Annual Symposium on Information Assurance >> ASIA

Share

Navigation Menu
ASIA Main Page
Call for Papers
Organizing Committee
Symposium Proceedings
Best Paper Awards
Keynote Speakers
Author/Presenter Info.
Reviewers
NYS Cyber Security Conf.
Directions & Parking
Accomodations
EISO Website
UAlbany Business Website
Pictures
Contact Us
Want to Sponsor?
End of Menu

Connect

Twitter logo image Facebook logo image YouTube logo image
Years for Selection: 2006 - 2007 - 2008 - 2009 - 2010 - 2011 - 2012 - 2013 - 2014 - 2015 - 2016

Keynote - Day One

Asymmetric Cyberwarfare: The Business for Insecurity

Reg Harnish, CEO, GreyCastle

Reg Harnish is an entrepreneur, speaker, author and the CEO for GreyCastle Security, a leading cybersecurity consulting firm headquartered in Troy, NY. Reg has been practicing security for nearly two decades, specializing in security solutions for healthcare, higher education, critical infrastructure and other industries. Reg's security expertise ranges from risk management and incident response to regulatory compliance and awareness. Reg brings a thought-provoking perspective to the industry and strives to promote awareness, security "thinking" and practical application of security fundamentals. As the CEO for GreyCastle Security, Reg is responsible for defining and executing the company's vision. Reg has led the organization to four consecutive years of triple-digit growth while establishing GreyCastle Security as a highly-respected thought leader. GreyCastle Security is currently working with organizations in nearly every state in the United States, including Fortune 5000 and Global 100 organizations.

Reg attended Rensselaer Polytechnic Institute, and has achieved numerous security and industry certifications, including CISSP, CISM, CISA and ITIL. Reg has achieved various physical security certifications, including firearms instruction and personal protection. Reg is a graduate of the FBI Citizens Academy. Reg is a fellow of the National Cybersecurity Institute, a cybersecurity educational institution located in Washington, DC. Reg serves on numerous security association boards and is currently an advisor to several educational institutions focused on cybersecurity. Reg is a nationally-recognized speaker and has presented at countless industry events, including BSides, ISSA, ISC2, ISACA, ASIS, DHS and InfraGard. In 2017, Reg was named cybersecurity consultant of the year for all of North America by the Cybersecurity Excellence Awards. Reg's successes have been featured in leading industry journals, including Software Magazine, ComputerWorld and InfoWorld. Reg is a contributor to numerous security publications and has co-authored several books on cybersecurity awareness.

Presentation Abstract: The sinking of the Titanic. The 1996 Chicago Bulls. The terror attacks on 9/11. All these historic milestones had one thing in common: the opposing elements were unequal, unique and misunderstood. Today, on the front lines of cyberwarfare we are experiencing the same recurring conditions - unequal forces have met to compete in a very new and very miscalculated contest. History is repeating itself - or is it?

Cybersecurity experts worldwide argue that the time, money and energy we've spent on cybersecurity hasn't paid off, and it never will. They claim that despite skyrocketing budgets, advances in technology and growing cybersecurity investments, private and public entities in America are no more secure than they were decades ago. They argue that the odds are against us and that the best we can hope for is survival.

The truth is, we've just begun to fight.

And we're about to bring the big guns out. Our successes in cybersecurity, fleeting as they may feel at times, are significant and telling. We've got some secret weapons to deploy and this time the machines are on our side. And Mother Nature has a few things up her sleeve that will inevitably result in the demise of our adversaries. The next round is surely ours.


Keynote - Day Two

Explaining Cyber-Insecurity as Defense Adaptation

Lior Tabansky, Blavatnik Interdisciplinary Cyber Research Center

Lior Tabansky is the Head of Cyber Projects Research and Development at Tel Aviv University's Blavatnik Interdisciplinary Cyber Research Center (TAU ICRC.) Lior's 2017 doctoral dissertation "Explaining National Cyber Insecurity: A New Strategic Defense Adaptation Analytical Framework" explains why even the most developed nations remain so exposed to destructive cyberattacks on strategic homeland targets by foreign states. It includes a comparative analysis of critical infrastructure protection and national strategy of Singapore, Israel and the United States. Lior holds a Master of Arts in Security Studies from Tel Aviv University, his thesis "The Role of Advanced Technology in Israel's Struggle Against Palestinian Terrorism, 2000 to 2005" earning critical acclaim and igniting public debate.

