MORNING KEYNOTE: Defending Cyberspace: Are We Ready to Meet Emerging Cyber Threats?
Neal Ziring, Technical Director, Information Assurance Directorate, National Security Agency
This keynote presentation will discusses current and emerging cyber security threats, vulnerabilities, and trends. Ziring will explore key technology trends that are affecting our nation’s security posture and highlight the importance of building a skilled and robust cyber workforce. He will also discuss the essential importance of building and maintaining strong industry, government, and academic partnerships to combat the growing cyber threat and will stress the strategic benefits of information sharing.
AFTERNOON KEYNOTE: Demystifying Cyber Security - the Route to Innovation
Marisa S. Viveros, Vice President, IBM Cyber Security Innovation
As organizations become more instrumented and interconnected, producing 2.5 quintillion bytes of data every day, cyber and information security has become an imperative for innovation. To date, many organizations have been unable to create a comprehensive security defense system because they have been forced to assemble technologies that don’t integrate in an intelligent and automated manner. This patchwork approach has created loopholes that hackers exploit. Cloud computing, mobility, and the internet are demonstrating that old techniques are ineffective. In this talk, we will discuss the latest trends in the threat landscape and illustrate with real examples how enterprises are approaching security challenges while continuing to innovate. Realizing technical solutions are only part of the equation, we will review our academic initiatives to ensure a pipeline of talented security professionals are available to assist enterprises and government organizations.
State of Security – You’ve Got Their Attention, Now What?
Michael A. Davis, CEO, Savid Technologies
This is the first year in which the more than 1,500 survey respondents to Savid Technologies’ annual State of Security Survey indicated that executive involvement in IT security is on the rise and budget constraints are down. So, security teams have more budget, and executives are listening? What should you be focusing on to deliver the best return and risk reduction? In this session, we will share statistics and data from our survey, unique insights into how to transform the security team into a more effective organization, and how to better communicate with the rest of the organization.
Perils of Social Media: How Facebook, Google, Twitter, Social Media, and Cloud Computing Are Creating Threats to Privacy, Security and Liberty
Rajesh Goel, Chief Technical Officer, Co-Founder, Brainlink
Social media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details has had a resounding impact on how our children, employees, and colleagues communicate. Using case studies from the U.S. and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes. and freedom through (un)social media. We’ll also investigate the rampant overcollection of customer and subscriber data by major corporations and governments, and we’ll discuss some strategies and steps we can take to protect civil liberties and privacy in the Age of Social Media.
Sense-Making in Security and Network Operation Centers
Steven Greenspan, Senior Vice President, CA Technologies
Making sense of real-time data is a persistent problem among security practitioners, within command and control centers, and in the daily activities of knowledge workers. Security operations professionals need to monitor a wide range of physical and logical devices and networks to maintain situation awareness and to detect malicious intrusions. For example, they need to monitor network flow among thousands of physical or virtual elements, and detect or anticipate changes in the operational quality of business services such as email or or identity authentication. This talk will discuss some of the perceptual, cognitive, and social issues surrounding sensemaking and and will examine some novel techniques for reducing cognitive overload by providing greater context.
Information and Communication Technology in the Globalization Era: Impacts on Supply Chain and Risk Management
John F. Kimmins, Executive Director/Fellow, Applied Communication Sciences
Globalization has now created new information and communications technology (ICT) product supplier eco-systems. Equipment is now composed of hardware and software components with unknown pedigree that are integrated into systems and maintained by suppliers other than the supplier who branded the product. There are increasing examples where counterfeit equipment or rebranded products have found their way into critical commercial and government infrastructures. Major incumbent suppliers are increasingly relying on global component sourcing. Collectively, these factors have brought a sharp focus to the need for a more in-depth review of the integrity of critical infrastructures and the supporting product supply chains. This presentation delineates these factors and their related risk implications for national and global infrastructures. In doing so, the talk reflects an enhanced risk management model and process that Applied Communication Sciences has developed that accommodates both government and private sector issues and builds upon current security practices.
Toward a Secure and Open Digital Society: the Dutch Approach
Wil van Gemert, Director, Cyber Security, Netherlands Ministry of Justice and Safety
Trends in cyber: Big data, hyper connectivity, and disappearing borders. What does this mean for business and governance in the Dutch society? How can we work toward an open and digital society, and what is needed in the field of cooperation between government and the private sector? Is a security concept needed in the digital world? This presentation will try to give an answer to this question in the context of the Dutch society.
Continuous User Authentication with Cognitive Rhythms
Kiran Balagani, Ph.D., Assistant Professor, Computer Science
Current authentication and identification technologies based on keystroke sensing use either 1) motoric aspects of a user’s typing behavior (also known as keystroke dynamics) or 2) stylometric
aspects of text. However, there is a rich spectrum of cognitive traits, such as pausing and revision behaviors that a writer exhibits during the acts of composing text and revising intermediary versions. Through a grant funded by DARPA Active Authentication program, we are developing methods to systematically capture cognitive traits embedded in the acts of text planning, production, and revision. We expect that the new cognitive traits will result in at least two fold improvements in authentication accuracies, detection latency, and resilience against forgery attacks.
ShadowNet: an Active Defense Infrastructure for Insider Cyber Attack Prevention
www.nyit.edu/conferences/cyber_security_conference/speaker_profiles_2012/#cuihttp://www.nyit.edu/conferences/cyber_security_conference/speaker_profiles_2012/#cui, Assistant Professor, Computer Science
The ShadowNet infrastructure for insider cyber attack prevention is composed of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database, and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and normal users. Existing connections, such as SSH sessions, are not interrupted. Any malicious activity performed by the attacker on a quarantined server is not reflected on the production server. The attacker is provided services from the quarantined server, which creates the impression that the attacks performed are successful. The activities of the attacker on the quarantined system are recorded much like a honeypot system does for forensic analysis.
Security and Energy Efficiency Co-Design for Cyber-Physical Systems with Multiple Sensor Networks
Wei Ding, Ph.D., Assistant Professor, Computer Science
In cyber-physical systems (CPSs), operations of physical elements are sensed, coordinated, and synergized by computing and communication elements. Recently, CPSs have gained remarkable popularity. The advance of CPS holds the promise of radically reshaping the way we interact with the surrounding physical world. A CPS is made up of multiple wireless sensor networks (WSNs) integrated as input, an intelligent decision system, and actuators or embedded devices. CPSs must operate dependably, safely, securely, efficiently, and in real-time. WSNs suffer from uneven consumption of battery among sensor nodes. Nodes closer to the sink are subject to early exhaustion due to extra load of forwarding packets from downstream nodes. For WSNs with a single sink, this problem can be solved by adding additional sinks away from the current sink and shifting load to alternative sinks. The sink-shift technique can be utilized among heterogeneous cross-domain WSNs in a CPS to extend life span of component WSNs and subsequently the life of CPS. The simplest way is integration of functions of multiple sinks at every sink. If these coexisting WSNs use same set of nodes through different sensors or different wireless modules on an individual node, similar time sharing and sink-shift can be performed. In the case that WSNs share a same sink, than the CPS is reduced to a single WSN, to which the sink-shift can be directly applied. The sink node is pivotal in WSN security. It generates and stores most keys and other secrets. The routing tree of a WSN is usually constructed around the sink under the control of the sink. During sink shift, it is more secure and sometimes more efficient to recreate secrets and keys than keeping the previous keys. In addition, renewing entire systems can easily and completely erases the compromised nodes and regain the security integrity of the network.
Secure Cloud-Aided Computation
Paolo Gasti, Ph.D., Assistant Professor, Computer Science
The advent of cloud computing is bringing significant economic, social, and scientific benefits. However, wholesale disclosure of information to (possibly untrusted) cloud providers has raised several ethical, legal, economic, and political concerns, limiting the widespread adoption of these technologies. In the past few years, the research community has been working on techniques that mitigate exposure of private information in cloud computing. Secure and efficient approaches allow resource-constrained devices, such as smartphones, to perform intensive computational tasks and manipulate large amounts of data leveraging vast resources available to the cloud. This presentation will review some of recent work in the area of secure cloud-aided computation and show how cloud computing can enable smartphones to perform complex tasks, such as genomic computation, without revealing private information.