Register today

No cost to participate

2014 Government Cyber-Security Forum Agenda

Kaspersky Government Cybersecurity Forum Agenda

Walk through the policy, technical and implementation concepts and implications of a robust, resilient national critical infrastructure with expert in security analysis, operational security, systems engineering, policies, and acquisitions.

Tuesday, October 28, 2014

Times Description Speaker
8:00 AM Breakfast and Registration
8:30 AM Welcome and Opening Remarks Phillip Bond President & CEO, Bond & Associates
8:40 AM
Kaspersky Government Security Solutions, Inc. Introduction

Adam Firestone President & General Manager, Kaspersky Government Security Solutions, Inc.

8:50 AM Scenario Adam Firestone President & General Manager, Kaspersky Government Security Solutions, Inc.
8:55 AM
Keynote: Impacts of a Cyberattack on Our National Critical Infrastructure Tom Davis Former United States Representative
9:45 AM Panel Discussion: National Critical Infrastructure Stakeholders: Identifying Concerns and Risk

Robert Burton Federal Procurement Attorney, Venable LLP

R. (Mouli) Chandramouli Thomas Hattrick Chair Professor of Information Systems in the Department of ECE and a Professor in the School of Systems and Enterprises, Stevens Institute of Technology

Robert Clark Cyber Operational Lawyer for the Army Cyber Institute, United States Military Academy

John Gilroy Director, BLT Global Ventures LLC, Creator and host, Fed.TechTalk

James Jones Associate Professor, Computer Forensics, George Mason University

Miles Keogh Director of Grants and Research, National Association of Regulatory Utility Commissioners

Hilary Macmillan Vice President, Cybersecurity Intelligence Executive (CIX), Kaspersky Government Security Solutions, Inc.

10:45 AM Coffee Break  
11:00 AM Introduction: Building In Resiliency From the Start David Perera Cybersecurity Reporter, Politico Pro
11:10 AM Challenge Break-Out Session: Building In Resiliency From the Start – Requirements Discussion & Identification

Phil Bond President & CEO, Bond & Associates

Adam Firestone President & General Manager, Kaspersky Government Security Solutions, Inc.

Eric Jaw Security/ Malware Analyst, Kaspersky Government Security Solutions, Inc.

Hilary Macmillan Vice President, Cybersecurity Intelligence Executive (CIX), Kaspersky Government Security Solutions, Inc.

Linda Merchlinsky Vice President of Systems Engineering, Kaspersky Government Security Solutions, Inc.

Adam Rak Sr. Vice President, Bond & Associates

Christopher Reilley Lead Security Analyst, Cybersecurity Intelligence Executive (CIX), Kaspersky Government Security Solutions, Inc.

Bradford Saul Senior Technical Officer, Kaspersky Government Security Solutions, Inc.

12:10 PM Lunch: Fireside Chat

Karen S. Evans National Director for the US Cyber Challenge (USCC)

Mike Lennon Managing Editor, SecurityWeek

Howard Schmidt Former White House Cyber Security Coordinator

2:00 PM Keynote: Realizing Cyberresilent Systems
Joel Brenner Former National Counterintelligence Executive and Author of America the Vulnerable
2:50 PM Panel Discussion: Evaluating Cyber-Resiliency

Byron Acohido (moderator) Editor and Chief, Third Certainty

Alma Cole Vice President of Cyber Security, Robbins Gioia, Inc.

Jake Groth Chief Technology Officer , Defense Point Security

Bryan Martin Vice President of Cyber Security & Privacy Practice, SRA International

Christopher Reilley Lead Security Analyst, Cybersecurity Intelligence Executive (CIX), Kaspersky Government Security Solutions, Inc.

Nicole Tisdale Subcommittee Director and Counsel for Counterterrorism and Intelligence, Minority Staff on Homeland Security an Cyberintelligence

3:50 PM Coffee Break  
4:05 PM Keynote: Towards a More Resilient Cyber Posture: A Way- Ahead Adam Firestone President & General Manager, Kaspersky Government Security Solutions, Inc.
4:50 PM Closing Remarks Phillip Bond President & CEO, Bond & Associates
5:00 PM Adjourn  

Session Descriptions

Opening KEYNOTE: Impacts of a CyberAttack AGAINST our National Critical Infrastructure

The cyberattack scenario portrayed during the opening session is not just the stuff of Hollywood blockbusters. We’re all at risk from the inherent vulnerabilities in our national critical infrastructure (NCI) and threats with the capability and motivation to exploit them. So far, we’ve only seen these risks realized on a small scale or in a training capacity, but concern is growing that a potentially disastrous event is not far off.

To avoid disaster, we as a community need to mitigate these risks now by identifying the vulnerabilities extant in our critical infrastructure systems, as well as those that continue to arise from today’s constantly changing computing environment. Emerging risk factors range from widespread remote access and monitoring capability and a growing preference for bring-your-own-device (BYOD) environments to the increasing complexity of system configurations. By working toward holistic and shared understanding of this ever-evolving threat landscape, we can ensure we are prepared for a worst-case scenario.

