The Advanced Persistent Threat

Cyber attacks threaten governments, corporations and individuals to extract financial or strategic information.  Using increasingly sophisticated methods, sometimes combined with coercion and more traditional corporate espionage, hostile organizations gain access to critical intellectual property, trade and national secrets.  This information, in the wrong hands, threatens our national security and our industrial future -- their officers and directors, their shareholders and their customers.  Once attacked, government organizations and corporations are understandably reluctant to discuss the impact on their business or mission.  Those that do speak publicly talk only in the most general terms.

Thomas W. Shelman, President, Defense Group, Northrop Grumman Information Technology

The Advanced Persistent Threat - Government View

Greg Garcia, Assistant Secretary for Cyber Security and Communication, Department of Homeland Security National Protection and Programs Directorate

Break

Moderator:  Jeremy Grant, Senior Vice President, Stanford Group Company.

Panelists:

• Gregory Wilshusen, Director, Information Security issues, Government Accountability Office (on FISMA & Cyber Threats)
• Michael Aisenberg, Counselor to the President, Information and Infrastructure Technologies, Inc.
• Valerie Abend, Deputy Assistant Secretary for Critical Infrastructure Protection and Compliance Policy,U.S. Department of the Treasury

This panel of experts will explore where the attacks are coming from, how they are being done, and what can be done to detect and defeat them. They will discuss the escalating nature of the attacks and the need for leadership, diligence and perseverance on the part of CEOs, CIOs, and CISOs.

Moderator:  Cathy Allen, Chairman and CEO, The Santa Fe Group

Panelists:

• David Bartlett, Senior Vice President, Levick Strategic Communications, LLC
• Stephen R. Malphrus, Staff Director for Management, Board of Governors of the Federal Reserve System
• Randy V. Sabett, J.D., CISSP

  Sonnenschein Nath & Rosenthal LLP

The panel will drill down into the complexities of dealing with the attacks, both publicly and organizationally. Issues that will be discussed include:
- International Trade
- Director & Officer liability
- Offshore outsourcing
- Supply chain management

Governor Jim Hodges, CEO, Hodges Consulting Group, Introductory Remarks

Keynote Speaker:

John J. Hamre, President & CEO, Center for Strategic and International Studies

Moderator:  Phil Bond, President and CEO, Information Technology Association of America

Panelists:

• Alan Wade, Founder, Wade Associates, Inc.
• Ken Watson, Chair, Partnership for Critical Infrastructure Security & Sr. Manager, Critical Infrastructure Assurance Group, Cisco Systems, Inc.

Speakers will discuss current initiatives and their limitations among business and government including the IT Sector Coordinating Council, Information Sharing and Analysis Centers (ISACs) for IT, Communications, and other appropriate sectors; the Partnership for Critical Infrastructure Security (PCIS) as it relates to cyber security, the National Infrastructure Protection Centre (NIPC), DoD Initiatives for information sharing, and information sharing and security initiatives within key Network Operations Centers serving the government and private sectors.

• Ari Schwartz, Deputy Director, Center for Democracy and Technology
• Rich Baich, CISSP, CISM, Principal, Deloitte & Touche LLP

Cyber espionage targets are not limited to company sensitive financial and product information, but to customer and employee personal information as well. Building defenses against cyber attacks helps protect this information from unauthorized use. However, the maintenance and storage of this information, how it is used and how trade-offs between privacy and security must be addressed as part of any solution. This expert will discuss how industry guidelines can help build trust between government, industry, employees and customers.

Break

Bridging the Gap Between Government and Industry

Moderator:  David Hoffman, Group Counsel & Director of Security and Privacy Policy, Intel Corporation

Panelists:

• Jacob Olcott, Congressional Staff, Rep. Langevin, U.S. House of Representatives
• Dan Chenok, Chair of the Information Security and Privacy Advisory Board, SVP and General Manager, Pragmatics, Inc.

What is the role of government in helping to protect our industrial base against foreign and domestic cyber attacks? Our Federal government is taking substantive action to safeguard national security. Exercises such as Cyber Storm II will demonstrate how government plans to react to a real attack. The Department of Defense, the intelligence agencies and the Department of Homeland Security plan to invest over $6 Billion in building our cyber defense networks. How can this investment be leveraged to help protect the US corporate base? And similarly, how can information gleaned from corporate attacks be funneled back to the government to improve their own readiness?

Moderators: Governor Jim Geringer, Director, ESRI, and Tom Stanton, Fellow, Johns Hopkins University

This is a “call for action” panel that will present and discuss methods to address confidentiality and secrecy, cross-agency information sharing and planning, best practices, promising solutions and their adequacy to combat cyber threats. What community-wide solutions could be put in place; what public private processes are indicated; and what legislative / policy changes appear necessary? How can a bridge be built between the public and private sectors?

• What are the objectives?
• Who can lead?
• Federal and Private Roles and Responsibilities
• What will it take? Planning - Time – People – Training – Investment– Infrastructure
• Need for legislation / Change to the Sarbanes-Oxley Act
• Suggested Strategic / Policy Action Agenda
• How do we communicate?
• How do we define "success"?