May 29 – 31, 2016

Langdon Hall
Cambridge, ON

Day 1 – May 29, 2016 Draft Agenda

4:00 p.m. + Check-In
5:00 p.m. Registration & Opening Reception
6:00 p.m. Opening Remarks & Introductions
 Outlining Goals of Discussion
 Brief Logistical Explanation
 Group Assignments & Individual Itineraries for Forum
7:00 p.m. Scene Setter – Health Devices
Paul Lepage – Telus Health
7:45 p.m. Dinner – Assigned Seating

Day 2 – May 30, 2016

7:00 a.m. Breakfast
8:30 a.m. Scene setter – Critical Infrastructure
Monik Beauregard – Public Safety Canada
9:15 a.m. Refreshments & Break into Working Groups

Session 1 Internet of Things: Security

9:45 a.m.
Questions for Working Group Discussion:
1. In considering the model of Big Data combined with Predictive Analytics for the
Internet of Things, are there specific security threats and vulnerabilities that
aren’t being discussed today?
How might well known cyber threat actors (nation states, organized crime,
terror groups, hacktivists) evolve or become new security threats in the context
of this model?

2. What policy measures might be needed to address these threats or systematic

challenges? For example, how can these measures address incompatibilities
amongst individual nation-state, such as in domestic legal frameworks, or that
which may impede business moving data to the Cloud?

3. Are there competing interests between the public and private sectors? How can
the public and private sectors collaborate to achieve the right balance between
security and privacy?

http://www.cyber-security-forum.com/ Page | 1
12:15 p.m. Luncheon
1:00 p.m. Scene Setter – Automotive

1:45 p.m. Refreshments & Break into Working Groups

Session 2 Internet of Things: Privacy

2:00 p.m.
Questions for Working Group Discussion:
1. What changes about Data Governance (Consent, Collection, Disclosure, Use,
Control) because of the effects of new technologies in the realm of Data
Analytics (“big data”), the API-Economy (cloud, distributed computing
environments, deep programmatic linking, IoE), and Device Proliferation (“IoT,
IoE”)?

2. Technology and the accumulation of data have fundamentally altered the

practical application of the conventional notion of consent to use personal
information. Seemingly innocuous data derived from behavioral tracking, geo-
location and biometrics can be combined to create a very accurate portrait of an
individual – and a very invasive one in the wrong hands. This data is highly
valuable in the aggregate and can be used for improving products, processes
and services in ways that we perhaps have not yet even conceived. While the
urge to protect privacy and obligate consent at every stage of the data collection
process is strong, it is not only impractical but in many cases would negate the
benefits of collecting information in the first place. How do we move forward in
embracing the benefits of technology and data analytics without compromising
the privacy and security of individuals?

3. Current trends are seeing organizations move a significant portion of their

business functions to cloud computing service providers, in an effort to leverage
the inherent flexibility, cost effectiveness and capabilities of these cloud
platforms. In today’s globalized commercial and governmental environment,
the location of service providers, often multinationals with geographically
dispersed data centers in different jurisdictions, has become a focal point for the
issue of data residency. Legislations and regulations requiring data to be stored
within specific jurisdictions are being enacted by some countries (provinces) to
protect their citizens’ privacy by ensuring their data is afforded the protection
legislated in local laws.

http://www.cyber-security-forum.com/ Page | 2
Session 2 If these trends continue, what effect will it have on the adoption of cloud
Cont’d computing, and specifically on hosted services which store personal data. Are
privacy and residency concerns overstated? Current technology solutions being
offered to mitigate these issues have had mixed results. Is the path forward
based on a technology approach or do we need to consider alternatives methods,
like: multi-national policy framework, risk based deployment solution, strong
independent oversight and transparency, etc.?

4:30 p.m. End of Day 2

7:00 p.m. Reception
8:00 p.m. Dinner – Assigned Seating

Day 3 – May 31, 2016

7:00 a.m. Breakfast

Session 3 Review of IoT: Security Discussions

8:00 a.m.
Debate & summarize final recommendations.

10:00 a.m. Refreshments & Checkout

Session 4 Review of IoT: Privacy Discussions

10:30 a.m.
Debate & summarize final recommendations.

12:30 p.m. Working Luncheon & Final Remarks

2:00 p.m. Depart

http://www.cyber-security-forum.com/ Page | 3
 May 29 – 31, 2016
Langdon Hall
Cambridge, ON

Participants Each year, the Forum’s Steering Committee welcomes up to 44 CISO, CSO’s, public
sector representatives and other cyber security experts, each of whom has been
selected based on their experience and specialization. This meeting will be an
interactive, collaborative, round-table discussion which will focus on urgent cyber
security and privacy issues that confront business, critical infrastructure,
government and Canadians in general.
Description The Forum is an ‘invitation only’ meeting of the leading experts in this field. An
Agenda, developed by the Steering Committee, forms the basis for the discussion
and debate. The Chatham House Rule governs all discussion, allowing a free-flow
of ideas and insights. The Forum does not feature traditional presentations, but is
based on the participation of all those in attendance.
Program The Forum is an intense day-and-a-half of meetings. In addition to the sessions,
there is informal time for talk and building relationships during the receptions and
meals. This is not a “holiday” type of program. Spouses or significant others do not
participate in the sessions, social events or meals.
Venue The Forum is being held at Langdon Hall near Cambridge, Ontario. The property is
approximately an hour from downtown Toronto. Full details and driving
directions can be found by visiting the Forum website at http://www.cyber-
security-forum.com/. To access the password-protected pages, enter the case-
sensitive access code: CS^6y@78
Participation Fee The fee to participate includes two nights accommodation, all meals and
refreshments, meeting Sessions, and online access to materials.

The total fee is $2,895 plus HST.

Participants are expected to stay at Langdon Hall during the Forum, as the
interplay with the group is an important part of the benefit to all concerned.

Please note that the Forum is limited to 44 participants, and places are reserved on
a first-come, first-served basis. Your place can only be confirmed upon receipt of
payment.
Cancellation Written requests for cancellation will be eligible for a refund in accordance with the
following schedule, based on the date the cancellation request is received:
 Prior to April 15, 2016; 100% of registration fee less a $250 administration
fee;
 From April 15 to April 29, 2016; a credit of $1000 for use towards a future
program, valid for two years from the issue date;
 April 30, 2016 or later; the registration fee is non-refundable.
Further Information On the Forum website http://www.cyber-security-forum.com/ you can find
additional information on
 Location and travel access to the venue
 Detailed Agenda & Itinerary
 Answers to Frequently Asked Questions