Podcasts about u0zhe nyoho

Cyberattacks on critical infrastructure such as power plants, dams, and chemical facilities are increasing in both intensity and sophistication, with attackers actively exploiting the cultural divide between the engineers who design and run these facilities and the cybersecurity people who protect them. At Rose-Hulman, we are building a multidisciplinary Critical Infrastructure Laboratory to bring these groups together with the goal of educating the next generation on the difficulties of designing and securing facilities vital to our national and economic security.

Since the inception of computer/data/cyber/network securitysome fifty years ago, one recurring question has beset our industry: “How do wesecure it?” By its very nature, that question has propagated as a harmful meme,by implying that a binary deterministic answer is available, or even possible. This talk examines security through a non-deterministiclens, applying probabilistic and analogue functions to discover new approachesto defending anthro-cyber-kinetic systems.

This talk covers the key lessons learned and root causes from the biggest mega-breaches and the 9,000+ reported breaches over the past 15 years.  By analyzing the histories, stories, and deep dives of breaches such as those at Target, JPMorganChase, OPM, Yahoo, Equifax, Facebook, Marriott, Capital One, and the SolarWinds hack, I will also lay the groundwork for a roadmap to recovery based on the root causes. 

Quantum technology will be transformational. When applied, quantum has the power to dramatically improve our society, as well as cause major disruptions on the national security and economic security fronts. This presentation will provide an overview of the fundamentals of quantum technology, to include the three major branches of quantum technology development: quantum computing, quantum sensing, and quantum networking. We will discuss use cases for each and explore where the technology stands today, its commercialization and hardware engineering challenges, and potential pathways for a quantum future.

Social Engineering is employed in 97% of cybersecurity attacks. This makes social engineering penetration testing an important aspect of cybersecurity. Social engineering penetration testing is a specialized area requiring skills and abilities substantially different from other types of penetration testing. Training for social engineering penetration testing as well as understanding what skills, abilities, and personalities make for good social engineers is not well developed. This mixed methods study uses surveys and interviews conducted with social engineering pen testers to examine their pathways into the field, what personality traits contribute to success, what skills and abilities are necessary and what challenges these professionals commonly face. The results are used to make recommendations for training.

Federated learning is an emerging machine learning paradigm to enable many clients (e.g., smartphones, IoT devices, and edge devices) to collaboratively learn a model, with help of a server, without sharing their raw local data. Due to its communication efficiency and potential promise of protecting private or proprietary user data, and in light of emerging privacy regulations such as GDPR, federated learning has become a central playground for innovation.  However, due to its distributed nature, federated learning is vulnerable to malicious clients.  In this talk, we will discuss local model poisoning attacks to federated learning, in which malicious clients send carefully crafted local models or their updates to the server to corrupt the global model. Moreover, we will discuss our work on building federated learning methods that are secure against a bounded number of malicious clients. 

Good research has scientific principles driving it. Analysts begin research with a goal in mind and at the same time, they need their research to have a solid foundation. This talk will cover common goals in cybersecurity research and also discuss common pitfalls that can undermine the results of the research. The talk will include many examples illustrating the principles.

Machine Learning appears to have made impressive progress on many tasks including image classification, machine translation, autonomous vehicle control, playing complex games including chess, Go, and Atari video games, and more. This has led to much breathless popular press coverage of Artificial Intelligence, and has elevated deep learning to an almost magical status in the eyes of the public. ML, especially of the deep learning sort, is not magic, however.  ML has become so popular that its application, though often poorly understood and partially motivated by hype, is exploding. In my view, this is not necessarily a good thing. I am concerned with the systematic risk invoked by adopting ML in a haphazard fashion. Our research at the Berryville Institute of Machine Learning (BIIML) is focused on understanding and categorizing security engineering risks introduced by ML at the design level.  Though the idea of addressing security risk in ML is not a new one, most previous work has focused on either particular attacks against running ML systems (a kind of dynamic analysis) or on operational security issues surrounding ML. This talk focuses on the results of an architectural risk analysis (sometimes called a threat model) of ML systems in general.  A list of the top five (of 78 known) ML security risks will be presented.

There is no doubt that cybersecurity has risen up the agenda in terms of visibility and importance.  Everybody wants it. But do they really know what they want?  What does cybersecurity include, and to what extent do qualifications and certifications that claim to cover it actually do so?  This talk examines what cybersecurity means in terms of the contributing topics, and in particular how these topics can end up looking substantially different depending upon what source we use as our reference point.  The discussion then proceeds to examine how this has knock-on impacts in terms of the qualifications and certifications that may be held by our current and future workforce.  All are labelled as ‘cybersecurity’, but to what extent are they covering it, and how can those that need support tell the difference?

