Attending the third annual IT Security Entrepreneurs' Forum (ITSEF) at Stanford was my first showing at a Security Innovation Network (SInet) function. Unlike the usual security conferences/hackercons, which unearth specific vulnerabilities in great technical detail, this event provided a panoramic view of the current cyber security landscape, with a glimpse at its horizon.
This well orchestrated program, examining the strategic advances from collaborative innovation, delivered the collective insight of industry leaders from commercial and government sectors.
Initially welcomed by CSO publisher, and super nice guy, Bob Bragdon, we were treated to a brief introduction of the day's cyber security agenda. The opening keynote, delivered by NSA director Keith Alexander, was better than I had anticipated. Following a historic reflection of NSA achievements, Alexander presented a series of eye-opening cyber attack statistics. He then discussed some of the strategic initiatives the NSA and other government agencies are working towards. He provided some promising, yet lofty goals for creating unified threat standards, facilitated by improved collaborative efforts from commercial, academic and government sectors.
The first session included a panel discussion on the challenges and specific innovation needs of supply chain security risks. While effectively educating the audience and raising awareness, little was offered in terms of concrete solutions. Cisco CSO John Stewart openly discussed their past problems with counterfeit products, but other than the continued acknowledgement of this hardware threat, provided no feedback regarding current countermeasures. In all fairness, this conference was primarily a platform for identifying the global cyber security issues faced and how to address them through opportunities for industry collaboration. However, Stewart did reinforce the importance of an offensive security mindset (like hackers?) stating that Cisco needed more individuals who could think in "180 degree opposition to traditional security methods." Perhaps Michael Lynn is available.
The following panel discussion focused on areas of R&D for securing our critical infrastructure. Following an introduction to the 2009 National Infrastructure Protection Plan (NIPP), panelists from financial, telecom and energy sectors shared security issues facing their specific industries.
Lunch was presented as an "Information Sharing Hour", providing an opportunity for attendees to gather in an informal setting with security leaders from private industry, Federal Government, and venture capital. My personal treatment of that time was more of a "Food Eating Hour." Actually, I managed to snag a seat next to Lewis Shepherd, now the CTO for Microsoft's Advanced Technology in Governments. As a long time fan of his Shepherd's Pi blog (he kindly pretended to be a fan of mine), it was a pleasure to talk with him and hear about the latest developments of project Grey Goose.
The afternoon session began with a talk about the technological challenges faced to ensure mission assurance. The group of distinguished speakers included Richard Hale, Chief Information Assurance Executive of the Defense Information Systems Agency and Richard C. Schaeffer Jr. Information Assurance Director of the NSA, among others. They discussed plans to close current and future cyber vulnerability gaps, examining the specific details of IA metrics, technologies, processes, requirements, and operations needed to ensure a safe IA program.
The next paneled segment was titled, "Future Threats: What am I NOT Seeing on CNN?" Since I rarely watch CNN, it was interesting to see what I was missing. The group of industry experts talked about the security afterthoughts of the internet's infrastructure and some of its subsequent threats to physical security.
The final session of the day, delivered by ManTech Defense Systems Group President Dave Bryan, examined the process of forming technology partnerships. The retired US Army General promoted ManTech's massive cyber business campaign, encouraging the cooperative growth and development of emerging companies. Despite the advertising and marketing content of his presentation, Bryan was probably one of the most energetic and engaging speakers of the conference.
Pinch hitting for former director of national intelligence, Michael McConnell, the closing keynote was given by Symantec's retiring CEO, John Thompson. He gave an impressive speech, stating that it would be his last before retiring in April. Enrique Salem has some big shoes to fill.
You can reconnect with me at: greyhat@computer.org