Menu

Technology Watch - Real World Problems Driving Cyber Security Research

Wednesday September 15, 2010 9:00 - 13:00
Ottawa Marriott Hotel, North Victoria Ballroom

From September 14 to 17, 2010, leading researchers and practitioners from academia, government and industry gathered to discuss issues and technologies related to the fields of computer and information security.

Wednesday morning, September 15 has been set aside to provide a forum to review current operational issues and challenges from a military and civilian perspective. The speakers invited to present in this 3 hour session examined real world vulnerabilities, threats and practical applications for cyber security technologies within their day-to-day responsibilities.


Sponsored by Trend Micro Canada

The speakers addressed three areas:

  • Emerging Threats and Threat Landscapes
  • Incident Response
  • Forensic Investigation

Program


8:00 - 9:00
Registration
Victoria Ballroom Foyer


9:00 - 9:05
Welcome
North Victoria Ballroom


9:05 - 9:35
Session 1 - Emerging Threats and Threat Landscape
Dr. Anthony Arrott, Special Assistant To Chief Technology Officer, Trend Micro
North Victoria Ballroom

How do companies, countries and citizens win the war on cyber crime? Security priorities need to be more than just technology - they need to cross functional borders and include enforcement, policy and education. Most importantly, security needs to be global, multi-national and pervasive, because this is how today's cybercriminals operate. Join Dr. Anthony Arrott, Special Assistant To Trend Micro's Chief Technology Officer, as he investigates emerging threats and the impact the evolving threat landscape has on governments, enterprises and citizens around the world. Anthony shared findings of global research and data drawn from the Trend Micro Smart Protection Network, which offers insight to how different countries fare in relation to cybercriminal activity, attacks and preparedness. Dr. Arrott also shared international trends and independent security metrics, vital to gauging the global threat landscape.


9:35 - 10:05
Session 2 - Forensics
Payman Hakimian, Senior Technological Crime Forensic Analyst, Royal Canadian Mounted Police
North Victoria Ballroom

Law Enforcement Technological Crime Challenges

Technological crime refers to the use of computers or other high-tech equipment in the commission of a criminal act. Examples might range from the personal possession of digitized child exploitation material on a home computer to attacks on whole networks of interconnected computers, national security and or national critical infrastructure.

As experts in the forensic investigation of computers and networks, the members of the RCMP's Technological Crime program are responsible for the investigation of pure computer crimes and providing technological investigative services for all computer facilitated crimes to investigators in the RCMP, to other Canadian police services or government agencies, and, in the case of Internet investigations, to any accredited international police service or agency. These support services include collecting evidence through the search, seizure and forensic analysis of computers and other microprocessor-based devices and providing expert testimony in criminal court proceedings.

This presentation covered some of the challenges facing Technological Crime Forensic Investigators in the area of science, technology, policies, law and resources. Never ending evolution and advances in science and technology, borderless world of cyber and a constant requirement to expand expertise is a rewarding challenge that law enforcement faces. Your understanding of our process and cooperation could assist our investigations and ultimately lead to a successful conviction of the guilty.


10:05 - 10:35
Health Break
South Victoria Ballroom


10:35 - 11:05
Session 3 - Incident Response (part 1)
Luc Beaudoin, Chief Cyber Operations, Public Safety Canada
North Victoria Ballroom

Providing Coordinated Response to Cyber Incidents: Challenges

Cyber incidents have a wide range of serious impacts ranging from disruption of critical services, disclosure of private information and intellectual property, all the way to threats to national security. Due to the ubiquitous nature of cyber systems, incidents often have unexpected impacts departing from physical space paradigms of geospatial correlation and tangible damages. When it comes to mitigating on-going incidents, specifically at the national or international level, a number of challenges must be faced. This presentation illustrated some of these challenges from the Canadian Cyber Incident Response Centre perspective. Some of the issues addressed by this presentation include the challenges associated with performing real-time risk assessment and thresholds, improving response speed, increasing information sharing across cyber stakeholders, maintaining public trust, operating within the legal framework, and supporting national security and law enforcement efforts.


