2015 annual conference summary report - advanced cyber … · 2015 annual conference summary report...
TRANSCRIPT
2015 Annual Conference Summary Report
November 4, 2015
Threat Sharing:
Next-Gen ACSC Threat Sharing
• Provideinfrastructuretosupportautomatedthreatsharingusingindustrystandards
• AllowACSCmemberstousethetoolstheyprefer• Supportvibrantthreatandbestpracticesharing
Leadership Collaboration:
Quarterly Meetings for MOEs
• Developaprogram,similarto“CyberTuesdays”formember-shipexecutivestoconfidentiallydiscussimminentthreatsandjointresolutions
Talent Training & Hiring and Identify & Evaluate Security Tools:
ACSC Research and Training Consortium
• Connectmemberswithemergingstudenttalentthroughco-locationandvirtualprograms
• Developmentofsecuritysolutionsasaresultofresearch• Supportcommercializationofsolutionsemergingfrom
research• Exerciseandwargamingprogramsupportedbyvirtual
infrastructure• FellowshipProgramtoprovideeducationandexperiential
learningprogramtorampupstudentsandearlycareerprofessionals
• PartnerwithUSAFCybersecurityPlugFestProgram
In2015,ACSCpartneredwithPwCtoconductaneedsanalysisonthecybersecurityecosysteminNewEngland.Forplanning,theACSCisusingtheresultstoshapeitsupcominginitiativesandbuildafoundationforitsfuture.ThereportproducedseveralrecommendationsfortheACSCtotakealeadershiprole.ExecutiveDirectorCharlieBenwayinhisopeningaddressexplainedhowthenonprofitconsortiumisplanningtoaddressthoserecommendationsinitsplanningfor2016.Thereporthighlighted4focusareaswhichalignwithACSC’smission:
•improvedthreatsharing•focusedleadershipcollaboration•talenttrainingandhiring•securitysolutionsvisibilityandevaluationChairmanBillGuentherexplainedthevisionfortheACSCinmakingNewEnglandapremierdestinationforcybersecurityresearchanddevelopment.Withitsunprecedentedassetsinuniversities,industry,andgovernment,theregionispositionedtobealeaderincybersecurity.Referencingthetechnologyboomon128inthe1980sandtheBiotechexplosionofthe2000s,hecitesthesuccesswehavehadineconomicdevelopmentwhenweworktogetherwithasharedgoal.
The Advanced Cyber Security CenterWelcome by Executive Director Charlie Benway and Chairman Bill Guenther
“We have made great progress in building trust around threat sharing, now opportunities abound to up our game and increase the value proposition for members.” -- Charlie Benway
1
Benway Guenther
2
The Federal Reserve Bank of BostonGreetings from host CEO Eric Rosengren and presentation by CIO Don Anderson
OneofthefoundingmembersofACSC,TheBostonFederalReserveBankofBostonextendeditsleadershipinglobalcybersecuritybyonceagainhostingtheannualconferenceandwelcomingover100thoughtleadersandpractitionerstoitsfacilitytoexplorethefutureoftheindustry.PresidentandCEOEricRosengrengreetedguestswhileCIODonAndersonprovidedinsightintotheBostonFed’spositioningandgoals.
TheyoutlinedtheinitiativesandstrategiesinwhichtheyareengagedtoenhancethecybercapabilitiesofpublicandprivateorganizationsinNewEngland,asrecommendationstoothers:
• AdvancedCyberSecurityCenter• NewEnglandFinancialServicesThreatSharing• DiscussionwithInternationalBanks• EducationalPipelineDevelopment• EnhancingBankRegulations
Rosengren
Anderson
Toaddresstheongoingdebate,DonAndersonalsopresentedinformationondecryptionwhichrelatedtothethemeoftheconferencemorningsessions.
Motivation for SSL Decryption
• NovisibilityintoencryptedSSLtrafficattheperimeter• SSLisagrowingpercentileoftraffic• GooglesearchesprioritizeSSLresults• GranularApplicationVisibility• BotnetsoftenuseSSLforcommandandcontroltraffic• PhishingattemptsoftenuseSSLlinks• ManyfiletransferappsuseSSL
Extend protections to SSL traffic with SSL Decryption
• ApplicationVisibility&Control• DynamicBlockLists• IntrusionPrevention–Exploitsknownvulnerabilities• NetworkAnti-Virus–Acrossmultipleprotocols• NetworkSpyware/Botnet–Outbound–Phonehome/C&C• URLFiltering–HighRiskWebBrowsingbehavior• MalwareSandbox
To Decrypt or Not
• Novisibilityintoandnocontrolofuser-basedencryptedtraffic
Risk with Perimeter Decryption
• MishandledRootCAorSubordinateCAkeys• ExposureatthePerimeterofDecryptedData• PerformanceorPerimeterFirewallwithTransitionofCRL CheckingfromClienttoFirewall• CertificatePinningStrategies
3
Earlierthisyear,GovernorCharlieBakercalledcybersecurity“oneofthemajorchallenges”Massachusettsfaces,citingarecent30percentincreaseinattacksinthestate.AtaMassInsightevent,hegatheredamongleadersingovernment,industry,andhighereducationtodiscussanagendaforstateeconomicdevelopment.“Thisisn’tjustabouthackers,”saidBaker.“It’saboutgovernments.It’saboutbusinesses.”
Attheconference,ACSCwelcomedstateleadersincludingJayAsh,theGovernor’ssecretaryofhousingandeconomicdevelopment
The Massachusetts Cyber StrategySpecial Guests Jay Ash, Secretary of Housing and Economic Development and Colin Owyang, Deputy Attorney General, The Commonwealth of Massachusetts
Ash Owyang
andColinOwyang,thestatedeputyattorneygeneral.TheyexplainedthesupportforbuildingMassachusettsasacyber-securityleaderasitcompeteswithSiliconValleyandtheDCBeltway,amongotheremergingregionsstrategicallyalignedtowintherole.
Aspartofthepresentation,Owyangprovidedthedataoncybersecurityanditsimminentimpactonthestateinsupportofthestrategicprioritiesondataprivacyandsecurityintheattorneygeneral’soffice.
TheGoingDarkencryptiondebatesurfacedagainonWednesdayatasmallse-curityconferencehere,andasinpreviousiterationsbeforelargertechnicalaudiencesandevenCongress,theissuecontinuestospinonahamsterwheelgoingnowhere.Thistimethenotabledignitarystumpingforso-calledexceptionalaccesswasFBIgeneralcounselJamesBaker,andnotdirec-torJamesComey,reiteratingthattechnol-ogycompaniesshouldfindananswertolawenforcement’sproblemofunlockingencrypteddevices.
