Dr. Johannes M. Bauer
Modeling the Diversity of Cyberattacks
Abstract: Economic models have provided a powerful framework for understanding the information security problems in the Internet ecosystem. Research has shown that misaligned incentives of service providers, equipment manufacturers, software developers, and users go a long way to understand security breaches. As information security has positive cost, this research has also argued that accepting some level of vulnerability is economically rational. One potential weakness of these approaches is that they are based in a narrow view of the motives of attackers as primarily financially motivated. This presentation will explore whether the findings of the economics of cybersecurity hold for other types of attackers, such as ideologically motivated players. Based on a framework rooted in institutional economics, it will develop a typology of attackers and discuss its theoretical and practical implications.
Bio: Johannes M. Bauer is a Professor in the Department of Media and Information at Michigan State University. Since January 2013 he also serves as the Department Chair. He is trained as an engineer and economist, holding MA and PhD degrees in economics from the Vienna University of Economics and Business Administration, Austria. His experience at MSU is complemented by extended stays as a visiting professor at the Technical University of Delft, Netherlands (2000-2001), the University of Konstanz, Germany (Summer 2010), and most recently the University of Zurich, Switzerland (2012). His research covers a wide range of issues related to innovation in information and communication technology industries (ICT), business models of national and global players, as well as the public policy and governance challenges of harnessing the full benefits of ICT for society. He has developed and used computational methods to examine the effects of governance on advanced communications infrastructure and applied big data analytical methods to problems of information security. He currently serves as member of the boards of the Research Conference on Communication, Information and Internet Policy (TPRC) and the International Telecommunications Society (ITS). He is a frequent speaker at international conferences and has served as an advisor to public and private sector organizations in North and South America, Europe, and Asia.
Dr. Nicole L. Beebe
Statistics Meets Digital Forensics to Detect Insider Threats
Abstract: Trusted, yet malicious insiders remain a significant problem for organizations of all types. Organizations struggle with theft of intellectual property and exfiltration of sensitive data with increasing regularity. Insiders often go undetected for long periods and escalate their malfeasance over time. The impact of such information loss is enormous. Many current detection methods are signature-based, which are brittle, scale poorly, and miss new patterns. Others use Security Information & Event Management (SIEM) appliances and rely on data fusion across sensors, are not usually data/content based, do not analyze deleted data, and often presume behavioral heuristics/patterns that vary greatly across insiders. Advancements in information retrieval, digital forensics, and statistical anomaly detection provide us new ways to address challenges in insider threat detection. This talk will present research advancements in insider threat indication and warning discovered by the interdisciplinary work of statistics and digital forensics researchers at the University of Texas at San Antonio.
Bio: Nicole L. Beebe holds a Ph.D. in business administration with a concentration in information technology from The University of Texas at San Antonio, an MS in criminal justice from Georgia State University and a BS in electrical engineering from Michigan Technological University. She has over fifteen years of industry and government experience in information security and digital forensics. She was a computer crime investigator for the U.S. Air Force Office of Special Investigations from 1998-2007. She has been a Certified Information Systems Security Professional (CISSP) since 2001, is a licensed private investigator in the state of Texas and holds three professional certifications in digital forensics (CCFP, EnCE, ACE). Professor Beebe’s research interests include intelligent digital forensics recovery and retrieval techniques, the use of data mining and machine learning techniques to solve information security problems and strategic decision making involving organizational information security management.
Jim G. Beechey
Bio: Jim Beechey is the Executive Director, Security at Consumers Energy where he leads all aspects of security including physical, cyber, theft and fraud. Jim holds a Bachelor’s degree from Northwood University in Computer Science and a Master’s degree in Information Security Engineering from the SANS Technology Institute. Jim has a passion for cyber security, particularly logs, forensics and incident response. Jim lives in Chelsea with his wife and four children.
Morvareed Bidgoli
A Case Study on Scams Targeting International College Students
Abstract: Scams have existed long before the advent of technology; however, we can increasingly observe how this profit-driven enterprise is entering the cyberspace. This talk focuses on a case study of two scam schemes that have specifically targeted international students at Penn State that have been perpetrated in either a physical (i.e., phone scam) or online (i.e., Craigslist scam) form. However, this dichotomy becomes blurry when examining the phone scams more closely since this scheme often also employs cyber elements (e.g., phone spoofing, requests of
electronic payment) to mask the scammer’s tracks and identity.
This talk covers a two-part qualitative study conducted with Jens Grossklags, which aims to better understand the nature of the scams, how international students’ contextualize their scam experiences, and what their decision making process is behind filing a report about their scam experiences. Additionally, we explore the predominantly used reporting avenues by those international students who filed reports. In the first part of our study, we present our qualitative analysis of over 50 Penn State campus police reports covering three years of data (2014-2016). The purpose of the analysis of these reports was not only to set the groundwork for the second half of our study, a 16-person interview study, but also to primarily unpack an interesting finding that emerged from the campus police report data: to understand the motivations behind why international students file reports to entities like campus police particularly in the event that an inchoate crime was experienced. The results of our case study will show the fundamental impact of raising awareness in preventing a number of international students from not falling victim to the scams they experienced. However, opportunities still remain in terms of effectively raising awareness in how such incidents can be officially reported to law enforcement and how currently existing cybercrime reporting mechanisms can be improved to further bolster cybercrime reporting to take place.
Bio: Morvareed Bidgoli is a Ph.D. candidate in Information Sciences and Technology at the Pennsylvania State University. Prior to joining the Pennsylvania State University, she received both her B.A. in Criminology, Law and Society and M.S. in Information and Computer Sciences with a concentration in Informatics from the University of California, Irvine. Her research interests entail issues pertaining to the intersection of the law and technology such as cybercrimes and information policy. Her current research focuses on how existing cybercrime reporting processes can be improved upon to encourage victims to report cybercrimes they experienced and to find effective ways to promote more awareness about cybercrimes and cybercrime reporting. She recently received the Best Paper Award at the 2016 APWG Symposium on Electronic Crime Research (eCrime) for her paper entitled “WhenCybercrimes Strike Undergraduates” co-authored with Bart P. Knijnenburg and Jens Grossklags
Francesca Bosco
Critical Infrastructure Threat Landscape: Understanding the Attackers
Abstract: Advances in the field of global technology have transformed the way in which societies function, affecting governments, businesses, and individuals alike, evoking a wide array of societal benefits, while also subjecting populations to varying degrees of cyber risk. Critical infrastructure serves as a key example of an area that both traverses multiple societal levels, and one which is heavily impacted by technological developments. The disruption or complete shutdown of services provided by critical infrastructure, be they associated with water distribution, the electrical grid, nuclear power, or other areas, can have catastrophic effects at the local, national, and even international level. Today, cyber threats are increasing in number, type, and sophistication. The profiles and capabilities of attackers have also expanded. Apart from the curious script kiddie, Industrial spies, intelligence services and state-sponsored groups, hacktivists, for-profit criminals, and terrorist organizations all pose grave threats to critical infrastructure systems. Possibly even more worrying, attacks perpetrated by insiders, acting alone or in affiliation with any of these groups, can have a particularly devastating effect.
Various reports highlight these vital points, bringing to the forefront the multiple cyber risks that can be incurred by users of technologically-based systems. In light of the numerous techniques and threat vectors available to hackers intent on carrying out an attack, entities in charge of critical infrastructure facilities, and their associated supply chains, should have adequate security protocol in place to defend against cyber attacks and infiltration, mitigate damage in the event of a cyber incident, and be able to show resilience in the aftermath of an actual attack.
