David Thomas, Chief, Computer Intrusion Section, Cyber Division, FBI, Washington DC

After completing more than a dozen years of in-charge roles with the FBI in areas such as violent crime, domestic terrorism, national infrastructure protection, Agent Thomas was appointed to the position of Chief of the Cyber divisions Criminal Computer Investigation Unit (CCIU) in June 2001. As Chief of CCIU, Mr. Thomas directed the FBI’s efforts on many large-scale cyber investigations and is considered an authority on Eastern European hacker groups. In April 2003, he was transferred to the St. Louis Division as the Assistant Special Agent in Charge. In July 2004, Mr. Thomas was promoted to the position of Section Chief, Cyber Division, FBI HQ. In this capacity, Mr. Thomas oversees all Counterterrorism/Counterintelligence and Criminal computer intrusion investigations. Additionally, he is responsible for development of Cyber Intelligence and Cyber Action Teams which deploy internationally in response to major cyber events.

Robert McGraw, Technical Director, IA Architecture and System Security Engineering Group, NSA
Challenges to National Cyber Security
This talk will highlight some of the Information Assurance (IA) challenges facing the nation as we move full speed ahead into a net-centric, information-sharing environment. An introduction to NSA’s IA mission will be provided, followed by a discussion of some of the trends that are impacting IA.

---

Mr. McGraw is the Technical Director for the Information Assurance Architecture and Systems Security Engineering Group at the National Security Agency (NSA). His group is responsible for defining the information assurance capabilities for the Department of Defense’s (DoD) Global Information Grid, which will transform DoD’s approach for communications and information management. They are also responsible for providing Information Systems Security Engineering services to a vast array of DoD and other government programs.
Mr. McGraw received a Bachelor of Electrical Engineering degree from the University of Detroit and a Master’s Degree in System Engineering and Technical Management from the Johns Hopkins University. He has been with the NSA since 1973 where he has spent his career architecting and developing Information Security products and systems for space, combat, and cryptographic key management applications.

Prof. Sujeet Shenoi, University of Tulsa
Digital Forensics: Challenges and Opportunities

Sujeet Shenoi is the F.P. Walter Professor of Computer Science at the University of Tulsa. An active researcher with specialties in cyber security, digital forensics and critical infrastructure protection, Dr. Shenoi is currently the principal investigator on projects supported by the National Science Foundation (NSF), FBI, Secret Service, IRS, U.S. Departments of Defense and Homeland Security, and the National Security Agency. Dr. Shenoi is the Director of the Cyber Security Education Consortium, an NSF-supported initiative focused on building a high-tech workforce in Oklahoma and six neighboring states. He serves on the FBI's National Steering Committee for the Regional Computer Forensics Laboratory Program. He is also the founder of the Tulsa Undergraduate Research Challenge (TURC), a nationally recognized program of scholarship and service. For his innovative strategies integrating academics, research and service, Dr. Shenoi was named the 1998-1999 U.S. Professor of the Year by the Carnegie Foundation.

Prof. Badri Nath, Rutgers University
Topic: Securing Measurements in Sensor networks
Sensor networks convey information that is obtained from actual measurements of the physical world. Ensuring the accuracy of the measurement becomes paramount if actions are taken based on the sensor readings. Techniques for detecting and coping with tampering or manipulating sensors or the environment are needed. Several techniques for increasing the confidence of sensor measurements will be presented. In particular, multimodality will be used to improve the confidence of sensor measurements. An information assurance architecture along with challenges in designing robust wireless sensor networks will be outlined.

---

Dr. Badri Nath is a Professor in the  Computer Science Department at  Rutgers University and a member of  WINLAB. He is a co-Principal investigator of the DataMan project at Rutgers University.  His research interests are in the area of sensor computing and large scale non-traditional (inventory, vehicular and home) networks. Current projects explore research issues in manageability and dependability of sensor networks, mobile and wireless networks. His current interest is on developing a robust information architecture for sensor networks to enable actuations.

Prof Badri Nath received a Ph.D.  in Computer Science from the University of Massachusetts, Amherst and a M.E. from the Indian Institute of Science (School of Automation). He is the recipient of the best paper award at HPSR(2003), the ten year best paper award at VLDB (2002) and professor of the year award for best teaching (1995).

Holly Hubert, Supervisory Special Agent, FBI
FBI Buffalo Cyber Task Force and InfraGard

Holly Hubert is a cyber crime supervisory special agent in the FBI's Buffalo office. Hubert, a 13-year veteran of the Bureau, directs the local office's 16-member Buffalo Cyber Task Force, a specially trained team that includes eight FBI agents and representatives of other local, state and federal law enforcement agencies.

Timothy P. Clancy, Project Director, Committee on Science, United States House of Representatives

In his second stint on the House Science Committee staff, Tim Clancy serves as the Project Director on the majority staff of the House Committee on Science—responsible for coordinating science and technology (S&T) issues relating to Committee Chairman Sherwood Boehlert’s home district and the State of New York, oversight over state-federal S&T partnerships and international S&T policy.  He is also responsible for outreach to all majority members of the Committee. 

In the 107th and 108th Congresses, Tim served as coordinator for Committee efforts in cybersecurity R&D, resulting in the drafting of H.R. 3394 (P.L. 107-305), the Cybersecurity Research and Development Act, signed by President Bush on November 27, 2002.  He also helped draft provisions of 21st Century National Nanotechnology Research and Development Act (P.L. 108-153), legislation that originated in the Science Committee.  In the 109th Congress, he will continue to advise Chairman Boehlert on nanotechnology, information technology and Homeland Security technology issues generally as the Committee continues oversight over both the implementation the Cybersecurity R&D Act and the Nanotechnology R&D Act, other IT research and development programs and the S&T programs of the Department of Homeland Security.

Mr. Clancy previously served as a Professional Staff Member on the minority staff of the then-Science Subcommittee of the House Science, Space and Technology Committee from 1993-1994 with oversight responsibility over the National Science Foundation and the Department of Energy.   Between his tours on the Science Committee, Mr. Clancy served from 1994-2001 as Senior Legislative Policy Analyst in the Office of Legislative & Public Affairs at the National Science Foundation.  In this position Mr. Clancy served as liaison to the U.S. House of Representatives and the United States Senate for the NSF Director and the Deputy Director, focusing on research and education policy across all disciplines of science and engineering. 

 Tim earned a B.A. in Political Science from the College of the Holy Cross in Worcester, MA and a J.D. from Western New England School of Law in Springfield, MA where he was a member of the Law Review.  Originally from Rome, New York, he currently resides in Alexandria, Virginia.

Elysa Jones - Engineering Program Manager, Warning Systems, Inc.

Ms. Elysa Jones is the Engineering Program Manager for Warning   Systems, Inc. (WSI).  She holds a BA degree in Economics and a MS   degree in Computer Science from the University of Alabama in   Huntsville.  She has over 25 years experience in engineering program management, software engineering and product design and development. She has been with WSI since 1998 and has been instrumental in the successful design and development of new products and the installation   of major radio warning systems.  She also served on the board of   trustees for the Partnership for Public Warning and is committed to the work of improving public warning in our country and throughout the   world.  She is the current Chair of the OASIS Emergency Management   Technical Committee.  She received the first annual Leadership in   Emergency Interoperability Award from the Emergency Interoperability Consortium.  Ms. Jones works diligently to further standards development to support all aspect of Emergency Management.  Through   this work she monitors the development of the National Incident   Management System (NIMS), the National Response Plan (NRP), and other   emergency management initiatives to insure that the direction of WSI   product development is in keeping with changes in the field.

