October 19, 2012
U-M Rackham Auditorium
October 19, 2012
U-M Rackham Auditorium
Prepping the Battlefield
What Remains To Be Done in Cyber Security
Governing Cyber Crime, Cyber Terrorism and Cyber Conflict
|11:20 a.m.–12:10 p.m.|
The Michigan Cyber Range
Lunch on your own
Reputation Based Detection of Socially Engineered Malware
Can you hear me now? Law enforcement surveillance of Internet and mobile communications
U.S. Congress (MI-08)
Mike's leadership positions, experience and legislative record enable him to effectively advocate for the citizens of Michigan's Eighth Congressional District and work to make America a better place.
In 2011, Mike was appointed as Chairman of the House Intelligence Committee and is a national leader on national security policy. In the 112th Congress, he authored three bipartisan intelligence authorization bills which were signed into law, and wrote the leading cyber security bill to protect American innovation and the jobs that come with it from cyber predators. Mike believes that national security issues should be bipartisan or even nonpartisan. Washington Post columnist David Ignatius wrote that the Intelligence Committee Mike chairs was "a rare example of bipartisanship."
As a member of the powerful Energy and Commerce panel, Mike works to strengthen Michigan's economy. He has been a leader in efforts to adopt an "all of the above" energy policy to end America's dangerous dependence on foreign oil, create jobs, crack down on wasteful spending and repeal the new health care law, including sponsoring a bill that would allow everyone who wants to opt out of the law to do so.
During his time in Congress, Mike has written several bipartisan measures which were signed into law, including legislation to: make education savings accounts tax free at the federal level; support families of law enforcement officers killed in the line of duty; protect America from biological or chemical attacks; expand research into chronic pain; combat counterfeit prescription drugs; protect military funerals; improve the efficiency of computer servers; and hire more "trade enforcement cops" to crack down on the illegal trading practices of countries like China. In the 112th Congress, Mike has also authored bipartisan measures to strengthen pediatric drug research and make medical devices safer for children.
A 1985 graduate of Adrian College, Mike was a commissioned officer in the U.S. Army through the Reserve Officers' Training Corps at the University of Michigan, then served as an FBI special agent before being elected to the Michigan Senate in 1995. Mike has served Michigan's Eighth Congressional District in Congress since 2001.
Mike is married, has a daughter and a son and is a regular face on national television and in print.
Marie Curie, the first woman to be awarded a Nobel Prize, is said to have written (in an 1894 letter to her brother), "One never notices what has been done; one can only see what remains to be done." In this talk, we'll go through a bit of what has already been done in cyber security, and outline some of what still remains to be done.
For example, if cyber security is to be considered a scientific discipline, and bots are core to threats such as distributed denial of service attacks and spam, isn't it a bit surprising that we really have no solid measurements when it comes to the percentage of hosts that are botted, either here in the United States or in other countries abroad?
And just by way of one more example, why is it, after all these years, that we're still relying on plain old passwords for authentication, even though they're painfully inadequate and multiple superior alternatives exist?
For a field that some might like to call mature, a surprising amount of very fundamental practical security work remains to be done. We'll outline some of the successes we can collectively build on, and then highlight some of the work that remains to be tackled—perhaps with your help!
Joe St Sauver, Ph.D., serves as manager for Internet2 Security Programs and the InCommon SSL/TLS and PKI Certificate Programs under contract through the University of Oregon. He is also a senior technical advisor to MAAWG, the Messaging Anti-Abuse Working Group, among other industry roles.
He routinely presents on cyber security and abuse-related issues at national and international events, including recent topics on cloud security strategies; DNS filtering and blocking; SSL/TLS and PKI-related security considerations; malware analysis; IPv6 and security; securing DNS and DNSSEC; fastflux web hosting; cyber war, cyber terrorism and cyber espionage; the insider threat; psychological decision-making heuristics and their impact on anti-spam activities; the compatibility of security and privacy; cyberinfrastructure architectures, security and advanced applications; and spam, domain names and registrars. Some of St Sauver's publicly available talks are linked from his university web page.
Professor Catherine Lotrionte is the Executive Director of the Institute for Law, Science and Global Security and Visiting Assistant Professor of Government and Foreign Service at Georgetown University. Professor Lotrionte teaches courses on national security law, U.S. intelligence law, and international law. In addition to teaching, Professor Lotrionte coordinates research projects and events for the Institute for Law, Science and Global Security at Georgetown. She is the Institute Liaison for the Program on Nonproliferation Policy and Law, funded by the Defense Threat Reduction Agency, in cooperation with the Monterey Institute for International Studies' James Martin Center for Nonproliferation Studies. Professor Lotrionte is also the Director of the Cybersecurity Project in partnership with Lawrence Livermore National Laboratory. Professor Lotrionte and the Institute focus on the role of international and domestic law in recent and upcoming developments in cyber technology and cyber threats.
In 2002 she was appointed by General Brent Scowcroft to be Counsel to the President's Foreign Intelligence Advisory Board at the White House, a position she held until 2006. In 2002 she served as a legal counsel for the Joint Inquiry Committee of the Senate Select Committee on Intelligence. Prior to that, Professor Lotrionte was Assistant General Counsel with the Office of General Counsel at the Central Intelligence Agency, where she provided legal advice relating to foreign intelligence and counterintelligence activities, international terrorism, narcotics trafficking, organized crime, money laundering, espionage, and security matters. Before working in the Office of General Counsel at the Central Intelligence Agency, Professor Lotrionte served in the U.S. Department of Justice. Professor Lotrionte earned her Ph.D. from Georgetown University and her J.D. from New York University and is the author of numerous publications, including a forthcoming book concerning U.S. national security law in the post-Cold War era. She is a life member of the Council on Foreign Relations.
Merit Network, Inc.
In July 2012, the Director of the National Security Agency said that there had been a 17-fold increase in cyber incidents at American Infrastructure companies between 2009 and 2011. While media reporting of these incidents has made their occurrence and impact well known, what is rarely highlighted is that the people responding to these events are America's civilian workforce—not the Federal Government, not the Department of Defense. Just like in the days of colonial America, our first line of defense is our citizenry.
Training users across the broad spectrum of technical interests and skills requires a Crawl, Walk, Run approach. Merit Network, Inc. has initiated a program to develop the Michigan Cyber Range, an unclassified shared resource that will decrease the cost and increase the accessibility of cybersecurity training. The Michigan Cyber Range is a state of the art facility that provides a secure, "live fire" cybersecurity training environment for IT staffs, researchers, and students. Connected to Merit's robust infrastructure, the Cyber Range enables courses, exercises, and research to be conducted throughout the US and Canada using thinking, adaptive adversaries.
Dr. Adams recently joined Merit Network, Inc. after a 26 year career in the US Army. During his time in as a Signal Corps officer, he served as an Associate Professor and Senior Research Scientist at the US Military Academy and, most recently, as the Chief Information Officer of the National Defense University. He retired as a Colonel and came to work for Merit as the Executive Director of Research and Cyber Security, focusing on developing the Michigan Cyber Range and expanding Merit's network research program. He has a Ph.D. in computer engineering from Virginia Polytechnic Institute and State University (Virginia Tech), MSc degrees from the Army War College and University of Arkansas as well as a BSc in computer engineering from Syracuse University.
APT (Advanced Persistent Threat) is a common buzzword in the media and at security conferences, but it isn't just hype—cyber-espionage activity is widespread and growing. In this presentation, I will highlight some recent investigations by the Dell SecureWorks Counter Threat Unit into cyber-espionage attacks coming out of China, targeting government and industry of multiple countries. Additionally, I will provide insight into some of the ways the Dell SecureWorks Counter Threat Unit discovers, tracks and attributes cyber-espionage activity.
