Advanced Persistent Threat: Industrial Strength Hacking

February 8th, 2011 at Noon

Today’s cybersecurity threat continues to evolve into a broad and sophisticated range of adversaries with the skills, resources, patience and motivation to accomplish their goal. Whether it is the theft of intellectual property, state secrets, or the disruption/destruction of critical systems and infrastructure that power our economy and ensure our National security, our Nation is at risk. America’s cybersecurity against the Advanced Persistent Threat depends on Information Technology as never before. However, it is more than a technology issue. Cybersecurity requires an integrated approach across the full spectrum of people, process and technology to leverage and provide a way of thinking and action to address the issues. The threat to our National economic prosperity and cybersecurity has never been greater and is advancing at a rapid pace in its persistence every day. The goal of this discussion is to explore how the threat has evolved, what the implications are for business leaders, government officials, and our society, and an approach to address this growing challenge.

Jeffrey Carr– Author, Inside Cyber Warfare, and Chief Executive Officer, Taia Global
Larry Clinton– President, Internet Security Alliance
Anup Ghosh, Ph.D.– Founder & Chief Scientist, Ivincea
Catherine Lotrionte, Ph.D.– Professor, Associate Director, Georgetown Institute of Law, Science and Global Security and Director of Georgetown’s Cyber Project
Gary McGraw, Ph.D.– Chief Technology Officer, Cigital


Moderator: Bill Stewart – Senior Vice President Booz Allen Hamilton

About the Panel:

Bill Stewart
Senior Vice President
Booz Allen Hamilton

William Stewart is a Booz Allen Hamilton Senior Vice President with more than 25 years of professional experience in designing, developing, and deploying cybersecurity solutions. He leads the firm’s Cyber Technologies Center of Excellence, which includes 1,800+ consultants who support clients across the commercial, civil, defense, and security markets. Mr. Stewart and his team create cutting-edge strategies and solutions to help clients secure their most critical business systems and accomplish mission-critical goals. Securing cyberspace is a complex, multifaceted challenge, for which Mr. Stewart’s team provides full lifecycle support and a multidimensional response with services such as:

  • Business and market strategy
  • Policy planning and program management
  • Research and development
  • Systems engineering and architecture
  • Systems test and integration

By viewing the cyber challenge in a broad context and by strategically integrating technology, operations, culture, management, and policy change, he continues to successfully meet client objectives. An experienced strategist and leader, Mr. Stewart helped build Booz Allen’s capability to lead top-tier federal agencies and commercial organizations toward enhanced security best practices. He worked on behalf of several clients to develop the public key and privilege management technology that is a major component of the industry’s best practices today.

Before joining Booz Allen, Mr. Stewart worked for a major electronics firm where he developed communications security and key management devices. He also served as a Signal Officer, Battalion Commander, Brigade/Battalion S-3, and Company Commander in the U.S. Army. He has a M.S. degree in electrical engineering from Drexel University and a B.S. in engineering from Widener University.

Jeffrey Carr
Taia Global, Inc.
Author, “Inside Cyber Warfare: Mapping the Cyber Underworld” (O’Reilly Media, 2009)

Jeffrey Carr is the founder and CEO of Taia Global, author of “Inside Cyber Warfare” and the founder of Project Grey Goose, an open source investigation into cyber conflicts including the Russia Georgia war (2008) and, more recently, Attacks against Critical Infrastructure.

Mr. Carr is a recognized authority on cyber conflict and security who specializes in the investigation of network attacks against governments, corporations, and critical infrastructure by State and Non-State actors. He regularly consults with agencies of the U.S. and allied governments on Russian and Chinese cyber warfare strategy and tactics as well as new and emerging threats. His book “Inside Cyber Warfare” has been endorsed by General Chilton, Commander USSTRATCOM and his Chief of Staff MG Abraham Turner, among others, and he has been asked to speak on these issues at numerous venues including the Defense Intelligence Agency, US Army War College, Air Force Institute of Technology, Chief of Naval Operations Strategic Study Group, and NATO’s CCDCOE Conference on Cyber Conflict.