11:05 - 11:35
Session 4 - Incident Response (part 2)
Ken Armstrong, Principal IT Security Specialist, EWA-Canada
North Victoria Ballroom

Challenges Faced When Responding To Cyber Incidents

EWA-Canada is a managed security service (MSS) provider and also operates the Canadian Computer Emergency Response Team (CanCERT™). As part of these two services, we routinely assist organizations in responding to cyber incidents. Incident response typically involves many different activities including: reviewing system and application logs; reviewing network traffic captures; conducting system and network forensics; and, coordinating with other affected parties.

Using examples from EWA-Canada and CanCERT™ experience, this presentation discussed some challenges we have faced when responding to cyber incidents. Some of the challenges that were discussed include: missing tools and techniques to debug specific network protocols and traffic; the lack of network availability during denial of service attacks; and, obtaining sufficient forensic data to reconstruct incident activity.


11:35 - 11:40
Closing Remarks
North Victoria Ballroom


11:45 - 13:00
Lunch
South Victoria Ballroom


About the Speakers.

Payman Hakimian joined the RCMP in 1994 in "J" division's Informatics branch as an analyst. He was seconded from 1999 to 2000 to Moncton's RCMP Summit Security where he held the position of Informatics Project Manager. He then transferred to the Atlantic Region's Technological Crime Unit in Fredericton as a forensic analyst and in 2009 was promoted to Senior Technological Crime Forensic Analyst. Payman has over 20 years experience in the IT field; has completed the RCMP's Technological Crime Understudy Program; holds his Bachelor of Science in Computer Science; and has been declared a "Technological Forensic Expert" in Court of Queen's Bench.

Luc Beaudoin received a degree in electrical engineering with honors from the Royal Military College of Canada, a Master in Business Administration from the University of Québec in Montréal, and a Master of Sciences from University of Ottawa. Mr. Beaudoin served ten years in the Canadian Forces as a telecommunication officer, during which he namely held the position of Watch Officer at the Canadian Forces Network Operations Centre. After leaving the military, Mr. Beaudoin joined the Defence Research and Development Canada - Network Information Operations section, where he lead a number of cyber security research projects associated with situational awareness, dynamic risk response, decision making and automated defence. Mr. Beaudoin is author of a number of network security research articles published with organisations including IEEE and NATO. Recently, Mr. Beaudoin joined Public Safety Canada as the Chief of Cyber Operations for the Canadian Cyber Incident Response Centre.

Ken Armstrong is a Principal IT Security Specialist with EWA-Canada. He has over 20 years experience in the IT security field and he has distinguished himself as one of the lead technical specialists with CanCERT™. His recent work includes hands-on experience related to intrusion detection systems, incident response, computer forensics, vulnerability assessments and penetration testing. Ken has been involved with many formal evaluations of computer, network and telephony security mechanisms to the international Common Criteria security standards, and he is a member of the international Forum for Incident Response Security Teams (FIRST), as well as an active member of the CVE (Common Vulnerabilities and Exposures) Editorial Board. During his previous employment with the Communications Security Establishment (CSE) within the Canadian Government, Ken was considered to be one of Canada's experts specializing in various cryptographic systems, network and system security mechanisms, and protocols.

Dr. Anthony Arrott brings more than 25 years experience to his position of Special Assistant to Trend Micro's Chief Technology Officer, Raimund Genes. In this role, Dr. Arrott is responsible for managing the company's threat analytics operations and threat data sharing agreements with outside organizations. Dr. Arrott joined Trend Micro through its acquisition of InterMute, where he served as Director of Threat Research. Previously he worked as a business planning consultant to new ventures at New City Studies; and also as a management and technology consultant at Arthur D. Little. Earlier in his career, Dr. Arrott founded a scientific instrumentation company, Payload Systems, where he also served as President. Anthony Arrott holds a bachelor of science in physics and physiology from McGill University; as well as a master of science in aeronautics and astronautics, and a doctorate in biomedical engineering from the Massachusetts Institute of Technology (MIT).


Note: This website has been developed in Canada and as such, Canadian spelling rules have been applied throughout.
Home Hotel and Travel Venue Ottawa Info. Registration Sponsorship Call for Participation Program Technology Showcase Speakers Committees Contact