Day One: 27th January, 2010

09.00 Chairman’s Welcome And Opening Speech

Dr Dan Kuehl
Information Resources Management College (IRMC)
US National Defense University

09.10 Organisational Structures And Doctrine Evolution In The Face Of The Cyberspace War Fighting Domain

• How are you going to provide defence against the concept of cyber attacks?
• What are the necessary personnel structures to effectively retain cyberspace control and security?
• Evolving your software and hardware capabilities to meet the modern cyber threat

Dr Dan Kuehl
Information Resources Management College (IRMC)
US National Defense University

09.50 The USAF Cyber Command

• Overview of Cyber Command structure
• Defining the growing levels of threats we face
• Impact of strategic overlay between military and civilian security
• Overcoming political and legal challenges for developing coherent strategy for effective cyber defence

Major General Richard Webber
Commander 24th Air Force
US Space Command

10.30 Today’s Reality: Living In Compromise To Advanced Persistent Threats

• Nature and sources of threats facing public and private organizations and the gaps in current network visibility
• Technical reasons that advanced persistent threats are evading current perimeter-based point solutions such as IDS, log monitoring and flowbased technologies
• Advanced techniques for next generation network monitoring using advanced analytics of full packet captures, and the network visibility improvements provided by this approach
• Specific examples of adversary exploits (demonstrations) similar to trends observed within organized crime groups and state-sponsored attacks

Amit Yoran
CEO, NetWitness (Former First Cyber Security National Director for the U.S. Department of Homeland Security)
NetWitness Corporation

11.40 Horseshoes, Hand Grenades And File Entropy; Being Close In Cyber Warfare

In certain games and weapons you get points for being close. In cyber space, Hashing is not one of them. The term Fuzzy Hashing is used to describe a process based application of traditional hashing. The process involves parsing a file into a number of smaller parts and hashing these individually. The premise is it is possible to determine content similarity by comparing segment hashes and presenting them as a percentage of match. However, because of the nature of hash standards, this is easy to circumvent.

The session will show the use of Entropy processing technology and how it yields more accurate results in a fraction of the time of Fuzzy Hashing. This process is being put to use operationally in an attempt to perform attribution of malware against a static repository of previously analyzed and attributed code. For instance, if during forensic and subsequent other intelligence activities, an agency was able to pinpoint the nexus of a piece of malware and definitively determine that a specific hacker or group was responsible for creating the code, then it stands to reason that any future code discovered on a network that shared that same rough signature could be tied back to a source.

Jim Butterworth
Senior Director of Cyber Security
Guidance Software

12.20 Challenges With Implementing Computer Network Defence (CND)

• Overview of the UK MoD CND operations
• The MoD approach to CND development
• Challenges for the wider community

Group Captain Ian Kirkwood
Deputy Head, Chief Information Officer, J6 Operations
UK MoD

14.00 Cyber Defence As An Overall Approach Versus CNO As Military Operations

• Development of cyber defence for the Danish MoD
• Vision of CNO for the future of the Danish Armed Forces
• Military and industry partnering for the provision of security solutions

Major Frank Nielsen
Branch Head, Strategic Plans and Concepts
Danish MoD

14.40 USAF Cyber Architecture And Network Integration In CNO

• Air Force Network Integration Centre’s role in cyberspace operations
• Ensuring fully integrated Computer Network Defence for increased protection
• Development of cyber architectures for the US DoD
• Construction of access: Operation of the network with defence and attack capabilities

Colonel John Odey
Commander, Network Integration Center
USAF

15:50 Information Warfare And National Security Policy In Switzerland: Information Conflict Zone And Major Strategic Risk

• Information warfare challenges in the contemporary threat within the national security strategy
• Overcoming technological and semantic challenges and growing international understanding of informational threats
• Threat contours, actors, motives and tools at the disposal of adversaries
• Responsibility and actions for the future of the Swiss security policy

Colonel (GS) Gerald Vernez
Chief Of Staff of the Armed Forces' Joint Staff
Swiss Armed Forces

16.30 Defining The Cyber Security Threat And Defining Cyber Warfare

• Challenges with identifying the source of the cyber security threat
• Political Importance of improved coordination
• Globalisation versus regulation in developing cyber security solutions

Professor Peter Sommer
Visiting Professor, Information Systems, Integrity Group
London School of Economics

17.10 Cyber Defence Management In The Italian MoD

• An outline on the IT MoD Cyber Defence organization: mission, activities and relationships
• The “Early Warning Service”: a valuable help for users in assets protection and incident prevention
• Monitoring the networks: systems, products, procedures
• The IT MoD vision on cyber security incident handling
• The importance of training personnel: focus on cyber defence exercises
• Relationship and co-operation with National and NATO cyber defence organizations
• Current cyber defence evolution and challenges picture

17.50 Chairman’s Closing Remarks And End Of The Day