2015 Annual Conference Summary Report

November 4, 2015

Threat Sharing:

Next-Gen ACSC Threat Sharing

• Provideinfrastructuretosupportautomatedthreatsharingusingindustrystandards

• AllowACSCmemberstousethetoolstheyprefer• Supportvibrantthreatandbestpracticesharing

Leadership Collaboration:

Quarterly Meetings for MOEs

• Developaprogram,similarto“CyberTuesdays”formember-shipexecutivestoconfidentiallydiscussimminentthreatsandjointresolutions

Talent Training & Hiring and Identify & Evaluate Security Tools:

ACSC Research and Training Consortium

• Connectmemberswithemergingstudenttalentthroughco-locationandvirtualprograms

• Developmentofsecuritysolutionsasaresultofresearch• Supportcommercializationofsolutionsemergingfrom

research• Exerciseandwargamingprogramsupportedbyvirtual

infrastructure• FellowshipProgramtoprovideeducationandexperiential

learningprogramtorampupstudentsandearlycareerprofessionals

• PartnerwithUSAFCybersecurityPlugFestProgram

In2015,ACSCpartneredwithPwCtoconductaneedsanalysisonthecybersecurityecosysteminNewEngland.Forplanning,theACSCisusingtheresultstoshapeitsupcominginitiativesandbuildafoundationforitsfuture.ThereportproducedseveralrecommendationsfortheACSCtotakealeadershiprole.ExecutiveDirectorCharlieBenwayinhisopeningaddressexplainedhowthenonprofitconsortiumisplanningtoaddressthoserecommendationsinitsplanningfor2016.Thereporthighlighted4focusareaswhichalignwithACSC’smission:

•improvedthreatsharing•focusedleadershipcollaboration•talenttrainingandhiring•securitysolutionsvisibilityandevaluationChairmanBillGuentherexplainedthevisionfortheACSCinmakingNewEnglandapremierdestinationforcybersecurityresearchanddevelopment.Withitsunprecedentedassetsinuniversities,industry,andgovernment,theregionispositionedtobealeaderincybersecurity.Referencingthetechnologyboomon128inthe1980sandtheBiotechexplosionofthe2000s,hecitesthesuccesswehavehadineconomicdevelopmentwhenweworktogetherwithasharedgoal.

The Advanced Cyber Security CenterWelcome by Executive Director Charlie Benway and Chairman Bill Guenther

“We have made great progress in building trust around threat sharing, now opportunities abound to up our game and increase the value proposition for members.” -- Charlie Benway

1

Benway Guenther

2

The Federal Reserve Bank of BostonGreetings from host CEO Eric Rosengren and presentation by CIO Don Anderson

OneofthefoundingmembersofACSC,TheBostonFederalReserveBankofBostonextendeditsleadershipinglobalcybersecuritybyonceagainhostingtheannualconferenceandwelcomingover100thoughtleadersandpractitionerstoitsfacilitytoexplorethefutureoftheindustry.PresidentandCEOEricRosengrengreetedguestswhileCIODonAndersonprovidedinsightintotheBostonFed’spositioningandgoals.

TheyoutlinedtheinitiativesandstrategiesinwhichtheyareengagedtoenhancethecybercapabilitiesofpublicandprivateorganizationsinNewEngland,asrecommendationstoothers:

• AdvancedCyberSecurityCenter• NewEnglandFinancialServicesThreatSharing• DiscussionwithInternationalBanks• EducationalPipelineDevelopment• EnhancingBankRegulations

Rosengren

Anderson

Toaddresstheongoingdebate,DonAndersonalsopresentedinformationondecryptionwhichrelatedtothethemeoftheconferencemorningsessions.

Motivation for SSL Decryption

• NovisibilityintoencryptedSSLtrafficattheperimeter• SSLisagrowingpercentileoftraffic• GooglesearchesprioritizeSSLresults• GranularApplicationVisibility• BotnetsoftenuseSSLforcommandandcontroltraffic• PhishingattemptsoftenuseSSLlinks• ManyfiletransferappsuseSSL

Extend protections to SSL traffic with SSL Decryption

• ApplicationVisibility&Control• DynamicBlockLists• IntrusionPrevention–Exploitsknownvulnerabilities• NetworkAnti-Virus–Acrossmultipleprotocols• NetworkSpyware/Botnet–Outbound–Phonehome/C&C• URLFiltering–HighRiskWebBrowsingbehavior• MalwareSandbox

To Decrypt or Not

• Novisibilityintoandnocontrolofuser-basedencryptedtraffic

Risk with Perimeter Decryption

• MishandledRootCAorSubordinateCAkeys• ExposureatthePerimeterofDecryptedData• PerformanceorPerimeterFirewallwithTransitionofCRL CheckingfromClienttoFirewall• CertificatePinningStrategies

3

Earlierthisyear,GovernorCharlieBakercalledcybersecurity“oneofthemajorchallenges”Massachusettsfaces,citingarecent30percentincreaseinattacksinthestate.AtaMassInsightevent,hegatheredamongleadersingovernment,industry,andhighereducationtodiscussanagendaforstateeconomicdevelopment.“Thisisn’tjustabouthackers,”saidBaker.“It’saboutgovernments.It’saboutbusinesses.”

Attheconference,ACSCwelcomedstateleadersincludingJayAsh,theGovernor’ssecretaryofhousingandeconomicdevelopment

The Massachusetts Cyber StrategySpecial Guests Jay Ash, Secretary of Housing and Economic Development and Colin Owyang, Deputy Attorney General, The Commonwealth of Massachusetts

Ash Owyang

andColinOwyang,thestatedeputyattorneygeneral.TheyexplainedthesupportforbuildingMassachusettsasacyber-securityleaderasitcompeteswithSiliconValleyandtheDCBeltway,amongotheremergingregionsstrategicallyalignedtowintherole.

Aspartofthepresentation,Owyangprovidedthedataoncybersecurityanditsimminentimpactonthestateinsupportofthestrategicprioritiesondataprivacyandsecurityintheattorneygeneral’soffice.

TheGoingDarkencryptiondebatesurfacedagainonWednesdayatasmallse-curityconferencehere,andasinpreviousiterationsbeforelargertechnicalaudiencesandevenCongress,theissuecontinuestospinonahamsterwheelgoingnowhere.Thistimethenotabledignitarystumpingforso-calledexceptionalaccesswasFBIgeneralcounselJamesBaker,andnotdirec-torJamesComey,reiteratingthattechnol-ogycompaniesshouldfindananswertolawenforcement’sproblemofunlockingencrypteddevices.

Baker—speakingattheAdvancedCyberSecurityCenterconferenceandflankedbycryptoluminarySusanLandauofWorces-terPolytechInstituteandEricWenger,directorofcybersecurityandprivacy,globalgovernmentaffairsatCisco—madethecasethatencryptionhamperslawenforce-mentinvestigationsonalocallevelandsurveillanceeffortsonnationalsecurityandterrorismfronts.

Theothersidearguesthat,especiallypost-SnowdenandtheendlessrunofevidenceoftheNationalSecurityAgency’soverreachonsurveillanceanddeliberateeffortstoweakencryptographicstandards,thatencryptionremainsthebestdefenseagainstgovernmentsurveillanceandadvancedattackerstargetingintellectualproperty.AskingSiliconValleyforhelpinsolvingGoingDark,forexample,seemstobeanunlikelyproposition.

“SiliconValleydistruststheU.S.govern-ment,especiallyaftertheSnowdenleaks,”saidLandau,whowasoneof15authorsofapaperthatlaidouttherisksassociatedwithgrantingthegovernmentexceptionalaccesstoencrypteddata.“IworkedatGoogleshortlyafter[theSnowdenleaksstarted]andtherewereaccusationsofthegovernmenthavingdirectaccesstoGoogle’sservers.TherewasgenuineangerinthosemeetingsbecausetheywerethreateningGoogle’sproduct.Thiscostrealmoneytomanycompanies.Atthesame

Media Coverage of Plenary Session:

Going Dark: The Balance Between Encryption, Privacy and Public Safety Written by: MichaelMimoso,originallypublishedinThreatPostonNovember5,2015

time,Idon’tseeSiliconValleynothelpinglawenforcementwhenthereislegitimaterisk.Thereisinterestinhelpingandself-interestinprotectingtheirbusinessmodel.”

SinceSnowden,technologycompaniesacrosstheboardhaveacceleratedencryp-tionrollouts,withend-to-endencryptionsecuringYahooemail,GoogleencryptingconnectionsbetweenitsdatacentersthatwerebeingtappedbytheNSA,andApplerelinquishingcontroltotheuserofencryp-tionkeyssecuringiOSdevices—thetrueharbingeroftheGoingDarkdebate.

“Thisisaboutruleoflawandthefunda-mentalrightswehavefromtheConstitu-tion,creatinglawsthatenablegovernmenttoobtaintheresultsofsurveillanceinwaysthatareconsistentwithconstitutionalrights,”Bakersaid.“Today,that’snothap-pening.Wearenotabletousewhat’savail-abletodaywitha4thAmendmentwarrant.Wedowhatthelawrequires,showupwithacourtorder,andcan’tgetthefruitsofsurveillancebecauseofencryption.”

LaundauandWenger,however,countered

Michael Farrell, ModeratorCybersecurity Editor, Passcode

Panelists:

James BakerGeneral Counsel,Federal Bureau of Investigation

Susan LandauProfessor, Cybersecurity Policy, Worcester Polytechnic Institute Eric Wenger, Director, Cybersecurity and Privacy, Global Government Affairs, Cisco Systems

Farrell, Landau, Baker, Wenger

Landau

4

thattherearealternativesavailabletohelptheFBIandlawenforcementcompelcom-paniestoturnovercustomerdata.

“SomeonewiththeNSAoncesaidtome:‘Thelawinthecaseofawiretapwarrantgivesustherighttocollectinformation.Itdoesn’tsayitshouldbeeasy,’”Landausaid.“TheFBIisinareallyhardspot,andpartofthatisbecauseofthewaywedefinethepoliticaldiscussion,whichiszerofailure.AskingtheFBItohavezerocasesofter-rorismisnotplausible.”

Companies,meanwhile,needencryptiontosecuretransactionsandprotectintellectualpropertyfromleakingoverseas.Activistsinoppressedregionsrequireencryptionnotonlytofostertheircauses,butinsomecases,tomaintainpersonalsafety.GoingDarkproponentsfearthatsplitkey-escrowsolutionsthathavebeenproposedwillonlyfurtherweakencryptoandcertainlyincreasecomplexity.

“Ifwewereabletoengineeramechanismwherewe’resplittingakeyandhavingathirdpartyescrowitwherethegovern-mentcouldaskforit,theverynextthingthatwouldhappenisthatChinaetalwillaskforthesamesolution.Andwe’reunlike-lytogivethemthesamesolution,”Wengersaid.“Complexitykills,andthemorecom-plexyoumakeasystem,themoredifficultitistosecureit.Idon’tseehowdevelopingakey-basessolutionsecuresthingsthewayyouwantittowithoutcreatingagreatdealofcomplexityandhavingothergovern-mentsdemandthesamething.”

Landaumadethesamecomplexityargu-ment,andfortifiedhercasethatexception-alaccesswouldalsobreakforwardsecrecy.Withforwardsecrecy,nowconsideredabaselineencryptionrollout,ephemeralkeyssecurecommunicationratherthanoneprivatekeysecuringallsessions.Shouldanephemeralkeybecracked,allfuturecom-municationremainssecure.

“Thecomplexityof165to200nations,eachwithaccesstokeys,isunimaginable,”Landausaid.

Baker,meanwhile,stoodbythestancethatComeytookbeforeCongressinJulywhenhevolleyedtheissuebacktotechnologycompanies,tellingthemtoessentiallytryhardertofindasolution.

“We’relookingforhelp.Wewantallthesmartpeopleinthiscountrytohelpusfigureoutthiscomplicatedproblemwe’vebeenstrugglingwithforalongtime,”Bakersaid.“Atthemostfundamentallevel,itisabouttherelationshipbetweenthepeopleandthegovernmentwhenitrelatestosurveillancebythegovernmentofthepeopleandunderwhatsetofcircum-stancesdopeoplewantthattohappen.Whatdoyouwantustodo?Whatrisksareyouwilingtotakeandwhatcanwedotomitigaterisksouttherethatexistonallsidesoftheequation?”

