Robert A. Martin, Senior Principal Engineer of the MITRE Corporation and member of the Industrial Internet Consortium Steering Committee has dedicated his career to working on solving some of the world’s most difficult problems in systems and software engineering – including cybersecurity, Y2K, and application security. Much of his work has focused on the interplay of risk management, cybersecurity, and quality assessment and assurance. Over the past 17 years, Robert has applied his expertise to international cybersecurity initiatives such as CVE, CWE, and assurance cases which each have large active vendor and research communities. Robert is currently engaged in the Industrial Internet Consortium, helping craft key portions of the Industrial Internet Reference Architecture, the Industrial Internet Security Framework, and the Vertical Taxonomy Landscape documents. He frequently makes presentations on IIoT, software security, secure development and test, assurance, computer vulnerabilities management, and related topics, and has authored numerous papers on these subjects.
Cybersecurity deals with threats that do not discriminate. As a result, enterprises large and small are at risk of being attacked from unexpected sources both inside and outside the system, whether intended or accidental. It represents a major threat to world safety and security. The Industrial Internet Consortium (IIC) believes that addressing this challenge is critical to the success of the Industrial IoT (IIoT), Industry 4.0 and the Industrial Internet revolution. To that end, IIC members have developed a common security framework and an approach to assess cybersecurity in IIoT systems. This talk will introduce the Industrial Internet Security Framework (IISF), maybe the most in-depth cross-industry-focused security framework available comprising expert vision, experience and security best practices. It reflects thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the benefit of all IIoT system deployments.
Bruce McConnell, one of the world’s leading experts on cybersecurity, leads the EastWest Institute’s Global Cooperation in Cyberspace Initiative, working with governments and the private sector worldwide to make cyberspace safer and more secure. Prior to joining EWI, he served as Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security, responsible for ensuring the cybersecurity of all federal civilian agencies and the most critical U.S. infrastructure. Previously, McConnell served on the Obama-Biden Presidential Transition Team, built and sold two consultancies, coordinated international Y2K preparations on behalf of the World Bank and United Nations, and served in the Executive Office of the U.S. President, where he co-chaired the White House interagency working group encryption policy.
Cyberspace touches every part of modern life and reaches almost everywhere on the planet. Trillions of dollars’ worth of information and financial value pass across the Internet every day. This valuable activity in cyberspace, conducted by humans and by machines, occurs in an insecure and ungoverned environment. Moreover, cybersecurity risk – its threats, vulnerabilities, and consequences – is not limited to the virtual world. Increasingly, malicious actors are using cyber techniques to destabilize or undermine the security of “regular” (i.e., terrestrial) human activity. These malicious cyber activities have been seen to translate into geopolitical security risks. The emerging international cyber ecosystem is not designed to manage these macro risks. The presentation will lay out the emerging governing elements of the ecosystem and analyze how they should be improved in order to make cyberspace safer and more secure for all legitimate uses.
Responsible organizations are beginning to manage their cyber security risk, but few address supply chain risk. This session will help organizations understand the risk they face from the global ICT supply chain – specifically, the risk of malicious taint and counterfeit products and components throughout the product life cycle: from technology development, through manufacturing and delivery, during deployment and operational life, and to end of life.
The session will highlight one of the most under-utilized ways to increase the availability of security products and services; that is, the power of buyers to influence providers and suppliers through the use of risk-informed security requirements in procurements. A tool to help buyers begin conversations with their providers – and with like-minded buyers – is the EastWest Institute (EWI) publication, "Purchasing Secure ICT Products and Services: A Buyers Guide."
The session will summarize the guide’s recommended approaches, and discuss the implications for buyers, suppliers, and government.
As a financial and telecommunications services technology risk, regulatory and security leader, David provides thought leadership and policy perspectives on a myriad of information security issues affecting global organisations. David has over 25 years of experience spanning Information risk management, security engineering and operations, customer security and telecommunications consulting in companies such as Standard Chartered, MCI WorldCom and Cable & Wireless.
David joined Singtel from JP Morgan Chase, where he was the Chief Information Security Officer for Asia Pacific and Latin America. He was principally responsible for managing large virtual teams, fostering close relationships with key clients, business partners and regulatory bodies across Asia Pacific, and evolving the firm’s cyber security agenda and risk and control environment.
David has a proven and successful track record in developing, managing and overseeing firm-wide security programmes, budgets and strategies, establishing a security operations centre from ground up to provide robust security monitoring and management services, and fostering and strengthening relationships with clients, business partners and regulatory bodies
Addressing the challenges of operating a Security Operations Center whilst embracing the need for operational efficiency. Discuss the need to operationalise automation, contextual intelligence and harnessing the power of data thus providing a world class service to customers. Designing a SOC for the future.
David Meltzer is a security industry pioneer bringing a unique blend of technical expertise, entrepreneurial skill and market vision to his current position as Tripwire's Chief Technology Officer. Meltzer joined Tripwire through its acquisition of nCircle, where he served as Chief Technology Officer and Vice President of Engineering. Immediately prior to joining nCircle, Meltzer was Founder and Chief Technology Officer at Cambia Security, where he pioneered the industry’s first agentless configuration compliance auditing solution. A respected security researcher who founded the industry’s first security vulnerability research group, the ISS X-Force, Meltzer is credited with the discovery of numerous security vulnerabilities.
A growing number of security teams are responsible for securing hybrid IT environments – a combination of physical servers, virtualization, private cloud and public cloud infrastructure. At the same time, application developers and IT teams are adopting new DevOps approaches to delivering and updating applications. Consequently, managing security across on-premises and off-premises environments, combined with these new methodologies, introduces unique security challenges and risks.
In this session, Tripwire’s Chief Technology Officer David Meltzer presents a streamlined approach for securing complex hybrid environments to reduce cybersecurity risk and increase operational uptime. Attendees will learn of emerging trends in the areas of public cloud services, DevOps tool chains and containerization, as well as how security controls are evolving to address them.
Key takeaways of this session include how to:
Lt. General Shaul Mofaz's illustrious career has included serving at the top levels of Israel's Military, Government and Parliament. He was Israel's Chief of Staff from 1998 to 2002, before which he served in five wars waged against Israel, reaching major leadership and command positions, including serving as Deputy Commander of the Entebbe Rescue Operation. In government, Mr. Mofaz served as Israel's Defence Minister Transportation Minister and Deputy Prime Minister. As a Member of Knesset, among other key positions, he chaired the Foreign Affairs and Defense Committee and headed the Israeli–US Strategic Dialogue.
Since 1998 Mr. Mofaz has worked in the area of cyber security and has been closely involved in national cyber security decision-making for the State of Israel. He is founder and chairman of Noga.T.Team, which provides cyber security to various countries' security organizations as well as private businesses. He is President of the International Cyber Conference in Israel.
Cyber-attacks have become the new non-conventional warfare. States and defense organizations can and do attack other states. Far more serious than attacks by individual criminal hackers, in these attacks territorial borders are meaningless and the results are far-reaching and devastating. Entire national health, safety, social and financial infrastructures can be suddenly shut down, causing enormous and often irreversible damage. The scope and capability of conventional weaponry is also increasingly dependent on computer systems involving cutting edge new technologies. Individuals and families, overwhelmingly dependent on a multitude of enormous systems cannot rectify the situation once a cyber-attack affects them.
Therefore, responsible national leadership must take wise preventive measures to safeguard the security of their people, their infrastructures and their entire way of life. Countries that don't have the foresight, as well as the technologies, to deal effectively with cyber threats will not survive.
What must informed responsible countries do?