||Garden A, B, & C
||Garden D & E
|7:30 am-8:00 am
|8:00 am - 8:10 am
||Welcome Message by Dr. Jose-Marie Griffiths, President of Dakota State University
|8:00 am- 8:55 am
||Breakfast Keynote: Jill Sanborn, Special Agent in Charge of Minneapolis Division, FBI
||AT&T Hackathon: Helping first responders stay safe
Trevor Jones, Dr. David Bishop, First Responders, Students
|9:00 am- 10:00 am
||Panel 1- Hack Back: Understanding the Active Cyber Defense Certainty Act- In the physical world organizations can use force to protect their employees and their assets, however that does not carry over to the virtual world. The Active Cyber Defense Certainty Act would amend the federal criminal code to limit the prosecution of computer fraud and abuse offenses where the conduct constituting an offense involves a response to, or defense against, a cyber intrusion. Our panelists will help you understand what this would mean for you and your business.
Panelist 1- David Forscey, Managing Director, Cyber & Technology Program, The Aspen Group
Panelist 2- Alice Porch, Esq, CIPP/US, CEH, Security+
Panelist 3- Mark Shlanta, CEO, SDN
Panelist 4- Dr. Josh Stroschein, Assistant Professor of CyberSecurity, Dakota State University
Moderator- Dr. Pat Engebretson, CIO, East River Electric
|10:00 am-10:25 am
|10:30 am- 11:50 am
||10:30 am - 11:15 am
Business and Cyber Law I
Carol Goforth, Professor at University of Arkansas
Title: Using Cybersecurity Failures to Critique the SEC’s Approach to Crypto Regulation
Abstract: The Securities and Exchange Commission (SEC) has a legitimate interest in protecting the public against the risks of speculative investment in fraudulent offerings of cryptoassets. However, when an offering does not involve fraud or other deceptive practices, the approach currently taken by the SEC may miss the mark. While crypto investors clearly need to be concerned about fraudulent offerings, problems caused by market volatility and failures of cybersecurity are at least as problematic. Moreover, a disclosure regime does little to address any of these concerns despite the fact that it imposes substantial costs on issuers who want to comply with regulatory requirements. Mandatory disclosure is only valuable if the disclosures cover what potential purchasers need to know. A scam artist is likely to misrepresent things in order to make a fake offering “look good” regardless of what is supposed to be disclosed. The risks
of market volatility are as obvious to investors as to issuers (and outside the control of either). Few issuers are willfully creating tokens or systems that are susceptible to hacking or other cyber-based intrusions in a way that would make it possible for them to disclose the actual risks. This article suggests that in order to more fairly apportion duties and responsibilities between issuers and purchasers, the SEC’s role in the crypto space (other than with respect to offerings of traditional securities that have been tokenized) should focus on fraud and deceptive or manipulative practices, and continuing to warn the public about various risks. Congress should focus on developing appropriate standards for the regulation of exchanges and wallet services or should explicitly delegate this authority to either the SEC or the CFTC. The SEC should not treat crypto as just another security, imposing broad disclosure obligations on most crypto offerings, because that does not effectively
or fairly address the central risks associated with purchasing this new kind of asset.
11:15 am - 11: 50 am
Speaker: Jay Kesan, Professor of Law, University of Illinois
Title: "Challenges in the Law and Business of Cyber Security"
|Academic Papers I
Paper 1: Title: BARED: Structured Analysis of Disassembly through a Relational Database
Abstract: Abstract: The binary analysis of software has become an integral activity for security researchers, malware analysts and attackers alike. From the discovery of unknown vulnerabilities to unraveling the intent behind malware, reverse engineering has become an integral activity for many security teams. This paper introduces BARED, which is intended to be used by security researchers to perform structured analysis of disassembled executable binaries, system and third-party libraries through the use of a relational database. BARED takes a novel approach to system-level security by introducing a framework that provides for binary analysis of software utilizing a
relational database for permanent storage of the disassembled binary instructions. BARED also provides novel ways of searching and interacting with the disassembled instructions, allowing for the discovery of related functionality, code patterns and program behavior within and across binaries.
