14th Annual Security
& Compliance Summit
& Compliance Summit
Structure Threat Role for Automated Response
When an intrusion happens, it is often hard to know when sharing intrusion data is appropriate. Additionally, it is often hard to know what to share. As a result, a majority of data sharing revolves around indicators usually at the expense of keeping critical behavioral signs of the attack internal. In this talk, we will look at how asset owners can share behavioral data observed during an intrusion with other asset owners. We will talk about what data might be valuable to other asset owners and how asset owners can sanitize data as not to leak inappropriate intrusion details. Finally, we will look at how the asset owner receiving the data can use the behavioral data in both a threat hunting and incident response scenario. Quicker sharing of information means less dwell time for an adversary in a victim network.
Rita Foster is the energy sector infrastructure security strategic advisor for Infrastructure Security department at the Idaho National Laboratory. Her focus has been research direction for the electric sector including insights to all-hazard threats (cyber, electro-magnetic, and physical). She identifies strategy and direction of research, testing and assessment activities at the Supervisory Control and Data Acquisition (SCADA) and control systems test beds and contributes in thought leadership. She serves on technical lead for multiple projects creating agile response capabilities. Department of Homeland Security Secretary, Janet Napolitano, appointed her to the strategic advisory council on cyber skills in 2012. Rita has been national recognized for research leadership in control system cyber security (Department of Defense Team of the Year 2016, SANS Innovation Award 2011, SCADA Leadership Award 2009) and control systems development (White House’s “2001 Closing the Circle’” and DOE 2001 National P2 Pollution Prevention Award). She has been invited to brief legislators, regulators (state and federal), and international policy makers on the cyber security issues with critical infrastructure. Rita has worked with the Federal Energy Regulatory Commission, Department of Homeland Security, Department of Energy, and industry (vendors and asset owners), participated in military exercises and other entities as a subject matter expert for cyber security of control systems for 13 years. She has worked at the lab for 28 years and has served as a technical lead for integrating control systems into a supervisory control for the certification and transport of transuranic waste which resulted in three national awards for products developed and vision. Her process control experience includes integrating over a dozen control systems for supervisory control, the training simulator for the advanced test reactor, HVAC for nuclear waste storage facilities, and command and control for military projects.
Highly versatile global program manager, with proven record of driving business alignment within complex multinational organizations, and leading enterprise-wide transformation projects. Extensive experience in the oil and gas, cybersecurity, health care, and defense industries applying widespread proficiency in program management, outsourced relationship management, change management and knowledge management.
Andrew Storms is an Information Technology & Security executive with over 20 years of achievement delivering solutions that optimize performance, security, and efficiency for industry-leading companies. Andrew’s current work with New Context Services involves providing leadership in the areas of Information security and product development. He serves as a project lead for CES-21 – an initiative researching methods to perform automated cybersecurity threat detection and response within electrical utility operational networks. His past roles include Senior Director of DevOps at CloudPassage and Director of Information, Technology & Security at nCircle. He is a CISSP, a member of Infragard and a graduate of the FBI Citizens’ Academy and a member of the open standards technical committee for STIX,TAXII and OpenC2.