RAND Cybersecurity Workshop - August 17-18, 2016

Illustration of information security

Photo by alphaspirit/Fotolia

Date:

Wednesday, August 17, and
Thursday, August 18 2016

Time:

11:00 a.m. – 2:30 p.m.

Location:

485 Russell Senate Office Building
Washington, D.C.

About the Workshop

Is cybersecurity a new or growing piece of your legislative portfolio Are you looking to better understand your legislative options to respond to cyber threats and security in the defense, financial services, education, health, or other policy areas?

This two-day workshop, appropriate for any staffer who must consider policy options for cyberspace, will introduce you to fundamental concepts surrounding the technology and policy aspects of cyber: what it is, and what you can do in, through, and with it. RAND researchers will explain

  • How to assess cyber risk and examples of attack methods, tools, and vulnerabilities
  • Cryptography and its policy implications for key sectors including national security, energy, commercial retail, and individual privacy
  • What's next for the Internet of Things
  • Relevant laws, presidential directives, and the various cyber organizations in the federal government.

At the end of the course you'll be able to better calculate cyber risk and attack steps and know where to find appropriate information about threats, vulnerabilities, and impact. This skill set will help you better consider the options you have for legislation and federal government response in cyberspace.

Course Outline

Speaking the Language of Cybersecurity

  • Foundations of cybersecurity: confidentiality, integrity, and availability
  • Types of vulnerabilities and risk calculation
  • Attacks, attack techniques, and tools

Why is Cryptography Important?

  • Symmetric encryption vs. asymmetric encryption
  • Digital signatures and case studies
  • Utilization of cryptography: Whatsapp and other encrypted apps

The Future and The Internet of Things

  • Impact of "hyperconnectivity" on society
  • The emergence and proliferation of cyber physical systems
  • Lessons learned from previous attacks on cyber physical systems, such as Stuxnet or the attack in Ukraine
  • Car hacking and what it means for policy

The Current State of Cyber in Government

  • The various departments and agencies
  • Statutory considerations, presidential directives, and why they matter
  • Definitions of cyberspace operations and implications

About the Instructors

isaac porche, p7551, isaac porche, p7551

Isaac Porche is a senior engineer at the RAND Corporation and associate director of the RAND Arroyo Center's Forces and Logistics Program. His areas of expertise include cybersecurity; network and communication technology; intelligence, surveillance, and reconnaissance (ISR); information assurance; big data; cloud computing; and computer network defense. He is a member of the U.S. Army Science Board, serving on several of its panels including: Data-to-Decisions, Tactical Cyber, and the Internet of Things.

Prior to joining RAND, Porche developed software at General Motors. He received his Ph.D. in electrical engineering and computer science from the University of Michigan. He is the author of numerous op-eds on the topic of cybersecurity and big data and has provided presentations on these subjects in different forums including his 2016 congressional testimony to the Cybersecurity, Infrastructure Protection, and Security Technologies Subcommittee.

Joshua Baron is an information scientist at the RAND Corporation and a professor at the Pardee RAND Graduate School. His work focuses on policy implications of emerging technologies for cybersecurity, computer network operations, virtual currencies, and cryptography. He has worked on projects to support the United States Air Force and Army and is currently leading a project for the Joint Staff. One of his most recent RAND publications is "National Security Implications of Virtual Currency."

Before coming to RAND, Baron researched efficient protocols for secure multi-party computation (MPC) for national security and industry applications. Baron received a Ph.D. in mathematics from UCLA in 2012 and a B.A. in mathematics from UC Berkeley in 2006.