Tuesday, September 01, 2015

:: Senate Hearing “Confronting the Challenge of Cybersecurity" Sept 3


Dakota State University to Host U.S. Senate Cybersecurity Field Hearing

Sep 03 2015 3:30 PM

Dakota State University, Madison, S.D. - South Dakota Tunheim Classroom Building, Room 203

WASHINGTON, D.C. – U.S. Senator John Thune (R-S.D.), chairman of the Senate Commerce, Science, and Transportation Committee, will convene and chair a full committee field hearing entitled “Confronting the Challenge of Cybersecurity" on Thursday, September 3, 2015, at 2:30 p.m. CT (3:30 p.m. ET) at Dakota State University. 

Dakota State University's Cyber Operations Program is nationally recognized by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence, holding education, research and cyber operations designations. It is one of the first universities in the country to hold all three prestigious designations. Approximately 20 percent of students at DSU are involved in its cybersecurity programs.


·         Dr. Josh Pauli, Professor of Cyber Security and NSF SFS CyberCorps Program Director, Dakota State University (DSU)
·         Dr. Kevin Streff, Department Chair, Cyber Operations and Security, Dakota State University; Founder and Managing Partner, Secure Banking Solutions, LLC 
·         Mr. Mark Shlanta, CEO, SDN Communications
·         Mr. Eric Pulse, Director of Risk Advisory Services, Eide Bailly 
·         Mr. Jeremy Epstein, Lead Program Director, Secure and Trustworthy Cyberspace (SaTC) program, National Science Foundation (NSF)
·         Mr. Kevin Stine, Manager, Security Outreach and Integration Group, Information Technology Laboratory, National Institute of Standards and Technology (NIST)

Hearing Details: 

Thursday, September 3, 2015

2:30 p.m. CT/3:30 p.m. ET

Full Committee field hearing at Dakota State University
Madison, South Dakota
Tunheim Classroom Building, Room 203

The hearing will be webcast through www.commerce.senate.gov. Witness testimony, opening statements, and a live video of the hearing will be available on this page.

:: FTC Announces PrivacyCon :: RFP


PrivacyCon, Federal Trade Commission, DC, January 14, 2016
CONSTITUTION CENTER400 7th St SW, Washington, DC 20024 | Directions & Nearby


"The Federal Trade Commission will hold a conference on January 14, 2016 to bring together a diverse group of stakeholders, including whitehat researchers, academics, industry representatives, consumer advocates, academics, and a range of government regulators, to discuss the latest research and trends related to consumer privacy and data security. The FTC is calling for research to be presented at the conference. 
"Due to the unique role that whitehat researchers, academics, and information security specialists have played in raising awareness about privacy and data security issues, the FTC is particularly interested in enlisting their participation in this effort. For the past several years, their work to strengthen privacy and security protections in this country has greatly benefitted the FTC and the public. For example, the FTC’s reports on the privacy implications of facial recognition technology and the Internet of Things have referred to important academic research. And the FTC has opened numerous law enforcement investigations in response to security vulnerabilities that whitehat researchers have brought to our attention. 
"PrivacyCon seeks to continue and expand collaboration among whitehat researchers, academics, industry representatives, consumer advocates, and regulators to address the privacy and security implications of emerging technologies. PrivacyCon will include brief privacy and security research presentations, along with expert panel discussions on the latest privacy and security challenges facing consumers. Whitehat researchers and academics will discuss the latest security vulnerabilities, explain how they can be exploited to harm consumers, and highlight research affecting consumer privacy and data security. During panel discussions, participants will discuss the research presentations and the latest policy initiatives to address consumer privacy and security, develop suggestions for further collaboration between researchers and policymakers, and highlight steps that companies and consumers can and should take to protect themselves and their data. 
"Call for Presentations: The FTC is seeking presentations on consumer privacy and security issues in the commercial sector. In particular, we are interested in hearing about research on topics such as:
  • Connected health and fitness devices or applications
  • Devices or services that incorporate voice-activation technology
  • Smarthomes
  • De-identification
  • Connected vehicles
  • Drones
  • Edu-tech
  • Big data and algorithms
  • Consumers’ attitudes toward, and valuation of, privacy
  • Costs and benefits of privacy-protective technology or behavior
  • Economics of privacy and security
  • Security by design techniques
We will provide more detail on the submission process by September 10th.
Please note that the FTC does not offer compensation of any kind to presenters or participants. Because we only have a very limited number of presentation slots, if there is enough interest, we may have an exhibit hall, where selected submitters can display posters and other information about their research. 
This event, including all presentations, will be available to the public via a live-stream and on our website in archived video and transcript form. 
Email questions to privacycon@ftc.gov(link sends e-mail).   

