2013 Government Cyber-Security Forum Agenda

Kaspersky Government Cybersecurity Forum Agenda

Learn from leaders of government, finance and technology as they explore today’s most critical domestic and global cyberthreats.

Tuesday, June 4, 2013

Times Description Speaker
8:30 am Breakfast and Registration
9:20 am Welcome Phil Bond
Master of Ceremonies
9:30 am
Opening Remarks
Steve Orenberg
President, Kaspersky Lab, North America
9:40 am Government Keynote:
Cybersecurity and the Threat of a Cyberattack
General Michael Hayden
Former Director of the CIA, Director of National Security Agency and Former Principal Deputy Director of National Intelligence
10:10 am
The Threat From the Far East
Costin Raiu
Director, Global Research and Analysis Team, Kaspersky Lab
10:30 am Coffee Break
10:45 am Panel Discussion:
Protecting Against Advanced Persistent Threats

Larry Zelvin, Director, National Cybersecurity and Communications Integration Center, U.S. Department of Homeland Security

Costin Raiu, Director, Global Research and Analysis Team, Kaspersky Lab

John Pescatore, Director of Emerging Security Trends, SANS

Byron Acohido, Moderator: Technology Reporter, USA TODAY

11:30 am Closing the Gaps and Making Connections: Forming Partnerships that Strengthen Global Law Enforcement Response
Ronald Noble,
Secretary General INTERPOL
12:00 pm Lunch
12:45 pm Panel Discussion:
The Critical Infrastructure - Can We Really Keep it Protected?

Tom Corcoran, Senior Policy Advisor, House Intelligence Committee
Jim Jaeger, Vice President, Cybersecurity Services General Dynamics Fidelis Cybersecurity Solutions
Steve Winterfeld, Cyber Tech Director, TASC

John Reed, Moderator: National Security Reporter, Foreign Policy

1:30 pm Fireside Chat: How Cyberweapons Impact Global IT Security

Eugene Kaspersky, Founder and CEO, Kaspersky Lab
Howard Schmidt, Former White House Cyber Security Coordinator

Phil Bond, Moderator: President & CEO, Perrizzo Bond, Inc.

2:15 pm Closing Remarks Phil Bond

Session Abstract


With his vast intelligence experience from his time in the CIA, the NSA, the military, and the Pentagon, General Michael Hayden is a leading expert regarding our nation’s cybersecurity. Hayden was on the frontline of geopolitical strife and the war on terror when communication methods were being revolutionized, and he recognized that the world of information was changing rapidly.

Hayden understands our nation’s need to adapt to our ever-changing informational landscape and the dangers, risks, and potential rewards of our digital security situation. For these reasons, he is often turned-to by media outlets for his expertise. Having served as the number one military intelligence officer in the country, he discusses geopolitics, cyber security, our vulnerabilities and challenges, the threat of a real attack, and its potential ramifications.


Some say that cyberspace is the fifth domain of warfare. In this regard, the number of attacks happening through cyberspace has skyrocketed over the last few years.

Earlier this year, news channels were flooded with information about APT1, a highly active, powerful adversary which has successfully penetrated hundreds of enterprises in the US for the past years.

On April 11th, Kaspersky Lab uncovered the existence of the Winnti crew, a specialized cyberwarfare group with origins that can be traced to China. The Winnti group has been stealing digital certificates from gaming companies that have later been used in other APT attacks. From this point of view, Winnti indicates a subtle cooperation between different APT groups from the Far East, showing a more complex picture than imagined.

We believe that thinking about the twenty-thirty known APT groups as "individual" is a mistake. In reality, there is just a giant gorilla with many heads. Understanding complex cyberwarfare operations is critical in fighting a powerful and sophisticated adversary. In this short presentation we will expose the inner workings of the Winnti group, its members, powerful recruiting techniques and links with other APT entities.


