For C3E 2017, we will undertake new efforts under the overarching theme of Anticipating Future Threats and Response in Cyberspace. The cyber landscape becomes more complex every day, with a wide range of actors, motives, attack vectors, and response options. Anticipating a wide range of future cyber threats allows us to develop indicators that can be monitored for preemptive defense and mitigation of cyberattacks. Anticipation involves a broad and systematic consideration of the future landscape involving all participants, and linking the long-range (forecasting) to the near-term (warning). At C3E 2017, we will want to challenge our assumptions about future cyber threats and how we adjust our strategies if we are wrong. 

For C3E 2017, we are exploring the following two track themes:

Advancing the Methods of Attribution in Cyberspace. Attribution has been a familiar discussion at C3E. Since inception, we have worked to identify malicious actors and distinguish them from normal and benign cyber activities. We have also looked at misattribution as a source of risk to our own defensive strategies. For C3E 2017, we will focus on some specific new activities designed to understand attribution methods and the benefits and challenges associated with them. For example: 

• What new analytic techniques and case studies are there that apply to the identification of malicious behavior?
• What kinds of future threats can we expect to see, and how will we attribute them, based on a wide range of analytic techniques. What are the comparative human and machine aspects of the attribution and/or misattribution problem? 
• What kind of analytic methods or tools are available or will be available in the near future to anticipate threats, identify new indicators, and monitor networks for appropriate action?
• What can we learn from competition spaces and other activities about the attribution problem? How can we differentiate strategic challenges from tactical ones, with the purpose of triggering appropriate responses?

Read Ahead Materials

• Strategic Aspects of Cyberattack, Attribution, and Blame
  
  Benjamin Edwards, Alexander Furnas, Stephanie Forrest, and Robert Axelrod
• Advancing Attribution Tabletop Game Overview

Shifting the Balance in the Attack-Defend Cycle. Endless vulnerabilities in commercial operating systems and applications have led to an unsustainable cycle of intrusion, compromise discovery, patch development and execution, and recovery, which is inherently a reactive strategy. A variety of analytic approaches and techniques helps break this reactive cycle, by enabling the defender to stay ahead of the threat. DARPA’s Cyber Grand Challenge demonstrated the existence of a credible cyber opportunity to develop tools and techniques that automatically find vulnerabilities within systems. Within this challenge, formal program analysis capabilities were deployed into autonomous cyber defense systems that could reason about novel program flaws, prove the existence of other flaws in networked applications, and formulate effective defenses. The concept of co-evolution, drawn from biology but increasingly applied in the technical domains, may also apply here. For C3E 2017, this track will advance this kind of thinking through the following questions: 

• How can we characterize the attacker-defender relationship as it exists today? What strategies and techniques are helpful to shift the balance toward the defender?
• How can Centaur-styled software and system analysis disrupt the inherently defensive nature of the current attack-defend cycle? What are the comparative human and machine aspects of conducting this kind of analysis?
• What are the implications for understanding very large exploits and the complex tradeoffs associated with protecting or releasing information about them into the broader ecosystem? What is the risk calculation associated with doing so? 
• Can we employ aspects of co-evolution to shifting the balance between attacker and defender? 

The workshop is sponsored by SCORE.