While users are responsible for initiating 90%+ of losses, it is not their fault. The entire system is what enables the losses, and the entire system must be designed to prevent them. Drawing lessons from safety science, counterterrorism, and accounting, this presentation details how to expect and stop user initiated loss.

In this talk, we explore security and privacy related to meta-learning, a learning paradigm aiming to learn 'cross-task' knowledge instead of 'single-task' knowledge. For privacy perspective, we conjecture that meta-learning plays an important role in future federated learning and look into federated meta-learning systems with differential privacy design for task privacy protection. For security perspective, we explore anomaly detection for machine learning models. Particularly, we explore poisoning attacks on machine learning models in which poisoning training samples are the anomaly. Inspired from that poisoning samples degrade trained models through overfitting, we exploit meta-training to counteract overfitting, thus enhancing model robustness.

Data brokers are the major players in the market of collecting, selling, and sharing online user information. Although their practices have raised tremendous privacy concerns, their data collection and sharing activities are still under the veil. The growth of adverse cybersecurity incidents toward the data brokers has led the regulators, including California and Vermont, to require the data brokers to register and disclose their activities. This paper analyzes the leaked information on the dark web to analyze the data sharing and collection activities among the data brokers. In specific, we cluster the data brokers based on their data collection activities given by their product description to quantify the activity proximity. Next, we empirically examine how activity proximity leads to co-occurrence on the leaked information in the dark web. We further discuss the deterrence effect of the data broker registration on information leakage. Our study contributes to cybersecurity assurance and risk assessment literature by unveiling the shadowy data-collecting and data-sharing market.

Modern cybercrimes are responsible for $400B dollars of losses on an annual basis. Headlines appear regularly announcing major breaches. Yet few people and businesses understand what happened in such incidents and how to avoid being a victim themselves. The security industry does provide analyses of breach statistics, but effective preventative measures can be lost in the numbers. Virtually all breaches result from technology failure combined with people failure. This presentation will look at actual recent cybercrimes in order to document what happened and what could have prevented that incident. Who carried out the breach? What did they do? What was taken? How could it have been stopped? What was the story behind the breach? Attack types include ransomware, business email compromise, intellectual property theft and breach of Personally Identifiable Information. By being more familiar with current successful threats and breaches you will: · Be able to avoid high risk activities, if possible · Be able to be better prepared to stop such an attack against you or your organization · Be able to optimize security spending and resources for actual attack patterns This presentation is designed for both security professionals and business professionals who want to better secure their assets and processes against the increasing number of cyber criminals.

The nature of cybersecurity and modern life is such that we feel pressured to run just to keep up, this leaves us no time to look back and reflect on how we got where we are as an industry and field of study, nor to learn about the people who led the way. In this presentation we will dig into the stories of some of the people who were foundational in the field we know call cybersecurity, some well-known, others obscure.

The software development process, or software supply chain, is quite complex and involves a number of independent actors. Due to this ever-growing complexity has led to various software supply chain compromises: from XCodeGhost injecting malware on millions of apps, to the highly-publicized SolarWinds Compromise. In this talk, Santiago will introduce various research challenges, as well as attempts from both Open Source and Industry --- such as SigStore, CoSign and in-toto --- to protect millions of users across the globe.

A discussion about where we are in the commercial SDN/NFV world today and where we are headed.  What are the next generation threats beyond where we are today and how software definability may be a asset in the defender’s toolkit. Also looking at the intersection point between SDN/NFV and AI/ML. How this changes the defense calculus and alters the attack surface. What capabilities we need to develop in the practitioner, consumer and defender worlds.

In a growing interdependent market place,it is nearly impossible to develop every part or component in house.  Electronics are nearly entirely manufactured offshore. Concerns have risen about the trust worthiness of electronics that may contain extra or potentially malicious functionality.  Traditional supply chain risk management only deals with the suppliers ability to deliver a product on time and within budget.  Cyber aspects focus on the trustworthiness of the product that was delivered.  Those vendor that they themselves are procuring products, such as test systems,subtractive or additive manufacturing, are now concerned that the products they are producing are affected by Cyber Supply Chain Risk Management (C-SCRM).

Join Caroline Wong, Cobalt.io's head of Security and People, for a unique perspective on the role of humans in cybersecurity.

Self-determination is the key to human thriving; it's also the enemy of both dictatorships and monopolies. It's no coincidence that commercial imperatives of tech monopolies create the infrastructure for political oppression. The public-private-partnership from hell looks like this: companies install surveillance and other system of control to extract higher rents from their customers and ward off competitors. Then states seize that surveillance and control apparatus to gain and consolidate power. That's the bad news. The good news is that it means that those of us fighting dictatorships have natural allegiances with those fighting monopolies -- and vice versa.

