Program Agenda - Wednesday 16 September

8:30-9:00 Arrival Coffee


Internet of Things or Internet of Insecurity?

  • Barbara Grewe, Principal Policy Advisor, The Mitre Corporation

The Internet of Everything, or IoE, expands on IoT's foundation of machine-to-machine (M2M) connectivity to also include people-to-people and machine-to-people communications. This session will explore how a far-more-deeply connected Internet of Everything will expose novel and greater challenges for cybersecurity, national and global security, and the human use and manageability of extensive M2M systems. How should we think about and protect against novel risks from semi-autonomous webs of devices, such as sensors, vehicles and protective systems, including automated critical government functions?.  What are the roles of governments, industry and standards in designing and securing the IoE? 


A New Security Dimension: Why Open Standards Solutions Need to be Part of Government’s Cybersecurity Strategy

  • Richard Struse, Chief Advanced Technology Officer, NCCIC, U.S. Department of Homeland Security

This presentation will explain the process and policy reasons for of transitioning a set of technical specifications, including the Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII), from an informal DHS project into formal international standards, explaining decisions made along the way and discussing lessons learned during the process.   As pivotal ingredients to enable widespread, voluntary automated cyberthreat information exchange, STIX and TAXII needed to be easy to use, openly available, implementable by accessible tooling, and demonstrably supported by a community of adopters.   To promote adoption across diverse stakeholders and global communities, the resulting standards also needed to be well supported by fair engagement rules, appropriate public review tools, and a well-established network of public and private stakeholders.  This session will discuss key considerations for engaging with international standards bodies;  the benefits and challenges of different governance models, open source licensing and outreach methods to build a strong implementer community; and DHS's hopes for the broad and diverse sharing networks that will be enabled by clean, trusted and openly-developed standard practices and tools.


Keynote Address:  Beyond Borders: Securing Cyberspace, Preserving Openness, Fostering Innovation

  • The Honorable Michael Chertoff, Executive Chairman and Co-Founder, The Chertoff Group and Former Secretary, U.S. Department of Homeland Security

Connecting 2.5 billion people, powering more than one trillion devices, and creating more than 2.5 quintillion bytes of data each day, the utility of the Internet is undeniable.   Enabling critical functions across commerce, communication, media and the military while simultaneously connecting governments, private citizens and corporations through web-based communications, cyberspace is a strategic and shared resource that is essential to today’s global economy yet poses unprecedented risk and vulnerability.  Like the development of global governance for the high seas and outer space, cyberspace needs global cooperation that preserves its freedom and openness while strengthening its security to protect the shared economic utility and value for all nations. In this keynote session, Michael Chertoff, former Secretary of the U.S. Department of Homeland Security and now Executive Chairman of The Chertoff Group, will explore today’s challenges to maintaining a free and open Internet that fosters growth and innovation,  including cross-border data localization concerns and lawful access to data, and the role of all governments in the path forward to promoting global cybersecurity best practices, strengthening data security against both physical and cyber threats , and protecting privacy and building confidence among users.

10:30-11:00 Refreshment Break


[Interactive Roundtable Discussion] A New Security Dimension: Industry Experience Using Open Standards to Accelerate Threat Response

Session Facilitator:  Tim Wilson, Editor, Dark Reading

  • Jason Corbin, Vice President Product Management & Strategy, IBM Security
  • Paul Kurtz, CEO, TruSTAR
  • Ted Julian, CoFounder & VP Product Management, Resilient Systems

As we’ve heard, it is becoming increasingly necessary for a broad range of organizations to have a cyber threat intelligence capability.  A key component of success for any such capability is information sharing opportunities with the partners, peers and others they elect to trust. Voluntary information sharing can help focus and prioritize the use of the immense volumes of complex cyber security information available to organizations today.  Standardized, structured representations of this data make it tractable.  The STIX language is meant to convey the full range of cyber threat information and strives to be fully expressive, flexible, extensible, automatable, and as human-readable as possible, while relying on relatively simple toolsets.  But what does it take to make structured info sharing an operational reality?  This session will describe operational implementations and real-world lessons learned from key implementers.

