Conference Overview
IoTcube Conference 2025
- Archimedes International Healthcare Security Week -
(Tuesday, August 26 @Grand Ballroom, B1 Level, JW Marriott Dongdaemun Square Seoul)
☞ Pre-registration required: Conference (by Aug 19) / Private Forum (by Aug 12, Limited to 50 Seats):
https://fairpass.co.kr/RunEventInfo?eventcode=3138&lan_code=1
ㅡ
ㅁ Overview of 2025
|
Currently in its ninth edition, the IoTcube Conference has become a premier forum for addressing real-world cybersecurity challenges. The 2025 edition, co-hosted by Korea University and Northeastern University's Archimedes Center for Healthcare and Medical Device Cybersecurity, focuses on medical device cybersecurity.
What happens when cybersecurity enters the operating room?
How do SBOM and VEX technologies protect patient lives?
With Korea launching official cybersecurity evaluations for medical devices, how should we prepare?
Speakers include professors with FDA experience, physician-hackers, industry experts using SBOM in global manufacturing, and a government official from South Korea. Gain insights from hospital security teams, explore the latest SBOM/VEX tools, and learn how to adapt and navigate fast-changing regulations.
Simultaneous interpretation (Korean ↔ English) will be provided.
|
- Date
-
Tuesday, August 26, 2025
10:00 AM-6:00 PM (KST) ※Registration begins at 9:20 AM
- Location
- Grand Ballroom, B1 Level, JW Marriott Dongdaemun Square Seoul, South Korea (in-person only)
- Participation
- https://fairpass.co.kr/RunEventInfo?eventcode=3138&lan_code=1
- [Conference] Pre-registration required by Tuesday, August 19 (Free)
- [Private Forum Session] Separate Pre-registration required by Tuesday, August 12, limited to 50 participants & 110 USD
- ※A certificate of participation will be issued to conference attendees. Please note: separate registration is required for the main conference and the private forum session.
· Hosts:
- Center for Software Security and Assurance (CSSA), Korea University, South Korea
- Archimedes Center for Healthcare and Medical Device Cybersecurity, Northeastern University, USA
- BK21 FOUR R&E Center for Computer Science and Engineering, Korea University, South Korea
· Supports:
- Ministry of Science and ICT (MSIT), South Korea
- Ministry of Food and Drug Safety (MFDS), South Korea
· Contact: jihyeonlee@korea.ac.kr
ㅡ
ㅁ Program for 2025
※Presentation materials will not be distributed or made publicly available.
|
Time (KST) |
Session |
Description | |
|
9:20~10:00 ('40) |
Registration | ||
|
10:00~10:20 ('20) |
Opening Remarks |
Welcome speeches (KOR/ENG) |
|
|
10:20~10:30 ('10) |
|
Short Break | |
|
10:30~11:00 ('30) |
Trend Keynotes #1 |
Kevin Fu (Professor, Northeastern University) "Introduction to Medical Device Security" |
|
|
11:00~11:30 ('30) |
Trend
Keynotes #2
|
Heejo Lee (Professor, Korea University) "IoTcube 2.0: Automated SBOM and VEX Management for Supply Chain Security" |
|
|
11:30~12:00 ('30) |
Tech Talks #1 |
Christian Dameff (Emergency Physician, UC San Diego)
"Rapidly Deployable Clinical Support Systems for Ransomware"
|
|
|
12:00~13:15 ('75) |
Lunch (on your own) | ||
|
13:15~13:45 ('30) |
Tech Talks #2 |
Sang Kil Cha (Professor, KAIST)
"ASFuzzer: Differential Testing of Assemblers"
|
|
|
13:45~14:15 ('30) |
Regulation Talks #1 |
Jeff Tully (Anesthesiologist, UC San Diego) "Validating Healthcare Security Research with Clinical Simulation & Evidence Based Medicine" |
|
|
14:15~14:45 ('30) |
Regulation Talks #2 |
Jack Kufahl (CISO, Michigan Medicine) "Top Cybersecurity Challenges in 2025 : Perspective from a Health care Delivery Organization’s Chief Information Security Officer" |
|
|
14:45~15:15 ('30) |
Regulation Talks #3 |
Yuseung Kim (Corporate VP, Samsung Networks)
"The Untold Story of SBOM: It Might Make Your Life Easier"
|
|
|
15:15~15:45 ('30) |
|
Private Forum Session Registration & Short Break ※ Forum (15:45–18:00) is open to paid registrants only |
|
|
15:45~16:45 ('60) |
Private Forum #1 (Separate Registration Required) |
Panel Discussion - Pre-collected Q&A
"Medical Device Security Regulatory Questions/Answers"
- Kevin Fu (Professor, Northeastern University)〡Heejo Lee (Professor, Korea University)〡Yuseung Kim (Corporate VP, Samsung Networks)〡Mi-jung Son (Team Leader, Digital Medical Products TF Director, Ministry of Food and Drug Safety)
|
|
|
16:45~17:45 ('60) |
Private Forum #2 (Separate Registration Required) |
Live Audience Q&A with Speakers |
|
|
17:45~18:00 ('15) |
closing | Wrap-up and group photo session | |
ㅡ
ㅁ Private Forum session (Pre-registration required by Tuesday, August 12 / limited to 50 participants)
· Purpose: The Private Forum Session offers an exclusive opportunity to engage directly with leading experts in medical device cybersecurity. Join Prof. Kevin Fu (first Acting Director of Medical Device Security at the U.S. Food and Drug Administration (FDA), now at Northeastern University), Prof. Heejo Lee (1st-generation white-hat hacker and former CTO of AhnLab, Korea’s leading cybersecurity authority), Dr. Yuseung Kim (Corporate VP Samsung Networks with hands-on experience in medical device security frameworks and SBOM implementation from a U.S. medical device company), and Mi-jung Son (Team Leader, Digital Medical Products TF Director, Ministry of Food and Drug Safety). Participants will have the chance to ask questions, engage in panel discussions based on pre-submitted inquiries, and join a live Q&A session.
· Date/Location: Tuesday, August 26, 2025 / 15:45-18:00 PM (KST, 2 hours)
· Application and Fee: 110 USD / Separate registration required (limited to 50 participants). Questions will be collected in advance. The session will feature a moderated panel discussion followed by an open dialogue.
※ Participants will be selected via lottery, with priority given to organizations with practical needs for SBOM generation, management, and medical device cybersecurity. Please briefly state your reason for applying in the registration form.
· Preparation:
| No | Programs | |
|---|---|---|
|
1 |
Panel Discussion - Pre-collected Q&A
"Medical Device Security Regulatory Questions/Answers"
- Kevin Fu (Professor, Northeastern University)〡Heejo Lee (Professor, Korea University)〡
Yuseung Kim (Corporate VP, Samsung Networks)〡Mi-jung Son (Team Leader, Digital Medical Products TF Director, Ministry of Food and Drug Safety)
|
|
| 2 | Live Audience Q&A with Speakers | |
ㅡ
ㅁ Speakers for 2025
| Speakers | Bio | Talk Abstracts |
|---|---|---|
|
Kevin Fu |
Kevin Fu is Professor of Electrical & Computer Engineering, the Khoury College of Computer Sciences, and Bioengineering at Northeastern University in Boston where he directs the Archimedes Center for Healthcare and Medical Device Cybersecurity. His laboratory protects medical devices from cybersecurity threats that could otherwise disrupt patient care. Fu’s 2008 research on vulnerabilities in implantable cardiac defibrillators prompted improvements at medical device manufacturers, global regulators, and international safety standards bodies. His pacemaker research also inspired an episode of Homeland. Before joining Northeastern University, Fu served as the inaugural Acting Director of Medical Device Security at FDA’s Center for Devices and Radiological Health (CDRH) and program director for cybersecurity at FDA's Digital Health Center of Excellence. Fu received his B.S., M.Eng., and Ph.D. from MIT. |
"Introduction to Medical Device Security" Prof. Kevin Fu, Ph.D., previously the first Acting Director of Medical Device Security at the U.S. Food and Drug Administration (FDA), will demystify medical device cybersecurity for an international audience of regulators, manufacturers, and researchers. Drawing from two decades of experience in clinical, academic, and industrial settings, Prof. Fu will explain how global regulators and manufacturers are embracing cybersecurity as a fundamental part of safety and effectiveness, not merely compliance. This keynote will highlight key international frameworks, common engineering pitfalls, and practical steps to help medical device manufacturers foster a security-minded culture that supports innovation without delaying market entry. |
|
Heejo Lee (Professor, Korea University) |
Heejo Lee is Professor of Computer Science and Engineering at Korea University in Seoul, South Korea, and Director of the Center for Software Security and Assurance (CSSA). He founded Korea’s first white-hat hacker club with a vision of making software security accessible to everyone, and now leads IoTcube.net and Labrador Labs, platforms for automated vulnerability analysis and open-source security. He previously served as CTO of AhnLab, South Korea’s leading cybersecurity company, and has advised national cybersecurity strategies in countries including the Philippines, Uzbekistan, Vietnam, Myanmar, Costa Rica, and Cambodia. In 2016, he received the ISC² Asia-Pacific Community Service Star Award, the region’s highest honor in cybersecurity leadership. He holds a B.S., M.S., and Ph.D. from POSTECH. |
"IoTcube 2.0: Automated SBOM and VEX Management for Supply Chain Security" Cybersecurity regulations increasingly require clear visibility into software components and their vulnerabilities - often through Software Bills of Materials (SBOMs) and Vulnerability Exploitability eXchange (VEX) documents. While supply chain security using SBOMs and VEX is becoming essential across many industries, including healthcare, manufacturers and service providers still face significant challenges in practical adoption. Over the past decade, KU CSSA has developed and publicly operated IoTcube, an automated vulnerability analysis platform. This year, we are launching IoTcube 2.0, which offers one-stop SBOM generation and VEX management. In this talk, we will share our R&D progress, discuss best practices, and explore opportunities for collaboration and feedback to advance the technology further. |
|
Christian Dameff (Emergency Physician, UC San Diego) |
Christian (quaddi) Dameff is an Assistant Professor of Emergency Medicine, Biomedical Informatics, and Computer Science at the University of California San Diego. He co-directs the UCSD Center for Healthcare Cybersecurity. He is also a hacker, a former open capture the flag champion, and DEF CON/RSA/Black Hat/BSIDES Speaker |
"Rapidly Deployable Clinical Support Systems for Ransomware" This talk will explore the conceptualization, design, and prototyping of a technology stack designed to provide a complete technical solution for the clinical workflow challenges arising from ransomware and other adverse events on hospital networks. |
