Skip to Main Content U.S. Department of Energy
Asymmetric Resilient Cybersecurity

Asymmetric Resilient Cybersecurity Seminar Series

Our world relies on interconnected data, services, and computing resources for all aspects of our daily lives. Virtually all sectors of our economy have come to critically depend on their availability, correctness, and ubiquity—failure in any part of the system could have disastrous consequences on the rest of the system. The Asymmetric Resilient Cybersecurity Initiative invites scientists and engineers gather to discuss topics related to asymmetric resilient cybersecurity as a tool to address both national and global challenges, frequently teaming with other communities or research divisions to provide guest lectures on the PNNL campus.

Featured Speakers

2016

Tom Clark, Computer Engineer, Information Systems Division, Air Force Research Laboratory
Cyber Command and Control (C2) Initiative

View abstract and speaker bio

Abstract

The Air Force Research Laboratory Information Directorate's Cyber C2 Initiative provides the core science and technology foundations to put operational cyber operations on par with their kinetic counterparts in air and space. From a presentation of cyber forces perspective, the Initiative conducts advanced research into estimating, quantifying and assigning cyber assets within the context of a Cyber Quantification Framework (CQF). The CQF operates as an experimentation infrastructure that utilizes existing and emerging cyber ranges to validate theoretical calculations. From a mission assurance perspective, the Cyber C2 Initiative approaches cyber resiliency from a decision making angle by optimizing the use of existing resiliency techniques, tools and defenses. This talk will identify specific transition opportunities with the Air Force and Joint communities, describe key technology partners, and highlight specific PNNL contributions within the Initiative.

Speaker Bio

Thomas A. Clark, is a Computer Engineer with the Information Systems Division, Information Directorate, Air Force Research Laboratory. This division leads the discovery, development, and integration of innovative technologies and systems that provide state-of-the-art integrated command and control and information management technologies for USAF and Joint warfighters. Mr. Clark has over 25 years of federal service, holding numerous technical, advisory, and management positions in key research areas, such as: information management, decision support, artificial intelligence, and cyber effects estimation. As a senior scientist and engineer, he leads the formulation and evolution of the operational and technical content presented as consolidated programs within the annual AFRL investment strategy process for autonomy and C2 programs.

Zbigniew Kalbarczyk, Research Professor, University of Illinois at Urbana-Champaign
Data Drive Probabilistic Graphs for Preemptive Attack Detection - Theory to Practice

View abstract and speaker bio

Abstract

Using stolen or weak credentials to bypass authentication is one of the top network threats. This talk will analyze real-world credential stealing attacks observed at the University of Illinois' National Center for Supercomputing Applications. Specifically discussed will be AttackTagger - an approach based on Probabilistic Graphical Models - specifically Factor Graphs, that integrates security alerts from multiple sources for a more accurate and preemptive detection. In evaluating AttackTagger with data from security incidents that led to compromise of the target system, AttackTagger detected 74% of attacks, and the majority them were detected before the system misuse.

Speaker Bio

Dr. Zbigniew T. Kalbarczyk is Research Professor at the Coordinated Science Laboratory of the University of Illinois at Urbana-Champaign. His current work explores emerging technologies, such as resource virtualization to provide redundancy and assure system resiliency to accidental errors and malicious attacks. His research also involves analysis of data on failures and security attacks in large computing systems, and development of techniques for automated validation and benchmarking of dependable and secure computing systems. He served as a program Chair of International Conference on Dependable Systems and Networks (DSN) 2002 and 2007. He is an Associate Editor of IEEE Transactions on Dependable and Secure Computing. He is also a member of the IEEE, the IEEE Computer Society, and IFIP Working Group 10.4 on Dependable Computing and Fault Tolerance.

Rich Colbaugh, Partner, Periander
Asymmetry in Coevolving Adversarial Systems

View abstract and speaker bio

Abstract

While there is wide intuitive recognition that asymmetry is important, relatively little has been done to rigorously characterize the roles played by asymmetry in adversarial systems or to specify methods by which it can be leveraged by defenders.

This talk summarizes recent work to develop quantitative tools for understanding and exploiting asymmetry in systems of coevolving attackers and defenders. A mathematically-rigorous formulation of the familiar ‘robust yet fragile’ (RYF) concept from complex systems will be provided and used to both characterize vulnerabilities in complex evolving systems and guide the design of effective defenses for these systems.

Speaker Bio

Rich Colbaugh is a partner at the London-based consultancy Periander, developing predictive analytics for a wide range of security and human health applications. Previously, Rich was a Distinguished Member of the Technical Staff at Sandia National Laboratories, a Professor of both Management and Mechanical Engineering at the New Mexico Institute of Mining and Technology, and co-founder and Chief Scientist of the Institute for Complex Adaptive Systems Analysis at New Mexico Tech. Immediately after the terrorist attacks on 9/11/2001, he was asked by senior leadership within the U.S. DoD to lead an interdisciplinary team in developing computational techniques for discovering and assessing terrorist-related threats. His work has been recognized through research and best paper awards and has been successfully deployed in numerous high-consequence settings.

Andrew Mellinger, Software Engineering Institute, Carnegie Mellon University
A Moving Target Defense Reference Platform

View abstract and speaker bio

Abstract

Research in dynamic network defense is advancing rapidly, and with that growth comes the need for an approach that considers how newly developed techniques can work together. Technical experts from Carnegie Mellon University's Software Engineering Institute (SEI) are working to create a reference implementation for a dynamic network defense platform that is adoptable, secure, and extensible. Andrew Mellinger, a principal investigator for this project, will discuss the SEI's work in this area.

Speaker Bio

Andrew Mellinger is a senior member of the technical staff at Carnegie Mellon University's Software Engineering Institute (SEI). His passion for computing started at age 12 when he wrote his first commercial piece of software for the company where his father worked. At the SEI, Andrew focuses on adaptive cyber defense, adaptive and heterogeneous architectures, and data intensive scalable computing. He leads an SEI team focusing on moving target defense, and he teaches a graduate-level course in software architecture at Carnegie Mellon University.

John Lambert, General Manager, Microsoft Threat Intelligence Center
Anomaly Detection in the Cloud

View abstract and speaker bio

Abstract

Advanced threats, rogue user activity, policy violations, and compromises often are recorded as unusual or anomalous system behavior.  The massive scale and ever increasing complexity of modern systems and cloud services create plenty of places where attackers can hide and makes finding the "needle in the haystack" harder than ever.

In this talk we'll discuss some of the anomaly detection approaches being used to identify threats and attacks across a large cloud service and the challenges involved.

Speaker Bio

John Lambert has been at Microsoft for 15 years. He is the General Manager of the Microsoft Threat Intelligence Center, which is responsible for detecting and disrupting adversary based threats aimed at Microsoft and its customers.  Its mission is to drive detective innovations into products and services to raise the ability for every defender to deal with adversary-based threats through security research, threat intelligence, forensics, and data science. Previously at Microsoft, Lambert worked in the Trustworthy Computing group for ten years and the Windows Security group on features related to cryptography and security management. He joined Microsoft after three years at IBM as a developer in their software group. Lambert holds a bachelor’s degree in computer science from Tulane University and is named on more than nine software patents and seven pending applications.

2015

Tyler Moore, Assistant Professor, University of Tulsa
A Scientific Approach to Figthing Web-based Cybercrime

View abstract and speaker bio

Abstract

Threats to cybersecurity are growing in magnitude and frequency each day, yet the technologies developed to protect us appear overmatched. In this talk, Dr. Tyler Moore will discuss how an economic approach has helped explain common security failures and identify better strategies for tackling the problems that plague cybersecurity. In particular, he will show how a scientific approach can be used to combat web-based cybercrime.

First, Moore will examine a long-running campaign to poison web search results. By analyzing nearly four years' worth of data, he will explain how the attack has evolved, evaluate the effectiveness of countermeasures that have been tried and weigh the prospects of some that haven't. He will outline an experiment designed to evaluate the effectiveness of abuse reports that notify operators whose websites have been hacked. Moore will demonstrate that sending reports including details of the compromise improves cleanup by 38%. A case-control study to identify risk factors that are associated with higher rates of web server compromise will be described before he will conclude by articulating an agenda for scientific, data-driven cybersecurity research moving forward.

Speaker Bio

Tyler Moore is the Tandy Assistant Professor of Cyber Security and Information Assurance in the Tandy School of Computer Science at the University of Tulsa. His research focuses on the economics of information security, the study of electronic crime, and the development of policy for strengthening security. Tyler directs the Security Economics Lab at TU and serves as Director of StopBadware, a non-profit anti-malware organization. He is a founding Editor-in-Chief of the Journal of Cybersecurity, a new interdisciplinary journal published by Oxford University Press. A British Marshall Scholar, Tyler completed his PhD at the University of Cambridge, while he holds BS degrees in Computer Science and Applied Mathematics from the University of Tulsa.

