ACT 2015 Workshop Report_dated4 Apr 2015.pdf

Executive summary:

The Special Cyber Operations Research and Engineering (SCORE) Subcommittee sponsored the 2015 Adoption of Cybersecurity Technology (ACT) workshop at the Sandia National Laboratories in Albuquerque, New Mexico from 3-5 March 2015. In order to illuminate systemic barriers to adoption of security measures while potentially mitigating specific threats, the workshop focused specifically on countering the phishing threat and its aftermath.

This was the first in what is expected to be an annual workshop to address issues associated with barriers to adoption of cybersecurity technologies. Workshop participants were primarily government personnel, with some individuals from Federally Funded Research and Development Centers (FFRDC), academia, and industry. Successful mitigations require many different work roles to come together. ACT therefore invited four core groups of attendees: developers/researchers, decision-makers, implementers, and human behavior experts. Participants took time to share what works and what doesn't work from their perspective to move away from transactional engagements to richer experiences that will enhance the chances for success. Based on skills and interests, workshop participants were divided into Use Case Groups comprised of members from each core skill group noted above. Each Use Case Group explored, developed, and implemented action plans for that addressed fundamental aspects of the Adversary Attack Life Cycle. Four fundamental cybersecurity mitigation goals, derived from the attack life cycle, served as the framework for the overall Use Case development: Device Integrity; Authentication and Credential Protection/Defense of Accounts; Damage Containment; and Secure and Available Transport. Each Use Case Group focused on one of the mitigation framework goals. The workshop agenda included briefings on specific threat scenarios, relevant technology concepts, and briefings on cohorts' concerns to promote understanding among groups. The majority of the workshop, however, was focused on facilitated sessions that addressed the four use cases and the development of action plans to be implemented via 90 day spins after the workshop.

• The Device Integrity group chose to implement two tools to address the threat of malicious, unauthorized access, selecting two government networks for deployment.
• The Damage Containment group chose to assess user-system behavior by implementing a capability that enables the modeling and classification of user and systems behavior within the network, and selected two academic institution networks for implementation
• The Defense of Accounts group chose to look at strategies for securing emails and will be deploying the selected technologies on two government networks.
• The Secure and Available Transport group also focused on emails, selecting for deployment on one government network a technology that is already at Technology Readiness Level 7/8 and is operational in a limited environment.

Use case participants identified plans for each of the four 90-day Spins that they will brief to the ACT Organizing Committee. The Spin reports will address successes, challenges, and the specific steps taken to overcome roadblocks to the realization of the adoption of cybersecurity technologies. All of the Spin meetings will include updates from those responsible for implementing the chosen technology as well as use case team breakout sessions after the presentations. The four 90-Spin events will be: Spin 1 will be a 4 hour meeting held in the DC area during the week of 15 June; Spin 2 will be a day-long meeting held within a few hours of the DC area sometime in mid-September; the Spin 3 meeting will be held in early December. The final spin will coincide with the second ACT workshop and will be held at Sandia Labs in mid-March, 2016.