Call for Presentations - 2009 Annual CND R&T Workshop

[InfoSec News <alerts () infosecnews org>]

Forwarded from: "Holleran, John C" <jcholle (at) nsa.gov>

2009 Annual CND R&T Workshop
Call for Presentations

The focus area for this year's DoD Computer Network Defense Research and 
Technology Program Management Office workshop will be “Strategies and 
Tools for Helping Humans Achieve Network Defense Situational Awareness.” 
  
The objective of this workshop is to examine operational needs, evolving 
technologies, and potential approaches for converting sensor data and 
contextual data into actionable knowledge, or “situational awareness” 
for the humans charged with defending DoD Enterprise networks or 
networks of other large enterprises (approximately 1000 enclaves and 
over 4 million computing devices). Workshop results will be used as 
inputs to the GIG IA Portfolio Management Office (GIAP), the 
Enterprise-wide Solutions Steering Group, and Director, Defense Research 
and Engineering (DDR&E) to better focus CND research as well as identify 
approaches that could potentially be applied to solve existing 
technology gaps.

The workshop will be held on June 22-24, 2009, at the Defense Security 
Service Academy, 938 Elkridge Landing Road, Linthicum, Maryland, near 
BWI Airport.  The workshop will consist of 45-minute presentations 
followed by discussions.  It is envisioned that there will be two days 
of unclassified discussions and one day of classified discussions. The 
classified sessions will be held on June 24, 2009 and clearances will be 
required for that day only.

After having dialogue with members of our community, we are opening the 
range of ideas, organizational concepts, and visionary ideas we would 
like to see presented. 

- Determining Intent of Network Entities Using Activity-Based Analysis

- Strategies for Operating Through Network Attacks

- Strategies for CND Collaboration – What it means, and How to enable it?

- Vulnerability posture of enterprise (over 100k hosts and more than 
 4 separate locations) and enclave networks (5k-40k hosts in a single 
 campus)

- Battle damage assessment after attacks

- Modeling and simulation of risk posture given different attack vectors

- Compliance reporting for FISMA/Sarbanes-Oxley/NIST SP 800-53/other 
 guidance

- Anomaly detection using visualizations

- Network Mapping and inventory management

- Incident and event trending metrics and displays

- Threat modeling showing - who is attacking, who is likely to attack, 
 what vectors likely attackers will take

- Overall trends in network attack vectors contrasted with deployed 
 infrastructure

- Network user physical and security circumstance changes contrasted 
 with changes in network behavior

- Visual filtering techniques for large groups of data 
 (e.g. network flow)

- Other correlations between data from multiple sensors that must be 
 manually inspected for anomaly or non-compliance identification


Our goal is to cause good concepts and ideas to be propagated and 
transitioned in a fast-track manner to funded research.

Abstracts are due by May 27, 2009. Papers may be submitted to support 
your presentation.

Please send all abstracts to Mr. Jack Holleran (jcholle (at) nsa.gov). 
If you have any questions, please call Mr. Holleran at 410.854.4947.

The workshop will be limited to 75 attendees due to space constraints.

  
Jack Holleran
CND R&T PMO Support
Contractor (Engineering Solutions, Inc.)
410.854.4947 / 410.694.0700 x311
Jack Holleran (at) enginsol.com
 
 

--
LayerOne 2009, Information Security for the discerning professional. 
May 23-24 2009 @ The Anaheim Marriott in Anaheim, California 
Visit http://layerone.info for more information