This talk will guide participants to a comprehensive understanding of the risks we face. The keynote will challenge the audience to engage fully in the day’s activities and to share, learn and become fully enfranchised in the need for a systematic approach to ensuring the cyberresilience of critical systems.

Panel Discussion: National Critical Infrastructure Stakeholders: Identifying Concerns and Risks

There are many stakeholder communities within the larger cybersecurity polity, and each of these groups has a unique viewpoint on the cyber risks that we all face. Panelists in this talk will represent these different communities. They will articulate their concerns regarding the lack of cyberresilient systems and share their top three risks confronting the NCI.

The panelists will draw on their expertise and experience regarding vulnerabilities in critical infrastructure to assess the current threat landscape and articulate a high-level mitigation plan for each identified risk. These mitigations will form a set of top-level requirements that will be addressed in the next session.

Challenge Break Out Session: Building Resiliency from the Start – Requirements Discussion and Identification

To build effective, secure and resilient systems, we need to take an interdisciplinary approach to identifying and meeting the requirements for improved cybersecurity early in the system development lifecycle. During this interactive session, participants will work in groups of eight or fewer to discuss how to address the set of top-level requirements identified in the previous panel discussion. Each working group will represent the perspective of a specific stakeholder community and should consider questions such as:

  1. What will the solution to the requirement look like once it's implemented?
  2. How will the technologies and components that constitute the solution be sourced?
  3. What needs to be done regarding this particular requirement at the policy and process/procedure levels to develop and maintain a cybercompetent workforce?

The working groups’ responses to these questions will serve as a primary resource for the white paper that will be issued following this conference.

LUNCHTIME FIRESIDE CHAT

The availability of the services provided by our NCI is at risk from not only the vulnerabilities that currently exist in the ecosystem but also the new threats that continue to arise as that ecosystem evolves. These new threats are a direct result of a wide variety of technology developments, including the increasing prevalence of insecure access control implementations, widespread use of network-connected monitoring and control systems, and the growing popularity of BYOD environments. While these vulnerabilities are widely recognized in the relevant operational, regulatory and policy communities, a number of challenges and roadblocks stand in the way of efforts to address the situation.

This discussion with Howard Schmidt will explore the factors that contribute to these vulnerabilities and how utility owners; regulators; and federal, state and local governments are dealing with them. The fireside chat will also examine what organizations should be doing internally, and in cooperation with their communities, to identify and mitigate the risks they face.

Afternoon Keynote: Realizing CyberResilient Systems

Innovative thinking and innovative solutions are the lifeblood of the U.S. economy, and continued innovation requires a robust and reliable NCI. Yet the systems that are currently implemented in critical sectors are often inherently insecure. Current approaches to this problem generally consist of either adding in security solutions once the systems are operational or accepting the risks – either deliberately or unwittingly. Major gaps in security will remain as long as the policies, processes and procedures that guide and inform the design, development, evaluation and implementation of systems across the U.S. government and the NCI are formulated without regard for the cyber risks that pervade today’s computing environment.

This talk will present a plan for realizing secure systems and system configurations and will recommend a number of policy, process and technology changes that can be realistically implemented to achieve this goal.

PANEL DISCUSSION: Evaluating CyberResiliency

Security considerations don't end with a developed product; it takes rigorous testing and evaluation, continuous monitoring and skilled management of the implemented solution through a holistic, ongoing security program to ensure systems are truly effective, secure and resilient. To be effective, this security program should include training and education mechanisms; comprehensive security-related policies, processes and procedures; auditing protocols; and penetration testing programs. The program should also adhere to security management tenets along the lines of the ISO 9000 principles of customer focus, leadership and involvement of all staff functions, a process approach, and a systems approach to management, continuous improvement, fact-based decision-making, and mutually beneficial supplier relationships.

Panelists will evaluate current practices for evaluating and maintaining an effective cybersecurity posture and offer their thoughts on how these practices can be improved. Panelists represent multiple stakeholder groups and will offer their unique perspectives on what an effective holistic security program might look like.

Final Keynote: Towards a more Resilient Cyber Posture: A Way-AHEAD

To strengthen our cybersecurity posture, we must design and develop cyber-resilient systems. However, it’s crucial to realize that cyber-resiliency results from programmatic and engineering postures that balance broad, enterprise-wide applications of policy and technology mandates with those that address the cyber-hygiene of individual users and systems. Only in this way will we be able to build systems that can withstand the attacks to which they will, at some point, fall victim.

The talk will walk through an analogous historical experience, the US Army’s experience in addressing mortality rates owing to disease during the Civil War and the half-century following, and illustrate how the lessons learned are applicable to current threats facing critical infrastructure in the United States. It will emphasize the importance of building security capabilities in from the beginning and addressing systemic problems using a combination of top-down and bottom-up approaches. It will culminate in a call for all of us to actively work toward a systematic and comprehensive solution to the current cybersecurity challenges facing our critical infrastructure.