Craig Reiger, Idaho National Laboratory
Instrumention, Control and Intelligent Systems

View abstract and speaker bio

Abstract

Life in the 21st century is dependent on complex industrial control systems (ICSs) far more than what most residents in a local community see. The morning electric clock alarm and hot shower, along with the traffic lights on the way to work, are supported by a network of complex industrial control systems (ICSs) that rely upon an interconnected series of Instrumentation, Control and Intelligent Systems, known as ICIS. This area of interdisciplinary research contains five areas: safeguards and control system security, sensors, intelligent automation, human systems integration, and robotics and intelligent systems. Idaho National Laboratory (INL) has pioneered the further development of ICS with an emerging effort called "resilient control systems”. The goal is to develop control systems and technologies that are far more resistant to interruption from natural or man-made intrusions. Through ICIS research, INL is advancing the engineering of resilient control system architectures that rapidly respond to conditions created either type of disaster, in order to continue safe operations.

To address these challenges, INL has been collaborating with a network of research universities that include those in Idaho and throughout the nation. They have been working to develop diverse technologies to recognize and mitigate control systems from catastrophic failure. Application of these technologies provides a framework for greater autonomy, which can then be applied to a variety of applications necessary for a Smart Grid.

Speaker Bio

Craig Rieger, Ph.D., PE, is the lead for Idaho National Laboratory’s Instrumentation, Control and Intelligent Systems distinctive signature area, a research and development program with specific focus on next generation resilient control systems. He is well known within engineering circles and the industrial control systems community, Craig has organized and chaired seven Institute of Electrical and Electronics Engineers (IEEE) technically co-sponsored symposia in this new research area. Craig has 20 years of software and hardware design experience for process control system upgrades and new installations. A supervisor and technical lead for control systems engineering groups, he has had design, configuration management, and security responsibilities for several INL nuclear facilities and various control system architectures.

Thomas R. Henderson, Affiliate Professor, Electrical Engineering, University of Washington
Network Simulation in Practice

View abstract and speaker bio

Abstract

Discrete-event network simulation is a well-established tool for conducting performance evaluations of computer communications systems. This talk will review the design goals and capabilities of a prominent open-source simulation tool, ns-3, in the context of contemporary networking research, by reviewing how ns-3 and related tools have been employed in the recent academic literature, and by discussing the possible relevance of simulation tools to open networking research questions. Network simulators, including ns-3, have also been combined with simulation tools from other domains to form co-simulation frameworks such as smart grid simulators. This talk will conclude by reporting on a similar survey of simulation usage patterns in the recent smart grid literature.

Speaker Bio

Thomas R. Henderson is currently an Affiliate Professor in Electrical Engineering at the University of Washington, and also serves as the open source project lead for the ns-3 discrete-event network simulator, as well as the Executive Director of the ns-3 Consortium. He started and maintains the OpenHIPsoftware project that developed an open source implementation of the Host Identity Protocol (HIP), an architecture for using public key cryptography for host identification in network protocols. He is a past member of the Internet Research Steering Group and has been active in standards development throughout his career. He worked at Boeing Research & Technology for thirteen years, where he was named a Technical Fellow in 2012. He received the B.S. and M.S. degrees from Stanford University, and a Ph.D. from the University of California, Berkeley, all in Electrical Engineering.

Ehab Al-Shaer, Computer Science, University of North Carolina Charlotte
Proactive Resiliency of Cyber and Smart Grid Systems: Measurement, Verification, and Synthesis

View abstract and speaker bio

Abstract

Discrete-event network simulation is a well-established tool for conducting performance evaluations of computer communications systems. This talk will review the design goals and capabilities of a prominent open-source simulation tool, ns-3, in the context of contemporary networking research, by reviewing how ns-3 and related tools have been employed in the recent academic literature, and by discussing the possible relevance of simulation tools to open networking research questions. Network simulators, including ns-3, have also been combined with simulation tools from other domains to form co-simulation frameworks such as smart grid simulators. This talk will conclude by reporting on a similar survey of simulation usage patterns in the recent smart grid literature.

Speaker Bio

Thomas R. Henderson is currently an Affiliate Professor in Electrical Engineering at the University of Washington, and also serves as the open source project lead for the ns-3 discrete-event network simulator, as well as the Executive Director of the ns-3 Consortium. He started and maintains the OpenHIPsoftware project that developed an open source implementation of the Host Identity Protocol (HIP), an architecture for using public key cryptography for host identification in network protocols. He is a past member of the Internet Research Steering Group and has been active in standards development throughout his career. He worked at Boeing Research & Technology for thirteen years, where he was named a Technical Fellow in 2012. He received the B.S. and M.S. degrees from Stanford University, and a Ph.D. from the University of California, Berkeley, all in Electrical Engineering.

