Program

AFCEA GLOBAL INTELLIGENCE FORUM (USA)

The National Press Club, Washington, DC

July 30-31, 2013

 

TUESDAY, JULY 30, 2013

7:00 a.m. - 8:00 a.m.

CONTINENTAL BREAKFAST & EXHIBITS

8:00 a.m. – 8:10 a.m.

AFCEA WELCOME

Mr. Steven Ritchey

Vice President for Intelligence

AFCEA International

 

8:10 a.m. – 8:30 a.m.

 CONFERENCE CO-CHAIRS WELCOME

Mr. Zalmai Azmi

Consultant

 

Ms. Terry Roberts

Vice President for Intelligence & Cyber

Deputy Director of the Intelligence Group

TASC

 

Mr. Rosenthal

Portfolio Manager, Prevention

The MITRE Corporation

 

8:30 a.m. – 9:15 a.m.

 INTELLIGENCE, THE CONSTITUTION, AND CYBER SECURITY

Congressman Mac Thornberry

United States House of Representatives

Congressman Thornberry serves on the Armed Services Committee and the Permanent Select Committee on Intelligence.  He is the Vice Chairman of the Armed Services Committee where he led the Subcommittee on Intelligence, Emerging Threats, and Capabilities.  He was asked by the Speaker of the House to lead an initiative on cybersecurity in the 112th Congress, which focused Congress’s efforts to combat the growing national security and economic threat.

 

Overview

Congressman Mac Thornberry sees the cyber domain challenges from three unique perspectives.  As a leader within the HASC, he has been part of the establishment of US Cyber Command and the cyber domain as a warfare domain.  In addition, he has insight into the roles and missions of the US Intelligence Community both in leveraging the cyber environment and enabling all government to know of and thwart threats and attacks.  Then as a Texan, he has been a part of the cyber technical revolution and understands the need to educate and train Americans in cyber-related professions and businesses. 

 

Focus Questions

  • What is the significance of incorporating intelligence into the Emerging Threats subcommittee’s oversight role with respect to cyber security?

  • What is the relationship between the private sector and the IC with respect to cyber security and what extent of information exchange would most benefit that relationship?

  • What is the way forward in countering emerging cyber threats and protecting both sensitive information and critical infrastructure?

  • Discuss the importance for, and likelihood that the 113th Congress will pass a cyber security bill that President Obama will sign

 

9:15 a.m. – 10:00 a.m.

 CYBER INTELLIGENCE: EXPECTATIONS AND REALITIES

ADM Dennis Blair, USN (Ret.)

Former Commander in Chief, U.S. Pacific Command

Former U.S. Director of National Intelligence

Overview

Admiral Blair offers the unique perspective as both a consumer of cyber intelligence when he commanded the United States Pacific Command and as a provider of cyber intelligence when he served as the Director of National Intelligence.  Based on his experience in those two senior positions, Admiral Blair will address the tension that exists between the expectations decision makers have for intelligence and the IC’s abilities to meet those expectations.  As a former DNI he also will address whether the IC has sufficient authorities for providing cyber intelligence to the private sector.

Focus Questions

  • To what degree is classification an issue in providing useful cyber intelligence to the private sector, first responders, and operational military units?
  • What kinds of information does the private sector have access to that would benefit the IC in providing warning about threatening cyber capabilities and impending cyber activities?
  • Is the IC adequately resourced to provide cyber intelligence to the private sector as well as to government consumers?
  • Is the traditional intelligence cycle relevant to developing, producing and disseminating cyber intelligence to a broad private/public sector consumer base?

10:00 a.m. – 10:30 a.m.

BREAK & EXHIBITS

 

10:30 a.m. – 11:45 a.m.

 SESSION ONE:  INTELLIGENCE REQUIREMENTS FOR CYBER SECURITY

 

Overview

This session will focus on the importance of identifying requirements for cyber intelligence.  Like every other war fighting domain operations in cyber domain relies on accurate, timely, relevant, and actionable intelligence information needed by the operators   Representatives from the defense and law enforcement communities will discuss how their operations are affected by cyber threats and, more importantly, what information they need from the IC and industry to ensure network security and mission objectives.  

 

Focus Questions

  • How are requirements for cyber intelligence determined? 
  • What are the most important cyber intelligence requirements and do they vary for different communities?
  • How big a threat are strategic sanctuaries – nations protecting cyber actors and enabling them to launch attacks?
  • How do cyber threat vectors (remote access, proximity, supply chain, insider threat, social engineering) impact organizational missions?

Session Chair

Mr. Zalmai Azmi

Consultant

 

Session Speakers

COL Peter J. Beim, USA

Director of Operations/G3

Army Cyber Operations & Integration Center

RADM Sean Filipowski, USN

Director of Intelligence

US Cyber Command

 

Mr. Rick McFeely

Executive Assistant Director of the Criminal, Cyber, Response and Services Branch

Federal Bureau of Investigation

Mr. McFeely is responsible for coordinating efforts with FBI partners to address new and emerging international and domestic criminal and cyber threats to national security.  He was the on-scene commander for FBI efforts after the 9/11 terror attack at the Pentagon and helped set up a joint intelligence center to share information.

 

BGen Kevin Nally, USMC

Director, Command, Control, Communications and Computers

Deputy Chief Information Officer for the United States Marine Corps 

BGen Nally also serves as the deputy commanding general for the Marine Corps Forces Cyberspace Command (MARFORCYBER).

 

11:45 a.m. – 12:15 p.m.

NETWORKING & EXHIBITS

12:15 p.m. – 1:30 p.m.

LUNCH & FEATURED SPEAKER
CYBER INTELLIGENCE AND LAW ENFORCEMENT

Chief Cathy Lanier  

Metropolitan Police Department Washington, D.C.

Chief Lanier has spent her entire law enforcement career with the Metropolitan Police Department. Much of her career has been in uniformed patrol where she served as commander of one of the largest and most diverse residential districts in the city.  She also served as the commanding officer of the department's Major Narcotics Branch and Vehicular Homicide Units and Special Operations Division (SOD. During her tenure as SOD Commander, she established the agency’s first Homeland Security/Counter-Terrorism Branch and created an agency-wide chemical, biological, radiological response unit.

Overview

As the Chief of Police for the nation’s capital, Chief Lanier views cyber threats as both a challenge to national security and as criminal activity.   She understands the difficulty of moving cyber intelligence from the Intelligence Community to police officers so they can disrupt national security threats or arrest criminals.  She also understands the parallel difficulty of sharing law enforcement intelligence with the IC.  Chief Lanier will address the unique cyber intelligence resources the intelligence and law enforcement communities have and the importance of their cooperation.  

 

Focus Questions

  • Do police departments have/need their own organic cyber intelligence capabilities?
  • What is or should be the role of city/regional fusion centers regarding cyber intelligence?
  • What are the practical issues associated with using cyber intelligence to disrupt threatening activity or arrest those suspected of criminal activity?
  • What can/should be done to improve the exchange of cyber information between police departments and the IC?

1:30 p.m. – 2:00 p.m. 

DESSERT & EXHIBITS

 

2:00 p.m. – 3:15 p.m.

 SESSION TWO:  CYBER INTELLIGENCE BEST PRACTICES

 

Overview

There is a move away from a solely technical and tactical approach to cyber intelligence to a broader methodology that includes unclassified sensors, data sets, processing, and analytics that enable government and industry to have meaningful situational awareness and indications and warning.   In this session, speakers from industry, the IC, and the Department of Defense will discuss what they are doing in the cyber intelligence arena that is working and specifically where further progress is needed in support of government and industry requirements. 

 

Focus Questions

  • What are some of the current cyber intelligence capabilities that represent best practices?
  • How are technical and non-technical data sets being fused effectively?
  • How can unclassified cyber intelligence reporting and dissemination be automated?
  • What initiatives are the most important currently being worked?
  • Where should industry focus to take cyber intelligence capabilities and analysis to the next level? 

