September 26-28, 2016
"As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace."
— Newton Lee
"As the United States attorney in Manhattan, I have come to worry about few things as much as the gathering cyber threat."
— Preet Bharara
Cybersecurity and security are becoming one and the same. And it’s becoming harder and harder to secure systems and still have them function in the real world. Denials of service and other attacks are routine; cyberwars are becoming real possibilities; we’ve already seen Mission-Impossible-like targeting of individual systems; and the VW emissions scandal is a reminder that software is everywhere and may not be doing what it’s supposed to.
- Perimeter Security
- Internet of Things
- Cloud Security
- Software Integrity
- Proactive Security
- Planning for Disaster
- Authentication & Verification
- SCADA Security
Michael Hayden, the only individual to head both the National Security Agency (1999–2005) and the Central Intelligence Agency (2006–2009) is in a unique position to discuss the synergies, tensions, and trade-offs among intelligence, data, security, and privacy.
Raluca Ada Popa, an Assistant Professor at UC Berkeley, is also a principal at PreVeil a startup whose core technology enables computation on encrypted data.
Adam Ghetti was arguably the most popular speaker at our Feb 2014 meeting in Atlanta, when he was barely out of college. Since then, his business, Ionic Security, has grown and matured dramatically; investors include Amazon, Goldman Sachs, and Google Ventures. Ionic protects data, instead of the networks it traverses, encrypting it fully and with layered levels of access, yet minimizing the friction and bottlenecks that have stymied previous efforts to do this.
Simon Crosby is founder of Bromium, which has developed a new form of virtualization that is hardware-based, tapping into tools built inside existing Intel and AMD microprocessors. If an application task tries to access core system resources, the hardware will stop it and ask how to proceed.
In 2011, Srdjan Capkun, who directs ETH’s Zurich Information Security and Privacy Center, led a team of students that found a way to hack millions of cars. The group then set out to defeat their own hack, and have formed a startup, 3DB Technologies, around their solution, which could also better secure access to computers, IoT, and even handguns.
Elk and beetle antlers consume an enormous percentage of an animal’s available resources; so too did the military budgets of the superpowers during the Cold War. University of Montana professor Doug Emlen’s 2014 book, Animal Weapons: The Evolution of Battle, explores a number of similarities and differences between animal and human weapons systems.
Juniad Islam and Bob Flores, are co-chairs of a key group within the Cloud Security Alliance, spearheading a strategy called Software-Defined Perimeter, which mitigates network-based attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated and authorized. A number of organizations, including Microsoft, EMC, and TTI/Vanguard member firm Coca-Cola, are members of the Alliance.
One of the most promising technologies on the security horizon is behavior-based authentication, using multi-modal biometrics; Google has been working to incorporate it into Android. DARPA has backed this approach as well, funding two rounds of research by Behaviosec. We’ll hear how it works from the company’s Vice President for Development, Ingo Deutschmann.
Webmasters everywhere have been delighted by the success of Let's Encrypt, which automates the certificate process for secure websites. J Alex Halderman, one of its designers, will talk about its strengths and weaknesses and the process of automating web authentication.
Global organizations should welcome a methodology for determining which states in the U.S., and which countries around the globe, are the most and least safe from a cybersecurity point of view. It was developed by Francesca Spidalieri of Salve Regina University’s Pell Center.
One recent corporate trend has been to take cybersecurity out of its individual silo and put it into a broader bailiwick of risk management. The U.S. Cyber Consequences Unit, a non-profit research institute led by Director and Chief Economist Scott Borg, is one of the leaders in quantitative, risk-based approaches to cybersecurity.
Resilience is an important topic in any risk-based strategy as well as in its own right, and Robert Cunningham (of TTI/Vanguard member firm MIT Lincoln Labs, will talk about keeping mission-critical systems functioning while under attack.
Is anything more secure than a one-time pad? An Australian startup, Token One, led by Phil Cuff, has brought the one-time pad into the digital age, to create a secure and easy-to-use form of authentication.
If blockchain is ever to enter the mainstream of computing products, it will be when technologists like Yorke Rhodes help companies like Microsoft build it into their software infrastructure.