IA Technical Director U.S. National Security Agency (NSA)
Title: Cyber Threat and Defense Trends
Bio: Mr. Neal Ziring is currently a technical director in the Information Assurance Directorate (IAD), at NSA. The IAD provides cryptographic, network, and operational security products and services to protect and defend national security systems. Prior to his role at the IAD level, Neal was a technical director for the Vulnerability Analysis and Operations Group, which provides technology evaluations, defensive operations, and secure configuration guidance for the DoD and the IC. During that time, Neal also served as security architect for two major NSA mission systems programs, collaborated with NIST on the Security Content Automation Protocol (S-CAP) specifications, and lead analysis efforts for Cloud Computing technology and IPv6. Neal has degrees in Computer Science and Electrical Engineering from Washington University. Before coming to NSA in 1989, he worked at AT&T Bell Labs.
Chief Research Analyst IT-Harvest
Title: Post Apocalyptic Cyber Realism
Abstract: Predictions of impending cyber doom have become the clarion call of pundits, book authors, and defense contractors. They exhort their audiences to spend more, make changes, and prepare for cybergeddon. Richard Stiennon, industry analyst, and author of Surviving Cyberwar presents a different perspective. He looks at the recent history of cyber intrusions and demonstrates that disaster has already befallen us. The executive branches of government of each Western country have already been infiltrated. The military centers of the US, UK, Germany, and India, have already been compromised. Carefully orchestrated cyber riots have been encouraged to attempt regime change in Estonia and Georgia. The technology, mineral resources, and defense industrial bases have been seriously compromised. Those that look to the sky and predict its fall should take care not to stumble on the shards of that sky under their feet.
CERIAS Security Seminar Session
Carter Bullard, CEO/President
Title: Society, Law Enforcement and the Internet: Models for Give and Take
Abstract: The interaction of society, law enforcement and telecommunications has evolved over the last 140 years to a successful balance of give and take. Society gives, providing well-defined processes and procedures that allow the government, law enforcement and citizens regulated access to information routinely collected by telecommunications service providers. And society benefits, where its justice systems can effectively use the information in support of criminal investigations and civil dispute resolutions.
Internet technology has been designed, developed and deployed without any consideration to this relationship, and the technical and social void that has emerged is actively being exploited, reducing the security of the Internet, and the natural compensatory actions threaten innovation and privacy.
The presentation discusses how a comprehensive policy regarding Internet communications identifying information (CII), could align the Internet with the existing public private partnerships that have evolved, minimizing the threats to privacy that an Internet ‘wiretapping’ strategy alone could generate.
Bio: Carter Bullard is a pioneer and industry expert, holding both academic and industry positions researching computer network security. In the early 1990’s, he established research programs in network vulnerability analysis and assessment at Carnegie Mellon’s CERT, where he pioneered and developed the concepts of network flow based forensics, and situational awareness. Carter helped develop and standardize the complete security architecture for ATM networking while a principal at FORE Systems and Nortel Networks, and most recently has been conducting security research in the areas of high performance virtual networking, forensics, optimization, awareness, and protection, at the U.S. DoD. He has authored over 20 contributions to the IETF, ITU, and the ATM Forum in the areas of network security, has consulted to U.S. Federal and State agencies regarding large scale network surveillance, mitigation, attribution and protection.
Panel #1: Traitor Tracing and Data Provenance
David W. Baker
Associate Department Head, Principal INFOSEC Engineer The MITRE Corporation
David Baker is an INFOSEC Engineer in the Security and Information Operations Division at The MITRE Corporation. He joined MITRE in 1998, and has worked extensively with the U.S. Army Land Information Warfare Activity in the deployment and operation of a large scale intrusion detection system for the Army. He has also been active in other projects involving threat and vulnerability analyses for critical infrastructures. Prior to joining MITRE, he worked as a Special Agent for the U.S. Army Criminal Investigation Command, last serving as the command’s principal forensic science advisor and a member of the Department of Defense Forensic Science Advisory Committee. He has worked with information security and operational security concerns since 1990. Mr. Baker holds a B.S. from The State University of New York, and a Master of Forensic Science degree from The George Washington University.
Associate Professor, Computer Science Purdue University
Chris Clifton, Ph.D. is an Associate Professor of Computer Science at Purdue University, and director of the Indiana Center for Database Systems. His primary research is on technology ensuring privacy in the analysis and management of data. He also works on challenges posed by novel uses of data mining technology, including data mining of text and data mining techniques applied to interoperation of heterogeneous information sources. Prior to joining Purdue, Dr. Clifton was a principal scientist in the Information Technology Division at the MITRE Corporation. Before joining MITRE in 1995, he was an assistant professor of computer science at Northwestern University.
Chief Architect, Cyber Security Solution Family Lockheed Martin Information Systems & Global Solutions
Mr. Dill has been working in the communications systems design and operations and maintenance and information security fields for 35 years and with Lockheed Martin since 1991. Currently he is the CyberSecurity Solution Family Chief Architect, responsible for the coordination and execution of Cyber Security Research and Development in IS&GS. He has received certifications as Information Security specialist, program manager and Information Systems architect. Past experience includes work: Chief Engineer for the Information Access Management group, Principal Investigator for Cross Domain IA and Forged Trust IRADS; for Transportation Security Solutions, Information Assurance Architect and Requirements Manager; for IS&S as PM for FALCON, Tech Lead for Saudi BAE C2; for LM Global Telecommunications and LM Management & Data Systems led several INFOSEC related R&D projects and contributed to other projects, proposals and programs as INFOSEC architect and systems engineer. Other work experiences include program manager for the White House Communications Agency, Communications-Electronics Repair Activity Management, DSCS Satellite Terminal Station Chief, and Avionics and Armament Repair Management. In his spare time Mr. Dill is a blacksmith.
Visiting Scholar at CERIAS Linguistic Dept./Purdue University
Dr. Taylor is a Senior Research Engineer in Ontological Semantics at RiverGlass, Inc. and a Visiting Scholar at CERIAS. Her research interests focus on natural language understanding, including both the explicitly stated information and the unsaid. Recently, she’s been involved in investigating unintended inferences from casual communication and applying it to the problems of insider threat and social engineering. She holds a Ph.D. in Computer Science and Engineering from the University of Cincinnati. She has published a couple of dozen peer-reviewed papers in artificial intelligence, computational humor, computational semantics, fuzzy logic, and information security.
Panel #2: Scientific Foundations of Cyber Security
Distinguished Professor of English and Linguistics Associate Director, CERIAS Purdue University
Victor Raskin is a charter Fellow of CERIAS. Having joined CERIAS at its inception, he has been a charter IAB member and Associate Director of Graduate Education (since 2002). He co-founded the Graduate Interdisciplinary Program in Information Security and served as its Associate Director and Faculty Advisor. Distinguished Professor of English and Linguistics, with a courtesy appointment in Computer Science, he was educated at Moscow State University, Moscow, then USSR, and taught at his alma mater, the Hebrew University of Jerusalem, and Tel Aviv University, with several visiting positions elsewhere, before joining Purdue in 1978. Among his 17 published books and over 200 papers, there is work on porting Ontological Semantics to IAS, with M. J. Atallah, J. M. Taylor, and C. F. Hempelmann, as well as on the philosophy of science, which he co-taught with Y. Bar Hillel in Jerusalem, and theory building—his favorite occupation inside and outside academia.
Chief Scientist CERT
Dr. Shannon is the chief scientist for the CERT® Program at Carnegie Mellon University’s Software Engineering Institute, a Federally Funded Research and Development Center. In this role, he works with CERT management and staff to establish and enhance CERT’s research visibility, initiatives, strategies, and policies. Outside of CERT, he works to influence national research agendas and promote the data-driven science of cyber security.
Prior to joining CERT, Dr. Shannon was the chief scientist at two startups (CounterStorm, and Science, Engineering and Technology Associates.), where he worked on insider threats, the science of cyber security, and statistical anomaly detection. In earlier positions, Dr. Shannon led applied research and development efforts in cyber security and data analysis at Lucent Technologies, Lumeta, Ascend Communications, Los Alamos National Laboratory, Indiana University, and his own startup company.
Dr. Shannon received a B.S. in Computer Science from Iowa State University with minors in Mathematics, Economics, and Statistics. He earned both his M.S. and Ph.D. in Computer Sciences at Purdue University, on a fellowship from the Packard Foundation.
Edward B. Talbot
Manager, Information Assurance Department Sandia National Laboratories
Edward B. Talbot currently manages the Information Assurance Department, which is responsible for Sandia National Laboratories, California’s network security operations (wired and wireless), the network security architecture, and information security research. After completing his undergraduate work in Electrical Engineering, he finished his graduate work in Computer Science at UC Davis. He joined Sandia National Laboratories in 1976 where he has worked on numerous systems engineering projects (predominantly in nuclear weapons security) since that time.
Marcus K. Rogers
Professor, Cyber Forensics AOS, Dept of Computer & Information Technology Purdue University
Marcus K. Rogers, Ph.D., CISSP, CCCI, DFCP is the Director of the Cyber Forensics Program in the Dept. of Computer and Information Technology at Purdue University. He is a Professor, University Faculty Scholar, and Fellow of the Center for Education and Research in Information Assurance and Security (CERIAS). Dr. Rogers is a member of the quality assurance board for (ISC)2’s SCCP designation, the International Chair of the Law, Regulations, Compliance and Investigation Domain of the Common Body of Knowledge (CBK) committee, Chair – Program Committee Digital & Multimedia Sciences Section – American Academy of Forensic Sciences. Dr. Rogers is the Editor-in-Chief of the Journal of Digital Forensic Practice and sits on the editorial board for several other professional journals. He is also a member of other various national and international committees focusing on digital forensic science and digital evidence. Dr. Rogers is the author of numerous book chapters, and journal publications in the field of digital forensics and applied psychological analysis. His research interests include applied cyber forensics, psychological digital crime scene analysis, and cyber terrorism.
Panel #3: Fighting Through: Mission Continuity Under Attack
Hal Aldridge Director of Engineering Sypris Electronics
Hal Aldridge is Director of Engineering at Sypris Electronics in Tampa, Florida. Dr. Aldridge has lead Cybersecurity Research and Development efforts at Sypris Electronics since joining in 2008. Prior to joining Sypris, Dr. Aldridge lead development of unmanned systems for space and security applications at Northrop Grumman and NASA. Dr. Aldridge is active with advanced cybersecurity research at organizations including Purdue University CERIAS and Carnegie Mellon University CyLab. Dr. Aldridge has a Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University specializing in fault tolerant robotic control systems for space applications. Dr. Aldridge’s research interests include trusted computing, secure cyber-physical systems, and fault tolerant systems.
Senior Research Scientist in Information Assurance and Security Telcordia Research
Sanjai Narain is a Senior Research Scientist in Information Assurance and Security at Telcordia Research. His current research is on planning secure and reliable cyber infrastructure. For the past three years he has led the ConfigAssure project on a science of configuration. The project builds fundamental tools for eliminating configuration errors that cause 50%-80% of vulnerabilities and downtime in cyber infrastructure. The tools exploit modern formal methods based on SAT solvers. They are being transitioned to large enterprises. He has obtained funding from government agencies and organized and led several university-industry teams. He has served on editorial boards and program committees of major journals, conferences or workshops. He joined Telcordia in 1990 when it was called Bellcore. His earlier research at Telcordia was on network management tools for SONET, ATM and DSL networks. From 1981 to 1990 he worked at RAND Corporation where he developed technologies to reason about discrete-event simulation models. His formal training is in mathematical logic, programming languages, and electrical engineering. He studied logic with Professor Alonzo Church at UCLA.
Associate Professor, Department of Computer Science Assistant Director, CERIAS - Purdue University
Cristina Nita-Rotaru is an Associate Professor in the Department of Computer Science at Purdue University where she established the Dependable and Secure Distributed Systems Laboratory (DS)2 and is a member of the Center for Education and Research in Information Assurance and Security (CERIAS). Her research lies at the intersection of information security, distributed systems, and computer networks. The overarching goal of her work is designing and building practical distributed systems and network protocols that are robust to failures and attacks while coping with the resource constraints existent in computing systems and networks. Over the last 10 years she has designed distributed systems and protocols that are able to achieve their mission in spite of compromised participants acting as insiders.
Cristina Nita-Rotaru is a recipient of the NSF Career Award in 2006 and a recipient of the Purdue Teaching for Tomorrow Award in 2007. She has served on the Technical Program Committee of numerous conferences in security, networking and distributed systems. She is currently an Associate Editor for Elsevier Computer Communications and ACM Transactions on Information and System Security. She is also an Assistant Director for CERIAS.
Principal Engineer and Technical Advisor Air Force Research Laboratories
Paul Ratazzi is Technical Advisor of the Cyber Defense and Cyber Science Branches at the Air Force Research Laboratory (AFRL) in Rome, NY. As Technical Advisor, he leads the formation of a strategic investment strategy for cyber defense, and guides the technical activities of approximately 30 government scientists and engineers working in these fields. Mr. Ratazzi received the B.S. degree in electrical engineering from Rensselaer Polytechnic Institute in 1987, an M.S. degree in electrical engineering from Syracuse University in 1992, and an M.S. degree in management from Rensselaer in 2006. He is a graduate of Air War College and is now pursuing his Ph.D. in Computer Engineering at Syracuse.
