SUMIT_2019

Make Plans to Attend

Register today for SUMIT_2019, the 15th annual cybersecurity conference on Tuesday, October 29. The Security at University of Michigan IT (SUMIT) is the university’s flagship event for National Cybersecurity Awareness Month. It is an exciting opportunity to hear recognized experts discuss the latest technical, legal, policy, and operational trends, threats, and tools in cybersecurity and privacy.

SUMIT_2019 explores the increasingly diverse topics in privacy and security research and operations.

SUMIT_2019
Tuesday, October 29

Rackham Auditorium
915 East Washington Street, Ann Arbor, MI 48109

SUMIT_2019 is hosted by the Information and Technology Services Information Assurance group and co-sponsored by Dissonance and ESC: The Center for Ethics, Society, and Computing

Register Now

Driving Directions and Parking near Rackham Auditorium

Agenda

8:30–9 a.m.

Check-in, breakfast & networking

9–9:15 a.m.

Welcome

9:15–10:15 a.m.

Socio-technical aspects of smart and embedded cameras: Implications for privacy and security

Denise Anthony
A sociologist and professor of Health Management & Policy in the School of Public Health, and in the Department of Sociology (by courtesy), at the University of Michigan.

10:15–10:30 a.m.

Break

10:30–11:30 a.m.

It's a feature, not a bug

Abhishek Narula
Graduate student, MFA program, Stamps school of Art & Design, University of Michigan

11:30 a.m.–1 p.m.

Lunch on your own

1–1:45 p.m.

When the data are out: Measuring behavioral changes following a data breach

Dana Turjeman 
Doctoral candidate in marketing, Ross School of Business, University of Michigan

1:45–2 p.m.

Break

2–3 p.m.

Adventures in Apple Watch jailbreaking

Dawn Isabel
Security researcher

3–3:15 p.m.

Break

3:15–4:15 p.m.

Our single (view) point of failure: Why diversity & inclusion matters in understanding hacker techniques and preventing future cyber attacks

Co-presenters:
Juliet Okafor
Senior vice president of Global Sales, Habitu8

Mansi Thakar
Security specialist, Stanford Federal Credit Union & chief operating officer for the Women's Society of Cyberjutsu (WSC)

4:15–5 p.m.

Closing remarks & reception

Speakers

Denise Anthony

Denise Anthony

Professor, Health Management and Policy, University of Michigan

Socio-Technical Aspects of Smart and Embedded Cameras: Implications for Privacy and Security

Presenter Bio: Denise Anthony, Ph.D., a sociologist, is Professor of Health Management & Policy in the School of Public Health, and in the Department of Sociology (by courtesy), at the University of Michigan.

Professor Anthony’s work explores issues of cooperation, trust and privacy in a variety of settings, from health care delivery to micro-credit borrowing groups to online groups such as Wikipedia and Prosper.com. She is also interested in the role of organizations and institutions in health care delivery. Her current work examines the use of information technology in health care, including effects on quality, on the organization of health care, as well as the implications for the privacy and security of protected health information. Her multi-disciplinary research has been funded by grants from the National Science Foundation and others, and published in sociology as well as in health policy and computer science journals, including among others the American Sociological Review, Social Science and Medicine, Journal of the American Medical Informatics Association, Health Affairs, and IEEE Pervasive Computing.

Prior to joining the University of Michigan in 2018, she was Professor and past-Chair (2007-11) in the Department of Sociology at Dartmouth College, and Adjunct Professor in the Department of Community and Family Medicine at Geisel School of Medicine, and a faculty affiliate at The Dartmouth Institute for Health Policy and Clinical Practice. From 2014-17 she served as Vice Provost for Academic Initiatives at Dartmouth. From 2008-2013 she served as Research Director of the Institute for Security, Technology, and Society (ISTS) at Dartmouth.


Dawn Isabel

Dawn Isabel

Security Researcher

Adventures in Apple Watch Jailbreaking

Jailbreaking seems mysterious and borderline magical from the outside. What does it take to create a jailbreak using publicly-available exploits and open-source projects? Is it possible to start with very little exploit development experience and end with a functional jailbreak?

As it turns out, it is possible! This talk will provide an overview of constructing a jailbreak for Apple’s watchOS using public exploit and jailbreak code originally written for iOS. The audience will leave with an understanding of the trial-and-error process – and some entertaining mistakes – that resulted in a developer jailbreak suitable for use in further research.

Topics discussed will include selecting hardware and OS targets, key concepts required to port code from 64-bit iOS to 32-bit watchOS, and lessons learned from failed exploit attempts.

