This session will kick off a day of sessions to empower researchers to make positive change, run by BSidesLV and I Am The Cavalry. The goal is to define the problem space, inspire people to take a leadership role in solving security problems and build up the skills needed to succeed.
This session gives an introduction and overview of I Am The Cavalry, an update on the current status and activities, an outlook for the future as well as a rundown of the day’s event.
The directed sessions will use a facilitated Question and Answer format called A&Q. In this format, a primary speaker will cover the topic at a high level for 10 minutes, priming the audience for a 15 minute interactive discussion into specific audience questions.
12:00 A&Q Session: Public Policy (Paul Rosenzweig)
12:30 A&Q Session: Communications/Presentation (Keren Elazari)
13:00 Lunch Session: Guilds (Chort0)
13:30 Lunch Session: Biggest surprises (Josh Corman)
14:00 A&Q Session: Media (Jen Ellis)
14:30 A&Q Session: Disclosure (Katie Moussouris)
15:00 A&Q Session: Legal (Andrea Matwyshyn)
15:30 A&Q Session: Public Policy (NKryptr)
16:00 A&Q Session: Burnout ()
16:30 A&Q Session: X Altruism (Andrea)
17:00 A&Q Session: Career (Beau Woods)
17:30 Wrapup and Next Steps (Josh Corman)
Media - Journalists and media are a powerful way to influence public perception and to get our message out. They have their own internal operations and public interface that we can tap into like an API.
Legal - The legal system has a regular and standardized set of processes, outcomes and roles. Understanding these is key to influencing precedent so that it reflects the current technical landscape.
Public Policy - Understand the influencers, decision makers and processes that go into making new laws and administering existing ones.
Career - How you choose and follow your career path shouldn’t be a random walk and shouldn’t be set in stone. Use your career to maximize your satisfaction and impact.
Burnout - The complex state of Burnout is one that affects many in our industry, but help and resources are rare. Learn what it looks like and how to deal with it.
X Altruism - Extreme Altruists go out of their way to try and do the right thing, regardless of what others may think or what harm they may face. But these features can become bugs if they don’t find the right outlet.
Disclosure - Handling the delicate issue of notifying manufacturers about security vulnerabilities when packets meet blood and bone.
Communications - Many of us are less afraid of shaking hands with SSL or modems than real people. But that doesn’t mean we can’t effectively get our ideas across to manufacturers, managers, politicians or parents.
In July 2010, BC Hydro, the electric utility and grid operator of British Columbia began implementation of its Advanced Metering Infrastructure (AMI) program, formally known as the Smart Meter & Infrastructure (SMI) program. The SMI program transformed BC Hydro from a traditional metering utility to a smart metering utility by implementing smart meters on the customer service points. It was the first step in the smart grid transformation.
An AMI program requires the introduction of many new devices and applications into a utility’s infrastructure. Some of these devices and software may have never been deployed before anywhere in the world. Many are field deployed, outside of the utility’s physical and cyber security perimeters.
Security teams within utilities need to take responsibility for the end to end security of an AMI program. Traditional approaches may not be sufficient to deliver this security. A new approach including pen testing specialist and third party labs may form an important part of this security.
A standards based approach will be required to ground the security and penetration testing both in best practice and in a common set of principles that utility and its partners can accept. The Advanced Metering Infrastructure (AMI) Risk Assessment document prepared by the Advanced Metering Infrastructure Security (AMI-SEC) Task Force can form the basis for creation of the test plans. This document has since been passed to the National Institute of Standards and Technology (NIST) Cyber Security Working Group and was integrated into NIST IR 7628. NIST IR 7628 contains a comprehensive list of possible threats to AMI systems.
For successful outcomes it is important to consider emerging new factors. These are discussed in the presentation.