Doug Jacobson, University Professor, Department of Electrical and Computer Engineering, Iowa State University
Internet-Scale Event and Attack Generation Environment: The design of a security testbed

View abstract and speaker bio

Abstract

The Internet-Scale Event and Attack Generation Environment (ISEAGE) (pronounced “ice age”) project is a cyber security test bed housed at Iowa State University.

This talk will outline the architecture and the underlining design of ISEAGE.It is designed and dedicated to creating a virtual Internet for the purpose of researching, designing, and testing cyber defense mechanisms. While the ISEAGE testbedwas originally conceived to test cybersecurity, we have been able to build upon the unique and flexible traffic handling of the environment to allow for the design, research and testing of physical infrastructure changes, as well as disaster recovery for physical infrastructure.Currently, the modifications for research work with physical infrastructure are rudimentary, but with the proper funding, the ISEAGE testbedarchitecture could be used to develop a model of the national infrastructure.In addition, I will discuss the current deployment of ISEAGE as part of a cyber physical testbedthat focuses on the power grid and its use in cyber defense competitions, including a planned CPS-CDC.

Speaker Bio

Doug Jacobson is a University Professor in the Department of Electrical and Computer Engineering at Iowa State University and an IEEE Fellow and distinguished member of ACM.Dr. Jacobson is currently the director of the Iowa State University Information Assurance Center, which has been recognized by the National Security Agency as a charter Center of Academic Excellence for Information Assurance Education.He is also director of ISEAGE.Dr. Jacobson teaches network security and information warfare.Dr. Jacobson's currently funded research is targeted at developing robust countermeasures for network-based security exploits and large-scale attack simulation environments. He teaches network security and information warfare and has written a textbook on network security.For a non-technical audience, he co-authored a book on security literacy. Dr. Jacobson has received two R&D 100 awards for his security technology and has two patents in the area of computer security. Dr. Jacobson has given over 100 presentations in the area of computer security and has testified in front of the U.S. Senate committee of the Judiciary on security issues associated with peer-to-peer networking.

Charles Nelson, U.S. Cyber Command
National Perspective on Cybersecurity Today

View abstract and speaker bio

Abstract

Join us for a lively discussion led by Charles Nelson, who is an active participant and leader in our nation’s cybersecurity research agenda. His presentation will cover perspectives on cyber technologies from multiple points of view with national and international impact. If you have attended talks that Charles has led in previous years, you will remember that this is likely to be a provocative discussion of the current challenges on the U.S. cyber landscape. 

Speaker Bio

Charles Nelson currently serves on the Combined Staff of the Commander, U.S. Cyber Command, and Director, National Security Agency. Previously, he served as Senior Advisor for Cyber Capabilities at the White House’s Office of Science and Technology Policy, covering cybersecurity technology and U.S. national security capabilities in cyberspace. He also served as Director for Cyber Strategy Integration at the National Security Agency’s Cyber Task Force. His past career experience includes various engineering, operations, and management roles throughout the U.S. Intelligence Community with increasing focus on integrated cyberspace capabilities for Intelligence and Defense missions. Mr. Nelson earned his B.S. degree in Electrical Engineering at George Washington University, Washington, D.C. He earned his M.S. degree in Technical Management at Johns Hopkins University, Baltimore, MD.  Mr. Nelson also attended the NATO School in Oberammergau, Germany.

2014

Dr. Paul D. Nielsen, Director and Chief Executive Officer, Software Engineering Institute, Carnegie Mellon University
Introduction to Software Engineering Institute at Carnegie Mellon

View abstract and speaker bio

Abstract

Software-enabled systems deliver the rich system functionality and network connectivity that can assure mission readiness, boost productivity, spur innovation, and provide a competitive edge. The complexity and interconnectness of those systems, however, expose organizations to heightened risk from disruptive, damaging events, and cyber attacks. For four decades, the Software Engineering Institute (SEI) has been helping government and industry organizations to acquire, develop, operate, and sustain software systems that are innovative, affordable, enduring, and trustworthy. We serve the nation as a Federally Funded Research and Development Center (FFRDC) sponsored by the U.S. Department of Defense (DoD) and based at Carnegie Mellon University.

Speaker Bio

Dr. Paul D. Nielsen is Director and Chief Executive Officer of the SEI, a global leader in advancing software and cybersecurity to solve the nation's toughest problems through focused research, development, and transition to the broad software engineering community. The SEI is a key innovator in areas central to U.S. Department of Defense and civilian government operation in the cyberspace domain, including software architecture, software product lines, interoperability, the integration of software-intensive systems, network and system resilience, and the increasing overlap of software and systems engineering. The SEI also provides direct support to more than 50 U.S. government entities in their efforts to efficiently and effectively acquire and sustain new software and systems.

Peter Chen, Software Engineering Institute/CERT; School of Computer Science, Carnegie Mellon University

View speaker bio

Speaker Bio

Dr. Peter Chen is Distinguished Career Scientist at Software Engineering Institute/CERT, and a faculty member of School of Computer Science, Carnegie-Mellon University. He received his PhD degree from Harvard and was on the faculty of MIT, UCLA, Harvard, and LSU.

Dr. Chen is an international known expert of IT and cyber security. Since the 90’s, he has been actively involved in cyber security research. His research has been funded by various agencies and large corporations.

Dr. Chen received many prestigious awards including the ACM/AAAI Allen Newell Award, IEEE Harry Goode Award, Data Administration Management Association (DAMA) International Achievement Award, Stevens Award in Software Method Innovation, and Taiwan’s high-tech award -- Pan Wen-Yuen Outstanding Research Award. He was recognized as one of the 16 software pioneers in the book entitled Software Pioneers (Springer, 2002). He is a Fellow of IEEE, ACM, AAAS, ER, and KSI. His landmark paper on Entity-Relationship (ER) model was included in the book, “Great Papers in Computer Science”. He is listed in Who's Who in America, and Who's Who in the World.

2013

Dr. Marco Carvalho, Associate Professor, Department of Computer Sciences, Florida Institute of Technology
A Human-Agent Teamwork Approach to Moving Target Command and Control

View abstract and speaker bio

Abstract

In this talk Dr. Carvalho will discuss the need for a command and control capability for moving target computer network defense (MTC2). His research brings a human-centered perspective to the discussion, and proposes some of the requirements and constraints associated such capability. Introducing a conceptual human-agent teamwork approach to the problem, discussions will include some of the specific concepts and technologies that could play an important role for MTC2. Carvalho will conclude the presentation with a brief discussion of a preliminary proof-of-concept implementation of a Human-agent teamwork approach to cyber situation awareness and moving target command and control.

Speaker Bio

Marco M. Carvalho is an Associated Professor at the Florida Institute of Technology, and a Research Scientist at the Institute for Human and Machine Cognition. He graduated in Mechanical Engineering at the University Brasilia (UnB – Brazil), where he also completed his M.Sc. in Mechanical Engineering with specialization in dynamic systems. Marco Carvalho also holds a M.Sc. in Computer Science from the University of West Florida and a Ph.D. in Computer Science from Tulane University, with specialization in Machine Learning and Data Mining. Dr. Carvalho currently leads the Intelligent Communication and Information Systems Laboratory at Florida Tech, and is the Principal Investigator of several research projects in the areas of cyber security, information management, and tactical communication systems. He also servers as an associate editor to the IEEE Transactions on Systems, Man, and Cybernetics--Part B: Cybernetics

Mike Convertino, Chief Information Security Officer, Senior Director of Strategic Operations, CrowdStrike
Zero-day Detection Through Advanced Malware and Adversary Profiling

View abstract and speaker bio

Abstract

State of industry today in malware detection still requires prior knowledge, or actual samples of malware in order to generate few, if any, false positives. While heuristics have been available in antivirus programs for many years, they remain unreliable as a primary detection method. Application sandboxing also has its limitations in terms of speed and false negative rates in detection scenarios on a local host machine.

This session will discuss the theory and practical use of advanced methods in profiling the specific changes that malware makes to operating systems and using these artifacts to form patterns. If sufficiently generalized, these patterns can be used to detect novel threats and attribute these threats to specific threat actors. These methods can now be realistically and cost-effectively employed given the recent availability of cheap cloud computing resources where advanced analytics and algorithms can be employed. Previously, only governments and large institutions could afford to use these approaches.

Speaker Bio

As the CrowdStrike's Senior Director for Strategic Operations and CISO, Mike Convertino is responsible for the operation of the CrowdStrike Security Operations Center as well as a full offering of Active Defense capabilities in industry. Convertino has more than 24 years of experience in providing both enterprise-level information security and advanced cyber weapons development. Prior to his work at CrowdStrike, Convertino was the Senior Director of Network Security at Microsoft where he was responsible for protecting all of the company's networks from intrusion and exploitation. Prior to his work at Microsoft, Convertino was a Colonel in the US Air Force responsible for a unit of over 600 telecommunications, computer, signals intelligence and information operations personnel developing defensive and offensive cyber intelligence and weaponry for the Department of Defense. During his time in Service, he was highly decorated in the war in Bosnia and served as both as a Squadron and Group Commander and on the Joint Staff in the Pentagon.

Asymmetric Resilient Cybersecurity

The ARC Team