Goto:www.ThreatPost.com

Plenary Panel

5

ACSCAnnualConferenceBreak-OutSession

Anatomy of a Forensic InvestigationLaunchedandsupportedbyMassInsight

6

Chris Sloan, ModeratorAssistantVicePresidentandSeniorCorporateCounsel,LibertyMutualGroup

Panelists:

Nick BennettDirector,ProfessionalServices,Mandiant

Josh CatellaECSAP(ElectronicCrimesSpecialAgentProgram)AgentandForensicExaminer,UnitedStatesSecretServiceSloan

There’sareasonwhycybersecurityisgrippingthenationtoday.It’snotbecauseofjobsoreconomicdevelopment.It’snotbecauseoftechnologyandinnovation.It’sbecausecountlesspeoplearevictimsofcybercrimeeveryday.Companiesarefortifyingtheirdefensesagainstcriminalsandpreparingfordatabreachesthat,inseriousincidents,canresultinaforensicsinvestigation.

Formanyorganizations,especiallythosewithlessmaturecybersecuritypostures,thisisanuncharteredterritory.Thissessionwasdesignedtoprovideinsightnotonlyinhowaninvestigationworks,buthowtoprepareforoneintheeventyouarevictimized.Panelistsprovidedascanofthelandscape,posedquestionstothinkaboutinplanning,andofferedrecommendationsonhowtoapproachaninvestigation.

“Being prepared for a forensic exam means that you have developed an incident response plan, hired and trained techni-cal staff, educated your employees on identifying cyber threats, gotten to know your local law enforcement, and practiced, practiced, practiced!” -- Chris Sloan

-Doyouunderstandthe attorney client privilege

How can companies partner with law enforcement before a breach occurs?

•Invitelawenforcementtoyourfacility•Conductajointtrainingexercise•Exploreinformationsharing•Participateinthreatsharingorganiza-tions

-ISAC -ACSC -InfraGard

What should a company’s security breach plan include?

•Shouldbewrittenandfrequentlyup-datedandtested

•Shouldidentifykeysystemsandbackups•Shouldestablishacoreresponseteamthatincludesmultipledisciplines

-IT&Technicalspecialists(internalandexternal)

-Communications(internalandexternal) -Businesspartners(internalandexternal) -Legal(internalandexternal)•Escalationprocess•Howtocollectandpreserveevidence,logfiles,criticalevents

Framing the discussion: recent cybersecurity headlines

•CybersecurityInformationSharingAct–PassedUSSenate74to21–immunityforsharing

•Dept.ofDefenseBreachReportingruleforcontractors–mustreporttoDoDwithin72hours

•USDC(Minn)upholdsattorney-clientprivilegeforcyberinvestigations-2013Targetccbreach

•EuropeanCourtofJusticeinvalidatesEU-USSafeHarborAgreement

•Chinaproposesnewcybersecurityrulesforinsuranceindustry–BODaccount-abilityforsecurity

•USandUKtotestfinancialcybersecurityresponseinNYCandLondon

Questions to consider to prepare for a forensic investigation

•Whoarethepeopleandsystemsthatyouwillneedaccesstoinordertocon-ductaneffectiveinvestigation?

•Areanysystemsoremployeestobetaken“offline”duringaninvestigation?

•Whatarethepitfallscompaniesshouldwatchoutforduringaforensicinvestiga-tion?

-Doyouunderstandthe rules of evidence -Doyouunderstandthe importance of confidentiality

•Whenandhowtoengagelawenforcement

•Whenandhowtoengagethirdpartyspecialist

•Whenandhowtoreportadatabreach(statutory)

•Whenandhowtocommunicatewithemployees

•Whenandhowtonotify/respondtomedia

•Whenandhowtomonitorsocialmediachannelsforinformation

Recommendations for planning to deal with a data breach and a resulting forensic investigation

1. Haveanestablishedplan2. Hireandtraintechnicalstaffwho

havetherightcredentials3. Educateemployeesonidentifying

threats4. Gettoknowyourlocallaw

enforcement5. Participateininformationsharing

opportunities6. Stayabreastofnewsandlegislation

regardingcyberthreatsandtrends7. Testandimproveyourresponseplan

AnatomyofaForensicInvestigation

7

Sloan, Bennett, Catella

What does operationalize mean?

• It’s risk management.Thefirststepinoperationalizingcyberintelligenceistoincorporateitintotheenterpriseriskmanagementprogram.CybersecurityshouldnolongersitinanisolatedITfunction;itneedstobewholisticandsystem-wideinitsexecution,commu-nication,andmaintenance.Fromthemailroomtotheboardroom,theentirecompanyshouldbeoperatingasguardiansofthecorporatedata,thecustomerinformation,andaccesstothenetwork.Manycompaniesaresegmentingaccesstodataattheindividualleveltolimitthevulnerabilitiesacrosstheenterprise.

• Be proactive.It’sbecomingmorecommontoapproachoperationalinformationsecu-rityfromaproactiveposture.Cybersecurityhastraditionallybeenareactivefunctionandinmorematureoperations,apreventativeinitiative,oraplanningfunctionmeaningwhatistheplaniftherewereanattackorabreach.Thenewmodelincludes“hunters”ordedicatedprofessionalsscanningthenetworkandlikeforensicspecialistsareseekinganomaliesonthenetwork,searchingforbadactors,andattemptingtoidentifycampaigns.Thisnewlayerofdefenseiscreatinganewcybersecurityroleinthecyberkillchain.

• Manage insider threats.Anevolvingspaceinoperationalizingcyberintelligenceismanaginginsiderthreats–thosewhofallwithin“sphereoftrust”–employees,suppli-ers,thirdpartyvendors,orcontractors.Forexample,BoeingcallsitsprogramCLARITYwhereanyonewithaccesstonetworkisthesubjectofanalysis.Theylookattheindividu-alintermsofhowmuchaccessdotheyhave,whatlevelofsensitivityisthatinformation.Theythencategorizelevelofrisktheyrepresent.Otherswithinherentlytargetedroles,orhigh-valuetargetsarealsomonitored.ThisnotonlyincludestheC-suite–wheretradesecretsorIPmaybehoused,butteammemberswithaccesstothetwittercredentialsorotherentrypointsintothenetwork.

ACSCAnnualConferenceBreak-OutSession

Operationalizing Threat IntelligenceLaunchedandsupportedbyMassInsight

8

James Caulfield, ModeratorAssistantVicePresident:PKIandPIV-1,FederalReserveNationalIT

Panelists:

Bruce BakisPrincipalCybersecurityEngineer,TheMITRECorporation

Christopher HarringtonSeniorConsultingSecurityEngineer,EMCCriticalIncidentResponseCenter

Peter KurekCPT,InformationAssuranceManagerandComputerNetworkDefenseTeamChief,MassachusettsArmyNationalGuard

John ToomerDirector,Intelligence,InformationandCyberSystemsDefense,SpaceSecurityGroup,GovernmentOperations,TheBoeingCompany

Bakis “ The threat-sharing movement is growing because people realize the value and benefit it provides to an ecosystem not only for intelligence sharing, but for a best practices.”