A nascent and fragmented global law enforcement response to cybercrime continues to lag behind that of sophisticated, organized cybercriminal groups who exploit the freedom, reach and anonymity of the Internet to prey on a range of faceless victims. Diverse laws and procedures within countries obstruct law enforcement efforts across countries whereby creating tension, not counterparts, between national investigating officers, many of whom already have capability and resource challenges. Frustratingly, the willingness to develop a robust, global cybercrime response has been expressed by all countries across all sectors, with the tools, information and opportunities necessary to inform a comprehensive, decisive plan of action against it already there. The problem is that individual interests and constraints of different countries and sectors repeatedly inhibit our ability to come together and effectively counter a threat that cuts across borders, cultures, and languages with a response that does the same.

Cooperation between us matters when fighting cybercrime because cybercrime is inherently different from almost any other crime. The experts are not just law enforcement and criminals anymore, but governments, businesses, organizations and individuals. In other words, anyone utilizing the internet to benefit from the advantages it provides. Next year, we will start to see these stakeholders gather under the umbrella of the INTERPOL Global Complex for Innovation (“IGCI”) in Singapore. A centralized, one-stop location to stand against this threat, and where law enforcement will work in tandem with all stakeholders to draw on their valuable knowledge and intelligence. This expansive reservoir will be utilized for developing training courses and practical applications to assist law enforcement and their cybercrime investigations, while also creating other solutions from which everyone can profit. Using the National Cyber Forensic Training and Alliance (“NCFTA”) in Pittsburgh as a model, IGCI ensures no country or sector will be left out. This will be illustrated by showing how anyone with a vested interest in cybersecurity can actively participate in IGCI so that we can realize our shared vision of securing cyberspace while keeping its openness.


Today’s Advanced Persistent Threats (APTs) against global businesses is relentless, effective and constantly evolving as adversaries continue to improve attack techniques to compromise high-value targets.

Attackers are using sophisticated malicious software to launch cyberespionage campaigns, steal valuable intellectual property and conduct surveillance operations. Modern techniques include clever social engineering lures, spear-phishing and the use of zero-day vulnerabilities and exploits to infect targets within an organization.

In 2013 the high volume of targeted attacks originating from APT campaigns have successfully compromised global entities across multiple industries including Manufacturing, Government, Military, Research & Development, Energy and Petroleum.

This panel will analyze the most prominent APT campaigns in 2013 and dissect their unique characteristics, including new infection mechanisms, evasion techniques, exploitable vulnerabilities, data-theft operations and improved social engineering schemes.

After the analysis, the panelists will examine additional obstacles the APT imposes, including various methodologies for examining APT campaigns, determining attribution, and counterespionage procedures. Attendees will also receive recommendations for implementing preventive measures and mitigation strategies to thwart future attacks.


The way of life in modern societies depends heavily on the critical infrastructures that supply food, water, communications, power, public safety and public health to its citizens.

Global governments are treating the protection of infrastructures with the highest priorities to avoid catastrophe and minimize exposure to severe risk. While the ominous question of how to protect critical infrastructure has been discussed ad nauseam among global IT security professionals, government officials and international organizations, the question that hinges upon the world’s most crucial societal and economic assets still remains unanswered.

Time is not on our side as vulnerabilities that can be used to attack critical infrastructure continue to appear. In the first quarter of 2013 alone, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published more than forty advisories containing disclosed vulnerabilities for critical infrastructure.

This high-powered panel of experts will attempt to answer the question of how to secure critical infrastructure by examining the current challenges from a technical, economical and administrative standpoint.


As global governments, Computer Emergency Response Teams (CERTs) and international intelligence agencies pursue aggressive initiatives to protect critical infrastructure from cyberthreats, it’s important to look ahead to new dangers that may be lurking in the shadows.

How can we effectively protect our critical assets with so much money being invested in offensive capabilities and exploit development?

How realistic is it that a terrorist organization can reverse a cyberweapon and use it for their own purposes? How dangerous is this compared to conventional terrorism?

What is currently being done globally and on the federal level to thwart these types of attacks?
In this fireside chat, veteran cyber-security experts Eugene Kaspersky and Howard Schmidt will examine these burning questions and offer policy and technological proposals to deal with these emerging dangers.