09.00 - 11.30 Workshop A: Chinese Cyber Warfare – Understanding And Defending Against The Advanced Persistent Threat

Led By:

Lt Col (Rtd) Bill Hagestad
RED DRAGON RISING

With a myriad of examples over the past few years, cyber warfare has become firmly established as the 5th domain of warfare. The development and proliferation of malware, viruses and Advanced Persistent Threat (APT) poses a significant threat for high-value networks such as those belonging to government, military and CNI organisations. To protect these targets it is vital to understand both the nature of the threat and the intention of the attack in order to develop a lasting, robust defence against cyber attack.

This workshop will assess the cyber threat currently being deployed by China in order to better defend against the advanced persistent threat. Emphasising defensive measures to be taken against the attack, the workshop will provide a run down of the People’s Republic of China’s cyber wafare capability, addressing the following points:

• Introduction to the People’s Republic of Cyber Warfare - Defining the Advanced Persistent Threat (APT)
• Interests & Intent of the People’s Liberation Army Informatization Campaign
• Defending against the APT of Chinese Informatization Campaigns - creating a defence-in-depth
• Achieving an enduring defensive capability against the Chinese Cyber APT

12:00 - 14:30 Workshop B: Governance, Risk Management and Compliance For Cloud Computing

Led By:

Marlin Pohlman
Global Research Strategist
CLOUD SECURITY ALLIANCE

Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary supporting data. Whether implementing private, public or hybrid clouds, the shift to compute as a service presents new challenges across the spectrum of GRC requirements. The Cloud Security Alliance GRC Stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.

The workshop will provide key insight into standards and techniques developed by the Cloud Security Alliance, including:

• Cloud Audit – providing a common interface and namespace to allow cloud computing providers to automate Audit, Assertion Assessment and Assurance of (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise. Delegates will gain an understanding of the technical foundation to improve transparency and trust in private and public clouds.
• Cloud Controls Matrix - designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. As a framework, the CSA CCM provides delegates from across industries with the needed structure, detail and clarity relating to information security tailored to the cloud industry.
• Consensus Assessments Initiative Questionnaire - available in spreadsheet format, and provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It provides a series of “yes or no” control assertion questions which can then be tailored to suit each unique cloud customer’s evidentiary requirements.
• Cloud Trust Protocol - the mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers. The primary purpose of the CTP and the elements of transparency is to generate evidence-based confidence that everything that is claimed to be happening in the cloud is indeed happening as described and nothing else.

15:00 – 17:30Workshop C: Current Cyber Security Strategies of Major State Actors

Led by:

This workshop will provide an insight into the latest cyber security strategies of the major players in the domain. Assessing the range of information operations doctrines currently in place, the workshop will assess the viability of deterrence and retaliation within the current limitations of attribution. The parameters of what would and could constitute an act of war in cyberspace will also be addressed, along with the “terrain” of any cyber conflict in the near future.The workshop will conclude with a look to the future of cyber conflict, assessing likely developments and movements over the next 12-24 months.