Lior's book Cybersecurity in Israel, co-authored with Professor Isaac Ben-Israel, is the first comprehensive "insider" account of decades of Israeli policy and operations, enabling an original analysis of the roles grand strategy and innovation play in cybersecurity. Lior offers a uniquely strategic cybersecurity grasp, facilitated by his Political Science & Security Studies expertise (PhD 2017), cyber strategy formulation for corporations and governments, and IT-pro career spanning 15 years.

Presentation Abstract: Why do even the most developed nations remain so dreadfully exposed to physically destructive attacks on strategic homeland targets by foreign states? Answering this question is vital to international relations theory, as well as national security practice. Throughout history, national security systems have had to adapt to changes, both in peacetime and during war, to defend each sovereign society from foreign threats and survive. Cybersecurity was literally born decades ago within the Western defense and intelligence circles, and relentlessly developed ever since. Ministries of Defense and armed forces embrace cyber intelligence, cyber defense and cyber offense to improve their traditional capabilities but neither defense system performs the core function: protecting the society. Destructive direct cyber-attacks on strategic non-military homeland targets by foreign adversaries renders core defense competencies obsolete. Lior will discuss an analytical framework to explain and mitigate cyber insecurity.


International and Cross-National Threats and Legal Responses in Cybersecurity

Elana Broitman, New America, NYC

Elana Broitman is the director of New America NYC. She has served as the deputy assistant secretary in the Office of Manufacturing & Industrial Base Policy in the Department of Defense and as a senior advisor to Sen. Kirsten Gillibrand (D- N.Y.), having spent time in a technology company, with prior service as counsel to the House International Relations Committee. Broitman brings philanthropic experience, having worked as senior vice president at UJA- Federation. Broitman's work has focused on cybersecurity, national security, human rights, and refugee issues. She is a graduate of Trinity University and the University of Texas School of Law and speaks both Russian and German.

Presentation Abstract: Cyber attacks have become an all too frequent threat to economic well-being. In recent past, political and foreign policy motivations and consequences have been ascribed to a number of what are now infamous incidents. There are a number of examples, but this talk will highlight three: Russia's hacking of the U.S. 2016 Presidential elections, according to US intelligence, was a long- term effort to gather and reveal information that would be so compromising or embarrassing materials as to impact the U.S. elections, as well as those in Europe. North Korea's cyber attacks on its neighbor to the south as well as the U.S., designed, it appears, to extract information in some cases, exert pressure in others, and simply achieve financial gain in some. The theft of NSA's Eternal Blue exploit of a Microsoft is yet a different case - a cyber tool developed for foreign policy reasons, but rendering many computers, including those of our allies, vulnerable once stolen. The question raised by this variety of examples is what have nations done to address these threats, and what legal, policy or political measures are effective short of a cyber attack back.

The talk will review a series of national legal responses by Russia, China and the U.S., analyzing them to understand if these responses are truly cyber defenses, or rather protectionist or repressive measures. Finally, the talk reviews the 2001 Convention on Cybercrime of the Council of Europe, known as the Budapest Convention. This treaty lists a set of crimes that signatory states must transpose into their own law, criminalizes activities such as hacking, and establishing rules for international law enforcement intervention. The Convention, signed by many, does not include key countries such as Russia, China and India due to claims of extraterritoriality. Russia has for years attempted to induce other countries to support it in drafting a new treaty. The talk explores the impact of the current policy responses, the likelihood of future responses, and the need for more action given our ever-growing reliance on the Internet.

Important Dates

I do not fear computers. I fear the lack of them.

- Isaac Asimov

Just as drivers who share the road must also share responsibility for safety, we all now share the same global network, and thus must regard computer security as a necessary social responsibility. To me, anyone unwilling to take simple security precautions is a major, active, part of the problem.

- Fred Langa

In theory, one can build provably secure systems. In theory, theory can be applied to practice, but in practice, it canít.

- M. Dacier