Chief Scientist for Mission Assurance Research The MITRE Corporation
Dr. Vipin Swarup is the Chief Scientist for Mission Assurance Research in MITRE’s Information Security Division. He leads MITRE’s research portfolio on Mission Assurance Against Advanced Cyber Threats. He has previously been the principal investigator of research projects in trust management, cross-boundary information sharing, mobile agent security, intrusion detection, and security guards. His current areas of interest are cyber situational awareness, cyber operational response, and cyber resiliency. He holds a B.Tech. in Computer Science and Engineering from Indian Institute of Technology, Bombay, and an M.S. and Ph.D. in Computer Science from the University of Illinois at Urbana-Champaign.
Panel #4: Securing Web 2.0
Chief Technology Officer Webroot
As chief technology officer at Webroot, Gerhard Eschelbeck is responsible for driving the development of Webroot’s cloud-based technologies for consumers and enterprises.
Eschelbeck most recently served as chief technology officer and vice president of engineering of Qualys, Inc., where he pioneered the company’s Software as a Service based vulnerability management platform. Prior to joining Qualys, Eschelbeck was senior vice president of engineering for security products at Network Associates, vice president of engineering of anti-virus products at McAfee Associates, and founder of IDS GmbH, a secure remote control company acquired by McAfee.
Widely regarded as one of the foremost experts on vulnerabilities and network security, Eschelbeck has presented his research to the U.S. Congress and at numerous major security conferences including RSA, Black Hat and CSI. He was named one of InfoWorld’s 25 Most Influential CTOs in 2003 and 2004, and received this honor a third time in 2006 as Webroot chief technology officer and senior vice president of engineering. Eschelbeck is a frequent contributor to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. Eschelbeck is also a highly regarded author and is perhaps best known for publishing the “Laws of Vulnerabilities.” He is one of the inventors of the Common Vulnerability Scoring System (CVSS) and holds numerous patents in the field of managed network security.
Eschelbeck holds a doctorate and master’s degree in computer science from the University of Linz, Austria.
Lorraine G. Kisselburgh
Assistant professor, Department of Communication Purdue University
Dr. Kisselburgh (Ph.D., Purdue University) is an assistant professor in the Department of Communication at Purdue University, and is affiliated with the Center for Education and Research in Information Assurance and Security, and Discovery Park at Purdue University. She began her career as an information analyst and programmer, and directed the development and use of emerging technologies in higher education. She is a member of the Public Policy and privacy committee of the ACM, and also holds an M.S. from Purdue University, and an A.B. from the University of Southern California. Her current research projects include: a) social structures of privacy in sociotechnical environments; b) social media in organizations; c) collaboration and innovation dynamics; and d) culture and gender issues in science, technology, and engineering (STEM) careers. She has published in Communication Yearbook, Management Communication Quarterly, Communication Studies, Journal of Mechanical Design, Acta Psychologica, Journal of Motor Behavior, and other outlets. Her research has been funded by the Purdue Research Foundation, the College of Engineering, McAfee Corporation, and the Indiana Department of Homeland Security.
Director of iDefense Malware Intelligence Verisign
Mr. Olson is Director of the iDefense Malware Intelligence team and has worked for Verisign since 2006. His primary security interests include automated malicious code analysis, targeted malware attacks and information-stealing Trojan techniques. He holds a B.S. from Iowa State University in Management Information Systems and an M.S. in Security Informatics from The Johns Hopkins University.
Senior Director of Product Marketing, Web and Email Security Products McAfee
As the senior director of product marketing for Web and Email Security products, Mr. Roddy is responsible for positioning, branding, pricing and promoting McAfee’s Web and Email Security products. Prior to joining McAfee, Tim was Director of Product Marketing for enterprise content management software vendor Stellent for four years, during which time Stellent doubled its revenues to a $120MM annual run rate. Tim has over 16 years of high technology experience at firms such as Stellent, Alliance Data, CyberCash, and General Dynamics. Mr. Roddy has spoken at numerous industry events at the local and national level. Mr. Roddy earned an MBA from the Anderson School at UCLA and B.S. and M.S. degrees in Mechanical Engineering from the University of California, Berkeley.
Assistant Professor Purdue University, Computer Graphics Technology/Organizational Leadership & Supervision
Dr. Vorvoreanu is an assistant professor in Computer Graphics Technology and Organizational Leadership & Supervision at Purdue University. She studies the sociocultural impact of new communication technologies. Before joining Purdue, she was an assistant professor in the Department of Communication Studies at Clemson University, SC, and the Department of Communication at the University of Dayton, Ohio. While at Clemson and UD respectively, Dr. Vorvoreanu taught various public relations and communication courses, and did academic research in the area of public relations and new Web technologies. . She has published research articles in the Journal of New Communications Research, Public Relations Review and the Journal of Website Promotion and a book about online public relations: Web Site Public Relations: How Corporations Build and Maintain Relationships Online. Dr. Vorvoreanu holds a Ph.D. in Communication from Purdue University.