-- Bruce Bakis

The rule or the exception?

• A larger lens.Inthinkingaboutthebenefitsofthreatsharing,thepanelrecognizedthattheworstthreatistheoneyoudon’tknowabout,sowhenyoushareinformation,evenwithcom-petitors,youcangeneratethebiggerpicture.Forexample,inthefinancialservicessector,ifonecompanyidenti-fiesabreach,itcouldbeanattackonthesectornotsimplythecompany.Sharingallowspeergroupstoinvesti-gateusingthesharedindicators.Thisallowsforidentificationoflargermoredangerouscampaignsandcanhelpindustriescreateastrongerdefense,notjustenterprises.

• Understand the context.StandardssuchasCRITS,STIX,TAXIaremakingthreatsharingmoreviable.ThemachinetomachinesharingistakingholdbutthehumaninteractionsaregrowinginnumberssuchasCyberTuesdaysfromtheACSCandtheNationalGuard’sinfosharinggroup.ThelaunchofISACs

One operational defense model

•Thefirstteamcollectsinformationfromfirewallsandknownindicators.Iftherewereknowledgeofabreakintothenetworktheteamfindsevidence,thenfollowsthechainofcustody.

•Thesecondhuntteamisinsidethenetworksearchingforadditionalcompromisesandtryingtodetectwhereelseattackerscouldbelocated.

•Thethirdteamofanalystsobtainsinformationfromhuntteamandanalyzestheintelligencereportonincidentandsuggestsadditionalindicatorstolookforinthenetworkandthehuntersreturntotheirsearchwiththisintelligence.

•Theseteamscollaboratetoremediatethevulnerabilitiesandbegintothwarttheattackandstrengthenthenetworkforfutureattacks.

•Thereisawell-positionedmanagementteamthatcomestogethertocoor-dinateeachstageinthekillchaintomanagethesituationbycommunicatingactionplansbetweeneachteam.

–fromthefinancialsectoronefrom1998totheaviationIASACof2015–aremakingitmorestandardizedtogiveinformationaswellasreceive.Thevalueoftheseface-to-faceinteractionsliesintheanalysissuchasdeterminingthecontextofthethreat.Itisimportanttoknowtheatomicindicators–sotheITsecurityteamcaninvestigate–butitisprobablymorevaluabletoknowwhoisbehindthethreat,whatdotheywant,andwhataretheirmotivations.Thisisthetypeofintelligencethatmachinesarenotabletoconvey.

• Strength in numbers. Whengroupsworktogetherinthiscollaborativewaytheycankeepacollectiveeyeontheecosystem.Theycanaggressivelymoni-torhactivism,forexample,whoisusingsocialmediatoattackacompanyandisitpossibletheyaretargetingsomeonenext?Whatarepeersseeinginthecyberspacethatcouldaffectthem?Forexample,isAnonymouslookingatacertaingroup–doyouhavetiestothatgroupororganizationthatisbeingtar-

OperationalizingThreatIntelligence

9

Krebs

Caulfield, Bakis, Harrington, Toomer, Kurek

“The best conversations I have had within the ACSC were not about atomic indicators, they were about presenting an interesting problem, talking about it, and really digging into it.”

-- Jim Caulfield

geted?Sharingbecomesacollegialeffortandjustasthebadactorsunitetomoreeffectivelypenetrate,thedefensescanstrengthenwiththepowerofnumbers.

Where do we go from here?

• Involve leadership.InvolvingtheC-Suiteandcorporateboardsincybersecurityisbecomingincreasinglyimportanttotheenterprise.Butinadditiontosim-plyasenseofawareness,theymustbeaccountableforbudgetdecisionsandresourceallocationinthisspace.Threatsharingandtheresultingintelligencecanhelpinformtheseinvestmentdecisions.Ifthesecurityteamcanreportonthreats,attacks,orbreachesaffectingpeerinstitu-tions,itbuildsastrongerargumenttosupportincreasedattentionandfundingtofortifythedefense.Inadditiontothethreatindicators,whichweretypicallysharedbydelayedfeeds,moreenter-prisesarelookingforcontextualinforma-tiononbadactorsandmoreimportantly,bestpracticestodealwiththem.

threatsharingcouldplayarole.Theissueinmoreautomatedcybersecurityisthatsomerulesmayworkforonesector,butnotforanother.Forexample,blockingmalicioustrafficautomaticallyforonetypeoforganizationmaynotbenecessaryforanotherorganizationfromanothersector.Investinginthecyberse-curitytalenttomanagethetools,analyzetheactivity,anddeterminethecontextisstillimportant.Thehumanaspectisstillneededtoqualifythethreatactivity–sowhiledisseminatingtheintelligencemaybeviablewithanautomatedsolution,themanagementoftheintelligencestillrequiresprofessionals.

OperationalizingThreatIntelligence

• Threat sharing is gaining.Thereiscur-rentlyinterestinISAOsbecauseevery-oneisrealizingthevalueandbenefitthreatsharingprovidestoanecosystem,notonlyforsharingintelligencebutfordevelopingbestpracticesandproofpoints.Whilecriticsmaysuggestthatthesefederally-endorsedvoluntarysharinggroupsaresimplyopticsfortheWhiteHouseontakingastandoncybersecurity,thepanellaudedtheprocesstheyprovideandunderscoredtheirvalueinbringingthreatshar-ingtoabroaderaudience.Thereisasensethatmembershipsharinggroups,throughtrustagreements,willbeinte-gratedintoafederatedthreatsharingmovementinthenearfuture.

• Invest in cyber talent.Thepanelagreedthatoneofthechallengeswiththreatsharingisthedelayingettingintel-ligenceandthediscussionmovedtoautomatedthreatsharingforwhichtherewasadivide.Toreducethecopyandpastetediumofsharingandtoeliminatethetimedelay,automated

10

“Threat sharing can be done on many different levels.” -- Peter Kurek

Kurek

Toomer

Inthe1980s,tobuildnationalcompetitivenesstherewasatechnologyracetobeatJapanthatwaspoisedasaleaderintechnology.Asaresultofthisnationaldrive,therewerenoregulationsplacedonindustrytogetahead.ThefederalpolicywastodominateinallareasofIT.TheresultwasMicrosoft,Dell,Appleandthecountlessotherinternationalmarketleaders.Thepricewasbuildinghardwareandsoftwarewithsecurityasanafterthought.

