2015 Adoption of Cybersecurity Technology Workshop
2015 ACT Workshop
March 3-5, 2015 | Sandia National Laboratories | Albuquerque, NM
AGENDA | USE CASES | BACKGROUND MATERIAL | FINAL REPORT
AGENDA last updated 10 April 2015
Early Badging - March 2, 2015
| 1200 - 1430 | Early Badging - Sandia Badge Office | Sandia POC |
Day 1 - March 3, 2015
| 0715 – 0800 | Badging /Travel to SNL Tech Area 1 | Sandia POC |
| 0800 - 0900 | Classified Threat Brief VTC | BLDG 810, Room 1102 |
| 0900 – 0910 | Welcome |
Mark Terhune, Sr. Mgr. Sandia |
| 0910 – 1000 | Phishing from the Front Lines | Matt Hastings, Senior Consultant, Mandiant/FireEye |
| 1000 - 1030 | Description of Workshop Activities/Review Agenda | Edward Rhyne, SCORE/DHS |
| 1030 – 1045 | BREAK | |
| 1045 – 1115 | Lightning Round: Participant Introductions | All |
| 1115 – 1200 | Discussion Group Breakouts/Stakeholder Experiences | All |
| 1200 – 1300 | Out brief by Discussion Groups | Group Representatives |
| 1300-1400 | Working Lunch | |
| 1315 | Secure Coding | Robert Seacord, Secure Coding Manager, CERT/SEI |
| 1400 - 1445 | Integrated Mitigations Framework (IMF) Briefing | Kevin Bingham, Technical Director, IAD Mitigations Group |
| 1445 - 1500 | Break | |
| 1500 – 1630 | Use Case Construct and Descriptions | Julie Haney, NSA |
| 1630 – 1700 | Next Steps/Team Assignments/Review Day 2 Agenda | Julie Haney, NSA |
| 1700 | Day 1 Adjourn | |
| 1900 | Announcement of Teams | ACT Workshop Website |
|
Dinner on your own - Review Use Case Assignments and Read Ahead Materials |
Day 2 - March 4, 2015
| 0730 – 0800 | General Networking (Coffee & Pastries) | All |
| 0800– 0810 | Agenda Review for Day 2 | Linda Hart, Cyber Pack Ventures |
| 0810 – 0900 | Bridging the Valley of Death | Dr. Douglas Maughan, Director of the S&T Directorate's Cyber Security Division |
| 0900 - 0910 | Call to ACTion - Discovery | Julie Haney, NSA |
| 0910 – 1200 | Breakout Session 1 – Study Use Case | All |
| 1200 – 1300 |
Working Lunch Techology Readiness Level Brief Round Table Mini Success Stories |
Orville Stockland Dan Wolf, Cyber Pack Ventures |
| 1300 – 1315 | Call to ACTion – Action Plans | Edward Rhyne, SCORE/DHS |
| 1315 – 1600 | Breakout Session 2 – Formulation of Action Plans | All |
| 1600 – 1630 | Next Steps/Review Day 3 Agenda | |
| 1630 | Day 2 Adjourn | |
| 1800 | The Workshop Dinner - Sadie's at the Star | No-Host/Transportation Provided (Pick-up Location: Marriott Albuquerque) |
Day 3 - March 5, 2015
| 0730 – 0800 | General Networking (Coffee & Pastries) | All |
| 0800 - 0810 | Agenda Review | Linda Hart, Cyber Pack Ventures |
| 0810 – 0900 | Accelerating Innovation in Security & Privacy Technologies, IEEE Cybersecurity Initiative (CybSI) | Greg Shannon, PhD, Chief Scientist, CERT Division, CMU/SEI, IEEE CybSI Chair |
| 0900 - 0930 | Call to Action Plan |
Julie Haney, NSA |
| 0930 -1030 | Breakout Session 3 – Formulation of Action Plans | All |
| 1030 - 1100 | Use Case 1 Out brief | Team 1 |
| 1100 - 1130 | Use Case 2 Out brief | Team 2 |
| 1130 - 1200 | Use Case 3 Out brief | Team 3 |
| 1200 - 1230 | Use Case 4 Out brief | Team 4 |
| 1230 - 1300 | Summary and Path Forward | Kathy Bogner, Chair-SCORE In McCann, Sandia |
| 1300 | Box lunch available for pickup | |
| 1300 | Day 3 Adjourn |
Use Case Read Aheads
Team Assignments are here.
Device Integrity
Please see the material in the blue NSA folder for read aheads for this use case.
Damage Containment
SCIT the digital vaccine - Arun Sood
Self-shielding Dynamic Network Architecture (SDNA) - Nicholas Evancich
Command and Control Requirements for Moving-Target Defense - Marco Carvalho
Defense of Accounts (Authentication and Credential Protection)
BAE v2.0 Overview Document Final Version 1.0.0 - Maria Vachino
Mobile Access Control for Emergency Responders - Maria Vachino
Guidelines for Derived Personal Identity Verification (PIV) Credentials - Maria Vachino
Guide to Attribute Based Access Control (ABAC) Definition and Considerations - Maria Vachino
Verifying Identity Credentials Service (VICS) Gateway - Maria Vachino
Identity Management (IdM) Testbed - Maria Vachino
S&T Identity Management Testbed - Karyn Higa-Smith
SAML 2.0 Subject and Protocol Profiles - Karyn Higa-Smith
Secure and Available Transport
Virtual Private Network Capability Package - In McCann
2015 ACT Worksop Final Report
The 2015 ACT Workshop Report dated 4 April 2015 is now available for viewing.
ACT Workshop Background Material
Manageable Network Plan Teaser (overview) and Manageable Network Plan (full document)
Networks often become unmanageable and rapidly get out of control. An unmanageable network is insecure. The Manageable Network Plan is a series of milestones to take an unmanageable and insecure network and make it manageable, more defensible, and more secure. It provides overall direction, offers suggestions, calls out crucial security tips, and gives references to books, Web resources, and tools.
IAD’s Top 10 Information Assurance Mitigation Strategies
ACT Workshop's Use Case Areas: The National Security Agency's Information Assurance Directorate's Top Mitigation Strategies.
Read Ahead Articles
A Brief Introduction to Usable Security
The authors examine research in usable computer security, starting with a historical look at papers that address two consistent problems: user authentication and email encryption. Drawing from successes and failures within these areas, they study several security systems to determine how important design is to usable security.
Privacy and Security Usable Security: How to Get it
Why does your computer bother you so much about security, but still isn't secure? It's because users don't have a model for security, or a simple way to keep important things safe.
Fishing for Phishes: Applying Capture-Recapture Methods to Estimate Phishing Populations
Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector