2015 Adoption of Cybersecurity Technology Workshop



2015 ACT Workshop

March 3-5, 2015  | Sandia National Laboratories | Albuquerque, NM

AGENDA | USE CASES | BACKGROUND MATERIAL | FINAL REPORT

AGENDA     last updated 10 April 2015

 

Early Badging - March 2, 2015

1200 - 1430          Early Badging -  Sandia Badge Office                                  Sandia POC                                             

 

Day 1 - March 3, 2015

0715 – 0800 Badging /Travel to SNL Tech Area 1         Sandia POC                                            
0800 - 0900 Classified Threat Brief VTC BLDG 810, Room 1102
0900 – 0910         Welcome

Mark Terhune, Sr. Mgr. Sandia

Kathy Bogner, Chair - SCORE

0910 – 1000 Phishing from the Front Lines Matt Hastings, Senior Consultant, Mandiant/FireEye
1000 - 1030 Description of Workshop Activities/Review Agenda Edward Rhyne, SCORE/DHS
1030 – 1045 BREAK  
1045 – 1115 Lightning Round: Participant Introductions All
1115 – 1200 Discussion Group Breakouts/Stakeholder Experiences All
1200 – 1300 Out brief by Discussion Groups Group Representatives
1300-1400 Working Lunch  
1315 Secure Coding Robert Seacord, Secure Coding Manager, CERT/SEI
1400 - 1445 Integrated Mitigations Framework (IMF)  Briefing Kevin Bingham, Technical Director, IAD Mitigations Group
1445 - 1500 Break  
1500 – 1630 Use Case Construct and Descriptions Julie Haney, NSA
1630 – 1700 Next Steps/Team Assignments/Review Day 2 Agenda Julie Haney, NSA
1700 Day 1 Adjourn  
1900 Announcement of Teams ACT Workshop Website
 

Dinner on your own - Review Use Case Assignments and Read Ahead Materials

http://cps-vo.org/group/sos/act/articles

 

 

Day 2 - March 4, 2015

0730 – 0800         General Networking (Coffee & Pastries) All                                                               
0800– 0810 Agenda Review for Day 2 Linda Hart, Cyber Pack Ventures
0810 – 0900 Bridging the Valley of Death Dr. Douglas Maughan, Director of the S&T Directorate's Cyber Security Division
0900 - 0910 Call to ACTion - Discovery Julie Haney, NSA
0910 – 1200 Breakout Session 1 – Study Use Case All
1200 – 1300

Working Lunch

Techology Readiness Level Brief

Round Table Mini Success Stories

 

Orville Stockland

Dan Wolf, Cyber Pack Ventures

1300 – 1315 Call to ACTion – Action Plans Edward Rhyne, SCORE/DHS
1315 – 1600 Breakout Session 2 – Formulation of Action Plans          All
1600 – 1630 Next Steps/Review Day 3 Agenda  
1630 Day 2 Adjourn  
1800 The Workshop Dinner - Sadie's at the Star  No-Host/Transportation Provided (Pick-up Location: Marriott Albuquerque)

                                                      

Day 3 - March 5, 2015

0730 – 0800         General Networking (Coffee & Pastries)      All                                                             
0800 - 0810 Agenda Review Linda Hart, Cyber Pack Ventures
0810 – 0900 Accelerating Innovation in Security & Privacy Technologies, IEEE  Cybersecurity Initiative (CybSI) Greg Shannon, PhD, Chief Scientist, CERT Division, CMU/SEI, IEEE CybSI Chair
0900 - 0930 Call to Action Plan

Julie Haney, NSA

Edward Rhyne, SCORE/DHS

0930 -1030 Breakout Session 3 – Formulation of Action Plans           All
1030 - 1100   Use Case 1 Out brief Team 1
1100 - 1130 Use Case 2 Out brief Team 2
1130 - 1200 Use Case 3 Out brief Team 3
1200 - 1230 Use Case 4 Out brief Team 4
1230 - 1300 Summary and Path Forward Kathy Bogner, Chair-SCORE

In McCann, Sandia
1300 Box lunch available for pickup  
1300 Day 3 Adjourn  

         

Use Case Read Aheads

Team Assignments are here.

Device Integrity

Please see the material in the blue NSA folder for read aheads for this use case.

 

Damage Containment

SCIT the digital vaccine - Arun Sood

Self-shielding Dynamic Network Architecture (SDNA) - Nicholas Evancich

Command and Control Requirements for Moving-Target Defense - Marco Carvalho

 

Defense of Accounts (Authentication and Credential Protection)

BAE v2.0 Overview Document Final Version 1.0.0 - Maria Vachino

Mobile Access Control for Emergency Responders - Maria Vachino

Guidelines for Derived Personal Identity Verification (PIV) Credentials - Maria Vachino

Guide to Attribute Based Access Control (ABAC) Definition and Considerations - Maria Vachino

Verifying Identity Credentials Service (VICS) Gateway - Maria Vachino

Identity Management (IdM) Testbed - Maria Vachino

S&T Identity Management Testbed - Karyn Higa-Smith

SAML 2.0 Subject and Protocol Profiles - Karyn Higa-Smith

 

Secure and Available Transport

Virtual Private Network Capability Package - In McCann

2015 ACT Worksop Final Report

The 2015 ACT Workshop Report dated 4 April 2015 is now available for viewing.

 

ACT Workshop Background Material

Manageable Network Plan Teaser (overview)  and  Manageable Network Plan (full document)

Networks often become unmanageable and rapidly get out of control. An unmanageable network is insecure. The Manageable Network Plan is a series of milestones to take an unmanageable and insecure network and make it manageable, more defensible, and more secure. It provides overall direction, offers suggestions, calls out crucial security tips, and gives references to books, Web resources, and tools.

IAD’s Top 10 Information Assurance Mitigation Strategies

ACT Workshop's Use Case Areas: The National Security Agency's Information Assurance Directorate's Top Mitigation Strategies.

Read Ahead Articles

A Brief Introduction to Usable Security

The authors examine research in usable computer security, starting with a historical look at papers that address two consistent problems: user authentication and email encryption. Drawing from successes and failures within these areas, they study several security systems to determine how important design is to usable security.

Privacy and Security Usable Security: How to Get it

Why does your computer bother you so much about security, but still isn't secure? It's because users don't have a model for security, or a simple way to keep important things safe.

Fishing for Phishes: Applying Capture-Recapture Methods to Estimate Phishing Populations

Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector