“Now that We’re in a Hybrid War…”

The war Russia has waged on Ukraine has seemed largely kinetic, but the most effective weapons weilded thus far have been consumer technologies. Putin has pursued a hybrid warfare strategy, yet the Ukrainians have fought his mendacious claims with the realities of conflict captured by mobile devices and social media. Bogged down by guerilla fighting in Ukrainian cities, Putin will view offensive cyber action and aggressive information warfare as increasingly appealing options. Richard Clarke, former U.S. National Coordinator for Security, Infrastructure Protection and Counterterrorism, and the nation’s first “Cyber Czar,” will give us an inside look at what the world has learned about the spillover of warfare in an era of advanced cyber threats. 

In his latest book, The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats, Clarke delves deep into the political and economic calculations of cyber conflict. He also provides concrete steps that can be taken to achieve cyber resilience, during peacetime and amidst international conflict, including building more resistant systems and raising the costs for escalations in cyberspace.

Richard A. Clarke served for thirty years in national security policy roles in the US Government, first in the Pentagon, then the State Department, and finally for an unprecedented decade of continuous service for three Presidents in the White House.

In the White House National Security Council for President Bush (41), Clinton, and Bush (43) he served as Special Assistant to the President for Global Affairs, National Coordinator for Security and Counter-terrorism (“Terrorism Czar’), and Special Advisor for Cyberspace (the first “Cyber Czar”).

Earlier, in the State Department he had been appointed as Deputy Assistant Secretary for Intelligence in the Reagan Administration and was confirmed by the Senate as Assistant Secretary of State for Politico-Military Affairs in the Bush (41) Administration. In the latter capacity, he coordinated elements in support of the First Gulf War. In the Pentagon and the State Department, he participated in a series of multilateral and bilateral nuclear arms control negotiations.

Following his government career, Dick Clarke was an on-air analyst for ABC News for fifteen years, taught at the Harvard Kennedy School for five years, lead a security risk management consulting firm (Good Harbor), and served on corporate advisory boards and Boards of Directors, as well as chairing or serving on state and federal advisory boards on cybersecurity (including President Obama’s Advisory Group on Technology and Intelligence, the “NSA Review Group”).  He is the Chair of the Board of Governors of the Middle East Institute, an eight decade old educational institution based in Washington. He was a member of President Obama’s 2008 Transition team.

Clarke’s books include both non-fiction (5) and fiction (4). His seminal work on terrorism and al qaeda, Against All Enemies, was a number one NY Times best seller. His 2010 volume Cyber War, co-authored with Rob Knake, was a Washington Post bestseller and acknowledged as an early and foundational book in the field. Its sequel, the Fifth Domain; Defending our Country, our Corporations and Ourselves in the Age of Cyber Threats, also written with Knake, was published in 2019.

Clarke is the host of the FUTURE STATE podcast. He is the recipient of membership in the Cybersecurity Hall of Fame, the RSA Lifetime Achievement Award, and the Champion of Freedom Award from the Electronic Privacy Information Center. A graduate of Boston Latin School, the University of Pennsylvania, and MIT, Dick Clarke is a resident of Virginia.

“Network Security in a Zero Trust World”

Abstract: Zero Trust Architectures and encryption are transforming network security, and new protocols like QUIC, TLSv1.3, and encrypted DNS are changing how access control is provided and where Indicators of Compromise appear.  Software security agents can monitor communication on the hosts where they are run, but this still leaves visibility gaps in the ‘implicit trust zone’ of unmanaged software and non-enterprise assets.  Encrypted sessions protect mission-critical data sent to and from clouds and remote data centers, but can also hide malware and insider threats.  Network protocol fingerprinting and network scanning are taking on increasingly important roles, detecting devices and sessions that are compromised, vulnerable, or evasive, and protecting against scans and remote attacks.  Encrypted traffic may need to be decrypted and inspected in some environments, but in many others, encrypted traffic analysis is needed.  Lastly, Extended Detection and Response architectures that analyze network-detected and host-detected events together can recognize complex behaviors that might otherwise be unfound.  This presentation surveys these technology trends, and highlights the expanding and changing role of network data analysis in cybersecurity. 

David McGrew is a Fellow at Cisco Systems, where he leads research and development to detect threats, vulnerabilities, and attacks using network data, and to protect data through applied cryptography. He pioneered the commercial use of encrypted traffic analysis to defend networked information systems, designed authenticated encryption and secure voice and video standards that are in widespread use, most notably GCM and Secure RTP.