Presenter Bio: Dawn Isabel is a Security Researcher, specializing in mobile application security. She enjoys automating the boring stuff and documenting everything else. Dawn has presented at DefendCon, Bugcrowd’s LevelUp, WiCyS, Converge Detroit, and OWASP AppSec.


Abhishek Narula

Abhishek Narula

Graduate Student, MFA Program, Stamps School of Art & Design, University of Michigan

It's a feature, not a bug

The first documented act of hacking goes back to 1909. Marconi while demoing the future on communication through radio had his signals hijacked by a trickster. Bugs, glitches and failures are an integral part of any system. In this talk, I will explore how I explore the ontology of networked digital media through aesthetic practices. Critical media practices views the exploit of these bugs as an external aberration that a hacker can use for their intended purpose. These exploit although carried out with the intention of changing the systems some fundamental way, remains bound within the system itself. Furthermore these inherent inconsistencies in digital media, much like Derrida’s notion of language, is precisely what allows it to functional normally. My work is not a result of an outside force of hacking but rather key properties that allow these systems to operate as expected. These are features, not bugs.

Presenter Bio: Abhishek was born in New Delhi, India and moved to Atlanta, GA to pursue his BS in Electrical Engineering and MS in Artificial Intelligence at Georgia Institute of Technology. He studied and applied intelligent control and machine learning to create smart robotic systems. His work as an IT technical consultant for 5 years, integrating networks and systems for business use, led him to Silicon Valley where he became an active member of Noisebridge Hackerpsace. Abhishek got involved in the maker movement and worked at a DIY electronics company. He began to explore the space between the intersection of art and technology and started his own studio practice. His practice is rooted in education and he has taught electronics, digital fabrication and computer science at the University of Colorado, Boulder. Abhishek then worked at The Field Museum of Natural History in Chicago, where he was the lead interactive exhibitions designer and fabricator.

Abhishek’s interest in critical theory and philosophical examination has informed his research-based studio practice. His work manifests in the form of interactive installations, performances and interventions. These serve to explore and reveal hidden forms of subjugation created as a result of our modern networked world. Abhishek is an avid DIYer, electronics junkie and an honorary board member of the Open Source Hardware Association (OSHWA). He prefers the term ‘Hacker’ to ‘Maker’. His work has been showcased at the Boulder Museum of Contemporary Art, The Boulder Public Library, The Boulder Creative Collective Warehouse, The Hyde Park Art Center, and Sector 2337 Art Gallery & Printing Press. Abhishek has presented at conferences including Tangible Embedded Interaction (TEI), International Symposium of Electronic Arts (ISEA) and Infosys Pathfinders Institute.


Juliet Okafor

Juliet Okafor

Senior Vice President of Global Sales, Habitu8

Our Single (view) Point of Failure: Why Diversity & Inclusion Matters in Understanding Hacker Techniques and Preventing Future Cyber Attacks

Cybersecurity is inherently interdisciplinary. Yet, cyber security and diversity are high-value topics that are most often discussed in isolation. Both topics resonate with consumers, nation-states, and enterprises alike.

However, the intersections between cybersecurity and diversity are often overlooked. As organizations seek to more effectively protect their critical infrastructure and revenues, it’s become increasingly important to cultivate relationships between the two areas. Diversity is no longer just a social awareness and public good initiative; it must be a core element of the next-generation strategy for defending our nation’s critical infrastructure.

Looking beyond the sensational headlines about hackers, phishers, and scammers, it is obvious that cyber threats and harm don’t come only from malevolent outsiders or even malicious employees. In this talk, we will give a hands-on demo that will mimic a live “man-in-the-middle” attack and talk through where the aspects of more diversity can help to better understand the attacker and mitigate risk. Both speakers will also share examples of how the values of diversity & inclusion help understand the hacker mindset, sit in the position of front-line individuals, and remain vital to secure our collective futures.

Presenter Bio: Juliet Okafor, J.D., is a cybersecurity professional who has combined her knowledge of the legal system and cybersecurity solution models into success stories across Fortune 500 industries throughout the USA. Her ability to scope, plan and design the creation of an OT Cybersecurity Management System framework for one of the largest cruise lines in the world is testament to her commitment and leadership regardless of the challenge.

The unique value of Juliet’s ability within the cybersecurity field is also evident in her relentless and dynamic approach to understanding the expectations, needs, and requirements of her clients in concert with providing the best cybersecurity technologies and services required.

Okafor has shown a passion for helping to identify, develop and provide advancement opportunities for women and minorities in non-traditional fields seeking roles within the cybersecurity industry. Okafor sits on the Strategic Advisory Board for the International Consortium of Minority Cybersecurity Professionals (ICMCP), Fordham University GSAS Dean's Leadership Council, WSC Inaugural Wicked6 Cybersecurity Competition and a host of other committees.


