ISAlliance July, 2008

Wednesday, July 2: Protective Programs and Research and Development (PPRD) Working Group meeting at 3. This group is responsible for the development of sector policy with respect to its partnership with Department of Homeland Security, including support for the continued development and refinement of the Sector Specific Plan and other documents associated with the National Infrastructure Partnership Plan and critical Infrastructure protection. Currently, this group is composed of two subgroups in cooperation with the Agency representatives on the Government Coordinating Council focused on the Sector Specific Plan. These subgroups include a Critical Functions and Information Sharing group as well as a Protective Programs and Research and Development group.
 

Thursday, July 3: IT-SCC Communications & By-Laws Tiger Team Meeting at 3. IT-SCC Members are in the process of conducting an annual review of the IT-SCC by-laws and communications materials.  The tiger team is being set up to conduct the review and provide draft materials for the remainder of the IT-SCC to review and vote on at the next plenary session on July 9th
 

Friday, July 4^th: Independence Day
 

Monday, July 7: IT-SCC Executive Committee conference call at 5. The Information Technology Sector Coordinating Council was established on January 27, 2006 for the purposes of bringing together companies, associations, and other key IT sector participants on a regular basis to coordinate strategic activities and communicate broad sector member views associated with infrastructure protection, response and recovery that are broadly relevant to the IT Sector. The IT sector envisions a secure, resilient, and protected global information infrastructure that can rapidly restore services if affected by an emergency or crisis, ensuring the continued and efficient function of information technologies, infrastructures and services for people, governments, and businesses worldwide. The Executive Committee manages the affairs of the IT-SCC in the same way that a board of directors would manage the affairs of a “for profit” company.

Tuesday July 8: CIP Planning Meeting at 2. The National Critical Infrastructure Protection Research and Development Plan highlights the targeted investments needed to help secure and fortify the nation's key infrastructures and resources from acts of terrorism, natural disasters, or other emergencies.
 

Wednesday, July 9: IT Sector Coordinating Council (IT-SCC) Plenary Quarterly Meeting at 9. The primary mission of the IT-SCC is to bring together key IT sector participants to discuss sector security issues and engage with the public and private sectors in all areas of critical infrastructure protection. The IT SCC was established for the purposes of serving as the focal point for Critical Infrastructure Protection (CIP) policy strategy collaboration within the sector, with other sectors, and across all government levels. The IT-SCC also serves as the base of IT sector representation to the Partnership for Critical Infrastructure Security (PCIS).

Thursday, July 10: IT Sector Coordinating Council (IT-SCC) Plans Working Group meeting at 3. This group is responsible for the development of sector policy with respect to its partnership with Department of Homeland Security, including support for the continued development and refinement of the Sector Specific Plan and other documents associated with the National Infrastructure Partnership Plan and critical Infrastructure protection. Currently, this group is composed of two subgroups in cooperation with the Agency representatives on the Government Coordinating Council focused on the Sector Specific Plan. These subgroups include a Critical Functions and Information Sharing group as well as a Protective Programs and Research and Development group.
 

Thursday, July 10: IT/COMM Briefing at 3. Threats to Network Infrastructure Resiliency.
 

Friday, July 11: Critical Functions and Information Sharing (CFIS) Working Group Meeting at 1. This group is responsible for the development of sector policy with respect to its partnership with Department of Homeland Security, including support for the continued development and refinement of the Sector Specific Plan and other documents associated with the National Infrastructure Partnership Plan and critical Infrastructure protection. Currently, this group is composed of two subgroups in cooperation with the Agency representatives on the Government Coordinating Council focused on the Sector Specific Plan. These subgroups include a Critical Functions and Information Sharing group as well as a Protective Programs and Research and Development group.
 

Tuesday, July 15: Legislative & Regulatory Task Force (LRTF) meeting at 9. The President’s National Security Telecommunications Advisory Committee (NSTAC) was created by Executive Order 12382 in 1982. It is chartered to provide critical industry–based advice to the President on national security and emergency preparedness (NS/EP) telecommunications and information systems matters. NSTAC is also a great example of a successful model of industry–Government collaboration. The NSTAC Outreach Task Force (NOTF) focuses on communicating NSTAC’s mission, its responsibilities, and issues to governments, academia, and other industry participants, so that those participants know there is a voice available to them in the system, and when a concern arises, how they can use that voice. The Legislative and Regulatory Task Force serves the President’s National Security Telecommunications Advisory Committee and provides Federal Support to Telecommunications Service Providers in National Emergencies.

Tuesday, July 15: Cross Sector Cyber Security Working Group (CSCSWG) meeting at 1. Managing cyber risk is an issue that cuts across all of the nation’s critical infrastructures and key resources, and across-sector perspective will ensure effective coordination to address cyber security in a collaborative manner with all of the sectors.  To meet this need, the Department of Homeland Security’s Assistant Secretary for Cyber Security and Communications, Greg Garcia, proposed to establish the CSCSWG under the auspices of the Critical Infrastructure Partnership Advisory Council (CIPAC).  The CSCSWG will serve as a forum to bring government and the private sector together to address common cyber security challenges and opportunities across the CI/KR sectors.
 