Baker—speakingattheAdvancedCyberSecurityCenterconferenceandflankedbycryptoluminarySusanLandauofWorces-terPolytechInstituteandEricWenger,directorofcybersecurityandprivacy,globalgovernmentaffairsatCisco—madethecasethatencryptionhamperslawenforce-mentinvestigationsonalocallevelandsurveillanceeffortsonnationalsecurityandterrorismfronts.
Theothersidearguesthat,especiallypost-SnowdenandtheendlessrunofevidenceoftheNationalSecurityAgency’soverreachonsurveillanceanddeliberateeffortstoweakencryptographicstandards,thatencryptionremainsthebestdefenseagainstgovernmentsurveillanceandadvancedattackerstargetingintellectualproperty.AskingSiliconValleyforhelpinsolvingGoingDark,forexample,seemstobeanunlikelyproposition.
“SiliconValleydistruststheU.S.govern-ment,especiallyaftertheSnowdenleaks,”saidLandau,whowasoneof15authorsofapaperthatlaidouttherisksassociatedwithgrantingthegovernmentexceptionalaccesstoencrypteddata.“IworkedatGoogleshortlyafter[theSnowdenleaksstarted]andtherewereaccusationsofthegovernmenthavingdirectaccesstoGoogle’sservers.TherewasgenuineangerinthosemeetingsbecausetheywerethreateningGoogle’sproduct.Thiscostrealmoneytomanycompanies.Atthesame
Media Coverage of Plenary Session:
Going Dark: The Balance Between Encryption, Privacy and Public Safety Written by: MichaelMimoso,originallypublishedinThreatPostonNovember5,2015
time,Idon’tseeSiliconValleynothelpinglawenforcementwhenthereislegitimaterisk.Thereisinterestinhelpingandself-interestinprotectingtheirbusinessmodel.”
SinceSnowden,technologycompaniesacrosstheboardhaveacceleratedencryp-tionrollouts,withend-to-endencryptionsecuringYahooemail,GoogleencryptingconnectionsbetweenitsdatacentersthatwerebeingtappedbytheNSA,andApplerelinquishingcontroltotheuserofencryp-tionkeyssecuringiOSdevices—thetrueharbingeroftheGoingDarkdebate.
“Thisisaboutruleoflawandthefunda-mentalrightswehavefromtheConstitu-tion,creatinglawsthatenablegovernmenttoobtaintheresultsofsurveillanceinwaysthatareconsistentwithconstitutionalrights,”Bakersaid.“Today,that’snothap-pening.Wearenotabletousewhat’savail-abletodaywitha4thAmendmentwarrant.Wedowhatthelawrequires,showupwithacourtorder,andcan’tgetthefruitsofsurveillancebecauseofencryption.”
LaundauandWenger,however,countered
Michael Farrell, ModeratorCybersecurity Editor, Passcode
Panelists:
James BakerGeneral Counsel,Federal Bureau of Investigation
Susan LandauProfessor, Cybersecurity Policy, Worcester Polytechnic Institute Eric Wenger, Director, Cybersecurity and Privacy, Global Government Affairs, Cisco Systems
Farrell, Landau, Baker, Wenger
Landau
4
thattherearealternativesavailabletohelptheFBIandlawenforcementcompelcom-paniestoturnovercustomerdata.
“SomeonewiththeNSAoncesaidtome:‘Thelawinthecaseofawiretapwarrantgivesustherighttocollectinformation.Itdoesn’tsayitshouldbeeasy,’”Landausaid.“TheFBIisinareallyhardspot,andpartofthatisbecauseofthewaywedefinethepoliticaldiscussion,whichiszerofailure.AskingtheFBItohavezerocasesofter-rorismisnotplausible.”
Companies,meanwhile,needencryptiontosecuretransactionsandprotectintellectualpropertyfromleakingoverseas.Activistsinoppressedregionsrequireencryptionnotonlytofostertheircauses,butinsomecases,tomaintainpersonalsafety.GoingDarkproponentsfearthatsplitkey-escrowsolutionsthathavebeenproposedwillonlyfurtherweakencryptoandcertainlyincreasecomplexity.
“Ifwewereabletoengineeramechanismwherewe’resplittingakeyandhavingathirdpartyescrowitwherethegovern-mentcouldaskforit,theverynextthingthatwouldhappenisthatChinaetalwillaskforthesamesolution.Andwe’reunlike-lytogivethemthesamesolution,”Wengersaid.“Complexitykills,andthemorecom-plexyoumakeasystem,themoredifficultitistosecureit.Idon’tseehowdevelopingakey-basessolutionsecuresthingsthewayyouwantittowithoutcreatingagreatdealofcomplexityandhavingothergovern-mentsdemandthesamething.”
Landaumadethesamecomplexityargu-ment,andfortifiedhercasethatexception-alaccesswouldalsobreakforwardsecrecy.Withforwardsecrecy,nowconsideredabaselineencryptionrollout,ephemeralkeyssecurecommunicationratherthanoneprivatekeysecuringallsessions.Shouldanephemeralkeybecracked,allfuturecom-municationremainssecure.
“Thecomplexityof165to200nations,eachwithaccesstokeys,isunimaginable,”Landausaid.
Baker,meanwhile,stoodbythestancethatComeytookbeforeCongressinJulywhenhevolleyedtheissuebacktotechnologycompanies,tellingthemtoessentiallytryhardertofindasolution.
“We’relookingforhelp.Wewantallthesmartpeopleinthiscountrytohelpusfigureoutthiscomplicatedproblemwe’vebeenstrugglingwithforalongtime,”Bakersaid.“Atthemostfundamentallevel,itisabouttherelationshipbetweenthepeopleandthegovernmentwhenitrelatestosurveillancebythegovernmentofthepeopleandunderwhatsetofcircum-stancesdopeoplewantthattohappen.Whatdoyouwantustodo?Whatrisksareyouwilingtotakeandwhatcanwedotomitigaterisksouttherethatexistonallsidesoftheequation?”