|
Sang Kil Cha (Professor, KAIST) |
Sang Kil Cha is a leading professor at the Graduate School of Information Security and the head of the Cyber Security Research Center (CSRC) at the KAIST. He is the first Korean to receive the IEEE Security & Privacy Test-of-Time Award (2022) and has also been honored with Distinguished Paper Awards at top software engineering conferences such as ICSE, FSE, and ASE. He is an expert in software security and program analysis. |
"ASFuzzer: Differential Testing of Assemblers" In this talk, I will present our recent work on differential testing of assemblers. Ensuring the correctness of assemblers (or compilers in general) is crucial for the reliability of software systems including IoT devices and healthcare systems. |
|
Jeff Tully (Anesthesiologist, UC San Diego) |
Jeff Tully is an Associate Clinical Professor of Anesthesiology and Co-Director of the UC San Diego Center for Healthcare Cybersecurity. Tully’s research focuses on the intersections of safety, security, and equity in an increasingly technologically connected healthcare system by covering two primary domains: the patient safety and clinical outcomes effects of cybersecurity attacks on healthcare, and the validation of clinical applications of artificial intelligence and machine learning tools |
"Validating Healthcare Security Research with Clinical Simulation & Evidence Based Medicine" This talk will demonstrate the power of multidisciplinary collaboration in medical device and healthcare cybersecurity research by illustrating how evidence based medicine and clinical education principals can help design impactful studies and exercises validating and contextualizing the bedside impact of technical computer science research. |
|
Jack Kufahl (CISO, Michigan Medicine) |
Jack Kufahl is the Chief Information Security Officer for Michigan Medicine at the University of Michigan, one of the nation’s top academic medical centers that brings together world-class experts from research, patient care, and education to make groundbreaking discoveries that create life-changing medicine. He has over 20 years of experience in information technology, primarily in leadership roles. He is one of the incorporating officers and a current board member of the Michigan Healthcare Cybersecurity Council (MiHCC), a public-private partnership in the State of Michigan. MiHCC aims to protect the state’s critical healthcare infrastructure by fostering knowledge exchange, collaboration, and security services. Jack is a graduate of the FBI CISO Academy and holds a Master of Legal Studies with a concentration in compliance law from Washington University in St. Louis. At Michigan Medicine, he leads the information assurance program, overseeing all security efforts to ensure the confidentiality, integrity, and availability of electronic information critical to their missions of patient care, research, and education. He is also passionate about supporting strong talent pipelines and advising startups on cybersecurity, privacy, and digital risk.
|
"Top Cybersecurity Challenges in 2025 : Perspective from a Health care Delivery Organization’s Chief Information Security Officer" Healthcare delivery organizations face a unique and evolving set of cybersecurity challenges shaped by complex internal operations and an increasingly dynamic external threat landscape. Too often, well-intentioned security initiatives fall short—not due to lack of effort, but because they overlook the nuanced context in which they operate. In this talk, I will explore how a deep understanding of these complexities is essential for aligning cybersecurity strategies with real-world risks. By staying grounded in the realities of healthcare environments and maintaining a focused, context-aware approach, security leaders can more effectively safeguard critical infrastructure and ensure the resilience of care delivery systems. |
|
Yuseung Kim (Corporate VP, Samsung Networks) |
Yuseung Kim has been working on the analysis of threats in mission-critical systems including telecommunication systems, medical devices, connected-automated vehicles, mobility services, and the development of countermeasures. Dr. Kim received PhD in Electrical and Computer Engineering from Carnegie Mellon University with a dissertation titled “Securing Wi-Fi Access By Using Location-Aware Controls”. He was a member of the Mobile, Embedded, Wireless Security group led by Dr. Patrick Tague. |
"The Untold Story of SBOM: It Might Make Your Life Easier" SBOMs (Software Bills of Materials) are no longer optional - regulations and industry standards increasingly demand them. But for those responsible for generating SBOMs, the real question is: how do you do it right, without impacting your development pipeline? In this talk, we'll uncover the untold, practical side of SBOMs from the generator's point of view. You'll learn what the SBOM consumers actually expect, how to choose the right tools and formats, and how to integrate SBOM in to your CI/CD process. |