David has created and contributed to open source projects, published research results, championed open, patent/royalty-free cryptography, and co-founded the IRTF Crypto Forum Research Group. Prior to joining Cisco, he was a cryptographic scientist at Trusted Information Systems. He holds a PhD in Physics from Michigan State University and lives in Maryland, the capitol of cybersecurity. Outside of work, he enjoys Linux, boating, sports cars, jazz records, and guitar.

Brandon Wales is the Cybersecurity and Infrastructure Security Agency’s (CISA) first Executive Director, serving as the senior career executive helping oversee execution of CISA operations. He is responsible for leading long-term strategy development, managing CISA-wide policy initiatives and ensuring effective operational collaboration across the Agency.

From November 17, 2020 though July 12, 2021, he was designated as the Acting Director of CISA. In this capacity, Wales oversaw CISA’s efforts to defend civilian networks, manage systemic risk to national critical functions, and work with stakeholders to raise the security baseline of the Nation’s cyber and physical infrastructure. During his tenure as the acting Director, he led the agency’s response to the SolarWinds Orion Supply Chain Attacks, Microsoft Exchange vulnerabilities, the Colonial Pipeline ransomware attack, Pulse Connect Secure vulnerabilities, and the Kaseya VSA supply chain ransomware attack, among many others, while seeing the Agency through the final phase of the CISA 2020 Agency re-organization.

Prior to serving in his current capacity, Wales directly supported the Secretary of Homeland Security from August 2017 to December 2019. Beginning as the Senior Counselor to the Secretary for Cyber and Resilience, Wales was responsible for advising on cybersecurity, emergency management, incident response and building a more resilient nation. Following that assignment, he was asked to serve as the Deputy Chief of Staff (Acting), developing and advancing the Department’s strategic priorities. In June 2019, Wales assumed the role of Chief of Staff (Acting), assisting the Secretary in overseeing the Department, ensuring close coordination across its operational components and managing interagency relationships.

Dr. Clifton works on data privacy, particularly with respect to analysis of private data. This includes privacy-preserving data mining, data de-identification and anonymization, and limits on identifying individuals from data mining models. He also works more broadly in data mining, including data mining of text and data mining techniques applied to interoperation of heterogeneous information sources. Fundamental data mining challenges posed by these applications include extracting knowledge from noisy data, identifying knowledge in highly skewed data (few examples of “interesting” behavior), and limits on learning. He also works on database support for widely distributed and autonomously controlled information, particularly issues related to data privacy.

Petros Drineas is a Professor and Associate Head at the Computer Science Department of Purdue University. He earned a PhD in Computer Science from Yale University in 2003 and a BS in Computer Engineering and Informatics from the University of Patras, Greece, in 1997. His research interests lie in the design and analysis of randomized algorithms for linear algebraic problems, as well as their applications to the analysis of modern, massive datasets, with a particular emphasis on the analysis of genetics data. Prof. Drineas has published over 140 papers (cited over 11,500 times) in theoretical computer science, applied mathematics, and genetics venues, including the Proceedings of the National Academy of Sciences, PLOS Genetics, Genome Research, the Journal of Medical Genetics, PLoS One, and The Annals of Human Genetics.

Dr. Fegelman began his career as a General Surgeon and then transitioned into Medical Affairs for product development. As Chief of Surgery at The Cincinnati Jewish Hospital, Dr. Fegelman led the entire clinical and academic surgical service line at a tertiary teaching hospital. Driven to take the clinically complex into revenue enhancing products and services, he then moved into Medical Affairs and most recently served as Vice President and Therapeutic Area Expert at Johnson & Johnson Medical Devices Companies (JJMDC), focusing on the Ethicon business. At Kaleidoscope, Dr. Fegelman offers clinical advice on medical product development and expert input on medical product risk assessments. Outside of the office, Dr. Fegelman enjoys traveling, motorcycling and trying exotic local foods.

Brandon Wales is the Cybersecurity and Infrastructure Security Agency’s (CISA) first Executive Director, serving as the senior career executive helping oversee execution of CISA operations. He is responsible for leading long-term strategy development, managing CISA-wide policy initiatives and ensuring effective operational collaboration across the Agency.

