October 14, 2014
U-M Rackham Auditorium
October 14, 2014
U-M Rackham Auditorium
Welcome & Opening Remarks
A government CISO’s remarkable journey: Surprising stories from South Africa to Michigan
Hackers’ Bazaar: Markets for Cybercrime Tools and Stolen Data
Connected Vehicle Security and Privacy
|11:45 a.m.–12:40 p.m.|
National Cybersecurity Challenges and NIST
Chief Security Officer & Chief Strategist, Security Mentor, Inc.
Looking back on almost three decades of securing government computer systems at the state, federal, and international levels, Dan Lohrmann has some surprising cyber stories to share – information security lessons that transcend time.
In this presentation Dan will reveal highlights and lowlights from his days at the National Security Agency in the 1980s to managing 1990s-era computer viruses and the relentless cyberattacks in 2014. He will explain how Michigan built an award-winning cyber strategy and a close partnership with the Department of Homeland Security and the White House during both the Bush and Obama administrations. Finally, Dan will describe the hard lessons security professionals and technology teams need to learn to be successful and the bipartisan approaches necessary to win the backing of government executives to ensure support for cyber operations in the long term to achieve desired results.
Dan Lohrmann is the Chief Security Officer (CSO) and Chief Strategist at Security Mentor, Inc. He leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors.
Dan is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities. Dan led Michigan government’s cyber security and technology infrastructure teams as the enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) during his tenure with the state from May 2002- August 2014.
Dan has been honored with numerous cyber security and technology leadership awards, including "CSO of the Year" by SC Magazine, "Public Official of the Year" by Governing magazine and "Premier 100 IT Leader" by Computerworld Magazine. He holds a Master's degree in computer science from Johns Hopkins University in Baltimore and a bachelor’s degree in computer science from Valparaiso University in Indiana.
Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets for both tools (e.g., exploit kits, botnets) and take (e.g., credit card information, intellectual property). Take, for example, the December 2013 breach of retail giant Target, where data from 40 million credit cards and 70 million accounts was hijacked – such data appeared within days on black market sites. This talk, based on research performed as part of a multiphase study on the future security environment, describes the fundamental characteristics of these markets and how they have grown into their current state in order to explain how their existence can harm the information security environment."
Lillian Ablon is a researcher at the RAND Corporation (rand.org) where she conducts technical and policy analysis research on topics spanning cyber security, privacy and security in the digital age, emerging technologies, computer network operations, digital exhaust, and the human element. Recent research topics include social engineering and open source intelligence, black markets for cybercrime tools and stolen data, methods for zero-day vulnerability detection, tools and technologies for greater cyber situational awareness, and privacy concerns with digital identity. Prior to joining RAND, Lillian worked with some of the most cutting edge technologies in cryptography, network exploitation and vulnerability analysis, and mathematics. She won a black badge at DEFCON21, and holds degrees in mathematics from the University of California, Berkeley, and Johns Hopkins University.
U-M Transportation Research Institute (UMTRI)
In February 2014, the US Department of Transportation announced that it will begin taking steps to enable vehicle-to-vehicle (V2V) safety applications in passenger vehicles. Cyber security and privacy protection are two of the major technological challenges that must be overcome before this technology can be introduced in every vehicle in the US. This talk will provide an overview of the leading communication security and privacy protection protocol candidate, and will also provide an overview of mechanisms that protect connected vehicles against hacker attacks.
Dr. André Weimerskirch is an Associate Research Scientist at the University of Michigan Transportation Research Institute (UMTRI). Before UMTRI, André was co-founder and CEO of the embedded systems security company ESCRYPT.
André is a main designer of the vehicle-to-vehicle (V2V) communication security and privacy system that is the leading candidate for deployment in the US. He is active in all areas of automotive and transportation as well as embedded systems cyber security and privacy.
National Institute of Standards and Technology (NIST)
Today, we are dependent on information technology in every aspect of our lives, in every aspect of the national economy and in every aspect of our national defense. We use digital information, information systems and the pervasive connectivity through vast networks like the Internet to help carry out important business activities. In order for industry, government and academia to be successful in protecting their core missions and business operations, while at the same time protecting the security and privacy considerations of individuals, the information technology that is routinely deployed must be dependable. And in order for that technology to be dependable, it must be protected. The National Institute of Standards and Technology (NIST) plays a major role in research and development of technologies to provide protections for information and the communication infrastructure as well as the needed standards, tests and metrics for those technologies. NIST is also leading national public private partnerships in identity management, cybersecurity education, protections for the critical infrastructure and standards instantiations. This talk will provide an overview of NIST’s work and describe how students and facility can partner with NIST in these areas.
Donna F. Dodson is the Associate Director Chief Cyber Security Advisor of the Information Technology Laboratory (ITL) and the Chief Cybersecurity Advisor for the National Institute of Standards and Technology (NIST). She is also the Director of NIST’s National Cybersecuity Center of Excellence (NCCoE).
Donna oversees ITL’s cyber security program to conduct research, development and outreach necessary to provide standards, guidelines, tools, metrics and practices to protect the information and communication infrastructure. Under her leadership, ITL collaborations with industry, academia and other government agencies in research areas such as security management and assurance, cryptography and systems security, identity management, security automation, secure system and component configuration, test validation and measurement of security properties of products and systems, security awareness and outreach and emerging security technologies. In addition, Donna guides ITL programs to support both national and international security standards activities. She recently led the establishment of the NIST NCCoE. Through partnerships with state, local and industry, the NCCoE collaborates with industry sectors to accelerate the widespread adoption of standards-based cyber security tools and technologies.
Donna’s research interests include applied cryptography, key management, authentication and security testing. She has led technical teams to produce standards, guidelines and tools in each of these areas.
Donna received a Department of Commerce Gold Medal and three NIST Bronze Medals. She was a Fed 100 Award winner for her innovations in cybersecurity and in 2011 was included in the top 10 influential people in government information security. Recently, FedScoop recognized Donna as one of DC’s Top 50 Women in Tech.