In December 2020, FireEye discovered a supply chain attack against the SolarWinds Orion network management system.  The impact of this event has caused the cybersecurity community to reevaluate how we think about threats coming from the software supply chain.  At Lawrence Livermore National Laboratory we have been developing software assurance tools for many years to automate the analysis of software to enable asset owners and operators to make sound decisions about the software in their environments.  In this presentation, I will describe this effort, talk about some of our tools, and discuss ways to mitigate future supply chain attacks.

Over fifty years, I’ve led a lot of security projects that I thought would change the world. Many of them crashed and burned at great cost in money and reputation. There were some common threads including reliance on government claims about the market and on minimal secure systems built from scratch. This talk will describe some failures, some lessons learned the hard way, and how they paid off.

The Internet of Things (IoT) is the notion that nearly everything we use, from gym shorts to streetlights, will soon be connected to the Internet. Industry and financial analysts have predicted that the number of Internet-enabled devices will increase from 11 billion to upwards of 25 billion in coming years. Regardless of the number, the end result looks to be a mind-boggling explosion in Internet connected stuff. Yet, there has been relatively little attention paid to how we should go about regulating smart devices, and still less about how cybersecurity should be enhanced. Similarly, now that everything from refrigerators to stock exchanges can be connected to a ubiquitous Internet, how can we better safeguard privacy across networks and borders? This talk will explore these issues by pulling from the recently published book, ‘The Internet of Things: What Everyone Needs to Know.’ Our discussion will also be couched by the findings of a recent report for the Indiana Executive Council on Cybersecurity entitled, ‘State of Hoosier Cybersecurity 2020.’

Modern end-user computing platforms such as smartphones (e.g., Android and iOS)and smart home systems (e.g., SmartThings and NEST) provide programmable interfaces for third-party integration, enabling expressive and popular functionality that is often manifested in applications, or ​apps.​ Thus, for the last decade, designing security systems to analyze ​apps for vulnerabilities or unwanted behavior has been a major focus within the security community. This approach has continued well into the smart home, with researchers developing systems inspired by lessons from Android security to inspect ​IoT apps developed for popular platforms such as SmartThings. However, emerging characteristics of smart home ecosystems indicate that IoTapps may not represent automation in real homes, and may even be unavailable in the near future. That is, while API misuse by third-party developers is an important problem, the approach of ​analyzing/instrumenting IoT apps may not offer an effective or sustainable solution. In this talk, I will describe the challenges for research in the backdrop of the unsuitability of IoTapps for practical security analysis, and motivate three alternate research directions. First, I will describe the need to develop an alternative artifact for security analysis that is representative of automation usage in the wild. To this end, I will introduce Helion, a system that uses statistical language modeling to generate natural ​home automation scenarios​, i.e., realistic event sequences that are closely aligned with the real home automation usage in end-user homes,which can be used for security or safety analysis. Second, I will illustrate the need to improve the security of mobile companion apps, which often form the weakest link in smart home deployments, and the important position of security analysis/compliance tools in ensuring the development of secure companion apps. To this end, I will present the mSE framework, which automatically and rigorously evaluates static program analysis-based security systems using mutation testing. Our work on mSE (and its successor, MASC) culminated in the discovery of critical security flaws in popular tools such as FlowDroid, CryptoGuard, Argus, and Coverity that affect the reliability and soundness of their analysis. Finally, I will conclude the talk by describing our current efforts to build ​system-level defenses into IoT platforms that are agnostic to IoTapps, i.e., independent of their visibility or mutability, thereby potentially providing a lasting solution to API misuse by third-party developers.

Traditionally, security and privacy research focused mostly on technical mechanisms and was based on the naive assumptions that Alice and Bob were capable, attentive, and willing to jump through any number of hoops to communicate securely. However, about 20 years ago that started to change when a seminal paper asked "Why Johnny Can't Encrypt" and called for usability evaluations and usable design strategies for security. Today a substantial body of interdisciplinary literature exists on usability evaluations and design strategies for both security and privacy. Nonetheless, it is still difficult for most people to encrypt their email, manage their passwords, and configure their social network privacy settings. In this talk I will highlight some of the lessons learned from the past 20 years of usable privacy and security research, and explore where the field might be headed.

The threat of cyber attacks is a growing concern across the world, leading to an increasing need for sophisticated cyber defense techniques that leverage the defender’s “home field advantage". We designed the Tularosa Study to understand how defensive deception, both cyber and psychological, affects cyber attackers. Over 130 professional red teamers participated in a network penetration test over two days in which both the presence of and explicit mention of deceptive defensive techniques were controlled. To our knowledge, this represents the largest study of its kind ever conducted on a skilled red team population. The design was conducted with a battery of questionnaires (e.g., experience, personality, etc.) and cognitive tasks (e.g., fluid intelligence, working memory, etc.), allowing for the characterization of a “typical” red teamer, as well as physiological measures (e.g., galvanic skin response, heart rate, etc.) to be correlated with the cyber events. Preliminary results support a new finding that the combination of the presence of deception and the true information that deception is present has the greatest effect on cyber attackers, when compared to a control condition in which no deception was used. Special Panel Immediately following Dr. Ferguson-Walter's seminar, join CERIAS for a unique opportunity to hear six professionals from NSA -- including two Purdue alumni -- who will share their careers and experiences as cybersecurity researchers and practitioners. The panelists will describe opportunities for students and graduates, and answer questions from the audience about their work and life at NSA. [Note:  Only US citizens are able to work at the NSA.] Topic: What is it like to work at the National Security Agency (NSA) Register in advance for this webinar: https://purdue-edu.zoom.us/webinar/register/WN_mRCKeiU9TbqNJNxcogddsA After registering, you will receive a confirmation email containing information about joining the webinar. Eric Bryant is currently serving as a Director of Cybersecurity Operations in the NSA/CSS Cybersecurity Operations Center (NCSOC). In this capacity, he is responsible for leading a diverse team working around the clock to prevent and eradicate cybersecurity threats to the nation. He also serves as NSA’s Academic Liaison to Purdue University, where he graduated with a degree in computer science and is an alumni of CERIAS.   Dr. Josiah Dykstra is a Technical Fellow and Senior Executive in the Cybersecurity Collaboration Center of the National Security Agency. He holds a Ph.D. in computer science and previously served at NSA as a cyber operator and researcher. Dr. Dykstra is interested in cybersecurity science and how humans intersect with technology. He is the author of numerous peer-reviewed research papers and one book. Dr. Kimberly Ferguson-Walter is a Senior Research Scientist with NSA’s Laboratory for Advanced Cybersecurity Research where her research focuses on the intersection of computer security, artificial intelligence, and human behavior. She has been focused on adaptive cybersecurity at the NSA for the past ten years and is the lead for the Research Directorate’s deception for cyber-defense effort. She has a Ph.D. in computer science and is currently on joint-duty assignment to the Naval Information Warfare Center Pacific to perform collaborative research and facilitate strategic alignment and technology transfers. Natalie Janiszewski is a Higher Education Outreach Advocate with NSA's office of Academic Engagement. Natalie brings over 25 years of educational experience to her role at NSA. She is responsible for maintaining strong relationships with academic institutions to influence curriculum and encourage activities in NSA's mission-critical areas: science, technology. engineering, math, intelligence analysis, language and cybersecurity. Natalie taught classes in a graduate program for educational technology. Her passion lies in designing environments that facilitate durable, actionable learning for students.   Joel Klasa graduated from Purdue in May 2020 with a degree in computer science and participated in the NSA co-op program throughout his time at Purdue. Upon graduation, he was hired into a development program at the agency and has a current focus of machine learning and artificial intelligence in cybersecurity. Dr. Celeste Lyn Paul is a senior researcher and technical leader at the National Security Agency. Her work has focused on a broad range of topics including emerging technologies, human factors in security, and more recently, securing cyberspace in outer space. 5:30pm EDT: 

IP address blocklists are a useful source of information about repeat attackers. Such information can be used to prioritize which traffic to divert for deeper inspection (e.g., repeat offender traffic), or which traffic to serve first (e.g., traffic from sources that are not blocklisted). But blocklists also suffer from overspecialization -- each list is geared towards a specific purpose -- and they may be inaccurate due to misclassification or stale information. We propose BLAG, a system that evaluates and aggregates multiple blocklists feeds, producing a more useful, accurate and timely master blocklist, tailored to the specific customer network. BLAG uses a sample of the legitimate sources of the customer network's inbound traffic to evaluate the accuracy of each blocklist over regions of address space. It then leverages recommendation systems to select the most accurate information to aggregate into its master blocklist. Finally, BLAG identifies portions of the master blocklist that can be expanded into larger address regions (e.g. /24 prefixes) to uncover more malicious addresses with minimum collateral damage. Our evaluation of blocklists of various attack types and three ground-truth datasets shows that BLAG achieves high specificity up to 99%, improves recall by up to 114 times compared to competing approaches, and detects attacks up to 13.7 days faster, which makes it a promising approach for blocklist generation. Although performance of blocklists can be improved, they need to be used carefully. Blocklists can potentially lead to unjust blocking to legitimate users due to IP address reuse, where more users could be blocked than intended. IP addresses can be reused either at the same time (Network Address Translation) or over time (dynamic addressing). We present two new techniques to identify reused addresses. We built a crawler using the BitTorrent Distributed Hash Table to detect NATed addresses and use the RIPE Atlas measurement logs to detect dynamically allocated address spaces. We then analyze 151 publicly available IPv4 blocklists to show the implications of reused addresses and find that 53--60% of blocklists contain reused addresses having about 30.6K--45.1K listings of reused addresses. We also find that reused addresses can potentially affect as many as 78 legitimate users for as many as 44 days.