Goto:www.ThreatPost.com
Plenary Panel
5
ACSCAnnualConferenceBreak-OutSession
Anatomy of a Forensic InvestigationLaunchedandsupportedbyMassInsight
6
Chris Sloan, ModeratorAssistantVicePresidentandSeniorCorporateCounsel,LibertyMutualGroup
Panelists:
Nick BennettDirector,ProfessionalServices,Mandiant
Josh CatellaECSAP(ElectronicCrimesSpecialAgentProgram)AgentandForensicExaminer,UnitedStatesSecretServiceSloan
There’sareasonwhycybersecurityisgrippingthenationtoday.It’snotbecauseofjobsoreconomicdevelopment.It’snotbecauseoftechnologyandinnovation.It’sbecausecountlesspeoplearevictimsofcybercrimeeveryday.Companiesarefortifyingtheirdefensesagainstcriminalsandpreparingfordatabreachesthat,inseriousincidents,canresultinaforensicsinvestigation.
Formanyorganizations,especiallythosewithlessmaturecybersecuritypostures,thisisanuncharteredterritory.Thissessionwasdesignedtoprovideinsightnotonlyinhowaninvestigationworks,buthowtoprepareforoneintheeventyouarevictimized.Panelistsprovidedascanofthelandscape,posedquestionstothinkaboutinplanning,andofferedrecommendationsonhowtoapproachaninvestigation.
“Being prepared for a forensic exam means that you have developed an incident response plan, hired and trained techni-cal staff, educated your employees on identifying cyber threats, gotten to know your local law enforcement, and practiced, practiced, practiced!” -- Chris Sloan
-Doyouunderstandthe attorney client privilege
How can companies partner with law enforcement before a breach occurs?
•Invitelawenforcementtoyourfacility•Conductajointtrainingexercise•Exploreinformationsharing•Participateinthreatsharingorganiza-tions
-ISAC -ACSC -InfraGard
What should a company’s security breach plan include?
•Shouldbewrittenandfrequentlyup-datedandtested
•Shouldidentifykeysystemsandbackups•Shouldestablishacoreresponseteamthatincludesmultipledisciplines
-IT&Technicalspecialists(internalandexternal)
-Communications(internalandexternal) -Businesspartners(internalandexternal) -Legal(internalandexternal)•Escalationprocess•Howtocollectandpreserveevidence,logfiles,criticalevents
Framing the discussion: recent cybersecurity headlines
•CybersecurityInformationSharingAct–PassedUSSenate74to21–immunityforsharing
•Dept.ofDefenseBreachReportingruleforcontractors–mustreporttoDoDwithin72hours
•USDC(Minn)upholdsattorney-clientprivilegeforcyberinvestigations-2013Targetccbreach
•EuropeanCourtofJusticeinvalidatesEU-USSafeHarborAgreement
•Chinaproposesnewcybersecurityrulesforinsuranceindustry–BODaccount-abilityforsecurity
•USandUKtotestfinancialcybersecurityresponseinNYCandLondon
Questions to consider to prepare for a forensic investigation
•Whoarethepeopleandsystemsthatyouwillneedaccesstoinordertocon-ductaneffectiveinvestigation?
•Areanysystemsoremployeestobetaken“offline”duringaninvestigation?
•Whatarethepitfallscompaniesshouldwatchoutforduringaforensicinvestiga-tion?
-Doyouunderstandthe rules of evidence -Doyouunderstandthe importance of confidentiality
•Whenandhowtoengagelawenforcement
•Whenandhowtoengagethirdpartyspecialist
•Whenandhowtoreportadatabreach(statutory)
•Whenandhowtocommunicatewithemployees
•Whenandhowtonotify/respondtomedia
•Whenandhowtomonitorsocialmediachannelsforinformation
Recommendations for planning to deal with a data breach and a resulting forensic investigation
1. Haveanestablishedplan2. Hireandtraintechnicalstaffwho
havetherightcredentials3. Educateemployeesonidentifying
threats4. Gettoknowyourlocallaw
enforcement5. Participateininformationsharing
opportunities6. Stayabreastofnewsandlegislation
regardingcyberthreatsandtrends7. Testandimproveyourresponseplan
AnatomyofaForensicInvestigation
7
Sloan, Bennett, Catella
What does operationalize mean?
• It’s risk management.Thefirststepinoperationalizingcyberintelligenceistoincorporateitintotheenterpriseriskmanagementprogram.CybersecurityshouldnolongersitinanisolatedITfunction;itneedstobewholisticandsystem-wideinitsexecution,commu-nication,andmaintenance.Fromthemailroomtotheboardroom,theentirecompanyshouldbeoperatingasguardiansofthecorporatedata,thecustomerinformation,andaccesstothenetwork.Manycompaniesaresegmentingaccesstodataattheindividualleveltolimitthevulnerabilitiesacrosstheenterprise.
• Be proactive.It’sbecomingmorecommontoapproachoperationalinformationsecu-rityfromaproactiveposture.Cybersecurityhastraditionallybeenareactivefunctionandinmorematureoperations,apreventativeinitiative,oraplanningfunctionmeaningwhatistheplaniftherewereanattackorabreach.Thenewmodelincludes“hunters”ordedicatedprofessionalsscanningthenetworkandlikeforensicspecialistsareseekinganomaliesonthenetwork,searchingforbadactors,andattemptingtoidentifycampaigns.Thisnewlayerofdefenseiscreatinganewcybersecurityroleinthecyberkillchain.
• Manage insider threats.Anevolvingspaceinoperationalizingcyberintelligenceismanaginginsiderthreats–thosewhofallwithin“sphereoftrust”–employees,suppli-ers,thirdpartyvendors,orcontractors.Forexample,BoeingcallsitsprogramCLARITYwhereanyonewithaccesstonetworkisthesubjectofanalysis.Theylookattheindividu-alintermsofhowmuchaccessdotheyhave,whatlevelofsensitivityisthatinformation.Theythencategorizelevelofrisktheyrepresent.Otherswithinherentlytargetedroles,orhigh-valuetargetsarealsomonitored.ThisnotonlyincludestheC-suite–wheretradesecretsorIPmaybehoused,butteammemberswithaccesstothetwittercredentialsorotherentrypointsintothenetwork.
ACSCAnnualConferenceBreak-OutSession
Operationalizing Threat IntelligenceLaunchedandsupportedbyMassInsight
8
James Caulfield, ModeratorAssistantVicePresident:PKIandPIV-1,FederalReserveNationalIT
Panelists:
Bruce BakisPrincipalCybersecurityEngineer,TheMITRECorporation
Christopher HarringtonSeniorConsultingSecurityEngineer,EMCCriticalIncidentResponseCenter
Peter KurekCPT,InformationAssuranceManagerandComputerNetworkDefenseTeamChief,MassachusettsArmyNationalGuard
John ToomerDirector,Intelligence,InformationandCyberSystemsDefense,SpaceSecurityGroup,GovernmentOperations,TheBoeingCompany
Bakis “ The threat-sharing movement is growing because people realize the value and benefit it provides to an ecosystem not only for intelligence sharing, but for a best practices.”
-- Bruce Bakis
The rule or the exception?
• A larger lens.Inthinkingaboutthebenefitsofthreatsharing,thepanelrecognizedthattheworstthreatistheoneyoudon’tknowabout,sowhenyoushareinformation,evenwithcom-petitors,youcangeneratethebiggerpicture.Forexample,inthefinancialservicessector,ifonecompanyidenti-fiesabreach,itcouldbeanattackonthesectornotsimplythecompany.Sharingallowspeergroupstoinvesti-gateusingthesharedindicators.Thisallowsforidentificationoflargermoredangerouscampaignsandcanhelpindustriescreateastrongerdefense,notjustenterprises.
• Understand the context.StandardssuchasCRITS,STIX,TAXIaremakingthreatsharingmoreviable.ThemachinetomachinesharingistakingholdbutthehumaninteractionsaregrowinginnumberssuchasCyberTuesdaysfromtheACSCandtheNationalGuard’sinfosharinggroup.ThelaunchofISACs
One operational defense model
•Thefirstteamcollectsinformationfromfirewallsandknownindicators.Iftherewereknowledgeofabreakintothenetworktheteamfindsevidence,thenfollowsthechainofcustody.
•Thesecondhuntteamisinsidethenetworksearchingforadditionalcompromisesandtryingtodetectwhereelseattackerscouldbelocated.
•Thethirdteamofanalystsobtainsinformationfromhuntteamandanalyzestheintelligencereportonincidentandsuggestsadditionalindicatorstolookforinthenetworkandthehuntersreturntotheirsearchwiththisintelligence.
•Theseteamscollaboratetoremediatethevulnerabilitiesandbegintothwarttheattackandstrengthenthenetworkforfutureattacks.
•Thereisawell-positionedmanagementteamthatcomestogethertocoor-dinateeachstageinthekillchaintomanagethesituationbycommunicatingactionplansbetweeneachteam.
–fromthefinancialsectoronefrom1998totheaviationIASACof2015–aremakingitmorestandardizedtogiveinformationaswellasreceive.Thevalueoftheseface-to-faceinteractionsliesintheanalysissuchasdeterminingthecontextofthethreat.Itisimportanttoknowtheatomicindicators–sotheITsecurityteamcaninvestigate–butitisprobablymorevaluabletoknowwhoisbehindthethreat,whatdotheywant,andwhataretheirmotivations.Thisisthetypeofintelligencethatmachinesarenotabletoconvey.
• Strength in numbers. Whengroupsworktogetherinthiscollaborativewaytheycankeepacollectiveeyeontheecosystem.Theycanaggressivelymoni-torhactivism,forexample,whoisusingsocialmediatoattackacompanyandisitpossibletheyaretargetingsomeonenext?Whatarepeersseeinginthecyberspacethatcouldaffectthem?Forexample,isAnonymouslookingatacertaingroup–doyouhavetiestothatgroupororganizationthatisbeingtar-
OperationalizingThreatIntelligence
9
Krebs
Caulfield, Bakis, Harrington, Toomer, Kurek
“The best conversations I have had within the ACSC were not about atomic indicators, they were about presenting an interesting problem, talking about it, and really digging into it.”
-- Jim Caulfield
geted?Sharingbecomesacollegialeffortandjustasthebadactorsunitetomoreeffectivelypenetrate,thedefensescanstrengthenwiththepowerofnumbers.
Where do we go from here?
• Involve leadership.InvolvingtheC-Suiteandcorporateboardsincybersecurityisbecomingincreasinglyimportanttotheenterprise.Butinadditiontosim-plyasenseofawareness,theymustbeaccountableforbudgetdecisionsandresourceallocationinthisspace.Threatsharingandtheresultingintelligencecanhelpinformtheseinvestmentdecisions.Ifthesecurityteamcanreportonthreats,attacks,orbreachesaffectingpeerinstitu-tions,itbuildsastrongerargumenttosupportincreasedattentionandfundingtofortifythedefense.Inadditiontothethreatindicators,whichweretypicallysharedbydelayedfeeds,moreenter-prisesarelookingforcontextualinforma-tiononbadactorsandmoreimportantly,bestpracticestodealwiththem.
threatsharingcouldplayarole.Theissueinmoreautomatedcybersecurityisthatsomerulesmayworkforonesector,butnotforanother.Forexample,blockingmalicioustrafficautomaticallyforonetypeoforganizationmaynotbenecessaryforanotherorganizationfromanothersector.Investinginthecyberse-curitytalenttomanagethetools,analyzetheactivity,anddeterminethecontextisstillimportant.Thehumanaspectisstillneededtoqualifythethreatactivity–sowhiledisseminatingtheintelligencemaybeviablewithanautomatedsolution,themanagementoftheintelligencestillrequiresprofessionals.
OperationalizingThreatIntelligence
• Threat sharing is gaining.Thereiscur-rentlyinterestinISAOsbecauseevery-oneisrealizingthevalueandbenefitthreatsharingprovidestoanecosystem,notonlyforsharingintelligencebutfordevelopingbestpracticesandproofpoints.Whilecriticsmaysuggestthatthesefederally-endorsedvoluntarysharinggroupsaresimplyopticsfortheWhiteHouseontakingastandoncybersecurity,thepanellaudedtheprocesstheyprovideandunderscoredtheirvalueinbringingthreatshar-ingtoabroaderaudience.Thereisasensethatmembershipsharinggroups,throughtrustagreements,willbeinte-gratedintoafederatedthreatsharingmovementinthenearfuture.
• Invest in cyber talent.Thepanelagreedthatoneofthechallengeswiththreatsharingisthedelayingettingintel-ligenceandthediscussionmovedtoautomatedthreatsharingforwhichtherewasadivide.Toreducethecopyandpastetediumofsharingandtoeliminatethetimedelay,automated
10
“Threat sharing can be done on many different levels.” -- Peter Kurek
Kurek
Toomer
Inthe1980s,tobuildnationalcompetitivenesstherewasatechnologyracetobeatJapanthatwaspoisedasaleaderintechnology.Asaresultofthisnationaldrive,therewerenoregulationsplacedonindustrytogetahead.ThefederalpolicywastodominateinallareasofIT.TheresultwasMicrosoft,Dell,Appleandthecountlessotherinternationalmarketleaders.Thepricewasbuildinghardwareandsoftwarewithsecurityasanafterthought.