Mansi Thakar (@mansimusa)

Mansi Thakar (@mansimusa)

Security Specialist, Stanford Federal Credit Union & Chief Operating Officer for the Women's Society of Cyberjutsu (WSC)

Our Single (view) Point of Failure: Why Diversity & Inclusion Matters in Understanding Hacker Techniques and Preventing Future Cyber Attacks

Cybersecurity is inherently interdisciplinary. Yet, cyber security and diversity are high-value topics that are most often discussed in isolation. Both topics resonate with consumers, nation-states, and enterprises alike.

However, the intersections between cybersecurity and diversity are often overlooked. As organizations seek to more effectively protect their critical infrastructure and revenues, it’s become increasingly important to cultivate relationships between the two areas. Diversity is no longer just a social awareness and public good initiative; it must be a core element of the next-generation strategy for defending our nation’s critical infrastructure.

Looking beyond the sensational headlines about hackers, phishers, and scammers, it is obvious that cyber threats and harm don’t come only from malevolent outsiders or even malicious employees. In this talk, we will give a hands-on demo that will mimic a live “man-in-the-middle” attack and talk through where the aspects of more diversity can help to better understand the attacker and mitigate risk. Both speakers will also share examples of how the values of diversity & inclusion help understand the hacker mindset, sit in the position of front-line individuals, and remain vital to secure our collective futures.

Presenter Bio: Mansi Thakar is a graduate of the University of San Diego's Cybersecurity Operations & Leadership program and serves as a security specialist with Stanford Federal Credit Union. Prior to starting her current position she was at Sony PlayStation, serving as a key member to their Global Vulnerability Management and Security Awareness programs. Thakar is also a leader of nonprofits in the cybersecurity industry that promote diversity such as Women's Society of Cyberjutsu (WSC) and InfoSec Unlocked (ISUnlocked).

Thakar has a flair for sustainable innovative ideas and a history of implementing them successfully. To Thakar, cybersecurity is a field where you can be a digital superhero. But when you’re a modern-day tech protector facing millions of malware threats, you need backup. That is why she is drawn to the space where cybersecurity meets machine learning. Thakar wants to help shape how we meet the growing magnitude of cyber threats through data and automation. This challenge energizes her – the same way she is energized by the challenge of being one of the few women in the Boardroom, even though it is sometimes difficult. She knows that what she achieves can have a ripple effect and inspire others. She also plays a Lead role in the PBS Documentary, Life Hackers and spends her summers protecting the "most hostile network on the planet" as a DEFCON NOC Goon.


Dana Turjeman

Dana Turjeman

Doctoral Candidate in Marketing, Ross School of Business, University of Michigan

When The Data Are Out: Measuring Behavioral Changes Following a Data Breach

In recent years, the severity and quantity of data breaches increased. Despite this, little is known about the social and behavioural effects of such breaches. Specifically – do users change their behaviour on a website, following an announcement of a severe data breach? Do they have varying reactions? What are the sources for this heterogeneity?

Our data includes detailed behaviour of ~40K members of a matchmaking website for affair seekers[1]. This website experienced a severe data breach. We extend several non-parametric causal inference methods, and construct a tree-based matching-prediction method. We use this method to assess individual changes in users’ engagement on the website.

Our results suggest that, on average, users decreased the number of messages and searches on the website, and deleted more photos. Individual estimates reveal heterogeneity in user responses. For example, married users had more extreme reactions.

The paper presents a general method to obtain individual measures of changes in behaviour following disclosure of an exogenous information shock; in this case, a major data breach, and discusses reasons for heterogeneity in the reactions to this data breach.

[1] We received the anonymized data directly from, and in agreement with, the company.

Author information:
Dana Turjeman; Doctoral Candidate in Marketing, Ross School of Business, University of Michigan, Ann Arbor, Michigan 48109; turji@umich.edu
Fred M. Feinberg; Joseph Handleman Professor of Marketing and Professor of Statistics, Ross School of Business, University of Michigan, Ann Arbor, Michigan 48109; feinf@umich.edu

Presenter Bio: Dana Turjeman is a PhD Candidate in Quantitative Marketing at the Ross School of Business, University of Michigan. In her research, she focuses on the intersection between privacy and customer behavior. She uses and develops quantitative methods, in the domains of causal inference, machine learning and statistical modeling, in order to answer substantive questions in these topics, and to help users make better decisions to protect their privacy. Prior to the doctoral program, Dana earned a BSc in Computer Science and an MBA (with honors) at the Hebrew University of Jerusalem.