preliminary program 準備日程
TRANSCRIPT
Host & Organizers:
ホスト&主催:
An International Conference on Cyber Threat Intelligence
Information Sharing Strategies, Tactics and Practices.
サイバー脅威インテリジェンスに関する国際会議
情報共有の戦略、戦術と実践
PRELIMINARY PROGRAM
準備日程
1-2 November
Keio University
West School Auditorium
Tokyo, Japan
CONFERENCE OVERVIEW
OASIS, in collaboration with our partners and co-host Keio University, will bring together public, private, and academic sector
security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices and tools. Driv-
ing industry collaboration, fostering information sharing techniques, and promoting best practices and tools are overarching goals.
The Borderless Cyber Conference mission is to improve the state of preparedness and response to cyber threats both domestically
and internationally through effective information sharing. The program content has been designed to specifically facilitate that
effort. Day one will feature leaders from around the world who will share their multidimensional approaches, and how their
national strategies are adapting to the changing capacities and volume of cyber attacks. The second day will feature working
cybersecurity strategies, to include successful implementations, tools and best practices.
Who should attend?
This conference series will bring together CIOs, CISOs and cyber threat intelligence experts from industry, academia, government
agencies and CSIRTs worldwide to share experience, debate, and collaborate on strategies, tactics and practices to effectively
protect businesses.
Participation
Participation at the event is open to all. The cost to attend the two day conference is 15,000 YEN (150 USD) for government
officials, supporting organizations and OASIS members; and 20,000 YEN (200 USD) for corporate officials. Registration fee includes:
The two day program, Japanese/English simultaneous translation services, refreshment breaks, evening reception and associated
materials.
Link to registration form: http://borderlesscyber.oasis-open.org/asia16
Japanese/English simultaneous translation will be made available.
Additional supporters to be announced.
Sponsorship and supporting organization opportunities are available.
Contact Dee Schur at OASIS for details.
Supporters:
8:00-9:00
Registration and refreshments
9:00-11:15
Dealing with Cyber Threats on a Country Level: Opportunities & obstacles
―Welcome Address: Jun Murai, Dean and Professor of the Faculty of Environment and Information Studies, Keio University ―Welcome Address: Laurent Liscia, Executive Director, OASIS ―Honorable Address: Jason P. Hyland, Deputy Chief of Mission, U.S. Embassy ―Honorable Address: David Ellis, Chief Minister, British Embassy ―Remarks: Masao Horibe, Chairman, The Personal Information Protection Commission, Government of Japan ―Luca Zampaglione, Security Officer, eu-LISA (Invited) ―A representative from UK Home Office ―Yasuhiko Taniwaki, Ministry of Internal Affairs and Communications
11:15-11:30
Refreshment break, Cyber Threat Intelligence Showcase
11:30-11:50
Keynote address: ―Tsuyoshi Enomoto, Director, Information Science and Technology, Ministry of Education, Culture, Sports, Science and Technology (MEXT)
11:50-13:15
Center of Excellence (CoE): Global Cutting-edge Approaches in the Defense of Cyber Intelligence Threats ―Introductory Remarks of CoE: Jun Murai, Dean and Professor of the Faculty of Environment and Information Studies, Keio University ―Facilitator: Satoru Tezuka, Project Professor, Cyber Security Research Center, Keio University ―John Mitchell, Vice Provost & Member of Cyber Initiative, Stanford University ―David E. Luzzi, Vice Provost, Northeastern University ―Christopher Hankin, Director, Institute for Security Science and Technology, Imperial College London ―Carolin Weisser, Global Cyber Security Capacity Center, Martin School, University of Oxford ―Frank Stajano, Head, Academic Centre of Excellence in Cyber Security Research, University of Cambridge
13:15-14:30
Lunch break
14:30-15:30
Emerging Trends in Critical Infrastructure Protection: Preventing & mitigating potential threats
―Facilitator: Mark Clancy, Chief Executive Officer, Soltra ―A representative from Schneider Electric Tokyo (invited) ―Tatsuo Kijima, President and Executive Officer, West Japan Railway Company (invited) ―Alexander Foley, SVP, Senior Information Security Manager, Bank of America (invited)
15:30-15:50
Refreshment break, Cyber Threat Intelligence Showcase
16:00-17:00
Privacy Laws & Transnational Agreements: Balancing and reconciling risks, rights and obligations
―Tsuzuri Sakamaki, Counsellor, Personal Information Protection Commission Japan (PPC) ―Gershon Janssen, Board Chairman, OASIS and Privacy Management Reference Model (PMRM) Technical Committee ―Representative from the U.S. Department of Commerce
17:00-18:30
Cocktail Reception
PROGRAM SCHEDULE
Tuesday, November 1, 2016
Japanese/English simultaneous translation will be made available.