Tuesday, July 15: CIP Planning Meeting at 2. The National Critical Infrastructure Protection Research and Development Plan highlights the targeted investments needed to help secure and fortify the nation's key infrastructures and resources from acts of terrorism, natural disasters, or other emergencies.
 

Wednesday, July 16: IES Chairs Meeting, NCS. The Industry Executive Subcommittee manages the affairs of the NSTAC in the same way that a board of directors would manage the affairs of a “for profit” company.
 

 Wednesday July 16: NSTAC Outreach Task Force (NOTF) meeting at 11:30. The NOTF focuses on communicating NSTAC’s mission, its responsibilities, and issues to governments, academia, and other industry participants, so that those participants know there is a voice available to them in the system, and when a concern arises, how they can use that voice.

Monday, July 21: IT Sector Coordinating Council (IT-SCC) Executive Committee conference call at 5. The Information Technology Sector Coordinating Council was established on January 27, 2006 for the purposes of bringing together companies, associations, and other key IT sector participants on a regular basis to coordinate strategic activities and communicate broad sector member views associated with infrastructure protection, response and recovery that are broadly relevant to the IT Sector. The IT sector envisions a secure, resilient, and protected global information infrastructure that can rapidly restore services if affected by an emergency or crisis, ensuring the continued and efficient function of information technologies, infrastructures and services for people, governments, and businesses worldwide. The Executive Committee manages the affairs of the IT-SCC in the same way that a board of directors would manage the affairs of a “for profit” company.
 

Tuesday, July 22: Critical Infrastructure Protection (CIP) Planning Meeting at 2. The National Critical Infrastructure Protection Research and Development Plan highlights the targeted investments needed to help secure and fortify the nation's key infrastructures and resources from acts of terrorism, natural disasters, or other emergencies.
 

Tuesday, July 22: Department of Homeland Security (DHS) Software Assurance Program and workshop at 9.  The goal of this session is to continue to support the DHS Software Assurance Program along with related efforts of other Federal agencies.  To support this goal, we will bring together members of Government, industry, and academia with vested interests in software security to discuss and promulgate best practices and methodologies for software assurance. 

Wednesday, July 23: The fourth Symposium on Usable Privacy and Security (SOUPS) at Carnegie Mellon University in Pittsburgh. This symposium will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program features technical papers, workshops and tutorials, a poster session, panels and invited talks, and discussion sessions. SOUPS 2008 will begin with a Workshop on Usable IT Security Management (USM '08) and The Symposium on Accessible Privacy and Security. During this three-day event, you'll have an opportunity to hear from people doing cutting edge research as well as from industry folks who will report on their first hand experiences with usable privacy and security challenges. The popular SOUPS poster session as well as social events, breaks, and discussion sessions will provide opportunities to share ideas and network with other participants.

Thursday, July 24: ISAlliance & ANSI Homeland Security Standards Panel (HSSP) - Workshop on Developing a Framework to Analyze and Manage Financial Risk for Cyber Security. This Workshop is the latest in a series of homeland security initiatives that have have focused on standards supporting subject areas such as private sector preparedness (in partnership with the 9/11 Commission), perimeter security, biometrics, credentialing/access control for disaster management, and a number of others. The primary output of this Workshop will be the creation of a roadmap/framework encompassing the process for analyzing, managing and transferring financial risk for cyber security.  It will also include guidance on taking this risk analysis and incorporating it into business operations (e.g., business continuity planning, vendor management, insurance determination, etc.). The second in a series of workshops take place at the lower Manhattan offices of American International Group, Inc. and will involve a small group of invited stakeholders who will review the output from the first workshop and task group draft documents crafted after the kick-off workshop and subsequent task group conference calls. This plenary effort will lay the groundwork for delivering a final product for National Cyber Security Month (October 2008).

Thursday, July 24: Department of Homeland Security (DHS) Software Assurance Program and workshop at 9.  The goal of this session is to continue to support the DHS Software Assurance Program along with related efforts of other Federal agencies.  To support this goal, we will bring together members of Government, industry, and academia with vested interests in software security to discuss and promulgate best practices and methodologies for software assurance. 

Thursday, July 24: The fourth Symposium on Usable Privacy and Security (SOUPS) at Carnegie Mellon University in Pittsburgh. This symposium will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program features technical papers, workshops and tutorials, a poster session, panels and invited talks, and discussion sessions. SOUPS 2008 will begin with a Workshop on Usable IT Security Management (USM '08) and The Symposium on Accessible Privacy and Security. During this three-day event, you'll have an opportunity to hear from people doing cutting edge research as well as from industry folks who will report on their first hand experiences with usable privacy and security challenges. The popular SOUPS poster session as well as social events, breaks, and discussion sessions will provide opportunities to share ideas and network with other participants.