Joe Stewart is the Director of Malware Research for Dell SecureWorks Counter Threat Unit℠ research team. As a leading expert on malware and Internet threats, he is a frequent commentator on security issues for leading media outlets such as The New York Times, MSNBC, Washington Post, USA Today and others. Stewart has presented his security research at many conferences such as RSA, Black Hat, DEFCON, ShmooCon, RECON, Netsec, Hacker Halted USA, Air Force Cyber Space Symposium, AGORA, the Anti-Phishing Working Group, and many international ones, including CERT-EE Conference (Estonia), DeepSec 2008 (Austria), KAIST International Workshop on DDoS Attacks and Defenses (Korea), CFI-CIRT 7th annual IT Security Professional Development Day (Canada), and AusCERT2010 (Australia).
Despite recent progress in browser security, the web is still a prevalent source of malware. As the increased security of browsers has made it more challenging to deliver malware by exploiting vulnerabilities, adversaries have turned their attention to social engineering as another vector of distributing malware. Instead of employing exploits, adversaries attempt to deceive users into downloading malware. Social engineering poses different detection challenges as the lack of exploits makes it harder to detect. Other detection approaches such as blacklisting are made less effective by the adversary's ability to quickly change hosting domains.
In this talk, we present a reputation-based approach to protect users from socially engineered malware. Instead of relying solely on blacklists or whitelists, we bridge the gap by making use of a server-based reputation system that predicts the likelihood that a binary is going to be malicious without requiring access to the binary content. This service currently protects millions of Google Chrome users against malware downloads. We present some interesting insights from our production deployment.
Niels Provos is a Principal Engineer in Google's Infrastructure Security group. His areas of interest include malware and web security as well as computer and network security. In 2003 he received a Ph.D. from the University of Michigan, where he studied experimental and theoretical aspects of computer and network security at the Center of Information Technology Integration. When not working with computers, he forges steel into swords.
American Civil Liberties Union (ACLU)
Telecommunications carriers and service providers now play an essential role in facilitating modern surveillance by law enforcement agencies. The police merely select the individuals to be monitored, while the actual surveillance is performed by third parties: often the same email providers, search engines and telephone companies to whom consumers have entrusted their private data.
Although assisting Big Brother has become a routine part of business, the true scale of law enforcement surveillance has long been shielded from the general public, Congress, and the courts. However, recent disclosures by wireless communications carriers reveal that the companies now receive approximately one and a half million requests from U.S. law enforcement agencies per year.
When automated, industrial-scale surveillance is increasingly the norm, is communications privacy a thing of the past? For those of us who'd like to keep our private information out of government databases, what options exist, and which tools and services are the best?
Christopher Soghoian is a privacy researcher and activist, working at the intersection of technology, law and policy.
He is a Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union in Washington, D.C. He is also a Visiting Fellow at Yale Law School's Information Society Project and a Fellow at the Center for Applied Cybersecurity Research at Indiana University.
Soghoian completed his Ph.D. at Indiana University in 2012, which focused on the role that third party service providers play in facilitating law enforcement surveillance of their customers. In order to gather data, he has made extensive use of the Freedom of Information Act, sued the Department of Justice pro se, and used several other investigative research methods. His research has appeared in publications including the Berkeley Technology Law Journal and been cited by several federal courts, including the 9th Circuit Court of Appeals.
Between 2009-2010, he was the first ever in-house technologist at the Federal Trade Commission's Division of Privacy and Identity Protection, where he worked on investigations of Facebook, Twitter, MySpace, and Netflix. Prior to joining the FTC, he co-created the Do Not Track privacy anti-tracking mechanism now adopted by all of the major web browsers.
He is a TEDGlobal 2012 Fellow, was an Open Society Foundations Fellow between 2011-2012, and was a Student Fellow at the Berkman Center for Internet & Society at Harvard University between 2008-2009.