Archives

“Back To The Future” can best summarize the presentation from Matt Heff. He will begin his presentation by looking fondly upon a statement from one of CISSE’s founders, Bill Murray, “the problems haven't changed in the last 20+ years, we just give them new names.” So while we keep coming up with new names, new standards, new certs, new organizations, new cyber security software, and new lines of business – the threat landscape evolves at pace that is simply stunning. Heff (as he prefers to be called) will review the latest intelligence how these cyber criminals are getting more organized turning their work into a business model which is impacting the way we operate and educate staff. He will provide some unique industry perspectives on the (re)evolutions of cyber education, helping students become ‘combat ready’, experiential layer training, and building better academia and industry partnerships so we can go “Back to the Future.”

Dr. DeLyser describes the function of the CSforAll Consortium, share results of a needs assessment conducted with over 150 members, and identify ways to engage the cybersecurity education community in the larger work of CSforAll. Participants will provide reflection and feedback about consortium efforts, and work together to identify engagement opportunities that align cybersecurity education initiatives with the consortium membership.

The Joint Task Force on Cybersecurity Education (JTF) was launched in September 2015 with the purpose of developing comprehensive curricular guidance in cybersecurity education that will support future program development and associated educational efforts. The JTF is a collaboration between major international computing societies: Association for Computing Machinery (ACM), IEEE Computer Society (IEEE CS), Association for Information Systems Special Interest Group on Security (AIS SIGSEC), and International Federation for Information Processing Technical Committee on Information Security Education (IFIP WG 11.8).

The historic United States-Australia alliance is more vital than ever to regional security and prosperity. In recent years, we have dramatically stepped up our intelligence sharing, increased our emphasis on shared cyber capabilities, and we have conducted and will continue to conduct joint military exercises to ensure our readiness, including the Talisman Saber later this year. This presentation discusses a bilateral agreement on cybersecurity and will focus on Australia / USA cooperation in all aspects of cybersecurity and cyber defense.

Matt Bishop, Computer Security Laboratory, Dept. of Computer Science, University of California at Davis

Towards the end of his life John von Neumann spoke to Stanislaw Ulam of the possibility of an "approaching ... essential singularity in the history of the race beyond which human affairs, as we know them, could not continue." The cause of this impending re-morphogenesis of the human condition? The very technology created by von Neumann himself. He had modelled a viable architecture for the manufactured machine form of the human brain once imagined and theorised by Alan Turing. The electronic and digital simulacra of the human computer. The existence of this machine brain was the critical precondition required by the cyberneticists of the Macey Conferences to realise their dream. A world in which computers and humans became interwoven as inseparable and indivisible occupants of an irreversible symbiosis. A world in which the human machine symbioses infused a digitised neural network spanning the globe. We inhabit their dream. We call it Cyber in their honour. In the early 1950's Julian Huxley spoke of the capacity of science to equip humanity with the ability to first conquer and then transcend evolution. He foresaw a technologically transcendent transhuman. How will humanity survive the coming technological singularity? Is cybernetic augmentation our only hope? Will unaugmented humans join the Neanderthal in the trashcan of evolution? Will humanity survive with the evolved human? Is the cyborg deliverance or destruction?

Despite the reported attacks on critical systems, operational techniques such as malware analysis are not used to inform early lifecycle activities, such as security requirements engineering. In our CERT research, it was thought that malware analysis reports (Found in databases such as Rapid 7), could be used to identify misuse cases that pointed towards overlooked security requirements. If such requirements could be identified, they could be incorporated into future systems that were similar to those that were successfully attacked. A process was defined, and then CMU Master of Software Engineering project was sponsored to develop a tool. The hope was that the malware report databases were amenable to automated processing, and that they would point to flaws such as those documented in the CWE and CAPEC databases. It turned out to not be so simple. This talk will describe our initial research results, and the research remaining to be done. A second team of CMU graduate students is continuing to assist in the research and tool development. Their progress as of the time of the conference will also be discussed.