Nowweareinastateofhardeningoursystemsafterthefact–introducingtheexplod-ingindustryfocusedoncybersecurity.Unfortunately,theU.S.isatanimmaturephaseinregulation.Thereisnogeneraloverarchinglegalstandardforcyberpreparedness.Defensecontractors,healthcare,financialservicesandothermorematureverticalshavesomestandards,buttheyareusuallylimitedtothespecificindustry.Thedefault“standard”isthatcompaniesmustdemonstrateareasonablenessintheirefforts.Butwhatdoesthatmean?
ACSCAnnualConferenceBreak-OutSession
Discernible trends in regulations:
1. Substantive–Incertainindustries,thereareregulatorsthatrequirecertainstan-dardsbemetandguidelinesbefollowed.Forexample,HIPPArules,DoDchecklists,adoptingNISTcybersecurityframework13636EO,orvoluntarilyadheringtoSECandFTCrecommendations,whicharegain-ingmoretraction.
2. Market-Based–Whendealingwiththirdparties,whatareenterprisesrequiringintermsofsecurityposture.Supplychainwillhavetoraisetheirgametodealwithregulatedentitiesleadingtoatrickledownprocess.Forexample,asthecyberinsur-ancemarketisgettingmoremature,doestheinsurerrequirethecompanytoproveit
What is Reasonable in Cybersecurity? Responsibility and Accountability for Cybersecurity Practices
LaunchedandsupportedbyMassInsight
11
Moderator:Chris Hart, Esq.Associate,FoleyHoagLLP
Panelists:
Gus Coldebella Principal,FishandRichardson;FormerActingGeneralCounsel,U.S.DepartmentofHomelandSecurity
Deborah HurleyFellow,IQSS,HarvardUniversity
John Krebs, Esq.DivisionofPrivacyandIdentityProtection,FederalTradeCommission
istakingstepsforcybersecuritytowriteapolicy?Isthereanissueofnegligencecare?Didthecompanydowhatitsaiditwasgoingtodo?Didtheofficersandboardscompletelyignoreredflags?Theseareallfallingintotherealmofbe-ingreasonable,notsimplyjustonething.
3. Disclosure-Based. –Thisinvolvesdoingwhatisrequiredintermsofdisclosures.Forexample,47stateshavePIIbreachlaws–ifabreachinvolvespersonalidentityinfo,theremustbeadisclosuretothatperson–orevenmoregenerallyannounced.ThisregulationhascausedindustrytofocusonPIIsecuritytotheexclusionofotherdatathatisatrisksuchastradesecrets,high-levelcommu-nications,andnationalsecurityissues.
“ For a long time we have known what has to be done, but now starting to implement.”
--Chris Hart
andcybersecuritybudgets.Aretheyfundingthenecessaryinitiativestokeeptheirconsumerdatasafe?
• The regulations paradox.Companiesarewitnessingregulatorsbringingac-tionagainstenterprises,buttherearenoregulationstofollow.Thelessonslearnedareinstructive,butseemfluid.Thecompaniesareoftenrequestingtheseregulationssotheycanpreventlegalaction–butontheotherhandareresistingregulationsfortheirpossibleprohibitivenature.Makesitdifficulttodefinestandardsinaconcreteway.
Why is security growing?
1. U.S. losing market sharebecauseifU.S.productsarenotsecure,globalcustomerswillnotbuythem,whichisbeingdemonstratedinmajormarketcountrieslikeBrazil.
2. Business has to shoulder the losswithabreach.Smallandmediumsizebankscan’tbearthecostsofmakingindividu-alswholeandpayingforbreach.
What already exists?
• FTC lessons learned. TheFTCoper-atesunderthedoctrinethatapracticecanbeunfairifitcausesorcouldcauseharmtoaconsumer.In“StartwithSecurity:AGuideforBusiness,”theFTChasexamined50+securitycasesandsummeduplessonslearnedincaselawandprovided10majorsubjectionsrelevantacrossapplications,mobile,networksecurityforanythingconsumer-facingorproduct-based.IthasbroadjurisdictionfromlargecorporationslikeWyndhamtoasmallmortgagebroker.Theenterprisecanlookatthesebestpracticesanddeterminehowtheymayapplytotheiroperationsorsituation.
• Wyndham outcomes.ItisimportanttolookattheWindhamcase,whichwasoneofthefewthatwenttolitigationsincemostFTCactionsaresettledpriortocourt.InSection5oftheFTCact,theunfairnessdoctrinebecamecentraltothecase.Thecostbenefitanalysisbe-camethedeterminingfactorinthefinaldecisionsdemonstratingthatcompaniesshouldexaminetheirownsituations
What is reasonable?
• The process is vital.Fortheentitiesthataretakingactionagainstcompanies,whiletherearenouniversalregulationstocite,thecybersecurityprocesscanbemeasuredforreasonableness.Mostenterpriseshaveariskmanagementprogram.Ifthecompanycanshowthatcybersecurityhasbeenintegratedintotheprogram,itmaydemonstratealevelofreasonablenessthatregulatorscanevaluate.Aretherightpeopleinplaceoverseeingit?It’snotalwaysaboutwhathastobedonetactically,butareplansinplace?Hastherebeenariskassessment?Havedataassetsbeenreviewedandde-terminedwhatneedstobeprotected?
• A breach does not mean you are liable,itisaboutyouractionsyoutakeintothatmatterandareweighed.Thegoalofregulatorsandenforcementagen-ciesisnotto“nitpick.”Giventhatdatabreachesareinevitableforentitiesandthatinessence,companiesarethevic-tims,theyarenotautomaticallytargetsofregulators.Theystartinvestigationsbutmanyclosebecausetheycanlookatthebigpictureanddeterminethatthecompanywasbeingreasonableintheirapproachtopreparingforitandthendealingwithit.Thisusuallyisonacase-by-casebasismakingstandardsmoredifficulttodefine.
• Help is OK.Enterprisesneedtorealizethattheenforcemententities–attorneygeneral,SEC,FTC–arenotlookingtoblamethevictimofacrime.OtherentitieslikeDHS,NSA,FBIcanbeveryhelpfultovictims,butcompaniesareoftenafraidtosharebecausethereisaperceptionthattheyaregoingtouseitagainstyou.Leadershipintheenterpriseshouldfeellessthreatenedbysharinginfowithgovernmentwhentheyareinthesemitigationscenarios.