Nowweareinastateofhardeningoursystemsafterthefact–introducingtheexplod-ingindustryfocusedoncybersecurity.Unfortunately,theU.S.isatanimmaturephaseinregulation.Thereisnogeneraloverarchinglegalstandardforcyberpreparedness.Defensecontractors,healthcare,financialservicesandothermorematureverticalshavesomestandards,buttheyareusuallylimitedtothespecificindustry.Thedefault“standard”isthatcompaniesmustdemonstrateareasonablenessintheirefforts.Butwhatdoesthatmean?

ACSCAnnualConferenceBreak-OutSession

Discernible trends in regulations:

1. Substantive–Incertainindustries,thereareregulatorsthatrequirecertainstan-dardsbemetandguidelinesbefollowed.Forexample,HIPPArules,DoDchecklists,adoptingNISTcybersecurityframework13636EO,orvoluntarilyadheringtoSECandFTCrecommendations,whicharegain-ingmoretraction.

2. Market-Based–Whendealingwiththirdparties,whatareenterprisesrequiringintermsofsecurityposture.Supplychainwillhavetoraisetheirgametodealwithregulatedentitiesleadingtoatrickledownprocess.Forexample,asthecyberinsur-ancemarketisgettingmoremature,doestheinsurerrequirethecompanytoproveit

What is Reasonable in Cybersecurity? Responsibility and Accountability for Cybersecurity Practices

LaunchedandsupportedbyMassInsight

11

Moderator:Chris Hart, Esq.Associate,FoleyHoagLLP

Panelists:

Gus Coldebella Principal,FishandRichardson;FormerActingGeneralCounsel,U.S.DepartmentofHomelandSecurity

Deborah HurleyFellow,IQSS,HarvardUniversity

John Krebs, Esq.DivisionofPrivacyandIdentityProtection,FederalTradeCommission

istakingstepsforcybersecuritytowriteapolicy?Isthereanissueofnegligencecare?Didthecompanydowhatitsaiditwasgoingtodo?Didtheofficersandboardscompletelyignoreredflags?Theseareallfallingintotherealmofbe-ingreasonable,notsimplyjustonething.

3. Disclosure-Based. –Thisinvolvesdoingwhatisrequiredintermsofdisclosures.Forexample,47stateshavePIIbreachlaws–ifabreachinvolvespersonalidentityinfo,theremustbeadisclosuretothatperson–orevenmoregenerallyannounced.ThisregulationhascausedindustrytofocusonPIIsecuritytotheexclusionofotherdatathatisatrisksuchastradesecrets,high-levelcommu-nications,andnationalsecurityissues.

“ For a long time we have known what has to be done, but now starting to implement.”

--Chris Hart

andcybersecuritybudgets.Aretheyfundingthenecessaryinitiativestokeeptheirconsumerdatasafe?

• The regulations paradox.Companiesarewitnessingregulatorsbringingac-tionagainstenterprises,buttherearenoregulationstofollow.Thelessonslearnedareinstructive,butseemfluid.Thecompaniesareoftenrequestingtheseregulationssotheycanpreventlegalaction–butontheotherhandareresistingregulationsfortheirpossibleprohibitivenature.Makesitdifficulttodefinestandardsinaconcreteway.

Why is security growing?

1. U.S. losing market sharebecauseifU.S.productsarenotsecure,globalcustomerswillnotbuythem,whichisbeingdemonstratedinmajormarketcountrieslikeBrazil.

2. Business has to shoulder the losswithabreach.Smallandmediumsizebankscan’tbearthecostsofmakingindividu-alswholeandpayingforbreach.

What already exists?

• FTC lessons learned. TheFTCoper-atesunderthedoctrinethatapracticecanbeunfairifitcausesorcouldcauseharmtoaconsumer.In“StartwithSecurity:AGuideforBusiness,”theFTChasexamined50+securitycasesandsummeduplessonslearnedincaselawandprovided10majorsubjectionsrelevantacrossapplications,mobile,networksecurityforanythingconsumer-facingorproduct-based.IthasbroadjurisdictionfromlargecorporationslikeWyndhamtoasmallmortgagebroker.Theenterprisecanlookatthesebestpracticesanddeterminehowtheymayapplytotheiroperationsorsituation.

• Wyndham outcomes.ItisimportanttolookattheWindhamcase,whichwasoneofthefewthatwenttolitigationsincemostFTCactionsaresettledpriortocourt.InSection5oftheFTCact,theunfairnessdoctrinebecamecentraltothecase.Thecostbenefitanalysisbe-camethedeterminingfactorinthefinaldecisionsdemonstratingthatcompaniesshouldexaminetheirownsituations

What is reasonable?

• The process is vital.Fortheentitiesthataretakingactionagainstcompanies,whiletherearenouniversalregulationstocite,thecybersecurityprocesscanbemeasuredforreasonableness.Mostenterpriseshaveariskmanagementprogram.Ifthecompanycanshowthatcybersecurityhasbeenintegratedintotheprogram,itmaydemonstratealevelofreasonablenessthatregulatorscanevaluate.Aretherightpeopleinplaceoverseeingit?It’snotalwaysaboutwhathastobedonetactically,butareplansinplace?Hastherebeenariskassessment?Havedataassetsbeenreviewedandde-terminedwhatneedstobeprotected?

• A breach does not mean you are liable,itisaboutyouractionsyoutakeintothatmatterandareweighed.Thegoalofregulatorsandenforcementagen-ciesisnotto“nitpick.”Giventhatdatabreachesareinevitableforentitiesandthatinessence,companiesarethevic-tims,theyarenotautomaticallytargetsofregulators.Theystartinvestigationsbutmanyclosebecausetheycanlookatthebigpictureanddeterminethatthecompanywasbeingreasonableintheirapproachtopreparingforitandthendealingwithit.Thisusuallyisonacase-by-casebasismakingstandardsmoredifficulttodefine.

• Help is OK.Enterprisesneedtorealizethattheenforcemententities–attorneygeneral,SEC,FTC–arenotlookingtoblamethevictimofacrime.OtherentitieslikeDHS,NSA,FBIcanbeveryhelpfultovictims,butcompaniesareoftenafraidtosharebecausethereisaperceptionthattheyaregoingtouseitagainstyou.Leadershipintheenterpriseshouldfeellessthreatenedbysharinginfowithgovernmentwhentheyareinthesemitigationscenarios.

What are the challenges?

• Lack of data on threats. Thereoncewasashameassociatedwithbeingbreached.Mostcompaniesconcealedtheincidentforfearofmarketlossor

WhatisReasonableinCybersecurity?

12

Krebs

“We don’t want to stifle innovation, but at the end of the day we are a law enforcement agency.” --John Krebs

reputationaldamage.Thereneedstobemoreavenuestosharethreatdata.OnesuggestionwasstandingupnonprofitsliketheACSCtogather,sanitize,andsharewhatisgoingonintheecosystem.Thisprovidesmoretractioninsharingdatatosolvetheseproblems–andcom-paniescanbemoreproactiveintheirreasonableactionstoprepare.

• Supply chain is very important.Therearestepstotaketodemonstrateyouaremanagingthesupplychainassets,suchasputtingprovisionsinthecontracttomakesurevendorsaredoingwhattheysaytheyaredoing.Plus,addingsegmenta-tionandaccesscontrolstowhichdatathethirdpartiescanaccess.

• It’s a breakroom issue. Similartothirdparties,eachemployeeisadatamanager.Thecompanyneedstoeducatetheemployeeontherisksoftheiractivityonthenetworkandthedatatowhichtheyhaveaccess.Morethanhalfofworkerssaytheyusetheirworkcre-dentialsforoutsidepasswords,whichishighlyappealingforbadactors.WiththeoverwhelmingBYODtrend,companiesneedtoprovidereasonablenessforthemultipleentrypoints.Aspartofariskplan,enterprisesneedtoaddressthefactthatemployees,whethertheyarefatigued,negligent,illtrained,needtimeandattentioninthisspace.

• Prove you are trying to stay secure. Ifyouhavedoneariskanalysisandpri-oritizedmitigationcosts,thenshowyouhavetakenstepstoaddresstheissuesyoucanaffordtofix.Also,completearecordofcompliancewiththeboard.Writeandmakeaccessibleanactionplan.Regulatorsaremorelikelytomoveforwardagainstcompanieswhohaveclearlyignoredrisk.Understandexistingcaselawwherethelawsofnegligenceapply.Thefailurehasnotbeeninthetools,butinthelackofplanningorstrategy.Reasonablenessisseeminglyabouttheprocessandifyoudon’thavetheprocessorcan’tprovetherewasaprocess,yourisktheconsequences.

Recommended process:

1. Develop a comprehensive information security plan

2. Assign someone to be in charge of it3. Complete a risk assessment4. Develop a safeguard program then

monitor and test it5. Make sure third parties adhere to it6. Modify as situations change

WhatisReasonableinCybersecurity?

Next steps

• Regulation may become a realitysoon-erthanlaterandthe“wildwest”maymovetowardssomeuniversalpractices.Thepanelsuggestedthatregulatorsbeginwiththealready-regulatedsectorslikehealthcareandfinancialservices.Buildingprogramsinthesesectorsthatareusedtodealingwithstandardsandreportingcompliancecanhelpshapehowregulationscanbecomeuniversalregardlessoftheindustrysector.

• It’s about shielding from liability. Asoftodaythereisnosetofrules,butstepstotaketoproveyouaremakingacon-certedefforttoprotecttheassetsforwhichyouareaccountable.Thepanelrecommended(1)readingtheFTCbestpractices–anddevelopingwaysyouwouldbeabletoshowthemhowyoualignedwiththelessonslearned;(2)reviewtheISOstandard–27018andcomplywiththat“codeforpracticeforprotectionofpersonallyidentifiableinformation(PII)inpubliccloudsactingasPIIprocessors.”

13

Coldebella

“It’s beginning to take hold that cyber is a boardroom issue.” --Gus Coldebella

“Security of the information system is defined by including the human beings that are interacting with the system.” -- Deborah Hurley

Hurley

Session Sponsored by Allied Minds.NewEngland,Massachusetts,andspecificallytheGreaterBostonregionarewellknownfortheiracademicexcellence,theirindustryclusters,andtheirpoliticalclout.Unfortunately,unlikeotherregionsintheU.S.andtheworld,collaborationtobuildafocusedregionalbrandhasfallenshort–mostnotablyintheareasofcybersecurityresearchanddevelop-ment.Despiteacollectionofsomeoftheglobe’smostcovetedassets,thereisnocurrentumbrellaunittopoolresourcesfromuniversity,industry,andgovernment.Untilnow.

ACSCAnnualConferenceBreak-OutSession

Working together

• Maximize strength. Whilethereareexist-ingcollaborationstheyareoftensiloedandlimitingwhenitcomestofundingmanagement.Acenterwouldhelpbring,traditionallycompetitiveentitiestogetherandfocusontheirindividualstrengthstobuildastrongwhole.Forexample,busi-nesseswithmorematuredataanalyticscapabilitiesworkingwithcompanieswithbroadernetworks–orauniversitywithastrengthinfinanceeducationwork-ingwithacollegefocusedonteachingtechnology.

• Centralize services. Thecentercouldmanagegrantsonalargerscale,couldhouseamalwaredatabankforprojects,

Defining an Effective Research Consortium Operation and Agenda LaunchedandsupportedbyMassInsight

14

William Guenther, moderatorCEOandFounder,MassInsightChairman,AdvancedCyberSecurityCenter

Mel BernsteinSeniorViceProvostforResearch&GraduateEducation,NortheasternUniversity

Brian LevineProfessor,CollegeofInformationandComputerSciences,UniversityofMassachusetts

Jothy RosenbergGroupLeader,InherentlySecureProcess,CyberSystemsGroup,Draper

John SerafiniVicePresident,AlliedMinds

Howard ShrobePrincipalResearchScientist,MITCSAIL

Jack WilsonPresidentEmeritus,UniversityofMassachusetts,andDistinguishedProfessorofHigherEd.EmergingTechnologies,andInnovation,UniversityofMassachusettsLowell

“There is a lot of collaboration to commercial-ize a novel idea, but we need to move to a place where we are incubat-ing talent so they can learn, get trained, get employed and make a differ-ence in society.”

--Brian Levine

andmostimportantlysupplythedatare-quiredformanyoftheseprojectsthatisoftendifficulttoobtain.Itcanbeaviablewayforacademicstoapproachindustryandworrylessaboutprofitandthinkmoreaboutlong-termpartnerships.Asanon-profit,thecenterisbeingdevelopedtounitetheseassetswithafocusoncybersecurity.

Cybersecurity’s 3 dimensions

AccordingtoJackWilsonwhosetaframe-workforthediscussion,therearethreedimensionstothecybersecurityissue.

1.Wehaveresourceslocallythatareunmatched.Wehaveincredibleindividualbrandsbutinsufficientbrandmanagementwhenitcomestothe

graduatelevelandcontinuesthroughtograduatelevelresearch.”Heunderscoredhowresearchprojectscouldbeoutlinedacrossthecontinuum.

1. Undergraduate students.Concentrateonaseriesofproblemsthatcanbeandshouldbeabletobesolved.Studentcapstonesareanexampleofdifficultbutself-containedprojectsthatcanbemanagedthrougharesearchcenter.

2. Master’s degree candidates.Poseaproblemthatisopen-endedinscopebutnotintimesincetheymustfinishinordertoearntheirdegree.Thecentercouldhelpstudentswiththeirdiscreetresearchprojects.

3. PhD candidates. Thesecanbemorecomplex,larger-scaleresearchprojectswhereaproblemmustbesolvedinordertotakethenextstepforward.Theresearchcentercouldbeahomebasefordiscoveringthesemorepressingsolutions.

regionasawhole.

2.Wehavestrengthsinhealthcare,medi-caldevicesandbiotech,plusfinancialservices.Toeachsector,cybersecurityplaysasignificantrole,butnooneisworkingtogethertocreatecross-func-tionalsolutions.

3.Wehaveanissuewiththetechnologyofpolicy.Technologychasespolicy,forexample,policyoperatesthroughtheviewofdecadesandtechnologyoper-atesatamuchfasterpace,sometimesweeksormonths.

Ready and able

MelBernsteinprovidedtheuniversityperspectiveandframedafoundationforaproposedcenterthatfocusedontalent.“Wemustbegintorecognizethatuniver-sitiesarefullycapableofworkingacrossdisciplines,”saidBernstein.“Wehaveallthetalentwhichbeginsattheunder-

The time is now

• Higher education trends. TosupporttheneedforacenterHowieShrobeidentifiedtwosignificanttrendsinhighereducationincluding(1)Enrollmentisgrowingtoobigincomputerscience–cybersecurityisalargecomponentofthatgrowth;(2)Studentswantintern-shipsandhands-onexperiencetolearnoutsidetheclassroom.

• On everyone’s mind.Theconditionstomovethisalongseemtobeidealastheintersectionbetweenwantsandneedsishelpingfueltheconversationaccord-ingtothepanel.Thereisagrowingneedtofindcybersecuritysolutions–thinkofthesignificantretailbreachesoverthepastyear,includingOPMdemonstratinganeedatthegovernmentlevelaswell.Andthereisagrowingdesireamongthestudentpopulationtoengageandcontributetosolvingtheseproblemsastheybecomeoneofthemostpressingissuesofourtime.

• Losing human capital. ThechallengeisthatthepeopleweeducateandthecompaniesweformhereendupinCalifornia.Weneedtobecreativetodeterminewhatrunscountertothattrend,anddevelopaunifiedefforttostopthisexodus.Sonotonlybuildingaregionalcybersecuritybrandisvital,butgivingouryoungpeopleareasontostayandbechallengedisvitaltosupportingthisproposedbrand.

What’s the pitch?

• Make a statement.Thepanelproposedvariedviewsofhowtoframethecen-ter’sgoal–howtheywillpositionwhatchallengestheywillattempttoface.Theyrangefrombroadstatementslike“removecybersecurityasanationalse-curityproblem”tomorediscreetsolu-tionslike“buildagreatmicroprocessor.”Butthepanelagreedtheregionneedsabrand,especiallywhenitcomestosolicitingpartners,engaginginfluencers,andofcoursepitchingfundingsources.

• Define the project.JothyfromDraper

DefininganEffectiveResearchConsortium

15Guenther, Bernstein, Levine

“ We must begin to recognize that universities are fully capable of working across disciplines.” --Mel Bernstein

recommendedpitchingtheideaofdevelopinganinherentlysecureproces-sor,whichwouldspawnavarietyofprojects.Securingindustrialsystemsaswellassecuringtheelectricalgridwereproposedpitchideastohelpidentifyaprojectthatstudentscouldgetexcitedabout,thatindustrywanted,andthatcouldbebroughttoscale.Othersused

Ourcurrentworkcanhelptheregionestablishcredibility.

• Prepare for federal funding.Inaddition,wecanbebetterpositionedtosecurefundingifthegovernmentcreatesfund-ingopportunitiestodealwithwhatisbecominganationalcrisis.Thegrouprecalledthefederalfundinginmanufac-turingthattheregionmissedoutonforlackofpreparation.

• Just do it. Sowhilesomewarnedaboutputtingthecartbeforethehorse,therewasconsensusthatwithintheACSCmembershipstepscouldbetakenrightnow.Defineabroadergoal,createapitchandabrand,andstartstandingupresearchprojectsthatwillrollupintothem.Theresultwillbeastrongercommunitydesignedtoshapethefuturecybersecuritytalentaswemoveto-wardsanerawherecyberthreatsareathingofthepast.

DefininganEffectiveResearchConsortium

themetaphorofcuringcancer–agrandchallenge–thathaslargerbrandimplicationsandmaybetterengagewithbroaderappeal.Thepanelagreed,thatregardless,ithadtobedevelopedtomobilizetheacademiccommunitytoworkwiththebusinesscommunitywithsupportfromthegovernment.

The real grand challenge?

• Who’s paying?Thepanelagreedthatthebiggestchallengeinadditiontothecraftedpitchisthefundingsource,whichseemtogohandinhand.Ac-cordingtoJackWilson,moneyistheuniversallubricant,andhesuggestswebeginnowbydevelopingmorecollab-orativeapproachesliketheMHTGCC.HesaidtoinvolvetheVCcommunitycoupledwithstrongclustersintheregionsuchashealthdataandfintechtobuildproofpoints.SerafiniaddedthatgettingupandrunningnowandconvertingtheIPintocompaniescanprovethatwehavethepowertoscale.

16

Rosenberg

Shrobe Wilson

“We have a way to get students and academics excited about working around a project and industry wants.”

--Jothy Rosenberg

“If we put it all together and create a targeted pitch, the region can leverage this activity.”

--Jack Wilson

“If we put it all together and create a targeted pitch, the region can leverage this activity.”