From November 17, 2020 though July 12, 2021, he was designated as the Acting Director of CISA. In this capacity, Wales oversaw CISA’s efforts to defend civilian networks, manage systemic risk to national critical functions, and work with stakeholders to raise the security baseline of the Nation’s cyber and physical infrastructure. During his tenure as the acting Director, he led the agency’s response to the SolarWinds Orion Supply Chain Attacks, Microsoft Exchange vulnerabilities, the Colonial Pipeline ransomware attack, Pulse Connect Secure vulnerabilities, and the Kaseya VSA supply chain ransomware attack, among many others, while seeing the Agency through the final phase of the CISA 2020 Agency re-organization.

Prior to serving in his current capacity, Wales directly supported the Secretary of Homeland Security from August 2017 to December 2019. Beginning as the Senior Counselor to the Secretary for Cyber and Resilience, Wales was responsible for advising on cybersecurity, emergency management, incident response and building a more resilient nation. Following that assignment, he was asked to serve as the Deputy Chief of Staff (Acting), developing and advancing the Department’s strategic priorities. In June 2019, Wales assumed the role of Chief of Staff (Acting), assisting the Secretary in overseeing the Department, ensuring close coordination across its operational components and managing interagency relationships.

Professor Grama’s research interests span the areas of parallel and distributed computing architectures, algorithms, and applications. His work on distributed infrastructure deals with development of software support for dynamic clustered and multiclustered environments. More recent work has focused on resource location and allocation mechanisms in peer-to-peer networks. His research on applications has focused on particle dynamics methods, their applications to dense linear system solvers, and fast algorithms for data compression and analysis.

Professor Grama has authored several papers and co-authored a text book Introduction to Parallel Computing: Design and Analysis of Algorithms with Vipin Kumar, Anshul Gupta, and George Karypis. He is a member of American Association for Advancement of Sciences and Sigma Xi.

Dr. Gruenwald co-founded Blue Wave AI Labs in 2016. Blue Wave solves technologically complex and economically impactful problems through the application of a wide variety of AL/ML techniques. The Blue Wave team works with Exelon, Southern Nuclear Power, and Cooper Nuclear plant as well as the US Department of Energy and the US Department of Defense. Exelon credits Blue Wave with saving them over $22M during the last two years by use of its AI based algorithms which predict plant conditions two years into the future. Blue Wave also works closely with the defense department providing AI-based algorithms to speed hypersonic design, characterize battle strategy, and other problems important to national security.

Tom has over three decades of leading dynamic, technology-based, growth business in the telecom equipment, service, and software industries. During his career he served as CIO, CTO, EVP/GM at Tellabs, which he helped grow from $200M to $3.3B at its peak.

He has had P&L responsibility for $800M businesses at Tellabs and has initiated internal start-up businesses while at Tellabs. Additionally, he was an Assistant professor of Physics at the University of Portland and a Division Manager at Bell Laboratories. He holds a Ph.D. and an M.S. in theoretical physics from Purdue University where he was awarded the George Tautfest Award for outstanding graduate research. Tom holds a B.S. in Physics from the University of Cincinnati. He was a Purdue School of Science Outstanding Alumnus in 2008.

Dr. Umit Karabiyik is an Assistant Professor in the Department of Computer and Information Technology at Purdue University. Prior to his appointment at Purdue, Dr. Karabiyik was an Assistant Professor in the Department of Computer Science at Sam Houston State University from 2015 to 2018. Dr. Karabiyik received his M.S. and Ph.D. degrees from Florida State University in 2010 and 2015 respectively. His research interests broadly lie in Digital and Cyber Forensics, User and Data Privacy, Artificial Intelligence, Computer and Network Security. He is a recipient of federal grant from National Institute of Justice on Targeted Forensic Data Extraction from Mobile Devices. He is an Associate Editor-in-Chief for Journal of Digital Forensics, Security and Law, and technical program committee (TPC) member of high quality international conferences in Digital Forensics and Security.

Dr. Young Kim is an Associate Professor of Biomedical Engineering at Purdue University. Dr. Kim earned his B.S. in Mechanical Engineering from Hanyang University, and an M.S. and Ph.D. in Biomedical Engineering and an M.S. in Clinical Investigation from Northwestern University. Dr. Kim’s research interests are in understanding light propagation in biological tissue, developing advanced biophotonics techniques for the quantification of physiological conditions and diseases such as cancer, and further translating these techniques to clinical settings and epidemiological studies. In particular, he is developing novel tissue spectroscopy/imaging techniques for early cancer detection, for monitoring efficacy of chemotherapy, and for surgical resection guidance.