Authors: Dr. Josh Stroschein, Dakota State University & Dr. Matthew Miller, University of Nebraska-Kearney
Paper 2: Title: De-identifying a Psychometric Profile for Vulnerability Assessment Professionals, Talent Identification to Support Career Assessment
Abstract: An inter-collegiate research team completed initial research analysis of 119 professional cybersecurity workers from government and industry to identify talent profiles aligned with four roles within the Protect and Defend (PD) NICE Workforce Framework: Cybersecurity Defense Analyst, Cybersecurity Defense Infrastructure Responder, Cybersecurity Incident Responder and Cybersecurity Vulnerability Assessment Analyst. Anonymized data collected from multiple organizations with performance assessments to build statistically validated psychometric profiles of high potential PD cybersecurity candidates. Data collection was obtained using the World of Work Inventory (WOWI)
a multidimensional on-line career assessment which measures six aptitude and achievement dimensions in the Career Training Potentials, twelve work-style preferences in the Job Satisfaction Indicators and task-relevant preferences related to seventeen career families in the Career Interest Activities. Anonymized, aggregated ranked data described profiles of existing high performing candidates working in the field. Utilization of a methodology to identify cybersecurity talent at different phases of an individual’s career life cycle supports recruitment of high potential talent from diverse backgrounds to increase the numbers of candidates entering cybersecurity education and training programs.
Authors: Dr. Martha Crosby, University of Hawaii, Manoa, Dr. Curtis Ikehara, Applied Computer Electronics Custom Design, Dr. Gregory Neidert, Arizona State University & Dr. Morgan Zantua, University of Washington
Paper 3: Title: A JOP Gadget Discovery and Analysis Tool
Abstract: Modern exploits have evolved considerably over the last decade, with many powerful mitigations introduced, each requiring additional bypasses. Code-reuse attacks have become a central part of efforts to overcome some of these mitigations. This paper provides a novel approach to aid exploit developers by proposing an instantiation of an interactive, full-featured tool to facilitate the automated discovery of JOP dispatcher and functional gadgets, allowing for JOP exploits to be more easily constructed. Additionally, the tool will provide exclusion criteria to discard impractical JOP gadgets, while at the same time performing significant classification of gadgets found based on the target register and the operations performed. This proposed tool may be beneficial to exploit developers, as some systems
hardened against ROP may be susceptible to JOP. This tool will be of benefit to the educational community by providing a simple, straightforward way to allow students studying software exploitation to be able to utilize JOP in exploits. Without such a tool, likely the level of difficulty and time-consuming, tedious nature of the work required to manually discover the needed gadgets would make the prospect of performing JOP virtually infeasible for both students and most practitioners. This proposed tool, thus, will make an entire class of code-reuse attacks accessible.
Authors: Dr. Bramwell Brizendine, Dakota State University & Dr. Josh Stroschein, Dakota State University
|12:00 pm- 1:00 pm
||Lunch Keynote: Dr. Mark R. Hagerott, Chancellor for the North Dakota University System Cybersecurity in Rural States Land Grant
Keynote begins at 12:20 pm
|1:00 pm- 1:25 pm
||Student poster session/lightning talks (Back of Garden A, B & C and hallway)
Dessert by the posters to encourage mingling
• Patrick Gallo
• Dustin Steinhagen
• Todd Whittaker
• Thomas Jernejcic
• Quentin Covert
• Francisca Opoku-Boateng
|1:30 pm- 2:30 pm
||Panel 2- Cybercrime Case Study- Business email compromise (BEC) Business email compromise, or BEC, is the largest cybercrime impacting using citizens and organizations. The FBI IC3 database lists BEC as a $640M+ scam. The panelists will discuss what BEC is, tips to avoid a compromise while highlighting an actual 6-figure case in South Dakota.
Panelist 1- Attorney James C Roby
Panelist 2- Chris Kreul, CIO of First Bank and Trust
Panelist 3- Paul Niedringhaus, Director SD Fusion Center
Panelist 4- Dennis Holmes, Criminal Chief and First Assistant United States Attorney for South Dakota
Moderator- Trevor Jones, Director of DigForCE
|2:30 pm- 4:00 pm
||2:30 pm - 3:15 pm
Business and Cyber Law II
Speaker: Derek Bambauer, Professor at Arizona State University
Title: Worthless, Then Priceless: Resilience and Recovery in Cybersecurity
Abstract: Cybersecurity policy and regulation are obsessed with prevention. The primary goal is to keep attacks from occurring through measures such as patching, testing, vulnerability assessments, and intrusion detection. While most cybersecurity regimes (public and private) formally include protocols related to resilience and recovery, these concerns are afterthoughts at best. This Essay suggests that this arrangement is precisely backwards. Resilience and recovery ought to be the top priorities for cybersecurity frameworks, for at least three reasons. First, successful attacks are inevitable given the problems of information asymmetry, increasing exposure of systems to the public Internet, and simple human error. Second, the cost of resilience and recovery measures is likely to be less than of
preventative ones, and these precautions should provide value over a longer period of time. Finally, there is an increasingly common style of attack, as epitomized by ransomware, where recovery may be the only viable alternative to a sizable payment to the attackers. The Essay builds out these arguments, and also examines and critiques recovery / resilience requirements in leading cybersecurity regulations. As the information technology community frames it, resilience and recovery measures are worthless until you need them – then, they are priceless. Policymakers should act accordingly.
3:15 pm - 3:55 pm
Speaker: David Forscey, The Aspin Institute
|Academic Papers II
Paper 4: Title: Alert Prioritization and Strengthening: Towards an Industry Standard Priority Scoring System for IDS Analysts Using Open Source Tools and Models of Machine Learning
Abstract: Intrusion detection systems (IDSs) are generating volumes of alert messages around the clock leaving alert response teams with a daunting task: determining which alerts are worth investigation and which alerts are not. IDS analysts must quickly identify false positives in order to maximize the response time dedicated to concrete threats. This research explores the plausibility of our proposed treatment to this IDS alert prioritization problem. Our solution requires using generically trained machine learning (ML) models derived from modern traffic flow data as assistance in
initial IDS configuration and deployment. This model would then provide an understandable metric for analysts; helping rank traffic flow data by likeliness of a threat. We surveyed several machine learning methods by running them against datasets including the CSE-CIC-IDS2018 dataset for the purpose of gaining threat detection accuracy measurements which in some cases yielded a better than 2% error overall. Some of the techniques tested include k-means clustering, decision trees, and random forest decision tree models. We have also provided code examples from some of our tests as an illustrative primer for network security professionals interested in machine learning. These Jupyter Notebooks are hosted on a public repository. Our method strives to be network platform independent and requires only publicly available IDS and ML tools. This publication is intended to be accessible to cybersecurity analysts who are hoping to standardize their workflows by adding machine learning models to
their security tool-set, as well as for machine learning researchers who do not typically deal with network security problems.
Authors: Bikram Dangi, Dakota State University, Jeremy Gamet, Dakota State University, Arica Kulm, Dakota State University, TJ Nelson, Dakota State University
Paper 5: Title: On Privacy Issues with Google Street View
Abstract: Mapping data gathered by governments, corporations, and private individuals can be published freely across the web for use in diverse application sets. Upon its collection, other data, private data, may become subject to the public eye. Evolving from multiple acquisitions in its almost twenty-year history, Google’s Street View application offers the public historical and 360-degree views of the globe from across the world. With users serving as the target of marketing techniques, which often create a game of chess between developers, the privacy practices of other companies often come to light. In this paper, we consider these issues and suggest some mitigation that public, private, and partnership entities may take in this shared effort.
Authors: Patrick Gallo, Dakota State University & Dr. Houssain Kettani, Dakota State University
Paper 3: Title: DigForCE: Digital Forensics for Cyber Enforcement at Dakota State University work towards public-private cybercrime investigations
Abstract: Local and regional law enforcement agencies are struggling to meet the demand for cybercrime investigations. The challenges include, but are not limited to, training on digital evidence identification, acquisition and analysis, maintaining evidence integrity, investigation subject matter expertise, and an overall cyber investigation skills gap. Due to these challenges, several joint task forces between law enforcement and higher education have been developed. This paper will outline the need for public-private cybercrime task forces, highlight labs across the country, and discuss a new MadLab at Dakota State University,
Authors: Dr. Ashley Podhradksy, Dakota State University, Trevor Jones, Dakota State University, Francisca Opoku-Boateng, Dakota State University, Arica Kulm, Dakota State University,
Neil Fulton, Dean, University of South Dakota School of Law
Dr. Richard Hanson, Dean, Beacom College of Computer and Cyber Sciences, Dakota State University