Conference Agenda

October 5, 2024

Speakers and timing subject to change

TimeActivitySpeaker
0830 – 0845Check-in & Coffee Social
0845 – 0900Opening Ceremonies
0900 – 0930The Forgotten Critical Infrastructure Sector, CommunicationsDr. Chris Esquire
0930 – 1000The Cyber Strategy Scorecard: A Multilateral Framework for Evaluating National Cybersecurity StrategiesFred Heiding
1000 – 1015short break!
1015 – 1045AI Frontiers: Shielding Digital Gateways from Bot InvasionsParth Shukla
Nishit Lakhnotra
1045 – 1100short break!
1100 – 1130Systems Security: Not your keys, still your crypto?Yolanda
1130- 1145short break!
1145 – 1215Data, Agents and OSINT: Expanding the Frontiers of the World’s Second Oldest ProfessionZara Perumal, Ryan Reeve
1215 -1230short break!
1230 – 1300Ape Tax 2 Electric Coin Boogaloo : what million dollar crypto heists can teach us about security fundamentalsRyan Cohen
1300 –
1330
Closing Ceremonies
2024 Conference Agenda

Check in & Coffee Social
Grab your badge and chat with community members!

Opening Ceremonies
We’ll take a brief moment to welcome everyone, go over any last-minute business, and then get started with the conference!

The Forgotten Critical Infrastructure Sector, Communications: How Less than $1,000 USD Can Compromise Security
Dr. Chris Esquire

Software Defined Radio, SDR, has been a viable asset for those interested in communications. With just under $100 a person can intercept satellite communications from even the International Space Station. What if I tell you that for less than $1,000 and a laptop you can intercept every satellite? VSAT, very small aperture terminal is a two way ground station that is used by many industries to include the military. One can simply do an internet search and discover the types of equipment used by the military branches across the world. A simple Iridium antenna can intercept most satellite communications. However, for around $1,000 a person can build out a rig that allows them to intercept every form of satellite communication out there, to include those used by the military for missile defense. This research is a combination of what occurs when one goes beyond the theory and into the practical application of hacking network communication systems. SDR, satellite, antennas and encryption will be discussed.

Discussion on the components needed to create a communication rig that can range from 10mhz to 10GHz will be discussed. From there, the use of readily available software to intercept the communication signals and how one can proceed with decrypting the communication packets to gain viable data will be discussed.

The Cyber Strategy Scorecard: A Multilateral Framework for Evaluating National Cybersecurity Strategies
Fred Heiding (he/him)

We have compared a dozen key countries’ national cybersecurity strategies in order to determine the most effective and innovative policy approaches that should inform global standards. The countries assessed include the US, the UK, Germany, South Korea, Singapore, the UAE, and Australia, among others. Having closely analyzed each strategy document and interviewed more than 25 leaders from cyber agencies and other related experts representing all countries included in the study. We employ a two-dimensional framework to evaluate the strategies alongside one another against a rubric with more than 60 criteria to identifying leaders, innovators, and under-performers in each category. We also consider external factors that make each strategy unique, such as a given country’s political context and threat environment. Our paper offers a top-line scorecard for each country in the study, documenting the strengths and weaknesses of its approach, and highlighting ten policies that should serve as global standards. We issue tailored recommendations for each country, noting specific gaps in need of remediation and opportunities for policy improvement. Highlights of the results include that many countries have a clear focus on generating new cyber capacity, which is great. Many countries also have adequate critical infrastructure protection plans, although sometimes lacking in implementation. Almost all national cybersecurity strategies fail to treat vulnerable population groups, incentivizing organizations to prioritize security, and having concrete outcomes and goals for the nation’s cyber defense.

AI Frontiers: Shielding Digital Gateways from Bot Invasions
Parth Shukla (he/him)
Nishit Lakhnotra

In the presentation titled “AI Frontiers: Shielding Digital Gateways from Bot Invasions,” we delve into the forefront of cyber defense against bot-driven threats that exploit API vulnerabilities. This comprehensive study explores how advanced AI and ML models are being harnessed to fortify digital defenses, offering a detailed analysis of API communication patterns and the evolving landscape of bot attacks. Through a series of real-world case studies, we illuminate the mechanisms of sophisticated bot strategies—ranging from data breaches and account takeovers to shopping bots that deplete inventories. The narrative progresses to unveil how AI/ML technologies serve as the cornerstone of innovative defense mechanisms. We dissect the architecture of AI-driven systems tailored to detect and counteract anomalous behaviors indicative of bot activities, leveraging vast datasets to train ML models that adeptly differentiate between legitimate user interactions and malicious bot intrusions. The discussion further navigates through the technical and operational nuances of implementing AI/ML defenses, emphasizing predictive analytics for preemptive action, machine learning for dynamic threat adaptation, and the overarching impact of such technologies in securing digital ecosystems against the insidious threats posed by automated attacks. This presentation not only highlights the challenges but also showcases the resilience and adaptability of AI/ML solutions in the ever-evolving battle against digital villains.



Systems Security: Not your keys, still your crypto?
Yolanda

An overview of cryptocurrency wallet security principles for global scale wallet services. We’ll walk through the people, process, and technology dimensions at each stage of a wallet key lifecycle from generation, storage, usage, through retirement.

Data, Agents and OSINT: Expanding the Frontiers of the World’s Second Oldest Profession
Zara Perumal (she/her)
Ryan Reeve (he/him)

Data is the lifeblood of the digital age, and its creation is proliferating at an unprecedented scale. In , over 300 million terabytes of data will be generated daily, a figure that will only grow as the internet continues to permeate every aspect of our society. This data encapsulates the full spectrum of human experience, from humorous cat memes to devastating cyberattacks. Making sense of these vast streams of information, traveling at the speed of light through cables and airwaves, is a Herculean task, yet a crucial one if we are to mitigate the potential risks lurking within.

Threat intelligence analysts are inundated with data, and agentic AI systems can be invaluable tools for rapidly analyzing vast unstructured datasets, filtering out noise, and accelerating insights. But how can these agentic systems assist, and what role should they play in the threat intelligence ecosystem? This discussion will explore the current landscape of agentic systems, the principles of their design, and the strengths and weaknesses of deploying these agents with minimal supervision in the real world.

Ape Tax 2 Electric Coin Boogaloo: what million-dollar crypto heists can teach us about security fundamentals
Ryan Cohen (he/him)

The Ethereum NFT project known as Bored Ape Yacht Club (BAYC) unintentionally cultivated a natural cybersecurity experiment: what happens when you take a community of enthusiastic and credulous people with limited experience with public-private key cryptography, and put them in a position where they have to protect their private keys?

The answer, perhaps predictably, is rampant theft of those keys totaling several million dollars in damages (so far). Since the launch in 2021, BAYC holders have had so many of their apes (private keys) stolen, they’ve garnered a reputation for being easy targets for thieves.

As much fun as it is to point and laugh at people who paid thousands of dollars in magic internet money for a URL pointer to a hideous ape jpeg, the BAYC incidents also offer good learning examples for the cybersecurity community at large.

In 2023, we looked at a few high-profile incidents and talk about what lessons we can glean about key management, the importance of usability, and social engineering.

In 2024, we will return to the well of high-stakes electric coin shenanigans to review some of the classic failures in basic cybersecurity practice, but also discuss some of the latest and greatest (?) in clown-shoe crypto infosec pratfalls.

Closing Ceremonies
Wrap things up for the day!