What are the challenges?
• Lack of data on threats. Thereoncewasashameassociatedwithbeingbreached.Mostcompaniesconcealedtheincidentforfearofmarketlossor
WhatisReasonableinCybersecurity?
12
Krebs
“We don’t want to stifle innovation, but at the end of the day we are a law enforcement agency.” --John Krebs
reputationaldamage.Thereneedstobemoreavenuestosharethreatdata.OnesuggestionwasstandingupnonprofitsliketheACSCtogather,sanitize,andsharewhatisgoingonintheecosystem.Thisprovidesmoretractioninsharingdatatosolvetheseproblems–andcom-paniescanbemoreproactiveintheirreasonableactionstoprepare.
• Supply chain is very important.Therearestepstotaketodemonstrateyouaremanagingthesupplychainassets,suchasputtingprovisionsinthecontracttomakesurevendorsaredoingwhattheysaytheyaredoing.Plus,addingsegmenta-tionandaccesscontrolstowhichdatathethirdpartiescanaccess.
• It’s a breakroom issue. Similartothirdparties,eachemployeeisadatamanager.Thecompanyneedstoeducatetheemployeeontherisksoftheiractivityonthenetworkandthedatatowhichtheyhaveaccess.Morethanhalfofworkerssaytheyusetheirworkcre-dentialsforoutsidepasswords,whichishighlyappealingforbadactors.WiththeoverwhelmingBYODtrend,companiesneedtoprovidereasonablenessforthemultipleentrypoints.Aspartofariskplan,enterprisesneedtoaddressthefactthatemployees,whethertheyarefatigued,negligent,illtrained,needtimeandattentioninthisspace.
• Prove you are trying to stay secure. Ifyouhavedoneariskanalysisandpri-oritizedmitigationcosts,thenshowyouhavetakenstepstoaddresstheissuesyoucanaffordtofix.Also,completearecordofcompliancewiththeboard.Writeandmakeaccessibleanactionplan.Regulatorsaremorelikelytomoveforwardagainstcompanieswhohaveclearlyignoredrisk.Understandexistingcaselawwherethelawsofnegligenceapply.Thefailurehasnotbeeninthetools,butinthelackofplanningorstrategy.Reasonablenessisseeminglyabouttheprocessandifyoudon’thavetheprocessorcan’tprovetherewasaprocess,yourisktheconsequences.
Recommended process:
1. Develop a comprehensive information security plan
2. Assign someone to be in charge of it3. Complete a risk assessment4. Develop a safeguard program then
monitor and test it5. Make sure third parties adhere to it6. Modify as situations change
WhatisReasonableinCybersecurity?
Next steps
• Regulation may become a realitysoon-erthanlaterandthe“wildwest”maymovetowardssomeuniversalpractices.Thepanelsuggestedthatregulatorsbeginwiththealready-regulatedsectorslikehealthcareandfinancialservices.Buildingprogramsinthesesectorsthatareusedtodealingwithstandardsandreportingcompliancecanhelpshapehowregulationscanbecomeuniversalregardlessoftheindustrysector.
• It’s about shielding from liability. Asoftodaythereisnosetofrules,butstepstotaketoproveyouaremakingacon-certedefforttoprotecttheassetsforwhichyouareaccountable.Thepanelrecommended(1)readingtheFTCbestpractices–anddevelopingwaysyouwouldbeabletoshowthemhowyoualignedwiththelessonslearned;(2)reviewtheISOstandard–27018andcomplywiththat“codeforpracticeforprotectionofpersonallyidentifiableinformation(PII)inpubliccloudsactingasPIIprocessors.”
13
Coldebella
“It’s beginning to take hold that cyber is a boardroom issue.” --Gus Coldebella
“Security of the information system is defined by including the human beings that are interacting with the system.” -- Deborah Hurley
Hurley
Session Sponsored by Allied Minds.NewEngland,Massachusetts,andspecificallytheGreaterBostonregionarewellknownfortheiracademicexcellence,theirindustryclusters,andtheirpoliticalclout.Unfortunately,unlikeotherregionsintheU.S.andtheworld,collaborationtobuildafocusedregionalbrandhasfallenshort–mostnotablyintheareasofcybersecurityresearchanddevelop-ment.Despiteacollectionofsomeoftheglobe’smostcovetedassets,thereisnocurrentumbrellaunittopoolresourcesfromuniversity,industry,andgovernment.Untilnow.
ACSCAnnualConferenceBreak-OutSession
Working together
• Maximize strength. Whilethereareexist-ingcollaborationstheyareoftensiloedandlimitingwhenitcomestofundingmanagement.Acenterwouldhelpbring,traditionallycompetitiveentitiestogetherandfocusontheirindividualstrengthstobuildastrongwhole.Forexample,busi-nesseswithmorematuredataanalyticscapabilitiesworkingwithcompanieswithbroadernetworks–orauniversitywithastrengthinfinanceeducationwork-ingwithacollegefocusedonteachingtechnology.
• Centralize services. Thecentercouldmanagegrantsonalargerscale,couldhouseamalwaredatabankforprojects,
Defining an Effective Research Consortium Operation and Agenda LaunchedandsupportedbyMassInsight
14
William Guenther, moderatorCEOandFounder,MassInsightChairman,AdvancedCyberSecurityCenter
Mel BernsteinSeniorViceProvostforResearch&GraduateEducation,NortheasternUniversity
Brian LevineProfessor,CollegeofInformationandComputerSciences,UniversityofMassachusetts
Jothy RosenbergGroupLeader,InherentlySecureProcess,CyberSystemsGroup,Draper
John SerafiniVicePresident,AlliedMinds
Howard ShrobePrincipalResearchScientist,MITCSAIL
Jack WilsonPresidentEmeritus,UniversityofMassachusetts,andDistinguishedProfessorofHigherEd.EmergingTechnologies,andInnovation,UniversityofMassachusettsLowell
“There is a lot of collaboration to commercial-ize a novel idea, but we need to move to a place where we are incubat-ing talent so they can learn, get trained, get employed and make a differ-ence in society.”
--Brian Levine
andmostimportantlysupplythedatare-quiredformanyoftheseprojectsthatisoftendifficulttoobtain.Itcanbeaviablewayforacademicstoapproachindustryandworrylessaboutprofitandthinkmoreaboutlong-termpartnerships.Asanon-profit,thecenterisbeingdevelopedtounitetheseassetswithafocusoncybersecurity.
