Speaker: Greg Shannon, Chief Scientist, CERT Division of Software Engineering Institute at Carnegie Mellon University
Title: Efficient Cybersecurity?
Abstract: The Federal Cybersecurity Research and Development Strategic Plan, released by the White House two years ago this month, states that “The fundamental research challenge is to make cybersecurity less onerous while providing more-effective defenses.” And, that the long-term R&D goal is the “effective and efficient deterrence of malicious cyber activities via denial of results and likely attribution.” The current state of the practice in cybersecurity focuses on better informing the defender in order to thwart adversaries, and we explore the practical challenges of using unsupervised learning to detect malicious cyber activities. However, a more efficient approach is to deter adversaries by having them experience infrastructure that is frustratingly hard to exploit and hard to create significant cyber effects therein. We present a framework for developing efficient cybersecurity that will thwart and deter adversaries.
Bio: Greg Shannon is the Chief Scientist for the CERT® Division at Carnegie Mellon University’s Software Engineering Institute, expanding cybersecurity research, advancing national and international research agendas and promoting formal- and data-driven science for cybersecurity. Shannon recently served in the White House Office of Science & Technology Policy as the Assistant Director for Cybersecurity Strategy and led the development of the 2016 Federal Cybersecurity Research and Development Strategic Plan. Shannon has served as the first Chair of IEEE’s Cybersecurity Initiative and as the General Chair for the 2015 IEEE Symposium on Security & Privacy. He founded the CERT Division’s Science of Cybersecurity group and cofounded the Workshop on Learning from Authoritative Security Experiment Results (LASER, www.laser-workshop.org). He has testified before Congress on cybersecurity, science for security, critical infrastructure, resilience and cyber threats. Shannon received a B.S. in Computer Science from Iowa State University with minors in Mathematics, Economics and Statistics. He earned his M.S. and Ph.D. in Computer Sciences at Purdue University, with a fellowship from the Packard Foundation. He is a member of ACM and a Senior Member of IEEE.