Bio: Francesca Bosco is Project Officer within the Emerging Crimes Unit in UNICRI, the United Nations Interregional Crime and Justice Research Institute. She earned a law degree in International Law and joined UNICRI in 2006 as a member of the Emerging Crimes Unit. She is responsible for cybercrime and cybersecurity related projects, both at the European and at international level. She has been researching and developing technical assistance and capacity building programs to counter the involvement of organized crime within the field of cybercrime, as well as examining the legal implications and future scenarios of terrorist use of the internet and cyberterrorism. Furthermore, she is researching and developing projects on the misuse of technology, encompassing current and future challenging areas such as supply chain security, big data, ICS/SCADA security and robotics . She is member of the Advisory Groups on Internet Security Expert Group of the EC3, member of the Internet & Human Rights Centre of the European University Viadrina and she is co-founder of the Tech and Law Center.
Dr. George Burruss
Bio: George W. Burruss, Ph.D., is Associate Professor in the Department of Criminology and affiliated with the Florida Cybersecurity Center. He received his Ph.D. in criminology and criminal justice from the University of Missouri — St. Louis in 2001. Before earning his doctorate, Dr. Burruss served as a fraud investigator with the Office of Missouri Attorney General. His research focuses on criminal justice organizations, including policing, homeland security, and juvenile courts. Also, he studies the causes and correlates of offending in cyberspace and how the police respond to cybercrime. He recently published a book with colleagues, Policing Cybercrime and Cyberterror.
Dr. L. Jean Camp
Exploring the Control Plane for Evidence of Crime
Abstract: The Internet is a packet-switched network is a phrase that reflects the nature of the control plane of the network. The control plane determines the routes individual packets take across the network to arrive as a destination. Information about which is the best route is announced by routers distributed across the world using the Border Gateway Protocol (BGP). In this talk, I will describe how these announcements are used in crime and by national intelligence services to misdirect traffic. I will describe several cases of BGP attacks, how these are used and how computer scientists try to detect them. I then describe how we used three theories of crime to identify macroeconomic variables that might indicate crime versus intelligence activity. Our results indicate that we can reject neither crime nor intelligence as possible explanations of these anomalies.
Bio: Prof. L. Jean Camp has a research agenda that is centered on the intersection of security and society, particularly on the intersection of security and economics. Professor Camp joined Indiana University’s School of Computing and Informatics after becoming an Associate Professor at Harvard’s Kennedy School of Government. She was affiliated with the Program for Internet and Telecoms Convergence for nearly a decade. While at Harvard she was affiliated with the National Center for Digital Government. Her first book, Trust and Risk in Internet Commerce, was the first to propose the now widely-used definition of trust as including privacy, reliability and security. She is the author of more than fifty peer-reviewed publications and sixteen book chapters in addition to her expository writings.
David E. Connett
Bio: Not Yet Available
Joshua M. Dalman
Profiles in Ransomware
Abstract: This talk will provide an overview of ransomware forensic investigations from a global investigations lead at one of the top 3 technology companies and a MSU instructor. This talk will discuss common ransomware attack vectors and discuss several real world scenarios.
Bio: Joshua M. Dalman is a second generation digital forensic examiner. Mr. Dalman has nearly a decade of digital forensics and incident response experience and has tackled hundreds of cases. Mr. Dalman has also earned recognition as an instructor, having developed material and trained countless members of the law enforcement community. Mr. Dalman has a Master of Science degree in digital forensics from the University of Central Florida. Mr. Dalman currently serves as a lead investigative specialist in the commercial sector.
Sam Dowling
Bio: Samantha Dowling is from the Home Office, based in London, UK. Samantha is head of the Cyber Crime Research Team in the Office for Security and Counter-Terrorism Research and Analysis Unit (OSCT R&A). Her team also covers research and analysis relating to fraud and online child sexual exploration. Samantha is a social researcher, with a background in psychology and research methods. Publications include:
Seth Edgar
Challenges in Securing Diverse Organizations
Abstract: Traditional security modeling and marketing has historically focused on verticals: financial threats for financial services, embedded device threats for critical infrastructure, etc. While this is great for niche industries, this structure does not map well to a wider use-case. This talk will focus on creative solutions to those problems in an diverse infrastructure, and where common solutions can be leveraged.
Bio: Seth Edgar is the Deputy Chief Information Security Officer for Michigan State University. Prior to coming to Michigan State, Seth worked as a security researcher and engineer for the MITRE Corporation and Naval Postgraduate School. Seth’s research work and interests are focused on reverse engineering, malware trends, penetration testing, and digital forensics.
Dr. Thomas Holt
Bio: Dr. Thomas Holt is an Associate Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror in outlets such as Crime and Delinquency, Sexual Abuse, the Journal of Criminal Justice, Terrorism and Political Violence, and Deviant Behavior. He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data.
Ken Hudok
Bio: Ken is an expert in cybersecurity, focusing on the development and execution of corporate security programs, strategic architecture, and cybersecurity operations. At Jackson, Ken leads the Enterprise Threat and Vulnerability Management program along with a team of ethical hackers.
Ken joined Jackson in 2016. Prior to Jackson Ken served a principal cybersecurity consultant for Promontory Financial Group out of Washington D.C. advising finance industry executives on cybersecurity and regulatory compliance. Prior to his time at Promontory, Ken served as global lead of the cybersecurity program for connected products at the Whirlpool Corp., where he was responsible for cybersecurity risk management, consumer privacy protection, and policy compliance. In addition, he developed global enterprise-vulnerability and incident-management frameworks to reduce corporate exposure to cybersecurity risk and compliance issues. With the MITRE Corp., Ken supported several U.S. governmental agencies on information security. He ad-vised the Department of Homeland Security on cybersecurity strategy, policy, and the development of technical architectures; served as the cybersecurity operations liaison embedded within the Defense Department’s Defense Information Systems Agency; and advised on developing security strategy and execution plans for Medicare and Medicaid throughout implementation of the Medicare Modernization Act. Prior to MITRE, Ken served on Sprint Corp.’s enterprise-architecture team, where he focused on developing security architecture and implemented several information-security projects related to identity management, access control, and customer privacy.
Dr. Thomas Hyslip
A survey of Stresser customers: The new Script Kiddies.
Abstract: Recent arrests and takedowns of Stressers have shown Stressers are very profitable and used by thousands of individuals to launch denial of service attacks. For example, the Titanium Stresser was used to launch more than 1.7 million DDoS attacks, and the operator profited almost $400k in a 2 year period. But there has been very little research into the customers of these services. This study will present the preliminary results of a survey of 800 registered Stresser users, as well as the analysis of over 50,000 registered users from 17 different Stressers.
Bio: Dr. Thomas Hyslip is currently the Resident Agent in Charge of the Department of Defense, Defense Criminal Investigative Service (DCIS), Cyber Field Office, Eastern Resident Agency. Prior to joining the DCIS in 2007, Dr. Hyslip was a Special Agent with the US Environmental Protection Agency, Criminal Investigation Division, and the US Secret Service. Throughout his 17 years of federal law enforcement, Dr. Hyslip has specialized in cybercrime investigations and computer forensics. Dr. Hyslip has testified as an expert witness on computer forensics and network intrusions at numerous federal, state, and local courts. Dr. Hyslip is also an adjunct Professor at Norwich University. Dr. Hyslip received his Doctor of Science degree in Information Assurance from Capitol College in 2014.
Marleen Weulen Kranenbarg
Bio: Not Yet Available
Dr. Scott McCormick
Key Areas of Security Risk for Connected Vehicles
Bio: –Scott has degrees in Mechanical and Aerospace Engineering, a Master’s in Business Administration, and Doctoral Research in Artificial Intelligence. Prior to CVTA, Scott was the first President of the VII Consortium and before that the Executive Director of the Automotive Multimedia Interface Collaboration, a nonprofit research organization of the world’s largest automakers.
–Scott is a former Advisor to the United States National Science Foundation and the Industrial Sector Representative to the US Federal Laboratories Technology Transfer Consortium. He is the founder and Chairman of the International Automotive Standards Organization, and the former Strategic Advisor to the United Nation’s International Telecommunications Union (ITU-T) Advisory Panel on Communication Standards to Vehicles. Scott is a member of the US ISO Technical Advisory Group. He co-founded and Chairs the Global Telematics Forum with trade associations from Europe, Korea, Australia, Taiwan and China.