(*subject to change)
8:00-9:00
Early morning refreshments
9:00-11:00
Cyber Security in a Borderless World: Solutions, tools, best practices ―Satoru Tezuka, Project Professor, Cyber Security Research Center, Keio University ―Richard Struse, Chief Advanced Technology Officer, NCCIC, U.S. Department of Homeland Security ―Akihiko Morota, Director, Cybersecurity Division, Commerce and Information Policy Bureau, Ministry of Economy, Trade and Industry ―Robin Grimes, Chief Scientific Advisor , UK Foreign & Commonwealth Office ―Ikuo Misumi, Deputy Director General, National center of Incident readiness and Strategy for Cybersecurity (NISC) ―Kazuaki Omori, Director of ICT Security Office, Information and Communications Bureau, Ministry of Internal Affairs and Communications ―A representative from the National Police Agency to be announced
11:00-11:30
Refreshment break
11:30-12:30
Fostering Information Sharing through Non-profit International Forums ―Daniel Dobrygowski, Project Lead, World Economic Forum ―Kate Gagnon, Information Security Officer, the World Bank Group (United Nations Common Secure lead) (invited) ―Laurent Liscia, Executive Director, OASIS ―Toshinori Kajiura, Chair of the Japan Committee on Internet Economy Industries Forum, Sub-committee on Information and Telecommunication Policy, Keidanren
12:30-14:00
Lunch break
14:00-14:30
Afternoon keynote address
―Jesse Schibilia, FBI - LEGAT Tokyo
14:30-15:30
Navigating the Global Threat Landscape: Enterprise solution providers perspectives
―Barbara Grewe, Principal Policy Advisor, The Mitre Corporation ―Justin Kershaw, Director, Asia Pacific IIS & Cyber Solutions, Raytheon Information, Intelligence and Services (invited) ―Kazuo Noguchi, Senior Manager, Big Data Lab, R&D at Hitachi America, Ltd. ―Ryusuke Masuoka, Research Principal at Fujitsu System Integration Laboratories with Cyber Security Focus ―John Kirch, Country Manager, North Asia, Darktrace
15:30-16:00
Refreshment break, Cyber Threat Intelligence Showcase
16:00-17:00
Cyber Threat Intelligence (CTI): Automating information sharing with STIX, TAXII, CybOX
―Pete Allor, Senior Cyber Security Strategist, IBM Security ―Several members of OASIS STIX, TAXII, and CybOX Technical Committees to be announced
17:00
Conference ends
Wednesday, November 2, 2016 Japanese/English simultaneous translation will be made available. (*subject to change)
http://borderlesscyber.oasis-open.org/asia16
PROGRAM SESSION OVERVIEWS
Tuesday, November 1
Dealing with Cyber Threats on a Country Level: Opportunities & obstacles
New cyber threat techniques are constantly being developed that target governments, companies and their citizens/customers.
With geographic borders exploited in many ways, policymakers are left with many questions on how best to build a multidimen-
sional approach to their cybersecurity policies. A successful approach is one built around public-private partnerships, which has the
ability to restore the trust among governments, companies, and citizens (or customers) by securing the integrity, authenticity, and
privacy of communications and information.
During this opening session, leaders from around the world will share their multidimensional approaches, and how their national
strategies are adapting to the changing capacities and volume of cyber attacks. These leaders will also share obstacles faced and
problems solved when working on a multi-stakeholder infrastructure.
Tuesday, November 1
Global Cutting-edge Approaches in the Defense of Cyber Intelligence Threats
Typically, university and research driven Center of Excellence (CoE) programs are everywhere. However, various models of CoE
exist depending on their purpose, goals and missions. These centers form a team of people from cybersecurity technology compa-
nies, other federal agencies and academia to address unique problems within the cybersecurity industry. These teams work not
only to educate, but also to research and build example solutions using commercially available, off-the-shelf products with enhanc-
ing capabilities. Their goals are usually to accelerate the deployment and use of secure technologies that can help businesses im-
prove their defenses against cyber attacks. CoE have a culture that attracts talented individuals and provide their teams with the
latitude and innovative tools needed to succeed in a sharing environment.
During this session block, a number of the top CoE programs from around the globe will converge in Tokyo to share the cutting-
edge approaches being developed within their programs. Attendees will see first-hand how aligning with a CoE could help solve
problems.
Tuesday, November 1
Emerging Trends in Critical Infrastructure Protection: Preventing & mitigating potential threats
Times of crisis are often defining moments. It is an opportunity to fail or succeed in managing events as they unfold. Learning from
experiences and advance planning can significantly mitigate the potentially disastrous effects of any large-scale event. The poten-
tial for significant and enduring disruptions makes it extremely important to have appropriate tested contingency and emergency
operations plans in place.