Cybersecurity’s 3 dimensions
AccordingtoJackWilsonwhosetaframe-workforthediscussion,therearethreedimensionstothecybersecurityissue.
1.Wehaveresourceslocallythatareunmatched.Wehaveincredibleindividualbrandsbutinsufficientbrandmanagementwhenitcomestothe
graduatelevelandcontinuesthroughtograduatelevelresearch.”Heunderscoredhowresearchprojectscouldbeoutlinedacrossthecontinuum.
1. Undergraduate students.Concentrateonaseriesofproblemsthatcanbeandshouldbeabletobesolved.Studentcapstonesareanexampleofdifficultbutself-containedprojectsthatcanbemanagedthrougharesearchcenter.
2. Master’s degree candidates.Poseaproblemthatisopen-endedinscopebutnotintimesincetheymustfinishinordertoearntheirdegree.Thecentercouldhelpstudentswiththeirdiscreetresearchprojects.
3. PhD candidates. Thesecanbemorecomplex,larger-scaleresearchprojectswhereaproblemmustbesolvedinordertotakethenextstepforward.Theresearchcentercouldbeahomebasefordiscoveringthesemorepressingsolutions.
regionasawhole.
2.Wehavestrengthsinhealthcare,medi-caldevicesandbiotech,plusfinancialservices.Toeachsector,cybersecurityplaysasignificantrole,butnooneisworkingtogethertocreatecross-func-tionalsolutions.
3.Wehaveanissuewiththetechnologyofpolicy.Technologychasespolicy,forexample,policyoperatesthroughtheviewofdecadesandtechnologyoper-atesatamuchfasterpace,sometimesweeksormonths.
Ready and able
MelBernsteinprovidedtheuniversityperspectiveandframedafoundationforaproposedcenterthatfocusedontalent.“Wemustbegintorecognizethatuniver-sitiesarefullycapableofworkingacrossdisciplines,”saidBernstein.“Wehaveallthetalentwhichbeginsattheunder-
The time is now
• Higher education trends. TosupporttheneedforacenterHowieShrobeidentifiedtwosignificanttrendsinhighereducationincluding(1)Enrollmentisgrowingtoobigincomputerscience–cybersecurityisalargecomponentofthatgrowth;(2)Studentswantintern-shipsandhands-onexperiencetolearnoutsidetheclassroom.
• On everyone’s mind.Theconditionstomovethisalongseemtobeidealastheintersectionbetweenwantsandneedsishelpingfueltheconversationaccord-ingtothepanel.Thereisagrowingneedtofindcybersecuritysolutions–thinkofthesignificantretailbreachesoverthepastyear,includingOPMdemonstratinganeedatthegovernmentlevelaswell.Andthereisagrowingdesireamongthestudentpopulationtoengageandcontributetosolvingtheseproblemsastheybecomeoneofthemostpressingissuesofourtime.
• Losing human capital. ThechallengeisthatthepeopleweeducateandthecompaniesweformhereendupinCalifornia.Weneedtobecreativetodeterminewhatrunscountertothattrend,anddevelopaunifiedefforttostopthisexodus.Sonotonlybuildingaregionalcybersecuritybrandisvital,butgivingouryoungpeopleareasontostayandbechallengedisvitaltosupportingthisproposedbrand.
What’s the pitch?
• Make a statement.Thepanelproposedvariedviewsofhowtoframethecen-ter’sgoal–howtheywillpositionwhatchallengestheywillattempttoface.Theyrangefrombroadstatementslike“removecybersecurityasanationalse-curityproblem”tomorediscreetsolu-tionslike“buildagreatmicroprocessor.”Butthepanelagreedtheregionneedsabrand,especiallywhenitcomestosolicitingpartners,engaginginfluencers,andofcoursepitchingfundingsources.
• Define the project.JothyfromDraper
DefininganEffectiveResearchConsortium
15Guenther, Bernstein, Levine
“ We must begin to recognize that universities are fully capable of working across disciplines.” --Mel Bernstein
recommendedpitchingtheideaofdevelopinganinherentlysecureproces-sor,whichwouldspawnavarietyofprojects.Securingindustrialsystemsaswellassecuringtheelectricalgridwereproposedpitchideastohelpidentifyaprojectthatstudentscouldgetexcitedabout,thatindustrywanted,andthatcouldbebroughttoscale.Othersused
Ourcurrentworkcanhelptheregionestablishcredibility.
• Prepare for federal funding.Inaddition,wecanbebetterpositionedtosecurefundingifthegovernmentcreatesfund-ingopportunitiestodealwithwhatisbecominganationalcrisis.Thegrouprecalledthefederalfundinginmanufac-turingthattheregionmissedoutonforlackofpreparation.
• Just do it. Sowhilesomewarnedaboutputtingthecartbeforethehorse,therewasconsensusthatwithintheACSCmembershipstepscouldbetakenrightnow.Defineabroadergoal,createapitchandabrand,andstartstandingupresearchprojectsthatwillrollupintothem.Theresultwillbeastrongercommunitydesignedtoshapethefuturecybersecuritytalentaswemoveto-wardsanerawherecyberthreatsareathingofthepast.
DefininganEffectiveResearchConsortium
themetaphorofcuringcancer–agrandchallenge–thathaslargerbrandimplicationsandmaybetterengagewithbroaderappeal.Thepanelagreed,thatregardless,ithadtobedevelopedtomobilizetheacademiccommunitytoworkwiththebusinesscommunitywithsupportfromthegovernment.
The real grand challenge?
• Who’s paying?Thepanelagreedthatthebiggestchallengeinadditiontothecraftedpitchisthefundingsource,whichseemtogohandinhand.Ac-cordingtoJackWilson,moneyistheuniversallubricant,andhesuggestswebeginnowbydevelopingmorecollab-orativeapproachesliketheMHTGCC.HesaidtoinvolvetheVCcommunitycoupledwithstrongclustersintheregionsuchashealthdataandfintechtobuildproofpoints.SerafiniaddedthatgettingupandrunningnowandconvertingtheIPintocompaniescanprovethatwehavethepowertoscale.
16
Rosenberg
Shrobe Wilson
“We have a way to get students and academics excited about working around a project and industry wants.”
--Jothy Rosenberg
“If we put it all together and create a targeted pitch, the region can leverage this activity.”
--Jack Wilson
“If we put it all together and create a targeted pitch, the region can leverage this activity.”
