Amphion Forum, a security event to watch

Kurt Stammberger is the VP of Market Development at Mocana and the Chair of the Amphion Forum. He is best known as the founder of the annual RSA Conference. He joined RSA Security as employee #7 in 1990, helped launch spin-off company VeriSign, and created the brand for the technology that now protects virtually every electronic commerce transaction on the planet.

In this Q&A he shares why Amphion Forum is structured the way it is, how it changed since its inception and what you can expect at the event in Munich this March.

Introduce the concept of the Amphion Forum to our readers and explain how the event differs from other existing security events.
The Amphion Forum is an exclusive, interdisciplinary, and intense event which brings together thought leaders from academia, business, government and technology to discuss the threats and opportunities presented by the unprecedented proliferation of connected devices.

The Amphion Forum is different because of its interdisciplinary nature. The “Internet of Things” consists of industries that, up until now, haven’t interacted much. Grid companies didn’t confer with medical equipment makers. Consumer electronics companies didn’t share ideas with industrial automation companies. Only at Amphion do device security experts from different industries mix to share solutions and best practices they’ve discovered. We all have different pieces of the puzzle.

Wondering why we call it “the Amphion Forum”? In Greek mythology, Amphion was the son of Zeus & Antiope. When the city of Thebes needed protection, Amphion’s brother Zethus started hauling rocks to build a wall. Amphion had a better idea. Amphion has a magical lyre, and with it he charmed the rocks and stones around him with his music, and made them “smart”. Thereafter the stones did his bidding, assembling themselves into the massive fortifications that protected the kingdom and treasures of ancient Thebes.

What do you see as your strengths? Why does the Forum take place every three months? On what does it focus on? How many attendees do you expect at the Munich event this March?
The Amphion Forum is a new event designed along the lines of the “World Economic Forum”. Exclusive, interdisciplinary, and intense. It was launched last year in the United States by the same entrepreneur that launched the global RSA Conferences. So clearly, one of the event’s strengths is it’s pedigree: the RSA Conference is now the world’s largest security event.

But unlike RSA, we aren’t focused on PC/Network security. Amphion focuses on device security. We see the future of security focusing almost exclusively on connected devices. And not just phones and tablets – but consumer electronics, cars, industrial automation, smartgrid nodes, military electronics, etc, etc. We expect about 200 participants at the Munich event.

Finally – why every three months? Well, it’s difficult for most people to travel halfway around the world for a technology event, no matter how compelling. So we move Amphion around to make it easier to attend. Also, we believe that there are important regional differences in how companies – and individuals – are approaching the device security problem. Amphion’s nomadic and global nature help the event stay relevant to all communities and geographies.

As I understand it, the first Amphion Forum held at CES 2011 was a closed-door event and no media was allowed in. Since Help Net Security is attending this year, things have obviously changed. How has the concept of Amphion Forum evolved through time?
The device security problem is bigger and more serious than most people realize. For the first event, we came to believe that the C-level executives attending simply wouldn’t be as forthcoming if they knew that their “device security confessions” would be picked up by the press. So we kept that event closed. A lot has changed in the past 12 months. Mobile and Device Security has evolved from an issue that almost nobody covered to one that is constantly in the news. The Amphion Forum is changing too; there are now separate class tracks for individuals approaching device security from a strategic or a technical perspective. And we’ve expanded the content from a half-day to a full day.

What topics will speakers focus on in Munich? What tracks and/or presentations would you highlight?
Certainly I’d like to highlight our keynote address by Kjetil Nilsen, the Director General of the Norwegian National Security Authority. Norway is a particularly fascinating case study, in that they have decided to turn their entire digital national security effort on its head in the wake of the tragic domestic terrorist attacks on its soil last year. And new policies and approaches to device security feature prominently in those new strategies.

Lieutenant-Colonel Volker Kozok, Office of the Commissioner for Data Protection, German Armed Forces, German Ministry of Defense will present a talk on “The Dark Side of the Internet of Things” that looks interesting.

And there are some especially well-staffed panels on topics like European Smart Grid (In)Security and the BYOD trend in the Enterprise, withe experts from Symantec, McAfee, E.ON, Accenture, RWE and Codenomicon.

How does the Amphion Forum fit in the world of IT security?
I think the Amphion Forum is about what’s next. It’s about tackling some big, scary problems that nobody knows how to solve yet. It’s about brainstorming, networking, and comparing notes. Its for executives that are trying to position their company to take best advantage of the “Internet of Things”.

Don't miss