There are over 39,000 State, local, territorial, and tribal government agencies across the United States. These are the local police, fire departments, public utilities, public transportation and traffic management, and 9-1-1 call centers that each of us as citizens rely on every day for our well being. These are the “first responders” in any emergency. Whether it is a physical event or a logical event does not matter: if these services suffer a compromise of their availability, integrity, or confidentiality, life can be disrupted.
Securing these infrastructures requires a concerted and coordinated effort, both laterally (across organizations) and vertically (from local to federal). This means:
People who work in SLTT government need to understand information assurance and how to operate securely; o People who develop IT infrastructure and products need to learn how to produce robust and secure systems; o People who investigate crimes involving computers and the internet need to know about digital evidence and how the internet maps to legal jurisdictions; o People who respond to crime over the internet through active means need to understand the ethical and legal implications of the actions they want to take; o Everyone needs to know how to share information to properly respond to threats and ensure federal authorities are able to do their jobs and use the levers of power to ensure a stable and viable internet world-wide.
This panel looks at these issues from multiple perspectives and will hopefully spur a thoughtful discussion of some of the issues surrounding the many news stories of data breaches and damage over the internet we see every day.
Dave Dittrich is a Principal Software Engineer/Computer Specialist in the Applied Physics Laboratory at the University of Washington (APL-UW). He is also a member of the Honeynet Project and Seattle's "Agora" comptuer security group and has served on one of the University of Washington's Institutional Review Board (IRB) Committees since 2009.
Dave is widely known for his research into Distributed Denial of Service (DDoS) attack tools and host/network forensics. He was one of the first to lead workshops on "Active Defense" and to consider the legal and ethical boundaries of computer network defense. He has presented talks and courses at dozens of computer security conferences, workshops, and government/private organizations world wide, contributed articles and chapters to several magazines and books, and co-authored the first complete book on DDoS, titled "Internet Denial of Service: Attack and Defense Mechanisms." He, along with Erin Kenneally, co-authored the Department of Homeland Security documents, "The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research," published in the Federal Register in December, 2011, and "Applying Ethical Principles to Information and Communication Technology Research: A Companion to the Department of Homeland Security Menlo Report."
Michael has nearly 25 years of experience in information security, as a practitioner, consultant, executive and entrepreneur. As former Chief Information Security Officer for the City of Seattle, Michael managed information security policy, strategy, and operations for 30 government agencies. Prior, Michael was the Managing Consultant for VeriSign Global Security Consulting and in that role provided expertise for hundreds of organizations, from Fortune 1 to small private colleges, and in nearly every sector.
Michael is a subject-matter expert and former Vice-Chair for the DHS State, Local, Tribal and Territorial Government Coordinating Council; a member of the Curriculum Advisory Board of Olympic College; and on the Board of Directors of the VanGo Project. His awards include Member of the Year with the Association of City and County Information Systems (ACCIS), and Collaboration Award from the Center for Digital Government.
Currently, Michael serves as a Policy Adviser for the State of Washington Office of the CIO, and spearheads the Public Regional Information Security Event Monitoring (PRISEM) project, a regional cyber event monitoring system that is unique in the nation.
Anderson is currently an assistant professor with the Institute of Technology of the University of Washington - Tacoma and a research associate with the Center for Data Science, University of Washington. Previously, he was a researcher with the NTT Information Sharing Platform Laboratories (headed by Tatsuaki Okamoto) in Japan and a faculty member of the department of Electrical Engineering, University of Brasilia, Brazil. He obtained his Ph.D. degree from the University of Tokyo, Japan in 2004 in Information and Communication Engineering with a thesis in cryptology. His supervisor was professor Hideki Imai. Anderson's main research areas are: secure two-party and multi-party computations; oblivious transfer; bit commitment; quantum information theory; provable security and code-based cryptography. He has published over 70 technical papers in conference proceedings and journals. His research has been funded by the Brazilian Army, the Ministry of Health in Brazil, Dell Computers, the Bank of Brazil, the European Union, The Royal Society, and Intel Corp. Anderson's Erdös number is 3.