Chief Scott R. Patronik, CISSP, CFCE, Erie County Sheriff's Office
Wireless Security

Scott R. Patronik is the Chief of the Technology and Advancement Division of the Erie County Sheriff's Office in Buffalo, New York where his duties include overseeing Information Security for the agency and the agency's Computer Crime Unit. Scott has been investigating high technology crimes since 1995 and previously served with the New York State Police. He also has experience working in the private sector as a Software Engineer for Computer Task Group, Inc.
Designations held by Scott include being a Certified Information Systems Security Professional (CISSP) as conferred by the International Information Systems Security Certification Consortium (ISC) and a Certified Forensic Computer Examiner (CFCE) as conferred by the International Association of Computer Investigative Specialists (IACIS). He is also a member of the High Technology Crime Investigation Association (HTCIA) and the International Association of Chiefs of Police.
Affiliations include serving as a Board Member for the Buffalo Chapter of Infragard and a Charter Member of the Law Enforcement Coordinating Committee (LECC) on Information Technology Crimes in the Western District of New York.
Scott is also a member of the National Institute of Justice Technical Working Group and a member of the FBI - Scientific Working Group on Digital Evidence (SWGDE), both groups are involved in producing suggested guidelines for the Examination of Electronic Evidence.

Prof. Patrick C.K. Hung, Univ. of Ontario Institute of Technology
Web Services Composition for E-Commerce: A Security Perspective

Patrick C. K. Hung is an Assistant Professor at the Faculty of Business and Information Technology in the University of Ontario Institute of Technology since July 2004. He is currently cooperating with Boeing Phantom Works (Seattle, USA) and Bell Canada's Privacy Center of Excellence (Toronto, Canada) on an industrial security-and privacy-related research project respectively. Before that, he was a Visiting Assistant Professor at the Department of Computer Science in the Hong Kong University of Science and Technology in Hong Kong and a Research Scientist with Commonwealth Scientific and Industrial Research Organization (CSIRO) at Canberra in Australia. He also has prior industrial experience in e-business projects in North America and Hong Kong. From 2000 to present, Patrick has been serving as a panelist of the Small Business Innovation Research and Small Business Technology Transfer programs of the National Science Foundation (NSF) in the USA. He is an executive committee member of the IEEE Computer Society’s Technical Steering Committee for Services Computing (TSC-SC), an associate editor/editorial board member in several international journals, and a program organizer/committee member in international conferences/workshops. He has been a book reviewer for Prentice Hall and Springer, and also a reviewer for the IEEE Transactions on Computers, the IEEE Transactions on Systems, Man, and Cybernetics (SMC), the Programming .NET Web Services, the IEEE Computer magazine, the IEEE Internet Computing magazine, the Decision Support Systems (DSS), the VLDB Journal, the Journal of Electronic Commerce Research.

Harry G. Meyer, Hodgson Russ
Round-Table Session: Security in Small & Medium Businesses

Mr. Meyer has extensive experience with the New York State Environmental Quality Review Act ("SEQRA"). Among significant projects, he (i) represented the Cattaraugus County IDA as lead agency under SEQRA for the review, comments to, modification, hearing and final acceptance of the Environmental Impact Statement for a 1200-acre recreational and sporting complex in the Town of Yorkshire; (ii) handled environmental and real property matters for the transfer of the water system from the City of Buffalo to the Buffalo Water Board; (iii) worked extensively with NYS DEC regulatory, legal and permitting personnel; and (iv) represented Tops Markets in connection with environmental matters for several facilities including a major distribution center in Lancaster, New York and several other facilities in New York State.