--Jack Wilson
Security Analysis of USB TechnologyDaniel R. Noyes, Graduate Student, University of Massachusetts Dartmouth
OneofthemostcommonlyusedstandardsinthecomputerindustrytodayistheUniversalSerialBus(USB).Throughtheuseofacommonbus,USBallowsnumer-ousperipheraldevicestheabilitytocommunicatewitheachother.SeveralleadingcompaniesintheindustryhaveadoptedtheUSBstandard,designinginterfacestobettertransmitdatabetweendevices.Theusageofthistechnologyspansfromprintersandstoragemediatouserinputdevices,suchasdistributedpowersourcesforcellphones.Sincethesedevicesareubiquitousinoureverydaylives,ensuringtheirsecurityisessential.USBdevicesarenotoriousforexposingunnecessarysecurityvulnerabilitiesincomputersystems.Duetothesesystematicandwidespreadinsecurities,methodstoprotectcriticaldevicesarevital.Withconfidentialandsensitivedataontheline,howcanthesedevicesmaintaintheirintegrity?ThisprojectaimstoanalyzetheUSBprotocolregardingvulnerabilitiesaswellasex-perimentingwithsecuritymechanicstoprotecttheUSBfrombothpassiveandactiveattacks.Theprojectlooksatvarioussecurityincidents,andprovidesabasistoshowthepotentialthreatofanyinformationcommunicationusingtheUSBprotocol.Thisinfor-mationwhichistransmittedbetweendevicescanbeambiguous,andissusceptible.Theworkthenexaminesthestate-of-the-artsecuritymeasuresdeployedincurrentUSBtechnology.Itwillalsowilllookatvariouspossiblemethodstoimprovethesecurity.
Intoday’stimewewitnessnumerousincidencesinvolvingsecurity.Theseincidencesaf-fectbothconsumersandbusinessesalike.Forexampleifacommondeviceisinfectedwithmalicioussoftware,whatarethechancesthatthisinfecteddeviceswillcapturedatafromauser?Whatarethechancesthatthisdevicewillbeabletorelaythedatatosomeoneelse?Withthecommonideaofthe“InternetofThings”(IoT)wecanseethisideaasapotentialthreatformaliciousintrusionuponusers.Theresultsofthisprojectwillhelpprovideconsumerswithguidelinestoassistinproductselection,anddirectfutureeffortstostrengthenUSBsecurity.Thiswillalsoopenthedoorforfurtherdevelopmenttowardsbuildingaresilientsystemfortoday’stechnology.
Discovering the Next Generation of Cyber Talent in New England:
The ACSC Cybersecurity Poster Session Hosted by:Dr.HowardShrobePrincipalResearchScientist,MITCSAIL
HostedbyDr.Shrobe,theACSCCyber-securityPosterSessionwassponsoredbyAlliedMindsand.406VenturestopromotethetalentandinnovationincybersecuritybeingdevelopedinNewEngland’sinstitu-tionsofhighereducation.
AttendeesoftheACSCAnnualConferenceonNovember4votedforthe“nextbestthing”incybersecurityattheannualStudent
PosterSession.Cybersecuritystudentproj-ectsrepresentedNewEnglandcollegesanduniversitiesincluding:•BostonUniversity•DartmouthCollege•NortheasternUniversity•UniversityofMassachusetts,Amherst•UniversityofMassachusetts,Dartmouth•UniversityofMassachusetts,Lowell•UniversityofConnecticut
TEDDI: Tamper Detection on Distributed Infrastructure Jason Reeves, Graduate Student, Dartmouth College Chris Frangieh, Undergraduate Student, Dartmouth College
Aspartofthepushtowardsasmarterelectricgrid,utilitieshaveinstalledanumberoflow-powereddevices(forexample,smartmeters)alongtheperipheryoftheirSCADAnetworks.Thesedevicesposeasecurityriskforutilities,astheyareeasytofindandaccess,havelittlephysicalsecurity,andoftenhaveaconnectiondirectlytoautility’sSCADAnetwork.Thus,anattackercouldpotentiallycompromiseoneofthesedevicesanduseitasalaunchpadforattacksonothertargetsonthenetwork,suchasgeneratingplantsorcontrolcenters.Despitethelargeamountofpriortamperprotectionresearch,however,traditionaltampersolutionsarenotfeasiblefordeploymentinthisenvironment.Thereasons:• Thesesolutionsareoftengearedtowardssecuringthenetworkatallcosts,
wheninfactavailabilityisthemostcrucialpropertyofthegrid.Thismeansthatmanyoftheclassicresponsestotampering(suchasdestroyingdataordevices)areworseoutcomesthantheactualattack.
• Thesesolutionsarenotpowerfulenoughtodetectallofthedifferenttampereventsthataffectcriticalinfrastructure,whichrangefrommaliciousattackstoroutinemaintenancetolargenaturaldisasters.
• Thesesolutionshaveeitherasingleresponsetoanytampering(whichisgearedtowardsaworst-casescenario,andthusnotalwaysappropriateforanavailability-focusedindustry)oraredetection-only(whichmeansanattackerisalreadyonthenetworkbythetimetheutilityreacts).
• Finally,thesesolutionsrequirefarmoretimeandresourcestoconfigurethanagridoperatorcanreasonablyprovide.
Tofillthisgap,wedevelopedTEDDI(TamperEventDetectiononDistributedInfra-structure),asensor-basedtamperprotectionsystemthatfusestogetherdatafromanumberofembeddeddevicestodeterminethetamperstateofboththeindividualdevicesandtheoverallnetwork.Weusefactorgraphstoprovideadatafusiontoolforoperatorsthatisbotheasytoconfigureandpowerfulenoughtohandleawiderangeofevents,andwealsoincludeaflexibleresponsemechanismthatcanbeconfiguredtoperformdifferenttasksfordifferentevents.WehavealsobuilttheTEDDIGenerationTool,whichcanautomaticallyproducethenecessarycodeforde-ploymentonarbitrarynetworks.Currently,weareworkingonevaluatingthespeed,accuracy,andusabilityofTEDDIwithinarealisticgridsimulation.
Duringtheevent,studentspresentedabriefprojectsynopsisandansweredques-tionsattheirindividualposterdisplay.Uponcompletion,attendeesvotedbysecretballotandthetwoposterswiththemostvotesreceived$1000prizeeach.
ThetwowinnersselectedbycybersecurityexpertsrepresentedDartmouthCollegeandUMASS,Dartmouth.
17