12:30-13:30 Luncheon

[Interactive Roundtable Discussion] Preventing & Mitigating Potential Threats at Large-Scale Events:  
A look at past & future plans involving the Olympics & Super Bowl

Session Facilitator:  Kazuo Noguchi, Senior Manager, Hitachi America, Ltd.

  • Andy Williams, Cyber Envoy, UKTI Defence and Security Organisation, British Embassy  (London Olympic 2012)
  • A representative from IJIS to be announced (Super Bowl)
  • Ko Ikai, Counsellor, The National Center of Incident Readiness and Strategy for Cybersecurity (NISC), Cabinet Secretariat, Government of Japan (Tokyo Olympics)

Times of crisis are often defining moments.  It is an opportunity - an opportunity to fail or succeed in managing events as they unfold. Learning from past experiences and advance planning can significantly mitigate the potentially disastrous effects of any large-scale event.  The potential for significant and enduring  disruptions makes it extremely important to have appropriate contingency and emergency operations plans in place and tested.  Managing an event will require a robust communications and decision-making system that will be able to quickly identify and respond to problems. 

During this interactive roundtable, experts in the field will explore:  
• What have been the most important cybersecurity risks in past Olympics?
• What kinds of resources are available to address cybersecurity in large events like the Olympics?
• How can cyber-threats be addressed in facilities automation systems?
• What kinds of reputation risk and trust issues arise in global-scale events like the Olympics?

14:30-14:45 Refreshment Break

[Interactive Roundtable Discussion] Privacy, Identity and Information Sharing: risks and opportunities

Session Facilitator:  Jeremy Grant, Managing Director, The Chertoff Group

  • Aquiles A. Almansi, Lead Financial Sector Specialist, World Bank
  • Joseph Lorenzo Hall, Chief Technologist, Center for Democracy & Technology
  • Peter Alterman, Chief Operating Officer, SAFE-BioPharma Association and StC Member, OASIS IDtrust

In order to address cyber threats, all stakeholders must be able to collaborate, including being able to confidently and effectively elect to share cybersecurity risk and incident data.  However, sharing creates its own risks of sharing too much, too little, or the wrong information, due to privacy obligations and economic risks, or to the wrong recipients, due to security considerations.  Open and established methods for data protection, identity management and trust federation are available.  This panel will discuss successful strategies, risk factors, conflicting commitments, and best practices to help balance risks, rights and obligations regarding cybersecurity collaboration.


Refreshment Break


[Interactive Roundtable Discussion]  Emerging Trends in Critical Infrastructure Protection

Session Facilitator:  Peter Allor, Senior Cyber Security Strategist, IBM

  • Denise Anderson, Executive Director, The National Health Information Sharing & Analysis Center (NH-ISAC)
  • Catherine Lotrionte, Director, Institute for Law, Science & Global Security, Georgetown University

  • Parham Eftekhari, Senior Fellow, Institute for Critical Infrastructure Technology (ICIT)

Critical infrastructures consist of those physical and information technology facilities, networks, services and assets which, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of citizens.  Protection of these key capabilities against attack has been a government priority for decades, and provided models and methods for more recent cyber-risk mitigation initiatives. Key industries such as energy, finance and telecommunications were the innovators and developers of many  threat detection methods, data analysis capabilities and sharing arrangements among diverse stakeholders.  This session will review the  ways in which early, and more recent, infrastructure protection initiatives provide insight and guidance into current plans for broader info-sharing activity, and validated, tested models for mutually-beneficial and satisfactory public-private cybersecurity cooperation.


Closing Remarks

  • Randeep Sudan, Practice Manager for Information and Communication
  • Jamie Clark, General Counsel, OASIS

Conference Ends


Conference sponsors