Dr. Ashish Kundu is currently at Cisco Research as its Head of Cybersecurity Research.He is a distinguished scientist, a leader in the area of Security, Privacy, Compliance. He worked at Nuro as its Head of Cybersecurity, and as Research Staff Member at IBM T J Watson Research Center. He has led security, privacy and compliance of self-driving cars, tele-operated driving, cloud-based healthcare, and cloud-based AI-driven education platforms. His research has led to more than 160 patents filed with more than 140 patents granted, and more than 45 research papers.  He is an ACM Distinguished Member, and has also been an ACM Distinguished Speaker. He has been honored with the prestigious Master Inventor recognition multiple times by IBM Research. Dr. Kundu received his Ph.D. in Cybersecurity from Purdue University in 2010 and his doctoral research at Purdue University received the prestigious CERIAS Diamond Award for outstanding contributions to cybersecurity.

Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). He enjoys tackling both technical and business challenges and has a side interest in organizational behavior and leadership. Brandon is a Co-chair of the CNCF Security TAG, and as a part of Google’s Open Source Security Team, he works on improving the security of the Open Source ecosystem. Previously at IBM Research, Brandon dived into problems at the intersection of Cloud and Security, working on various security areas such as: Container content protection via encryption and image signing, identity, and techniques to reduce the attack surface on the kernel.

Dr. Satish V. Ukkusuri is a Professor in the Lyles School of Civil Engineering at Purdue University since July 2014 where he teaches courses in transportation systems and freight and logistics planning. Previously, he was an Associate Professor at Purdue University from 2009-2014 and on the faculty of the Department of Civil and Environmental Engineering at the Rensselaer Polytechnic Institute from August 2005 - August 2009.

Dr. Suranjan Panigrahi is a professor in the department of Electrical and Computer Engineering Technology at Purdue University, USA. He has 29 years of comprehensive experience in research, teaching and outreach and administration. He has cross-disciplinary training and expertise in engineering, biological systems, sensors, electronics, intelligent information technologies, and management science. His research focuses on intelligent sensors, informatics, smart systems, IOT (internet of things), intelligent model and devices for biological, safety and healthcare systems. As an innovator and inventor of multiple technologies, his group adopts interdisciplinary systems-based approach in creating solutions. He also teaches courses on courses on computer vision system and advanced embedded system development (including security). At present, his group is working on intelligent health-care informatics (including the development of intelligent models, explainable AI and machine learning) and the use of IOT platform for personalized health and telemedicine.  One of the current research interests of his group is in adopting a holistic approach for analyzing and developing technological framework with multiple constraints (including cybersecurity) for healthcare applications.

Joel Rasmus is the managing director for Purdue University’s Center for Education and Research in Information Assurance and Security (CERIAS); one of the largest and top-ranking interdisciplinary academic institute in North America focusing on cyber and cyber-physical assurance, security, privacy and resiliency. Rasmus joined Purdue in 2002, bringing with him more than 15 years of experience in project management. At CERIAS Rasmus developed a strategic partnership program that provides a formalized link between the University and industry. The program fosters tech transfer, basic and applied collaborative research, professional consultation and targeted student recruitment mechanisms. The CERIAS Strategic Partnership Program has led to unprecedented industry-academic integration with a number of commercial research programs. Rasmus also spearheaded successful CERAIS initiatives that lead to commercial partners opening local offices at the Purdue Research Park to further leverage and integrate their daily R&D and cyber management practices into CERIAS.

Eugene H. Spafford is a professor of Computer Sciences at Purdue University, a professor of Philosophy (courtesy appointment), and is Executive Director Emeritus of the Center for Education Research Information Assurance and Security. CERIAS is a campus-wide multi-disciplinary Center, with a broadly-focused mission to explore issues related to protecting information and information resources. Spaf has written extensively about information security, software engineering, and professional ethics. He has published over 100 articles and reports on his research, has written or contributed to over a dozen books, and he serves on the editorial boards of most major infosec-related journals.

