Realities and Unrealities of Smart Grid Security
Ultimately, functionality breeds exposure. It also breeds, well, functionality. And let's face it, users tend to really like functionality, almost as much as developers like to create it. In the case of the Smart Grid, this means finding out that your fridge door is open over the web, adjusting your thermostat from your iPhone, checking the reactor core status from your Android tablet, that sort of thing.
This talk will look at the practical realities of attacking Smart Grid infrastructure and supporting devices, both from the consumer and nation-state perspective, and hopefully try to take a balanced view of both the risks and the possibilities presented by this inevitable evolution of energy distribution, striking a middle ground somewhere between "nothing to worry about" and "ThreatCon: Cyber-Pompeii".
Shawn Moyer is a Managing Principal Research Consultant with Accuvant Labs. Shawn has written on emerging threats and other topics for Information Security Magazine and ZDNet, and his research has been featured in the Washington Post, BusinessWeek, NPR, and the New York Times. Shawn is an eight-time speaker at the BlackHat Briefings, and has been an invited speaker at other notable security conferences in the US, China, Canada, and Japan.
Thomas M. Cooley Law School, Lansing, Michigan
The Future of the Fourth Amendment in a Digital Evidence Context: Where Will the Supreme Court Draw the Electronic Line at the International Border?
The United States Supreme Court has certainly made clear that what goes on in the home is private and heavily protected by the Fourth Amendment. Are there other areas where one's expectation of privacy is so high that the Court should draw a similar line? What about the intimate details of one's personal life that can be stored on a laptop computer (or other electronic storage devices)? Should United States Customs and Border Protection and Immigration and Customs Enforcement agents be allowed to search that at the international border without any individualized suspicion? If they seize it without any suspicion, how long can they hold it, and how extensively can they search it, before they run afoul of the Fourth Amendment? If the United States Supreme Court is faced with these questions, how will it likely rule? Using an international border search of a laptop case, this presentation will explore the future of the Fourth Amendment in a digital evidence context.
Professor Corbett teaches Criminal Law, Criminal Procedure, and Computer Crimes at Thomas M. Cooley Law School, Lansing, Michigan.
He has an extensive background in Criminal Law. After graduating from the University of Notre Dame Law School in 1987, Professor Corbett served as a judicial law clerk for United States District Court Judge Horace W. Gilmore. He then served as a federal prosecutor for 10 years, as an Assistant United States Attorney for the Eastern District of Michigan. He worked in the General Crimes Unit, prosecuting cases involving firearms, drug trafficking, bank robberies, kidnappings, mail theft, counterfeiting, embezzlement and alien smuggling. He also worked in the Economic Crimes Unit, prosecuting cases involving fraud and money laundering.
In 1999, Professor Corbett was recruited by former Michigan Attorney General Jennifer Granholm to help start the High Tech Crime Unit at the Michigan Attorney General's Office, where he served as the Deputy Chief of that unit for over two years, investigating and prosecuting federal and state Internet and computer-related crimes.
In 2001, Professor Patrick Corbett commenced teaching at Cooley Law School.
Cyber Criminals: Who are they? Why are they successful? How do we respond?
This presentation will walk through recent prosecutions of sophisticated hacking rings in order to provide insight into the individuals behind these types of crimes and why they are successful. This presentation will also discuss the emerging area of cyber forensics and methods by which entities can better prevent, detect, and respond to cyber attacks on their systems.
Kimberly Kiefer Peretti, J.D., LL.M., CISSP, joined PricewaterhouseCoopers in May 2010 as a Director in the Washington D.C. Forensic Services practice. Peretti, a former senior litigator for the Department of Justice's Computer Crime and Intellectual Property Section, focuses on the prevention, response and remediation of all types of data breaches, including breaches involving payment card information (PCI), personally identifiable information (PII), and personal health information (PHI). She also services a wide range of clients in matters of cyber intrusions, cyber investigations, cyber security, financial crime, fraud, and regulation, payment systems compliance and risk mitigation, economic espionage, and Intellectual Property theft. Peretti is a Board Advisor to the Financial Services Information Sharing and Advisory Center (FS-ISAC).
While at the Department of Justice, Peretti led several benchmark cybercrime investigations and prosecutions, including the prosecution of the infamous TJX hacker Albert Gonzalez who is currently serving 20 years in prison for his role in the largest hacking and identity theft case ever prosecuted by the Department of Justice in which over 170 million credit and debit card numbers were stolen from over 14 major U.S. retailers. For this prosecution, Kimberly received the U.S. Attorney General's Distinguished Service Award and Visa's Leadership in Security Award.
Peretti's law review article entitled "Data Breaches: What the Underground World of Carding Reveals," resulted in a hearing before the US House of Representatives Homeland Security Committee to consider vulnerabilities in the payment card industry and has been cited by at least one State Supreme Court. She is a frequent keynote speaker and lecturer on the topic of data breaches, cyber investigations and cyber crime, and has been recognized as an "industry pioneer" by SC Magazine in the information security industry.
She is a contributing author of a recently published book titled Data Breach and Encryption Handbook, a co-author of a book chapter entitled Compliance with Payment Card Industry Data Security Standard in the industry-leading legal publication Proskauer on Privacy, and the author of recently released PwC white paper Why Cybercrime Matters to General Counsel.
Prior to her work at the Department, Peretti practiced law at Brobeck, Phleger & Harrison and Mayer, Brown & Platt, focusing on information security, privacy, technology, and financial institution regulation. She is a Certified Information Systems Security Professional (CISSP), and holds an LL.M. (Masters of Law) from the University of Munich, Germany, and a J.D. from Georgetown University Law Center (magna cum laude).
Don't Root Robots: Breaks in Google's Android platform
In this talk, we'll dive into the many public breaks of Google's Android platform, from the base system and kernel, the platform middleware, and the third-party applications. As Android emerges as a leading OS in the mobile market, there's much to be learned from both the victories and failures of Google's design decisions and their impact on Android's security model. We'll show off some fun attacks used to subvert the base Android system as well as third-party applications in use on Android handsets around the world.
Jon Oberheide is CTO of Duo Security, an Ann Arbor-based startup developing kick-ass two-factor authentication. In his free time, Jon dabbles in kernel exploitation, mobile security, and beer brewing.