0800 - Registration and Breakfast
0840 - Welcoming Remarks
0900 - Panel 1: Dynamics of Resiliency for the Federal Government
Software-intensive systems within the government frequently exhibit fragility, even in benign conditions, due in part to shortfalls early in the system lifecycle. In the absence of well-crafted requirements, a wide gap may emerge between stakeholders’ early expectations and their lived experience with fielded systems. This panel focused on understanding what resiliency means for the government and the challenges that the government faces when trying to achieve mission resiliency across the spectrum of conflict. It has proven challenging to acquire resilient systems, and the government often finds itself using acquired tools and services to improve resiliency of legacy systems. What are the challenges and possible paths forward given that system capabilities and complexities are ever increasing, dependencies on industry and external entities are often poorly understood, and the government levers to improve the situation appear limited?
Panelists: Herb Lin (Standford) and Jason Healy (Columbia)
Moderator: Reed Porada (Boston Cybernetics Institute)
1010 - Panel 2: Dynamics of Resiliency within Various Industries
Companies in software-intensive industries have also been tackling resiliency challenges, but government and industry perform different missions under different constraints. What does resiliency mean for various industries at the technical and organizational levels? How do organizations identify and mitigate risks? What are the relevant tradeoffs, and are there risks too large to mitigate? How do enablers of resiliency align across people, process, and technology? This panel was dedicated to discussing what it means for commercial entities to achieve resiliency for their missions at the technical and organizational levels, and how their methods could be leveraged by the government.
Panelists: Kathryn Kun (Akamai) and Ian Schneller (Bank of America)
Moderator: Mary Ellen Zurko (MIT Lincoln Laboratory)
1120 - Lunch Break
1220 - Panel 3: Sources of Resiliency
When software-intensive systems fail to meet expectations, the blame is often placed on faulty technology, but social and technical aspects of the problem are intrinsically inseparable: the operators and maintainers of technologies are at least as important as their designers and builders. In addition, many government organizations now find themselves reliant on low-cost, feature-rich systems and services, provided by industry, that introduce additional dependencies and dynamics that are not well understood. To what extent should system owners/operators allocate resources to measuring and understanding their adversaries’ capabilities and intentions? This panel was dedicated to exploring the different sources of resiliency internal and external to an organization while relying on a multitude of resiliency enablers across people, process, and technology.
Panelists: Roberta Stempfley (SEI CERT) and Chris Demchak (US Naval War College)
Moderator: Bernadette Johnson (MIT Lincoln Laboratory)
1330 - Panel 4: Measuring and Characterizing Resiliency
What are the best ways to measure and characterize resiliency? Gaining adequate insight into a system’s resiliency requires conscious, sustained effort; complying with general policies or implementing standard security controls does not ensure success. Neither does a “measure everything” approach lead to positive results – instead, operators are likely to be overwhelmed during a crisis, unable to navigate effectively. Which aspects of resiliency are measurable, which are not, and why? What are the fundamental limitations? How does one aggregate qualitative and quantitative characterizations together? This panel was dedicated to exploring possible ways and limitations to measuring and characterizing resiliency quantitatively and qualitatively.
Panelists: Yaneer Bar-Yam (New England Complex Systems Institute) and Kelly Shortridge (Capsule 8)
Moderator: Martine Kalke (MIT Lincoln Laboratory)
1440 - Break
1510 - Panel 5: Building Resiliency
This panel focused on how we can better equip our organizations to conceive, build, operate, and maintain more resilient systems. What considerations, constructs, and processes can be used to improve how we design, build, and operate our systems? How can we educate and incentivize builders, maintainers, and operators at the technological and organizational levels in order to increase performance while operating in a contested environment? How does an organization create capacity?
Panelists: Eric Lofgren (George Mason University), Patrick Cable (Threat Stack), and Butler Lampson (Microsoft/MIT)
Moderator: Trey Herr (Stanford)
1620 - Discussions and Closing Remarks