Dr. Spafford is a Fellow of the ACM, Fellow of the AAAS, Fellow of the IEEE, and is a charter recipient of the Computer Society’s Golden Core award. In 2000, he was named as a CISSP, honoris causa. He was the year 2000 recipient of the NIST/NCSC National Computer Systems Security Award, generally regarded as the field’s most significant honor in information security research. In 2001, he was named as one of the recipients of the “Charles B. Murphy” awards and named as a Fellow of the Purdue Teaching Academy, the University’s two highest awards for outstanding undergraduate teaching. In 2001, he was elected to the ISSA Hall of Fame, and he was awarded the William Hugh Murray medal of the NCISSE for his contributions to research and education in infosec. Among his many activities, he is co-chair of the ACM’s U.S. Public Policy Committee and of its Advisory Committee on Computer Security and Privacy, is a member of the Board of Directors of the Computing Research Association, and is a member of the US Air Force Scientific Advisory Board.

Spaf (as he is known to his friends, colleagues, and students) was the founder and director of the (superseded by CERIAS) COAST Laboratory (founded 1992). COAST was a multiple project computer security research laboratory in Purdue’s computer science department

Lin Tan’s research interests include software engineering, software dependability, defect detection and repair, and software text analytics. One of her research focuses is on leveraging machine learning and natural language processing techniques to improve software dependability and using software engineering approaches to improve the dependability of machine learning software. Prior to joining Purdue, she was a Canada Research Chair and an associate professor at the University of Waterloo.

Dr. Torres-Arias’ research focuses on securing the software development life-cycle and secure password storage mechanisms. He is the team lead on PolyPasswordHasher, a password storage mechanism that is resilient to offline password cracking. He is a contributor for The Update Framework (TUF), which is the software update system being integrated on a variety of projects such as Docker and CPAN.

In his free time, Dr. Torres-Arias develops open source software, including mobile applications for education and a custom desktop-background daemon that crawls Reddit/Imgur. He is a a member of the Arch Linux Security Team, and has contributed small patches to other medium to big-sized F/OSS projects.

Anne Townsend is a Department Manager and Cyber Security Engineer at the National Cybersecurity Federally Funded Research and Development Center (NCF), operated by the MITRE Corporation. In her role, she is responsible for providing leadership to the organization in multiple domains of cybersecurity.

Ms. Townsend joined MITRE in 2004. In her career, she has supported cybersecurity challenges focused on network perimeter defense, data security, and Internet of Things. In these various programs, she has operated in a lead role guiding teams to project success. She holds a bachelor’s degree in business administration with a concentration in computer and information sciences from the University of Florida and a master’s degree in computer science with a concentration in information security from Boston University.

Zachary (Zach) Tudor is the Associate Laboratory Director of Idaho National Laboratory’s National and Homeland Security Science and Technology directorate, a major US center for national security technology development and demonstration employing 800 scientists and engineers across over $500M in programs for the Department of Energy, Department of Defense, Cybersecurity and Infrastructure Security Agency (CISA), and the Intelligence Community.  A retired US Navy submarine electronics officer, he is Chair of (ISC)2’s Board of Directors, a member of the Commonwealth Cyber Initiative advisory board (Virginia), and is the former Vice Chair of the Institute for Information Infrastructure Protection at George Washington University.

Joe Varga is an Advisor in the Information Security organization at Eli Lilly and Company, specializing in the management of business risk through security architecture and the application of effective security controls and solutions.

With more than 25 years of professional experience, Joe has spent the last 8 years focusing on the design of enterprise-scale defense strategies and the implementation of cybersecurity detection and response capabilities. While developing the application security program and capabilities at Lilly, Joe received firsthand experience with what it takes to develop, deliver, and maintain high quality and secure digital health technologies.

Joe received his computer science degree from Central College in Pella, IA. He has worked at various large corporations, solving problems in highly complex operating environments in a way that ensures the creation of value.

Dr. Lindsay Weinberg is a clinical assistant professor in the Honors College at Purdue University. Her research and teaching are at the intersection of science and technology studies, media studies, and feminist studies, with an emphasis on the social and ethical impacts of digital technology. She is interested in the constitutive role that history and unequal power relations play in shaping the design, application, and reception of technological innovations. She received her PhD from the History of Consciousness Department at the University of California, Santa Cruz. Her work has appeared in Lateral, Westminster Papers in Communication and Culture, Impost: A Journal of Critical and Creative Work, and Catalyst: Feminism, Theory, Technoscience.

Christopher Yeomans is Professor and Department Head of Philosophy at Purdue University.  His research has been supported by the Alexander von Humboldt Foundation and the National Science Foundation.  He works on the history of modern philosophy and political philosophy.