Blog Forbes Firewall

Larry Clinton
Internet Security Alliance

Larry Clinton is President and CEO of the Internet Security Alliance (ISA). ISA is a multi-sector industry group created by the former Chairman of the U.S. House Committee on Intelligence and Carnegie Mellon University. ISA’s mission is to integrate advanced technology with the business needs of the owners and operators of the Internet and to create enlightened public policy that leads to a sustainable and secure Internet. ISA represents major corporations from the Aviation, Banking, Communications, Defense, Insurance, Manufacturing, Technology and Security industries.

ISA has articulated its pro-market approach to cyber security through the two editions of its “Cyber Security Social Contract.” When the Obama Administration released its own policy paper for cyber security, the Cyberspace Policy Review, the first document it quoted was the ISA Social Contract. In fact, the Administration’s Executive Summary both begins and ends by citing the ISA, and more than a dozen ISA white papers are cited in the Administration’s policy review – far more than any other source.

In 2009, the U.S. State Department sent Larry to Estonia to brief the NATO Cyber Security Center of Excellence on the ISA Social Contract model. In addition to the Social Contract model, ISA has also taken on other projects to address cyber security from an enterprise-wide, risk management perspective. ISA’s two most recent publications on this topic are: “The Financial Management of Cyber Risk,” and “50 Questions Every CFO should be asking about Cyber Security.”

As a result of his work at ISA, Larry is known as one of the most reliable sources on cyber security in Washington, D.C. He has been featured on CBS News, Fox News, CNN, C-SPAN, CNBC “Power Lunch” and CNBC “Squawk on the Street”. In addition he is frequently included in numerous print and radio media outlets including the Washington Post. Larry has also written numerous articles and best practice manuals on cyber security and has served as editor of two professional journals on the subject. Larry is regularly called upon to testify before both the U.S. House and Senate.

Prior to his work with ISA, Larry held a teaching position at the University of Illinois and was the Legislative Director for the current Chairman of the U.S. House Subcommittee on Telecommunications and the Internet, Rick Boucher. In addition, Larry was the Vice President of the US Telephone Association (now the US Telecom Association) prior to joining ISA in 2002.

Anup Ghosh, Ph.D.
Founder & Chief Scientist

Dr. Anup K. Ghosh is Founder and Chief Scientist of Invincea, Inc, a venture-backed security software start-up developing next generation Internet security products to protect desktops and computer networks. Invincea’s flagship product, Invincea Browser Protection, is a secure platform for Web browsing based on virtualization technology.

Ghosh also holds a position as Research Professor in George Mason University’s Volgenau School of Information Technology and Engineering. Ghosh was previously Senior Scientist and Program Manager in the Advanced Technology Office of the Defense Advanced Research Projects Agency (DARPA) where he managed an extensive portfolio of information assurance and information operations programs. Ghosh previously served in executive management as Vice President of Research at Cigital, Inc. He has served as principal investigator on contracts from DARPA, NSA, and NIST’s Advanced Technology Program and has written more than 40 peer-reviewed conference and journal articles. Ghosh is also author of three books on computer network defense. For his contributions to DoD’s information assurance, Dr. Ghosh was awarded the Frank B. Rowlett Trophy for Individual Contributions by the National Security Agency in November 2005. Ghosh received his PhD in Electrical Engineering from the University of Virginia in 1996.

Catherine Lotrionte, Ph.D.
Associate Director
Georgetown Institute of Law, Science and Global Security and Director of Georgetown’s Cyber Project

Dr. Lotrionte is the Associate Director of the Institute for Law, Science & Global Security, Visiting Professor of Government and Foreign Service at Georgetown University and the Director of Georgetown University’s CyberProject. From 2002 to 2006 she served as Counsel to the President’s Foreign Intelligence Advisory Board at the White House. In 2002 she served as a legal counsel for the Joint Inquiry Committee of the Senate Select Committee on Intelligence. Prior to that, Professor Lotrionte was Assistant General Counsel with the Office of General Counsel at the Central Intelligence Agency. At Georgetown she teaches courses on intelligence law, international law and foreign policy and directs the cyber and nonproliferation projects through the Institute for Law, Science & Global Security. Professor Lotrionte earned her PhD from Georgetown University and her JD from New York University and is the author of numerous publications, including two forthcoming books, Cyber Policy: An Instrument of International Relations, Intelligence and National Power and U.S. National Security Law in the Post-Cold War Era. She is a life member of the Council on Foreign Relations.

Gary McGraw, Ph.D.
Chief Technology Officer

Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software, Invincea, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT).