Home content

Call for Participation

Adversaries are investing in cyber operations capabilities that pose grave danger to the systems we rely on. At the same time, our software and computing systems are increasing in complexity and becoming less predictable. The situation is further exacerbated by the intrinsically inseparable social and technical aspects of the problem; cyber adversaries leverage both technical and social vulnerabilities to penetrate and compromise commercial and non-profit critical infrastructure. A commercial cybersecurity market has emerged to exploit this situation, while research and development continues. This market, however, is not improving our understanding of system resiliency or helping build more secure systems up front. Many of the current approaches to managing risk from current and future cyber threats are too complicated and/or too abstract to be effective in practice.

Recent talks and workshops suggest that the path taken to date may have created insurmountable challenges. For example, at the National Academies of Sciences, Engineering and Medicine Forum on Cyber Resilience Workshop Series, the following observation was made:

Current cybersecurity approaches provide some minimal facilities for prevention and recovery, such as securing simple programs and isolating complex programs or sanitizing their inputs. However, [Butler] Lampson said current approaches fall short in securing more complex systems or maintaining security after changes are made. He also observed that users cannot be expected to be skilled or informed enough to make good security decisions...

We solicit participation of researchers, practitioners and government stakeholders across different disciplines to hold a conversation on potential strategies to address the aforementioned issues. This one-day interdisciplinary workshop is devoted to discussing key system aspects and operational policies at the technological and organizational levels that lead to repeatably good, predictable behaviors.

Panelists

 

Herb Lin

Herb Lin

Herbert Lin is Senior Research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University. His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in the use of offensive operations in cyberspace as instruments of national policy and in the security dimensions of information warfare and influence operations on national security.

 

Jason Healey

Jason Healy

Jason Healey is a Senior Research Scholar at Columbia University’s School for International and Public Affairs specializing in cyber conflict, competition and cooperation. He was one of the pioneers of cyber threat intelligence and has unique experience working on issues of cyber conflict and security spanning fifteen years across the public and private sectors. As Director for Cyber Infrastructure Protection at the White House from 2003 to 2005, he helped advise the President and coordinated US efforts to secure US cyberspace and critical infrastructure.

 

Kathryn Kun

Kathryn Kun

Kathryn T. Kun directs the Adversarial Resilience group at Akamai Technologies, where she applies systems thinking approaches to global-scale information systems. To ensure the resilience of this remarkably complex system against adversaries ranging from ‘script kiddie’ to ‘advanced persistent threat’, Ms. Kun draws upon her industrial background in chemical engineering and automated processes to develop and implement system-theoretic and system-wide approaches. By applying techniques that regard the technology, the humans behind it, and the business that runs on it as a single, complex control structure, she and her team guide Akamai to the safest reasonable designs and, in turn, produce a safer Internet.

 

Ian Schneller

Ian Schneller

 

 

 

 

 

 

 

 

 

Ian Schneller currently serves as Senior Vice President of Global Information Security for Bank of America. Prior to joining Bank of America, he served as the Executive Director of Global Cyber Partnerships and Government Strategy at JPMorgan Chase where he led global cyber strategies to uplift cyber threat intelligence, cyber operations and sector crisis response capabilities. Schneller also served 24 years in the Department of Defense, including having led a multi-billion dollar mission charged with developing and operating advanced cyber capabilities for the Undersecretary of Defense, the DoD Chief Information Officer, and the Secretary of the Air Force.

 

Roberta (Bobbie) Stempfley

Roberta (Bobbie) Stempfley

Roberta Stempfley is the director of the CERT Division at Carnegie Mellon University Software Engineering Institute. She previously served as director of cyber strategy implementation at MITRE Corp. and as acting assistant secretary and deputy assistant secretary, Office of Cyber Security and Communications, Department of Homeland Security. In addition to her work at DHS, she previously worked in the DoD as CIO of the Defense Information Systems Agency and as chief of the DoD Computer Emergency Response Team, which she established.

 

Chris Demchak

Chris Demchak

Dr. Chris C. Demchak is the RDML Grace M. Hopper Professor of Cyber Security and a member of the Cyber and Innovation Policy Institute, U.S. Naval War College. In her research on cyberspace as a globally shared insecure complex ‘substrate’, Demchak takes a systemic approach to emergent structures, comparative institutional evolution, adversaries’ use of systemic cyber-enabled tools, virtual worlds/gaming for operationalized organizational learning, and designing systemic resilience against imposed surprise.

 

Yaneer Bar-Yam

Yaneer Bar-Yam

Yaneer Bar-Yam a physicist, systems scientist, and the founding president of the New England Complex Systems Institute. He studies the unified properties of complex systems as a systematic strategy for answering basic questions about the world. He is also an Associate of the Department of Molecular and Cellular Biology at Harvard Univesity, chairman of the International Conference on Complex Systems, and managing editor of InterJournal.

 

Kelly Shortridge

Kelly Shortridge

Kelly Shortridge is currently VP of Product Strategy at Capsule8. Kelly is known for research into the applications of behavioral economics to information security, which Kelly has presented at conferences internationally, including Black Hat, AusCERT, Hacktivity, Troopers, and ZeroNights. Most recently, Kelly was the Product Manager for Analytics at SecurityScorecard. Previously, Kelly was the Product Manager for cross-platform detection capabilities at BAE Systems Applied Intelligence as well as co-founder and COO of IperLane, which was acquired. Prior to IperLane, Kelly was an investment banking analyst at Teneo Capital covering the data security and analytics sectors.

 

Patrick Cable

Patrick Cable

Patrick Cable is the Director of Platform Security at Threat Stack, a Boston-based startup that offers cloud optimized intrusion detection. Patrick oversees and contributes to efforts that enable engineering to create secure systems and make safer decisions. This includes building tools and libraries that ensure secure defaults, running Threat Stack’s third party assessment and bounty programs, and building automation around infrastructure. Before joining Threat Stack, Patrick was an associate staff member of the Secure and Resilient Systems Group at MIT Lincoln Laboratory where he worked on the Lincoln Laboratory Secure and Resilient Cloud program along with other modern infrastructure computing initiatives.

 

Eric Lofgren

Eric Lofgren

Eric Lofgren is an Emergent Ventures Fellow with the Mercatus Center at George Mason University. Before that, he was a Senior Analyst with Technomics supporting cost estimates, regulatory policy, and economic studies for the Office of the Secretary of Defense, Cost Assessment and Program Evaluation (OSD CAPE). His research interests focus on the history of innovation and reform in weapon systems acquisition.

 

Butler Lampson

Butle Lampson

 

 

 

 

 

 

 

Butler Lampson is a Distinguished Engineer at Microsoft Corporation and an Adjunct Professor of Computer Science and Electrical Engineering at MIT. He was on the faculty at Berkeley and then at the Computer Science Laboratory at Xerox PARC and at Digital Systems Research Center. He has worked on computer architecture, computer vision/graphics, local area networks, raster printers, page description languages, operating systems, remote procedure call, programming languages and their semantics, programming in the large, fault-tolerant computing, transaction processing, computer security, WHSIWYG editors, and tablet computers.

 

 

Administration

Attendance at the workshop was free but limited to invited participants only.