AFCEA Home   AFCEA
Defense Foundation Europe Homeland Security Industry Intelligence SIGNAL Magazine    




Theater 3: Secure, Operate and Defend
Location:  Exhibit Hall, rear of 1200 aisle
 

Session I, 8:15a.m. - 9:15a.m., Wednesday, 26 June

Secure Mobility

(1 CEU - CompTIA A+, Network+, Security+ and 1 GIAC CMU)

Audio

Moderator:

Mr. Joe Portale (confirmed)

Chief Technologist, Mobility Solutions

Lockheed Martin, IS&GS

Panelists:

Mr. John Mills (confirmed)

Special Assistant for Cybersecurity

OSD CIO

Mr. John J. Hickey (confirmed)

Program Manager for Mobility

Defense Information Systems Agency

National Security Agency

Synopsis: The government continues to look seriously at delivering business services via mobile devices.  However, the challenges are enormous based on the sensitivity of the data being handled, the mobile connectivity that's required and the missions that are being supported just to name a few.   This is even further complicated by the need for our government agencies to leverage Cloud, Big Data and Mobility capabilities into an integrated offering that supports the agencies' overall missions.   The session will cover the mobility objectives of several key agencies and their approaches in addressing some of these challenges.

Optional read-ahead: AFCEA Cyber Committee "Secure Mobility" white paper

 

Session II, 10:50a.m. - 11:50a.m., Wednesday, 26 June

Security and Cloud Computing

(1 CEU - CompTIA A+, Network+, Security+ and 1 GIAC CMU)

Presentation

Audio

Moderator:

Ms. Jill Tummler Singer (confirmed)

Owner, Tummler Singer Associates, LLC

former CIO, National Reconnaissance Office

Panelists:

Mr. Robert Bigman (confirmed)

President, 2BSecure

former CISO, Central Intelligence Agency

Mr. Robert Butler (confirmed)

Chief Security Officer/Senior Vice President

IO Data Centers, LLC

Ms. Barbara Hunt (confirmed)

Chief Technology Officer

Cutting Edge Consulting Associates

Mr. Marvin Wheeler (confirmed)

Executive Director

Open Data Center Alliance

 

Synopsis: Cloud technology gives an enterprise the opportunity to inventory what applications they have and move them in to a new secure environment. It also gives an enterprise the opportunity to have a better security posture in place, reporting structure of correlated events and visibility through the network in to the applications. Sharing a Cloud with multiple users can raise the risk of security posture due to lack visibility across  the environment, although cost effective for the end user. The end user is relying on the provider for the integrity of the Cloud. The Cloud future for secure environments may be Private Clouds for sharing of resources for a large enterprise but control of the security elements. The panel will explore what Cloud technology has done to the security of our enterprises and the adjustments that are required to protect enterprises and recognize made to embrace the benefits of working in the cloud.

Optional read-aheads:

AFCEA Cyber Committee "Looking for the Right Answers in the Clouds" white paper

AFCEA Cyber Committee "Security and Cloud Computing" white paper

 

Session III, 1:15p.m. - 2:15p.m., Wednesday, 26 June

Beyond Encryption

(1 CEU - CompTIA A+, Network+, Security+, CASP and 1 GIAC CMU)

Audio

Moderator:

The Honorable John G. Grimes (confirmed)

former Assistant SECDEF C3I

Panelists:

Mr. James Candelaria (confirmed)

Chief Technology Officer

WhipTail

Mr. Peter LaMontagne (confirmed)

Chief Executive Officer

Novetta

Brig Gen John W. Meincke, USAF (Ret.) (confirmed)

Chief Executive Officer

Sengex, LLC

Mr. Mark O’Hare (confirmed)

Chief Executive Officer

Security First Corporation

Brig Gen Steve Spano, USAF (Ret.) (confirmed)

GM Defense and National Security

Global Public Sector

Amazon

 

Synopsis: The panel will discuss the current security climate for protecting critical data from myriad threats. Today’s approach centers on the use of encryption as the primary means of protecting information. New approaches beyond encryption are needed to better protect information which is subject to brute force attacks.  The panel will discuss today’s security environment including increasing use of cloud approaches, and what new technologies may be able to move security beyond encryption.

 

Session IV, 8:30a.m. - 9:30a.m., Thursday, 27 June

Detection of Global, Metamorphic Malware Variants Using Control and Data Flow Analysis

(1 CEU - CompTIA A+, Network+, Security+, CASP and 1 GIAC CMU)

Presentation

Audio

Speaker:

Dr. Hiralal Agrawal (confirmed)

Senior Scientist

Applied Communication Sciences

Synopsis: Current malware detection and classification tools fail to adequately address variants that are generated automatically using new polymorphic and metamorphic transformation engines that can produce variants that bear no resemblance to one another. Current approaches address this problem by employing syntactic signatures that mimic the underlying control structures such as call- and flow-graphs. These techniques, however, are easily defeated using new program diversification techniques. This hampers our ability to defend against zero day attacks perpetrated by such auto "replicating", rapidly spreading malware variants. In this paper, we present a new form of abstract malware signature generation that is based on extracting semantic summaries of malware code that is immune to most polymorphic and metamorphic transformations. We also present results of our initial, experimental evaluation of the proposed approach.

 

Session V, 11:45a.m. - 12:45p.m., Thursday, 27 June

Insider Threat: Protecting U.S. Business Secrets and Sensitive Information

(1 CEU - CompTIA A+, Network+, Security+ and 1 GIAC CMU)

Audio

Moderator:

Ms. Jarrellann Filsinger (confirmed)

Information Assurance

National Archives and Records Administration

Panelists:

Mr. Charlie Brown

Principal

C.H. Brown Consulting, LLC

MG Barbara Fast, USA (Ret.) (confirmed)

Senior Vice President

CGI

Mr. Dan Wolf (confirmed)

President

Cyber Pack Ventures, Inc.

Synopsis: Executive Order (EO) 13587 established the need for every agency and department in the executive branch to develop an insider threat program to protect national security information.  It is our assumption that an insider threat program may be very similar to a program that is implemented in industry that is used to protect intellectual property.  The basic elements of an insider threat program are to deter, detect and mitigate the exploitation, compromise or other unauthorized disclosure.  The objective of this study is to learn the successful elements of each type of program that can be used to strengthen the both types of information protection efforts.

Optional read-ahead:

"Insider Threat: Protecting U.S. Business Secrets and Sensitive Information"