“Wouldn’t it be great if we could download anything, explore anything and build anything without the annoying feeling that you are going to get hacked?”   This was a question from my kids, who are currently in elementary school. Have you experienced similar questions from kids and adults alike? Computing is becoming such an integral part of our lives, wouldn’t it be great to use compute resources fully for all aspects of our lives. This includes work, education, healthcare and finance; be creative and innovate without the constant fear of backlash? This is what we mean by fearless computing: where we investigate how the very design of compute has security and privacy features built into the design of the platform. We will also explore how through education and awareness we can help nurture the freedom of thought and innovation to not only protect ourselves but create a cyber talent that builds the next generation systems and solutions. Join us for a discussion on the technology and solutions that helps us work towards our vision for fearless computing.

The last time you gave to a favorite charity, did you think about their cybersecurity? Do you sit on the board of a nonprofit? Are nonprofits using your cybersecurity solutions? The “wild” of the Internet and continually evolving threat landscape force nonprofits to defend themselves against intrusion and cyber-attacks. Breaking down the myths and assumptions about nonprofits' cybersecurity, this session spotlights approaches and exciting results from local nonprofit organizations of all sizes. Join us with your favorite nonprofit in mind and walk away with new information about this overlook business sector and why it matters.

Can objects be truly secured independently without resorting to a massive central reference monitor? It's a great question and we will discuss a solution to it called NUTS. During this talk, we’ll take data structures, message protocols and applied cryptography and toss them into the cauldron of reality, sprinkle in some DNA and data management to brew up some Security at the Data Perimeter towards crafting Data as the Endpoint.  It sounds like a bad witch’s brew of epic proportions but once we cast the spell, you will see the integration of many CS/CISSP concepts you’ve learned over the years and new ways to use it.   Our goal is to make sure that the private individual has the best applied cryptographic technologies at their disposal for free in an unobtrusive way.  By the way, a nut is the only secure data structure we know of that can help mitigate insider threats in a purely cryptographic way independent of reference monitors. We’ll also show you how the NUTS Ecosystem can provide Alice with a ransom-ware resistant ‘hot’ system at home using just 2 computers.

MITRE ATT&CK® seems to be the“next big thing”. Every time I hear about it I can’t help but wonder, “how doyou prevent all these attacks in the first place? Shouldn’t that be the endgame?” To that end, I set out to map all the recommended “Mitigations” for allthe “Techniques” detailed in ATT&CK to see how many are already addressedby what is required in the Payment Card Industry Data Security Standard (PCIDSS). My hypothesis was all of them. The results were interesting and a little surprising, and I’m still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing andhopefully generate a discussion about what to do with the results.

Users of social networks are having their accounts subverted. Threat actors are gaining unauthorized access to large numbers of accounts and inserting links to suspicious websites. Shared command-and-control infrastructure is used across 70+ different social networks, suggesting a coordinated campaign to drive user traffic. The actors behind this campaign, and the end goal for driving user traffic, remains uncertain. The campaign remains active with changing indicators. The fact that this campaign spans so many different social networks makes determining the scope of the overall problem difficult. Using Goodreads as an example, we detail how the attack is constructed.

Researchers from academia and industry have identifiedinteresting threat vectors against machine learning systems. These threatsexploit intrinsic vulnerabilities in the system, or vulnerabilities that arisenaturally from how the system works rather than being the result of a specificimplementation flaw. In this talk, I present recent results in threats tomachine learning systems from academia and industry, including some of our ownresearch at Riverside Research. Knowing about these threats is only half thebattle, however. We must determine how to transition both the understandinggained by developing attacks and specific defenses into practice to ensure thesecurity of fielded systems. In this talk I leverage my experience working onstandards committees to present an approach for leveraging machine learningprotection requirements on systems that use machine learning.

CERIAS 2020 Annual Security Symposium Virtual Event https://ceri.as/symp Closing Keynote Panel Discussion - “Global Challenges in Security and Privacy Policy:elections, pandemics, and biometric technologies” Panelists: - Michel Beaudouin-Lafon, Vice Chair, ACM Technology Policy Council; Member, ACM Europe Council, Professor of Computer Science, Université Paris-Sud - James Hendler, Chair, US Technology Policy Committee, Professor of Computer, Web and Cognitive Sciences, Rensselaer Polytechnic Institute - Barbara Simons, Past President, ACM and ACM 2019 Policy Award Winner, Board of Advisors, US Election Assistance Commission, Chair, Board of Directors, Verified Voting Moderated by: Lorraine Kisselburgh, Chair, ACM Technology Policy Council, AdvisoryBoard and 2018 Resident Scholar, Electronic Privacy Information Center, Purdue University

The TCB has been very precisely defined since 1979, but in practice its implementation and application in today modern software stack is very blurry. This talk describes a very common application and how to consider its associated TCB, after explosive the problems it will propose an alternative to better release and execute software with unbreakable guarantee.

The payments ecosystem is evolving fast and making sure the cardholder’s digital payment experience is frictionless, smooth and secure has never been more important. With approval rates for digital payments at 82% compared to 97% for in-person payments, and globally digital transaction fraud currently four times higher than in-store expected to increase 68% by 2022, intelligence matters more than ever. As more transactions move to the digital world, particularly after COVID-19, on an ever-increasing array of devices, the need to keep up is vital. To help issuers’ real-time decisioning, increasing approval quality, improving the cardholder experience and reducing fraud, Mastercard leverages the power of proprietary data, sophisticated modelling and machine learning, combined with Mastercard’s global insights and analytics to process thousands of data points and delivers authentication assessment to the cardholder’s bank real-time during the payment to help the bank make an informed and robust decision.

Protection against HEMP (High-Altitude Electromagnetic Pulse) and GMD (Geomagnetic Disturbance in a CME/Coronal Mass Ejection context) is a nascent science. Until recently, these have only been the concern of Department of Defense insiders, over-the-top “preppers”, and physics aficionados. Due to current events and an increasing reliance of all facets of 1st world civilization upon ICT (Information & Communications Technology), the discussion of EMP and GMD protections is moving into the mainstream. Lifeline Data Centers, LLC is nearing completion of an 84,000 square foot fully EMP & GMD-protected data center & SCIF facility in Ft. Wayne, Indiana. Mr. Banta will discuss the basic physics of HEMP and GMD, the threats posed by both, and the extreme and expensive challenges of mitigating the effects of both in a data center setting. Mr. Banta presents from the perspective of designer/architect, primary financier, constructor, and owner/operator of such a facility.

We face an existential threat of permanent damage to critical physical components in our national infrastructure as a result of their poor resilience against cybersecurity attack. A Programmable Logic Controller (PLC) commonly provides the control system for such components, e.g., bulk power generators. Our proof-of-concept implementation dramatically mitigates threats to such cyber-physical systems (CPS) by specifically leveraging what NIST 800-160 calls “highly assured, kernel-based operating systems in Programmable Logic Controllers”. We dramatically reduce the attack surface visible to potential attackers to be ~1% of the total compared to competing approaches. Our demonstration refactors the common CPS architectural approach to data and cooperating processes into hierarchically ordered security domains using the widely available OpenPLC project code base. The GEMSOS security kernel verifiably enforces traditional integrity mandatory access control (MAC) policy on all cross-domain flows. GEMSOS is designed for wide-spread delivery as a Reusable Trusted Device, providing the reference monitor for secure single-board, multi-board, and System-on-a-Chip systems. Only a processing component in the highest integrity domain can directly send/receive control signals, enforcing “safe region” operating constraints to prevent physical damage. This very small attack surface protects the critical physical components, making the overall CPS resilient to skilled adversaries’ attacks, even though much larger lower integrity software running in other domains on the same Trusted Device hardware and network infrastructure may be thoroughly compromised. We make available our restructured OpenPLC source to encourage control system manufacturers to deliver verifiable PLC products to, as NIST puts it, “achieve a high degree of system integrity and availability” for control systems. UC Davis is using our demonstration on GEMSOS in their Computer Security Lab, today.