Friday, July 25: The fourth Symposium on Usable Privacy and Security (SOUPS) at Carnegie Mellon University in Pittsburgh. This symposium will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program features technical papers, workshops and tutorials, a poster session, panels and invited talks, and discussion sessions. SOUPS 2008 will begin with a Workshop on Usable IT Security Management (USM '08) and The Symposium on Accessible Privacy and Security. During this three-day event, you'll have an opportunity to hear from people doing cutting edge research as well as from industry folks who will report on their first hand experiences with usable privacy and security challenges. The popular SOUPS poster session as well as social events, breaks, and discussion sessions will provide opportunities to share ideas and network with other participants.
 

Friday, July 25: Critical Functions and Information Sharing (CFIS) Working Group Meeting at 1. This group is responsible for the development of sector policy with respect to its partnership with Department of Homeland Security, including support for the continued development and refinement of the Sector Specific Plan and other documents associated with the National Infrastructure Partnership Plan and critical Infrastructure protection. Currently, this group is composed of two subgroups in cooperation with the Agency representatives on the Government Coordinating Council focused on the Sector Specific Plan. These subgroups include a Critical Functions and Information Sharing group as well as a Protective Programs and Research and Development group.

 
Tuesday, July 29: Critical Infrastructure Protection (CIP) Planning Meeting at 2. The National Critical Infrastructure Protection Research and Development Plan highlights the targeted investments needed to help secure and fortify the nation's key infrastructures and resources from acts of terrorism, natural disasters, or other emergencies.

Wednesday, July 30: Critical Infrastructure Partnership Advisory Council (CIPAC) Plenary Meeting. The Department of Homeland Security has established the Critical Infrastructure Partnership Advisory Council (CIPAC) to facilitate effective coordination between Federal infrastructure protection programs with the infrastructure protection activities of the private sector and of state, local, territorial and tribal governments. The CIPAC represents a partnership between government and critical infrastructure/key resource (CIKR) owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection.
 

Thursday, July 31: ISAlliance & ANSI Homeland Security Standards Panel (HSSP) - Developing a Framework to Analyze and Manage Financial Risk for Cyber Security

Delivery of “final” framework document encompassing the process for analyzing, managing and transferring financial risk for cyber security including guidance on taking this risk analysis and incorporating it into business operations to Assistant Secretary Garcia for review.

This page from the ISA calendar provides handy links to webinars, documents, presentations and more items ISA distributed to members in July, 2008. As the name implies, this resource helps you identify and benefit from materials you may have missed the first time around. 

Authentication Protocols Based on Human Interaction in Security Pervasive Computing by Long Hoang Nguyen, Doctoral Student Oxford University Computing Laboratory

Abstract: A big challenge in pervasive computing is to establish secure communication without a PKI. A new approach is to build security though human work creating a low-bandwidth authentication channel (physical contact, human conversation) where the transmitted information is authentic and cannot be faked/modified. In this talk, we give a brief survey of authentication protocols of this type as well as concentrating on our contribution to this area. These are our proposed protocols and a new cryptographic primitive termed a Digest function that uniformly digests large information into a short authentication string (SAS, say 16 bits).
 

 We start with one-way authentication channel schemes, for example: protocol of Balfanz et al,  MANA 1 [GehrmannMitchellNyberg], and discovered that these neither optimize the human work nor offer as much security as had previously been believed (the latter only applies to MANA I). The analysis of these leads to a new security principle, termed "Separation of Security Concerns," under which protocols should be designed to tackle one-shot attacks and (offline) combinatorial search separately. This leads us develop a new series of one-way, pair wise and group protocols that are optimal in the human work. We will argue that these are potentially more computing cost effective than other solutions.
 

This is based on joint work with Prof. Bill Roscoe  More information about our work, which has appeared in Journal of Information and Computation, Proceedings of FCS-ARSPA 2006, and FCS-ARSPA-WITS 2008, is available at:

Evolving Cyber Threats by David Aucsmith, Senior Director of Microsoft’s Institute for Advanced Technologies in Government

Abstract: The talk will cover the evolving threat from cyberspace covering the malicious, criminal and state sponsored attacks.  It will be presented from an intelligence point of view.  That is, what do we know, how do we know it , and what do we do with the information? Information will be based on both industry and government experience.

June Webinars available to ISAlliance members - CLICK HERE

US-Cert Critical Infrastructure Information Notices

IT Sector Critical Functions and Information Sharing (CFIS) Group

NTIA Economic Security Working Group 6/24 Agenda

Homeland Security Intelligence Assessments

Joint Homeland Security Assessments

IT-SCC Material

ANSI-ISA Project: Developing a Framework to Analyze, Manage and Transfer Financial Risk for Cyber Security

June Documents and Presentations available to ISAlliance members CLICK HERE