–In March 2012, and again in 2014 and 2016, Scott was appointed by Congress to the ITS Program Advisory Committee to advise the Secretary of Transportation and Congress on matters relating to the study, development, and implementation of Intelligent Transportation Systems. In this capacity, Scott has chaired the Secretary’s Security Subcommittee since 2012.
–On June7th, Scott was inducted into the Automotive Hall of Fame in Detroit, Michigan. In August, the US State Department appointed Scott as the Transportation Consultant to the Asia Pacific Economic Community. In September, 2016, Scott was named Chief Advisor to the Shanghai International Auto Group’s demonstration test bed.
Rob McCurdy
Challenges in Securing Diverse Organizations
Abstract: Traditional security modeling and marketing has historically focused on verticals: financial threats for financial services, embedded device threats for critical infrastructure, etc. While this is great for niche industries, this structure does not map well to a wider use-case. This talk will focus on creative solutions to those problems in an diverse infrastructure, and where common solutions can be leveraged.
Bio: Rob McCurdy is currently Interim Chief Information Officer (CIO) for Michigan State University. Prior to serving in this role, Rob was the Chief Information Security Officer (CISO) for MSU. Rob has worked throughout the security industry in both the public and private sectors in roles ranging from consulting to multinational project development.
Tim Mielak
Securing a Non-Profit, Financial Sector Enterprise with Unconventional Strategies
Abstract: With limited money, time, and people, how can a non-profit enterprise secure itself against an ever-evolving threat landscape and meet an ever-increasing regulatory pressure? This presentation will describe a few unconventional techniques and strategies for becoming innovative in a business that typically plays it safe.
Bio: Timothy Mielak serves as the Chief Information Security Officer (CISO) at Michigan State University Federal Credit Union (MSUFCU). As CISO, he is responsible for developing and executing strategies to protect the Credit Union from internal and external information security threats and ensures the integrity of member and organizational data. Joining MSUFCU in 2016, Dr. Mielak was previously the Enterprise Security Officer at Alaska USA Federal Credit Union as well as an Adjunct Professor at the University of Alaska, teaching Computer and Network Security.Dr. Mielak received a Bachelor of Arts (BA) in Liberal Arts and Sciences from the University of Illinois, a Master of Arts (MA) in Music from Washington State University, and a Doctor of Musical Arts (DMA) in Computer Music Composition from the University of Missouri at Kansas City. His professional memberships include: InfraGard, Information Systems Security Organization (ISSA), and the Information Systems Audit and Control Association (ISACA).
Deviant Ollam
I’ll Let Myself In: Tactics of Physical Pen Testers
Abstract: Many organizations are accustomed to being scared at the results of their network scans and digital penetration tests, but seldom do these tests yield outright “surprise” across an entire enterprise. Some servers are unpatched, some software is vulnerable, and networks are often not properly segmented. No huge shocks there. As head of a Physical Penetration team, however, my deliverable day tends to be quite different. With faces agog, executives routinely watch me describe (or show video) of their doors and cabinets popping open in seconds. This presentation will highlight some of the most exciting and shocking methods by which my team and I routinely let ourselves in on physical jobs.
Bio: While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing’s best-selling pen testing titles. At multiple annual security conferences Deviant runs the Lockpick Village workshop area, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th. Deviant’s first and strongest love has always been teaching. A graduate of the New Jersey Institute of Technology’s Science, Technology, & Society program, he is always fascinated by the interplay that connects human values and social trends to developments in the technical world. While earning his BS degree at NJIT, Deviant also completed the History degree program at Rutgers University.
Ranjan Pal
Improving Network Security Through Cyber-Insurance – The Past, Present, and the Future
Abstract: In recent years, security researchers have well established the fact that technical security solutions alone will not result in a robust cyberspace due to several issues jointly related to the economics and technology of computer security. In this regard, some of them proposed cyber-insurance to be a suitable risk management technique that has the potential to jointly align with the various incentives of security vendors (e.g., Symantec, Microsoft, etc.), cyber-insurers (e.g., traditional insurance agencies, security vendors, ISPs, cloud providers, etc.), regulatory agencies (e.g., government), and network users (individuals and organizations), in turn paving the way for robust cyber-security. This talk will cover the journey of cyber-insurance over time in its relation to improving cyber-security. More specifically, we will initially focus on the conceptual beginning of cyber-insurance, its business logic (including how it can improve cyber-security), the market space, and its commercial success/failures. We will then talk about how the cyber-insurance market has currently shaped up to a multi-billion dollar industry, thanks primarily to multiple human/cognitive factors and pervasive technological advancements. We will also talk about how the current legal and policy space pose barriers to effectively handling cyber-insurance court cases. Finally, we will explore multiple research directions from various disciplines where each direction significantly contributes to a grand vision of a more robust cyber-space via cyber-insurance. We will end the talk with some suggestions for CISO’s on effectively dealing with cyber-insurance in the current (and forthcoming) digital age.
Bio: Ranjan Pal is a Research Scientist at the University of Southern California (USC), affiliated with both the Electrical Engineering and Computer Science departments, where he co-leads the Quantitative Evaluation and Design Group (QED). His primary research interests lie in the mathematical modeling, analysis, and design of cyber-security, privacy, communication networks, and the Smart Grid, using tools from economics, game theory, applied probability and statistics, algorithms, graph theory, information theory, and mathematical optimization. He received his PhD in Computer Science from USC in 2014, and was the recipient of the Provost Fellowship throughout his PhD studies. During his PhD, Ranjan held visiting scholar positions at the School of Engineering and Applied Science, Princeton University, USA, and Deutsch Telekom Research Laboratories (T-Labs), Germany. Prior to his Ph.D, Ranjan has held research positions at the Massachusetts Institute of Technology, University of California, National University of Singapore, Aalborg University, Indian Institute of Technology, and Indian Institute of Management. Apart, from being an applied mathematician, Ranjan also takes a light interest in information technology policy. His PhD research on cyber-insurance (the first ever Ph.D on cyber-insurance for inter-networked systems) has appeared in the USC News, and generated press interests from the MIT Technology Review. He has around 60 publications in journals, conference, book chapters, and workshops of international repute. Ranjan has also consulted on cyber-insurance for various companies, and is a member of the IEEE, the ACM, the American Mathematical Society (AMS), and the Game Theory Society.
Chris Patterson
Bio: Mr. Chris Patterson, Vice President and Treasury Consultant, PNC Bank Chris has ten years working experience in the financial sector; eight of those years have been with PNC’s Treasury Management group. During that time Chris has worked closely with large corporate, middle market and large healthcare clients while being with the Treasury Management Group. Chris held a Treasury Management Officer position for Large Corporate Healthcare covering the Southeast market at an AVP level for PNC Bank. The last couple years Chris has moved to the Treasury Consulting team, where his focus is assisting Large Corporations with review of organizational processes and recommendations for optimizing Working Capital Management.
Andrew Woodward
Bio: Mr. Andrew Woodward, Director, Chief Information Security Officer, Delta Dental of Michigan. Mr. Woodard joined Delta Dental in February 2015. He is the HIPAA Security Officer and is responsible for the overall IT security program, including strategic direction and day-to-day operations. Prior to joining Delta Dental, Mr. Woodard spent almost 12 years at Truven Health Analytics (formerly Thomson Reuters, currently an IBM company), with a focus on compliance and security, with promotions to Manager and then Director of Security Management. Prior to joining Truven Health Analytics, Mr. Woodard spent five years at EDS (now HP). Mr. Woodard holds an MBA from the New York Institute of Technology, a Graduate Certificate in Information Systems from Eastern Michigan University and a bachelor’s degree from Lake Superior State University. Mr. Woodard also holds two industry security certifications – Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).