Key industries such as energy, finance and transportation have been the innovators and developers of many threat detection
methods, data analysis capabilities and sharing arrangements among diverse stakeholders. Guest speakers in this session will re-
view the ways in which early, and more recent, infrastructure protection initiatives can be effective and help you anticipate risks to
these cornerstones of critical infrastructure.
Tuesday, November 1
Privacy Laws & Transnational Agreements: Balancing and reconciling risks, rights and obligations
The linkage between cybersecurity and countries individual data protection/privacy (Japan's My Number) laws and transnational
agreements (EU/US Shield) with cybersecurity is often obscured by the generic focus on data breach and the attack methods allow-
ing adversaries to gain entry into systems and exfiltrate gobs of data. Left unaddressed are novel, maybe less dramatic risks associ-
ated with other components of privacy, such as data availability, data quality, consent and withdrawal of consent; attacks on oper-
ational systems (such as autonomous vehicles, IoT, etc.) etc. Focusing on data privacy could be addressed by using framework spec-
ifications such as PMRM and PbD-SE to help expose the elements of data protection risks associated with systems and applications
and their associated privacy controls and implementations.
In this discussion, experts will share their experiences with finding appropriate sharing arrangements, and what best practices may
help balance and reconcile conflicting issues of risks, rights and obligations regarding cyber threat data. Available tools will be high-
lighted as well as opinions on approaches to managing commitments, both for regulators and the cybersecurity community.
Wednesday, November 2
Cyber Security in a Borderless World: Solutions, tools, best practices
In a world increasingly driven by digital technologies and information, cyber-threat management is more than just a strategic im-
perative. It’s a fundamental part of doing business domestically and internationally. Yet for many leaders and C-suite executives,
cybersecurity remains vague and complex. Although it's on your strategic agenda, what does it really mean? And what can you do
to shore up its defenses and protect against cyber-threats?
Frank discussions need to start happening and should include how innovation needs to be built into our cybersecurity strategies, as
well as how needs can be proactively identified. The speakers in this session will talk about their priorities, and the need to inte-
grate best practices that create real tangible value.
Wednesday, November 2
Fostering Information Sharing through Non-profit International Forums
Today’s security climate calls for even more active community involvement to help facilitate the flow of information between gov-
ernment and industry. Non-profit international organizations have been creating forums to help facilitate discussions and identify
best practices and tools in an effort to address this need. In many cases, these organizations build bridges between public and pri-
vate industry. Like many others, these international organizations face many challenges that are complicated by cross-border is-
sues, including inconsistent laws and perspectives regarding privacy norms and restrictions, data transferability, and divergent po-
litical interests in combating cyber threats.
During this panel discussion, a diverse group of non-profit organizational leaders will share their thoughts and related initiatives.
This will include an overview of programs, available tools and other ways the organization may be uniquely building awareness
within the industry.
Wednesday, November 2
Navigating the Global Threat Landscape: Enterprise solution providers perspectives
Enterprise solution providers which integrate vertically have a very unique perspective on managing a cybersecurity program. Dur-
ing this session, several guest speakers from this domain will deliver their unparalleled views on navigating our global threat land-
scape as well as their innovative approaches and solutions. No matter how good your threat intelligence feeds are, or how well
you’re able to share threat information, it’s critical to learn from others.
As part of the discussion, they’ll share proactive, forward-thinking plans poised to prevent attackers from disrupting businesses.
Discussion points will include:
What’s beyond Cyber Threat Intelligence (CTI) information sharing;
Forward-thinking plans to improve one’s cybersecurity program by utilizing & leveraging shared CTI;
Security tools and services filling current & future gaps associated with CTI sharing;
And understanding the importance of cybersecurity investment & partnerships.
Wednesday, November 2
Cyber Threat Intelligence (CTI): Automating information sharing with STIX, TAXII, CybOX
As we’ve heard, it is becoming increasingly necessary for a broad range of organizations to have a cyber threat intelligence capabil-
ity. A key component of success for any such capability is information sharing opportunities with the partners, peers and others
they elect to trust. Voluntary information sharing can help focus and prioritize the use of the immense volumes of complex cyber-
security information available to organizations today. Standardized, structured representations of this data make it tractable. The
STIX language is meant to convey the full range of cyber threat information and strives to be fully expressive, flexible, extensible,
automatable, and as human-readable as possible, while relying on relatively simple toolsets. But what does it take to make struc-
tured info sharing an operational reality? This session will describe operational implementations and real-world lessons learned
from key implementers.
Venue and accommodation information is on
the Conference website.
http://borderlesscyber.oasis-open.org/asia16