:: NTIA Multistakeholder Process: Cybersecurity Vulnerabilities

Date: August 28, 2015
"This web page provides details on the NTIA-convened multistakeholder process concerning collaboration between security researchers and software and system developers and owners to address security vulnerability disclosure.
"The first meeting will be on September 29, 2015 at the University of California, Berkeley, School of Law This meeting will be open to all interested parties. The meeting will be webcast, and NTIA will provide a dial-in conference bridge.  Pleasepre-register here to help NTIA plan logistics. Pre-registration is not required, but will assist NTIA in planning, and in determining space and webcast technology requirements.
"On March 19, 2015, the National Telecommunications and Information Administration, working with the Department of Commerce’s Internet Policy Task Force (IPTF), issued a Request for Comment to “identify substantive cybersecurity issues that affect the digital ecosystem and digital economic growth where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers.” Individuals and entities from across the commercial, academic, and civil society sectors filed comments. After reviewing these comments, NTIA announced that the first topic to be addressed would be collaboration on vulnerability research disclosure.
"The goal of this process will be to develop a broad, shared understanding of the overlapping interests between security researchers and the vendors and owners of products discovered to be vulnerable, and to establish a consensus about voluntary principles to promote better collaboration.  The question of how vulnerabilities can and should be disclosed will be a critical part of the discussion, as will how vendors receive and respond to this information. However, disclosure is only one aspect of successful collaboration.
Upcoming meetings:
September 29, 2015
Booth Auditorium at the University of California, Berkeley, School of Law, Boalt Hall, Bancroft Way and Piedmont Avenue, Berkeley, CA.
9am-3pm PDT
Dial-in information: to be announced.

:: NIST Cyber Supply Chain Risk Management Workshop, October 1-2, 2015

NIST Invites Industry to Cyber Supply Chain Risk Management Workshop, October 1-2, 2015

From NIST Tech Beat: September 1, 2015Contact: Evelyn Brown 
"The National Institute of Standards and Technology (NIST) will host a workshop on industry best practices in cyber supply chain risk management at its Gaithersburg, Md., campus, October 1-2, 2015.
continents connected by chains
Credit: ©freshidea-Fotolia_com
View hi-resolution image
"The two-day event will feature panels of industry professionals. Topics will include how cyber supply chain risk can affect organizations, proven strategies for managing those risks, existing standards and best practices, and practical guidance for enterprise risk governance.
"The Cyber Supply Chain Risk Management workshop is designed for a broad audience, including senior executives and those involved in enterprise risk management, supply chain management, acquisition or cybersecurity.
The goals of the workshop are to:
• share current research findings,
• validate the current findings and receive additional input from stakeholders, and
• gather input to inform future versions of the Framework for Improving Critical Infrastructure Cybersecurity and other cybersecurity and supply chain risk management initiatives.
NIST developed the framework, commonly referred to as the Cybersecurity Framework, as directed in Executive Order 13636 to assist critical infrastructure organizations to better manage and reduce their cybersecurity risks. NIST also released a companion document, Roadmap for Improving Critical Infrastructure Cybersecurity, which identifies supply chain risk management as a key focus area.
NIST has a Supply Chain Risk Management Program focused on securing the information and communications technology supply chain.
Registration information and the agenda are available here.