From compliance in the classroom to compliance on the street, important lessons that every cybersecurity professional should know.  We’ll cover proven approaches for compliance and risk assessment for a variety of industries, and present specific scenarios and strategies for addressing real challenges facing organizations with PCI, HITRUST, FedRAMP, CMMC and Privacy. Below are some of the examples that we will cover.   Scope creep (All) Setting deadlines and addressing missing evidence (All) Building out compensating controls (PCI) Conflict of Interest (FedRAMP) Internal Organizational Politics (Risk Assessment) Defensive Interviewees(All) Ethics and Responsible Reporting (All)

Cyber security data  in many ways mimics the behavior of organic systems. Individuals or groups compete for limited resources using a variety of strategies, the most effective of which are re-used and refined in later ‘generations’. Traditionally this behavior has made detection of malware very difficult because 1) recognition systems are often built on exact matching to a pattern that can only be ‘learned’ after a malicious entity reveals itself and 2) the enormous volume and variation in benign code is an overwhelming source of previously unseen entities that often confound detectors.  In addition, the enormous volume of malware artifacts is overwhelming anyone trying to categorize and characterize new additions to the many malware repositories as so much of the processing is done by hand. To turn the tables of complexity on the attackers, we have developed a method for mapping the sequence of behaviors that make up a malicious artifact to strings of text and analyze these strings using modified bioinformatics algorithms. Bioinformatics algorithms optimize the alignment between text strings even in the presence of mismatches, insertions or deletions and do not require an a priori definition of the patterns one is seeking. Nor do they require any type of exact matching. This allows the data itself to suggest meaningful patterns that are conserved between binaries. These patterns can be used to identify zero-day malware and can help to automate the curation and characterization of large quantities of suspected malware.  I will talk about our MLSTONES capabilities as an innovative and effective way of detecting and characterizing most types of malware artifacts.  I’ll also discuss how these capabilities can be used on other types of cyber security data. 

The last 5 years have seen a marked shift inhow companies view cyber threat intelligence (CTI) as a building block of theirsecurity strategy, but there still is a lot of confusion about how to build aprogram that provides utility. At its core CTI aims to provide informationabout motivations, methods and characteristics of attackers. In today’s rapidlyevolving threat landscape having timely access to CTI can be of significantvalue to security analysts. By looking beyond your own four walls organizationscan take faster mitigation action and also reduce their attack surface. AddingCTI to enterprise security programs can be an effective strategy to go from areactive to a proactive response. But the value of CTI is constrained by theability of enterprise security operations to contextualize, manage and actionupon it. This presentation will cover some fundamental CTI concepts, real worldchallenges in operationalizing it, and some easy ways to try it out foryourself.   Takeaways for the audience: 1. Overview of CTI concepts, frameworks,standards, and how they fit in the enterprise security model. 2. Clearer understanding of CTI data modelsand how they integrate with detection, protection and incident responseprocesses. 3. Practical ways to accelerate securityoperations and heighten defenses using CTI.

QoSient and a DHS independent SOC have been working together on an innovative pilot program called “Elimination of Unmonitored Space” (EUS) that strives to detect and respond to internal cyber threats through pervasive network sensing and sense-making in an enterprise network.   Modeled after the NSA’s Integrated Active Cyber Defense (IACD) architecture and the US DoD CENTAUR / Acropolis programs, the effort has developed a strategy for scalable development and deployment of new predictive cyber security analytics. In this presentation, we will present our approach to developing comprehensive network sensing at the endpoint and how centralized / regionalized analytic systems can manage the data and analytics needed to develop operational site-specific predictive analytics.  We believe that the shift to remote computing will push the need for awareness and predictive analytics at the endpoint and a new approach for cyber defense.

The adoption of advanced data technologies is one of the defining characteristics of the connected world. From ML to AI, we are getting a smarter, more personal world. The dystopic view is that not only Big Brother but many parties can monitor, control and manipulate us. What are the implications for trust? The need for privacy-enforcing technologies is now, not after the ghost is in the machine. What will you learn from attending? ·         How machine learning & AI play into conversations around trust and privacy ·         A framework to bring us into the future when it comes to privacy ·         What each of us can do now to further protect our privacy

Q & A: https://www.cerias.purdue.edu/site/blog/post/summary_of_july_15th_2020_purdue_seminar_on_control_system_cyber_security/ Critical infrastructures such as electric power, oil/gas, water/wastewater,pipelines, transportation, and manufacturing utilize process control and safetysystems to monitor, control, and assure safe operating conditions. Controlsystems consist of Internet protocol (IP) networks and HMIs to provide operatorinput and big data analytics. These systems have been designed with cybersecurity and authentication. However, what makes control systems unique are thecontrol system devices such process sensors, actuators, drives, power supplies,etc. that have no cyber security or authentication and are a direct threat topersonnel and equipment safety. Control system cyber security impacts are real.There have been more than 1,250 actual control system cyber incidents with morethan 1,500 deaths and more than $70Billion in direct damage. There is a need toget the computer scientists/network engineers that understand networks and thedomain engineers that understand the physical processes to work together orthere is no hope in securing the critical infrastructures.

Digital Transformation has fundamentally affected the conduct of elections since 2000. This webinar shares the perspective of a former senior Federal official who worked to help secure US elections against foreign interference during a 30+ year career in the US Government and who now works as a Chief Information Security Officer for a leading global cyber and network security company. This presentation will provide both background knowledge applicable to a general audience as well as advice and recommendations for government officials and their partners who are charged with carrying out elections. Topics covered in this webinar include: ·      Identifying key challenges in electoral integrity, especially the importance of public perception and voter confidence.Explore why and how securing elections differs from classic’ information security in its complexity and solutions. ·      Describing the “perfect storm” of colliding factors in the 2020 elections. We faceCOVID-19 related challenges ranging from public health concerns to added complexity and cost—and a pivot to mass mail-in voting is likely to both require process and technology changes and put stress on some of the most fragile parts of the existing election infrastructure. The expected surge of mail-in paper ballots in 2020 doesn’t make cybersecurity irrelevant;if anything, it heightens its importance. Dealing with these challenges is a risk management problem; so the webinar will provide recommendations on ‘doing with less’ – ranging from which parts of the problem to address first to how to harness the power of IT and leverage partnerships.

Using semi-supervised learning, I propose an anomaly-based network intrusion detection system (NIDS) to detect and classify anomalous and/or malicious traffic. With this proposed machine learning approach, we detect botnet traffic and distinguish it from the normal and background traffic in the IPv4 flow datasets. I evaluate the prediction performance results for the flow-based NIDS algorithms. I show an improvement in detection accuracy and reduction in error rates, when compared with signature-based NIDS and previous studies.

Cyberattacks are increasing in frequency, severity, and sophistication. Target systems are becoming increasingly complex with a multitude of subtle dependencies. Designs and implementations continue to exhibit flaws that could be avoided with well-known computer-science and engineering techniques. Cybersecurity technology is advancing, but too slowly to keep pace with the threat. In short, cybersecurity is losing the escalation battle with cyberattack. The results include mounting damages in the hundreds of billions of dollars, erosion of trust in conducting business and collaboration in cyberspace, and risk of a series of catastrophic events that could cause crippling damage to companies and even entire countries. Cyberspace is unsafe and is becoming less safe every day. The cybersecurity discipline has created useful technology against aspects of the expansive space of possible cyberattacks. Through many real-life engagements between cyber-attackers and defenders, both sides have learned a great deal about how to design attacks and defenses. It is now time to begin abstracting and codifying this knowledge into principles of cybersecurity engineering. Such principles offer an opportunity to multiply the effectiveness of existing technology and mature the discipline so that new knowledge has a solid foundation on which to build. * * Based on "Engineering Trustworthy Systems: A Principled Approach to Cybersecurity, CACM, June 2019.

Cyber security resources remain limited. Organizations that attempt to broadly protect their data from all cyber threats tend to inefficiently invest these resources, making them slower to adapt to the changing trends and techniques of cyber threats. – Carnegie Mellon.  This talk will discuss some of the basic principles of Cyber threat intelligence, and how proactive collection of information can enable an enterprise to protect its most critical assets. We will then dive into the main focus of this talk, operationalizing data in order to understand cyber criminals motivation and capabilities in order to tailor preventive controls meant to address threats your organization faces.    “If you know the enemy and yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” - Sun Tzu Know yourself: Learn your environment (people, processes, technology). Know your adversary: Learn your adversaries motivations (motive and targeted data) and capabilities (attack methods, TTP’S and resources). Prioritize protection of your most critical assets and operations.  

Work in the public sector differs from that in the private sector in ways that on the one hand present challenges unique to public sector work but also sometimes produce unexpected rewards also unique to public sector work.  Mr. Coffing will share some of his experiences gained over the last eighteen months leading cybersecurity for the nation’s third largest municipality as well as over the course of a 25+ year career in information technology and cyber security.

As more Personally Identifiable Information is collected, stored or created, the specter of customer privacy issues are looming large. Privacy and Security methodologies are starting to be dictated by those in State houses, Congress and Supra-regional governments.  Enterprises need to take a long hard look at the information they are capturing and how they secure it to determine whether the potential value outweighs the potential risk.   - How do your current Security and Privacy practices match up against upcoming  laws in Europe, US other parts of the world?  - Are you prepared to deal with new laws with huge fines? What about Private Right of Action? - Are you anticipating what is coming down the road?  Takeaways: - Understand the implications of new laws are as well as your risks - Understand how to comply with upcoming laws - Understand how contracts and data flow will be impacted - Ways to drive your organization to implement - How can this be beneficial for you personally  

In late 2016, the Mirai Botnet launched the largest DDoSattacks ever recorded. Learn about the teams of researchers racing the stop theattacks, and the criminal groups who were competing to launch ever largerattacks. The presenter will discuss roles played by educational institutions aswell as the impact to the IoT landscape.