Session Participants

• Alan "Skip" Gould, Bright Planit  Inc

• Ramanan, Compsys

• David Fotevski, NEMISYS, LLC

• Jeff McCaskey, AURORA Consulting Group

Donna Kaputa, ECC

• Round Table Discussion Moderator: Security Education in 2 and 4 Years Colleges

• Portable Educational Network (PEN)

• Security Overview

Dr. Donna Kaputa teaches Computer Information Systems  at Erie Community College. She received her Ph.D. from SUNY Buffalo. Dr. Kaputa is a recipient of a major  NSF grant for Information Systems Security curriculum development for ECC in collaboration with SUNY Buffalo. The new curriculum being prepared by Dr. Kaputa and her colleagues incorporates the Cyber-Security skill standards of the National Workforce Center for Emerging Technologies (NWCET), as well as aspects of the CNSS National Training Standards and the CompTIA Security+ framework. The curriculum targets both traditional college students who wish to take courses in or specialize in information systems security and industry workers who wish to upgrade or retool their skills. Two notable features of the curriculum are its emphasis on real-world problems and issues and its use of isolated computer network labs, which will enable students to participate in hands-on experiments with security penetration techniques and corresponding countermeasures and protective approaches.

Round Table Session Participants

• Marina Cappellino, Genesee Community College

• Sandy Augustine, Hilbert College

• Sandy Brown, Finger Lakes Community College

• Louise Kowalski, ECC

Prof. Shambhu Upadhyaya, University at Buffalo
Wireless security Initiative at UB

Shambhu J. Upadhyaya is an Associate Professor of Computer Science and Engineering at the State University of New York at Buffalo where he also directs the Center of Excellence in Information Systems Assurance Research and Education (CEISARE), designated by the National Security Agency. Prior to July 1998, he was a faculty member at the Electrical and Computer Engineering department. His research interests are information assurance, computer security, fault diagnosis, fault tolerant computing, and VLSI Testing. He has authored or coauthored more than 150 articles in refereed journals and conferences in these areas. His current projects involve intrusion detection, insider threat modeling, security in wireless networks, SoC test scheduling, analog circuit diagnosis, and RF testing. His research has been supported by the National Science Foundation, Rome Laboratory, the U.S. Air Force Office of Scientific Research, DARPA, and National Security Agency. In May 1999, IBM sponsored a new Electronic Test and Design Automation Lab to support his teaching and research on VLSI Testing. He has been awarded an IBM Faculty Partnership Fellowship for year 2000-01 in recognition of his research accomplishments in the area of VLSI. He was also an NRC faculty fellow in 2001 and 2002. In 2005, he received Cisco equipment donation to build a computer security lab. He has held visiting research faculty positions at the Center for Reliable and High Performance Computing, University of Illinois, Urbana-Champaign, Intel Corporation, Folsom, CA, Air Force Research Laboratory, Rome, NY and the Naval Research Laboratory, Washington DC. He was the Program Co-Chair of the Fifth IEEE/ACM Great Lakes Symposium on VLSI, 1995. He has served on various Conference Committees including the IEEE Simulation Conference, 1994, 1995, 1997, 1999 - 2004, Fault Tolerant Computing Symposium, 1997, and 1999, IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, 1997, 1998, 2000 - 2003, and 1999, and IEEE Symposium on Reliable Distributed Systems, 1998 and 1999. He was the publicity chair of 1998 IEEE International Computer Performance and Dependability Symposium, and has served as the Program Co-chair of IEEE Symposium on Reliable Distributed Systems, 2000 held in Nuernberg, Germany. He is an associate editor of IEEE Transactions on Computers, a member of the editorial board of the International Journal on Reliability, Quality, and Safety Engineering published by the World Scientific Publishers. He was a guest co-editor of the book series Interfaces in OR/CS on Mobile Computing: Implementing Pervasive Information and Communication Technologies, Kluwer Academic Publishers, 2001 and is a guest co-editor of a special issue on Secure Knowledge Management in IEEE Transactions on Systems, Man and Cybernetics, March 2006. He was on the Program Committee of 3rd IEEE International Information Assurance Workshop, Washington DC, March 2005, 6th Annual IEEE Information Assurance Workshop, West Point, NY, June 2005, and Dependable Computing and Communications Symposium of IEEE DSN-2005, among others. He is a senior member of IEEE.