Pacific Northwest Chapter Report for 2013

Pacific Northwest Chapter Status Report For 2013

ORGANIZATION

Our chapter continued semi-monthly meetings (started in 2012) during the first part of 2013, but did not evolve into monthly gatherings as anticipated. Instead, they stopped entirely by the middle of 2013 due to time and space conflicts. Communication between members has dissipated despite a new mailing list being created by Lucas Reber and hosted by the University of Washington. We remain hopeful that further separation of members regionally and continued conflicts of time and outside commitments will not hinder our chapter further in 2014. Although members have each continued their contributions to malware analysis and/or information assurance / cyber security in general, few of our members have answered the call for an update on their activities to include in this report. As such, it its limited in scope and content.

Members:

Chiraag Aval, M.S.
Chuck Costarella
David Dittrich
Barbara Endicott-Popovsky, Ph.D.
Dennis Charles Grant - Chapter Lead
Franklin Jackson
Eliot Lim
Stuart Maclean
Ashish Malviya
Julia Narvaez
Raymond Pompon
Alex Railean
Lucas Reber
Michael Schweiger
Christian Seifert, Ph.D.
Mike Simon

DEPLOYMENTS

- Two "HonEeeBoxes" continue in operation from the 2012 implementation.

- "Public Regional Information Security Event Management" system (PRISEM) designed to offer early warning on malicious activity continues to operate. (PRISEM uses customized security and information event management (SIEM) equipment housed in the University of Washington's Applied Physics Lab).

PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS

Alexander, O., Chung, S., Endicott-Popovsky, B. (2013 March). Attack-Aware Supervisory Control and Data Acquisition (SCADA). Poster presented at the 13th Annual International Conference on International Warfare. Denver, Colorado. (Best Poster Award)

Costarella, C. (2013). "Hardening Honeynets against Honeypot aware Botnet Attacks", University of Washington, Seattle, Washington.

Dittrich, David and Kenneally, Erin and Bailey, Michael, Applying Ethical Principles to Information and Communication Technology Research: A Companion to the Menlo Report (October 8, 2013). Available at SSRN: http://ssrn.com/abstract=2342036 or http://dx.doi.org/10.2139/ssrn.2342036

Endicott-Popovsky, B., Horowitz, D. (2013 February). Unintended consequences: Digital forensics literacy and the legal system. Paper presented at 65th Annual Scientific Meeting of the American Academy of Forensic Scientists, Washington, D.C.

Endicott-Popovsky, B. and Jansen, A. (2013 June). Integrating digital forensics and archival science: Creating a Preservation-Ready environment. Paper presented at the 2013 Conference of the International Council on Archives, Barbados, West Indies.

Evans, M., Lysenko, V., Endicott-Popovsky, B. (2013 October). Proactive vs. reactive: Securing the critical data transport in the Cloud. Paper and poster presented at the 1st Annual International Conference on Cloud Security Management. Seattle, Washington.

Fink, G., Best, D. Manz, D., Popovsky, V. and Endicott-Popovsky, B. (2013 July). Gamification for measuring cyber security awareness. Paper presented at Human Computer Interface (HCI) Conference, Las Vegas, Nevada. Published in Foundations of Augmented Cognition Lecture Notes in Computer Science Volume 8027 Berlin, Germany, Springer, pp. 656-665.

Kuntze, N., Rudolph, C., Schilling, H., Alva, A., Bribois, B. and Endicott-Popovsky, B. (2013 November). Seizure of digital data and “selective suppression” of digital evidence. Paper presented at 8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), University of Hong Kong, Hong Kong.

Lysenko, V., Endicott-Popovsky, B. (2013 March). Action and reaction: Strategies and tactics of the current political cyberwarfare in Russia. Poster presented at the 13th Annual International Conference on International Warfare. Denver, Colorado.

Moon, C., Chung, S., Endicott-Popovsky, B. (2013 August). Architecture for insider threat detection system using cloud computing and in-memory database with emphasis on database server logs. Paper presented at US-Korea Conference, Meadowland, New Jersey.

Moon, C., Chung, S., Endicott-Popovsky, B. (2013 August). A Cloud and in-memory-based two-tier architecture of a database protection system from insider attacks. Paper presented at 14th International Workshop on Information Security Applications, Jeju Island, Korea.

Rudolph, C., Kuntze, N., Endicott-Popovsky, B. (2013 October). Forensic Readiness for cloud-based distributed workflows. Paper presented at the 1st Annual International Conference on Cloud Security Management, Seattle, Washington.

Schweiger, M., Chung, S., Endicott-Popovsky, B. (2013 October). Malware analysis on the Cloud: Increased performance, reliability and flexibility. Paper presented at the 1st Annual International Conference on Cloud Security Management, Seattle, Washington.

Dr. Endicott-Popovsky of the University of Washington also recieved the following recognition during 2013: Selected to lead Dagstuhl Seminar: Digital Evidence and Forensic Readiness, Daghstuhl Germany, Feb. 2014. Best Poster Award 13th Annual International Conference on International Warfare. Denver, Colorado. Appointed by Washington State Adjutant General and President of the University of Washington to the Washington State Governor’s Uniform Coordinating Group for Cyber Disaster Preparedness. Named to the Washington State National Guard ICT Planning Group. Academic representative to Cyber Storm IV. Named to the National Visiting Committee of the National CyberWatch Center. Named North American leader of Interpares Trust IV, international organization funded by Canadian govt.

David Dittrich blogged on the following topics during 2013:
"A new infosec era? Or a new infosec error?" http://www.honeynet.org/node/1031
"Debating the Active Response Continuum: Defining the Terms of the Debate" http://www.honeynet.org/node/1048
"Hide and go seek, not hide and go tweak" http://www.honeynet.org/node/1076

David Dittrich also presented "So You Want to Take Over a Botnet..." at the Microsoft DCC 2013 in Barcelona, Spain in February: http://staff.washington.edu/dittrich/talks/dcc2013_dittrich_botnets.pdf

MISC ACTIVITIES

- Several chapter members were directly involved with the Collegiate Cyber Defense Competition during 2013.
- Several chapter members are faculty, staff, students and/or guest lecturers at the University of Washington.
- DC Grant currently holds the office of President in the Mt Rainier ISACA Chapter and has accepted a faculty appointment at Columbia Basin College as a Cyber Security Instructor.
- Charles Costarella and DC Grant both attended Industrial Control Systems Security Training at Idaho National Labs during 2013.

GOALS

To rebuild communication within the chapter during 2014, which had improved during late 2012 and early 2013, but dissipated during the last half of 2013.