of alerts
• Best Practices in Incident Management / Product Security Operations / Forensics
  • Workflows and processes
  • Managing privacy incidents
  • Incident management by / for activists
  • Reverse engineering
  • Incident analysis including live analysis
  • Triage and classification / categorisation
  • Automation and orchestration
  • Attribution and choosing the right type of response
  • Takedown of botnets, upload or download servers, drop zones, etc.
  • Mandatory vs. discretionary attack / incident / vulnerability reporting
• Management of Collaboration and Coordination
  • Communication of expectations and requirements
  • Identifying the appropriate team and channel
  • Briefing the world: communication on a global level
  • Developing the bigger picture: enabling situational awareness and early warning
  • Dealing with multiple international stakeholders and potential conflict of interest
• Emerging Challenges and New Insights
  • Legal and regulatory aspects in global coordination
  • Non-traditional incident management scenarios and approaches (e.g., vehicles, control systems, and SCADA)
  • Industrial control systems (ICS)/Operational technology (OT): visibility and incident detection
  • Privacy issues for sensors and data analysis crossing international borders
  • Incident management in developing regions
  • New roles in other kind of disasters: responding to floods, hurricanes, and earthquakes, or bombs, terrorists, etc.
  • New types of attacks (cyber extortion, ransomware, embedded system malware)
  • New threats beyond the technological application: compromising medical implants, etc.
  • Results of collaboration with other fields like psychology or education which have a positive impact on team performance or improve their responses in other ways
  • Geopolitics and cyber war / war in cyber / cyber impacted by war

The above is simply a list of suggestions to get potential presenters thinking. We welcome new, original ideas from people in research, academia, industry, government, and law enforcement, or from service providers and vendors who are interested in sharing their results, knowledge, and experience.

Submitters are strongly encouraged to demonstrate the applicability of their work to practical issues.

Committees

Program Committee Co-Chairs

• Sabine d’Argœuves (CERT Danone, Paris, France)
• Mark Zajicek (CERT/CC, Pittsburgh, US) 

Organizing Committee

• Conference chair: Prof. Dr. Klaus-Peter Kossakowski, Univ. of Applied Sciences, Hamburg, Germany
• Logistics: Secretariat of the Open CSIRT Foundation, The Netherlands

Invited Speakers

• to be announced

Contact

All questions about submissions should be emailed to pc-chair@ocsc.info