--Jack Wilson

Security Analysis of USB TechnologyDaniel R. Noyes, Graduate Student, University of Massachusetts Dartmouth

OneofthemostcommonlyusedstandardsinthecomputerindustrytodayistheUniversalSerialBus(USB).Throughtheuseofacommonbus,USBallowsnumer-ousperipheraldevicestheabilitytocommunicatewitheachother.SeveralleadingcompaniesintheindustryhaveadoptedtheUSBstandard,designinginterfacestobettertransmitdatabetweendevices.Theusageofthistechnologyspansfromprintersandstoragemediatouserinputdevices,suchasdistributedpowersourcesforcellphones.Sincethesedevicesareubiquitousinoureverydaylives,ensuringtheirsecurityisessential.USBdevicesarenotoriousforexposingunnecessarysecurityvulnerabilitiesincomputersystems.Duetothesesystematicandwidespreadinsecurities,methodstoprotectcriticaldevicesarevital.Withconfidentialandsensitivedataontheline,howcanthesedevicesmaintaintheirintegrity?ThisprojectaimstoanalyzetheUSBprotocolregardingvulnerabilitiesaswellasex-perimentingwithsecuritymechanicstoprotecttheUSBfrombothpassiveandactiveattacks.Theprojectlooksatvarioussecurityincidents,andprovidesabasistoshowthepotentialthreatofanyinformationcommunicationusingtheUSBprotocol.Thisinfor-mationwhichistransmittedbetweendevicescanbeambiguous,andissusceptible.Theworkthenexaminesthestate-of-the-artsecuritymeasuresdeployedincurrentUSBtechnology.Itwillalsowilllookatvariouspossiblemethodstoimprovethesecurity.

Intoday’stimewewitnessnumerousincidencesinvolvingsecurity.Theseincidencesaf-fectbothconsumersandbusinessesalike.Forexampleifacommondeviceisinfectedwithmalicioussoftware,whatarethechancesthatthisinfecteddeviceswillcapturedatafromauser?Whatarethechancesthatthisdevicewillbeabletorelaythedatatosomeoneelse?Withthecommonideaofthe“InternetofThings”(IoT)wecanseethisideaasapotentialthreatformaliciousintrusionuponusers.Theresultsofthisprojectwillhelpprovideconsumerswithguidelinestoassistinproductselection,anddirectfutureeffortstostrengthenUSBsecurity.Thiswillalsoopenthedoorforfurtherdevelopmenttowardsbuildingaresilientsystemfortoday’stechnology.

Discovering the Next Generation of Cyber Talent in New England:

The ACSC Cybersecurity Poster Session Hosted by:Dr.HowardShrobePrincipalResearchScientist,MITCSAIL

HostedbyDr.Shrobe,theACSCCyber-securityPosterSessionwassponsoredbyAlliedMindsand.406VenturestopromotethetalentandinnovationincybersecuritybeingdevelopedinNewEngland’sinstitu-tionsofhighereducation.

AttendeesoftheACSCAnnualConferenceonNovember4votedforthe“nextbestthing”incybersecurityattheannualStudent

PosterSession.Cybersecuritystudentproj-ectsrepresentedNewEnglandcollegesanduniversitiesincluding:•BostonUniversity•DartmouthCollege•NortheasternUniversity•UniversityofMassachusetts,Amherst•UniversityofMassachusetts,Dartmouth•UniversityofMassachusetts,Lowell•UniversityofConnecticut

TEDDI: Tamper Detection on Distributed Infrastructure Jason Reeves, Graduate Student, Dartmouth College Chris Frangieh, Undergraduate Student, Dartmouth College

Aspartofthepushtowardsasmarterelectricgrid,utilitieshaveinstalledanumberoflow-powereddevices(forexample,smartmeters)alongtheperipheryoftheirSCADAnetworks.Thesedevicesposeasecurityriskforutilities,astheyareeasytofindandaccess,havelittlephysicalsecurity,andoftenhaveaconnectiondirectlytoautility’sSCADAnetwork.Thus,anattackercouldpotentiallycompromiseoneofthesedevicesanduseitasalaunchpadforattacksonothertargetsonthenetwork,suchasgeneratingplantsorcontrolcenters.Despitethelargeamountofpriortamperprotectionresearch,however,traditionaltampersolutionsarenotfeasiblefordeploymentinthisenvironment.Thereasons:• Thesesolutionsareoftengearedtowardssecuringthenetworkatallcosts,

wheninfactavailabilityisthemostcrucialpropertyofthegrid.Thismeansthatmanyoftheclassicresponsestotampering(suchasdestroyingdataordevices)areworseoutcomesthantheactualattack.

• Thesesolutionsarenotpowerfulenoughtodetectallofthedifferenttampereventsthataffectcriticalinfrastructure,whichrangefrommaliciousattackstoroutinemaintenancetolargenaturaldisasters.

• Thesesolutionshaveeitherasingleresponsetoanytampering(whichisgearedtowardsaworst-casescenario,andthusnotalwaysappropriateforanavailability-focusedindustry)oraredetection-only(whichmeansanattackerisalreadyonthenetworkbythetimetheutilityreacts).

• Finally,thesesolutionsrequirefarmoretimeandresourcestoconfigurethanagridoperatorcanreasonablyprovide.

Tofillthisgap,wedevelopedTEDDI(TamperEventDetectiononDistributedInfra-structure),asensor-basedtamperprotectionsystemthatfusestogetherdatafromanumberofembeddeddevicestodeterminethetamperstateofboththeindividualdevicesandtheoverallnetwork.Weusefactorgraphstoprovideadatafusiontoolforoperatorsthatisbotheasytoconfigureandpowerfulenoughtohandleawiderangeofevents,andwealsoincludeaflexibleresponsemechanismthatcanbeconfiguredtoperformdifferenttasksfordifferentevents.WehavealsobuilttheTEDDIGenerationTool,whichcanautomaticallyproducethenecessarycodeforde-ploymentonarbitrarynetworks.Currently,weareworkingonevaluatingthespeed,accuracy,andusabilityofTEDDIwithinarealisticgridsimulation.

Duringtheevent,studentspresentedabriefprojectsynopsisandansweredques-tionsattheirindividualposterdisplay.Uponcompletion,attendeesvotedbysecretballotandthetwoposterswiththemostvotesreceived$1000prizeeach.

ThetwowinnersselectedbycybersecurityexpertsrepresentedDartmouthCollegeandUMASS,Dartmouth.

17