Session Chair

Ms. Terry Roberts

Vice President for Intelligence & Cyber

Deputy Director of the Intelligence Group

TASC

Session Speakers

Mr. Rick Howard

Vice President and Chief Information Security Officer

TASC

Prior to joining TASC, Mr. Howard was the General Manager of a commercial cyber security intelligence service at Verisign where he led a multinational network of security experts who delivered cyber security intelligence products to Fortune 500 companies. He also led the intelligence-gathering activities at Counterpane Internet Security and ran their global network of Security Operations Centers. He served in the US Army for 23 years in various command and staff positions involving information technology and computer security.

Mr. Troy Mattern

Technical Director for Cyber Intelligence

SEI Innovation Center

Carnegie Mellon University

Mr. Mattern manages the Cyber Intelligence efforts for the SEI Innovation Center which just completed an ODNI sponsored report on the State of Cyber Intelligence Tradecraft in and out of government.  Prior to coming to the SEI Mr. Mattern spent 23 years on active duty in the Marine Corps with assignments that included: USCYBERCOM, Marine Forces Cyberspace Command, Intelligence Department Headquarters Marine Corps, the National Security Agency and other Marine Corps intelligence organizations.

RADM Elizabeth Train, USN

Director for Intelligence

Joint Chiefs of Staff (J2)

The Directorate for Intelligence, J-2, supports the Chairman of the Joint Chiefs of Staff, the Secretary of Defense, Joint Staff and Unified Commands. It is the national level focal point for crisis intelligence support to military operations, indications and warning intelligence in DoD, and Unified Command intelligence requirements.

 

Mr. Young

Executive Director, Directorate for Plans and Policy (J5)

United States Cyber Command

Mr. Young leads the development of military cyber strategy, policy, and doctrine for the United States Cyber Command. He is the principal advisor to the Director of Plans and Policy on directorate operations and is responsible for providing strategies for the development of cyber operations policy and interagency coordination. 

 

3:15 p.m. – 3:45 p.m.

BREAK & EXHIBITS

 

3:45 p.m. – 5:00 p.m.

 SESSION THREE: CREATING MULTI-DISCIPLINARY CYBER INTELLIGENCE TEAMS

 

Overview  

Cyber intelligence is by its nature a team effort that requires a breadth of expertise ranging from all-source analysis, to human intelligence and adversary profiling, to network operations and architecture, to open source processing.  Speakers in this session will focus on the human component of cyber intelligence and focus on the importance of training and teaming, defining normal and abnormal activity, correlating cyber data sets, and producing insightful and actionable intelligence for both the public and private sectors.

Focus Questions

  • What is the range of skills needed for the cyber intelligence work force?
  • How best can cyber intelligence professionals be recruited, train, and integrated into more traditional intelligence efforts?
  • How can critical enterprise information (e.g. for isolated intranets, segmented network, etc.) best be protected? 

 

Session Chair

Mr. Mark Rosenthal

Portfolio Manager, Prevention

The MITRE Corporation

 

Session Moderator

Lt Gen Charlie Croom, USAF (Ret.)

Vice President, Cyber Security Solutions

Lockheed Martin

General Croom shapes Lockheed Martin’s cyber security strategy with insight from 35 years of leadership and technology experience in the U.S. Air Force.  Since joining Lockheed Martin, he co-chaired a National Security Telecommunications Advisory Committee Task Force on “Strengthening Government and Private Sector Collaboration” which recommended to President Obama that he direct the establishment of a Joint Coordinating Center.  Gen Croom’s last active duty assignment was as Director of the Defense Information Systems Agency (DISA), and the Commander of the Joint Task Force for Global Network Operations.

Session Speakers

Mr. Steve Chabinsky

SVP Legal Affairs and Chief Risk Officer

CrowdStrike, Inc.

Mr. Chabinsky recently returned to the private sector after a distinguished 17 year career with the FBI, where he served most recently as Deputy Assistant Director of the Bureau’s Cyber Division.  Prior to that, he organized and led the FBI’s Cyber Intelligence Section.  At CrowdStrike, he is Chief Risk Officer and Senior Vice President of Legal Affairs.  He also serves as an adjunct faculty member of George Washington University, and as the cyber Columnist for Security magazine. Mr. Chabinsky is the recipient of numerous awards and recognitions, including the National Intelligence Distinguished Service Medal, the Presidential Rank Award for Meritorious Executive, the National Security Agency Bronze Medallion for inspired leadership, and the Financial Services Information Sharing & Analysis Center (FS-ISAC) Public/Private Sector Partnership Award.

