Chris van 't Hof
Chris is one of the co-founder of DIVD and Managing Director since 1 January 2022. He entered cyber security through his experience as researcher and wrote two books on Coordinated Vulnerability Disclosure: “Helpful Hackers” (2016) and “Cyberellende was nog nooit zo leuk” (2021). With his unusual background in electrical engineering and sociology, he analyzes how human and electronic networks interact. As presenter he took the stage over 700 times and organized and hosted many talk shows, such as Hack Talk (2017-2022). Combining these experiences and skills he also provides cyber crisis management training to a broad range of organizations. You may say this is not a typical background for a Managing Director, but it works for DIVD. Chris perceives himself not as the boss, but rather a translator who explains to the outside world how hackers can help and aims to provide nerds a safe space to do their thing.
Sessions
This you really want to know. Huib has been responsibly disclosing the Secret Services, criminals and hackers. Now we turn it around: ask Huib anything. Chris van ‘t Hof will guide the conversation.
Learn how to breathe fire with Frank and Chris. Frank/Chris will explain the techniques and then we will practise. Ofcourse this will be outside the hotel , around the back/side of hotel on the grass.
With the support of the Dutch embassy in Tokyo, I have researched Coordinated Vulnerability Disclosure (CVD) in Japan for DIVD. Japan’s governmental policy on CVD dates back to 2004. Although Japanese criminal law and jurisprudence do not allow for large-scale intrusive vulnerability research and disclosure, Japanese institutes help citizens disclose zero days to vendors and report vulnerabilities to website operators. Also, the Nation Institute for Information Communication Technology scans and notifies vulnerable IoT, and the Japanese government has adjusted laws to allow this.
The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy system and do everything we can to prevent it.
Various institutions test smart devices, set safety standards, and monitor compliance with these standards. However, parties such as our grid operators only have control over the energy grid equipment up to the front door. They are not allowed to look beyond the electricity meter, where most smart equipment is located. DIVD is allowed to do this and by identifying devices that can form a botnet, DIVD helps to make the smart grid more secure.
DIVD has been conducting research into vulnerabilities in equipment of the energy system, such as charging stations, solar panel inverters, home batteries, and (Home) Energy Management Systems. Previous findings have led to several parliamentary questions and follow-up actions by authorities such as RDI, the Dutch Authority on Digital Infrastructure. With the CVD in the Energy Sector project, DIVD will set up a research and education line with the DIVD.academy in collaboration with the energy sector to reduce the digital vulnerability of our energy system. DIVD will also build a hardware lab to test devices and scenarios. You may join too and help to save the grid.
In this talk, we will demonstrate how we could have generated outages using zero-days we found in solar converters and electric car chargers. But we also did it with just one user-password combination…