RADM Edward Deets, USN (Ret.)

Director, Software Solutions Division (SSD)

Software Engineering Institute

Carnegie Mellon

The mission of the SSD is to innovate for competitive advantage by assuring quality, timeliness, trust, and affordability of current and future software-reliant systems.   This is accomplished by advancing interdisciplinary science and technology, delivering solutions, and enabling widespread adoption of associated knowledge and practices. Prior to becoming the SSD Director, RADM Deets served as the Deputy Director for Defense Cyber of the Networked Systems Survivability/CERT  Program.  RADM Deets joined the SEI after retiring from more than 30 years in the Navy. Most recently, he was Commander of Naval Network Warfare Command, where he oversaw the conduct of Navy network, communications, space, signals intelligence and cyber operations.

 

 

Mr. Dan Scott

Deputy Chief Human Capital Officer

Office of the Director of National Intelligence

 

5:00 p.m. – 6:30 p.m.  

 NETWORKING RECEPTION

 

WEDNESDAY, JULY 31, 2013

7:00 a.m. - 8:00 a.m.

CONTINENTAL BREAKFAST & EXHIBITS

8:00 a.m. – 8:15 a.m. 

 ADMINISTRATIVE ANNOUNCEMENTS

Mr. Steven Ritchey

Vice President for Intelligence

AFCEA International

 

8:15 a.m. –8:30 a.m.

 CONFERENCE CO-CHAIRS’ WELCOME

Mr. Zalmai Azmi

Consultant

 

Ms. Terry Roberts

Vice President for Intelligence & Cyber

Deputy Director of the Intelligence Group

TASC

 

Mr. Mark Rosenthal

Portfolio Manager, Prevention

The MITRE Corporation

8:30 a.m. – 9:45 a.m.

 SESSION FOUR: DELIVERING CYBER INTELLIGENCE – WHAT IS MISSING?

Overview 

Over the past decade, the ability to meet the requirements of national defense, and security and law enforcement officials has progressed with increased information sharing and the development and dissemination of actionable intelligence.  Nonetheless, there is still progress that needs to be made in the areas of unclassified cyber information sharing, integration of data into a common operational picture, and profiling of cyber adversaries and threats.  This session’s speakers will look at where industry can partner with the government to help close those gaps.

 

Focus Questions

  • There are plans and there are real world operations.  How are they coming together? 
  • What barriers are operators in the field dealing with in the areas of information sharing, analysis, and operations?  
  • What solutions can be developed to respond to the requirements of those working in the fields of military operations, law enforcement, government, industry, and critical infrastructure?
  • What are the top unmet priorities on which industry should be focusing?

 

Session Chair

RADM Betsy Hight, USN (Ret.)

Vice President, Cybersecurity Solutions Group

HP/US Public Sector

Session Speakers 

Mr. Robert Mayer

Vice President of Industry and State Affairs

US Telecom Association

Mr. Mayer is the past chair of the Communications Sector Coordinating Council (CSCC) and currently chair of the CSCC Cyber Committee.  He is also a participant in the FCC Communications Security Reliability and Interoperability Council Working Groups and the White House steering committee of the Industry Botnet Group.  He also serves on the NYREADY Commission appointed by Governor Cuomo to develop recommendations for the communications industry in response to Superstorm Sandy.

VADM Michael Rogers, USN 

Commander, U.S. Fleet Cyber Command

Commander, U.S. 10th Fleet

VADM Rogers is responsible for the Navy’s cyber force organization and management as well as its operational cyber mission.  He has served as the Director of Intelligence for both the Joint Staff and the US Pacific Command and has held numerous commands as well as Joint and Navy operational positions.

Mr. Paul Tiao

Partner

Hunton & Williams

Mr. Tiao an attorney with extensive experience working on cyber intrusions, data breaches, intellectual property violations, criminal cases, electronic surveillance, privacy issues, and regulations and legislation in each of these areas. Prior to joining Hunton & Williams, Mr. Tiao served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation.

 

Mr. Larry Zelvin

Director

National Cyber and Communications Integration Center

Department of Homeland Security

Mr. Zelvin is the Director of the National Cyber and Communications Integration Center (NCCIC) which is comprised of the US Computer Emergency Readiness Team (US-CERT), the National Coordinating Center for Telecommunications (NCC), the Industrial Control Systems Cyber Emergency Response Team (ISC-CERT) and the Cybersecurity and Communications Operations Center providing 24/7 analysis, monitoring and incident management.  Previously he served on the White House National Security Staff as a senior crisis manager during major events such as the Haiti earthquake, the BP Deepwater Horizon oil spill and the Japanese earthquake/tsunami/nuclear incident.

9:45 a.m. – 10:15 a.m.

BREAK & EXHIBITS

10:15 a.m. – 11:00 a.m.

CYBER INTELLIGENCE AND SECURE NETWORKS

Mr. Sean Kanuck

National Intelligence Officer for Cyber, National Intelligence Council

Office of the Director of National Intelligence

Overview 

As the first ever National Intelligence Officer for Cyber, leading all Intelligence Community Analysis  and Estimates on the Cyber Environment, its dynamics, key actors, and threat drivers, trends and impacts that support and enable government policy, organization and action, Mr.  Kanuck brings a capable background as both a lawyer and intelligence community information operations and cyber professional

 

Focus Questions  

  • What does the IC need to focus on regarding cyber activity, adversaries and threat vectors?
  • What are the Cyber Intelligence analytic capability gaps that industry and academia can assist you with?
  • How is the IC enabling the development of Cyber Intelligence Tradecraft and training?
  • How is the development and vetting of Cyber related National Intelligence Estimates different from the rest?

11:00 a.m. – 11:45 a.m.

NETWORKING & EXHIBITS

 

11:45 a.m.– 1:15 p.m.

LUNCH AND FEATURED SPEAKER
THE ROLE OF INTELLIGENCE IN PROTECTING NETWORKS

Mr. Eugene Kaspersky

CEO

Kaspersky Lab

Eugene Kaspersky is an IT Security expert and the CEO and co-founder of Kaspersky Lab – an international company with regional offices in 30 countries and employing over 2,500 specialists. His mission is to ensure that Kaspersky Lab understands the cyberthreat environment inside out – enabling it to develop competitive products and services to mitigate if not defeat the threats. And his is a unique perspective on whether or not the US legal and business environments are ‘cybersecurity friendly’, and also on how effective government agencies can be in providing for a nation’s cybersecurity.

Overview

As the owner of the world’s largest privately-held provider of software security products, Eugene Kaspersky ensures that Kaspersky Lab completely understands the cyberthreat environment so it can  develop competitive products and services to mitigate if not defeat the threats. As the owner of a global business, Mr. Kaspersky is well placed to compare and contrast US approaches to cybersecurity with those of other countries. He has a unique perspective on whether or not the US legal and business environments are ‘cybersecurity friendly’, and also on how effective government agencies can be in providing for a nation’s cybersecurity.

 

Focus Questions

  • What are the benefits of a trans-national company in dealing with the monitoring of networks and analysis of intrusions and attacks?  Can major attacks be predicted?
  • Does the cloud “help” or “hurt” small disadvantaged users in protecting information?  How big of a help can the service provider be?
  • What can be done to protect information on mobile devises at the user, manufacturer or service provider levels? 
  • How much protection is enough for small companies? Large companies? Law Enforcement? Governments? Or Infrastructure?

1:15 p.m.

CONFERENCE WRAP-UP

Mr. Zalmai Azmi

Consultant

 

Ms. Terry Roberts

Vice President for Intelligence & Cyber

Deputy Director of the Intelligence Group

TASC

 

Mr. Mark Rosenthal

Portfolio Manager, Prevention

The MITRE Corporation