I3P Workshop on Insider Threats in the Networked World

L. Jean Camp, Ph.D.
Associate Professor of Informatics
Indiana University School of Informatics

Jean Camp is Associate Professor at Indiana University's School of Informatics. A pioneer in the interdisciplinary study of trust and design for values, Camp began her academic career at Sandia National Laboratories, where she focused on distributed trust in a clustering system (now what is called peer-to-peer networking) and worked on survivability tools under the Advanced Strategic Computing Initiative.
From Sandia, Camp moved to Harvard's John F. Kennedy School of Government, where as Associate Professor she examined the technical and policy conflicts among dimensions of trust in e-commerce, libraries and information searching. Her book, Trust and Risk in Internet Commerce, was the first to propose the now widely accepted definition of trust as including privacy, reliability and security.
She also founded the Kennedy School's information technology policy group.
Today, Camp's work primarily focuses on whether or not technologies of trust can be value neutral. She has studied the issue in identity systems, voting systems and e-commerce, and is beginning to examine it in ubiquitous computing and information control systems.
Her service to the academic community also includes two terms as Director of Computer Professionals for Social Responsibility and one term as President of the International Financial Cryptography Association. [In addition, she is a Senior Member of the IEEE?] Dr. Camp has a Ph.D. in Computer Science from Carnegie Mellon University and a bachelor's degree from University of North Carolina at Charlotte.

 

 

Fariborz Farahmand, Ph.D.
Research Assistant Professor
CERIAS, Purdue University

 

Fariborz Farahmand is a Research Assistant Professor at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. He received his Ph.D. from the College of Computing at Georgia Institute of Technology in Dec. 2004. He has worked for governmental organizations (e.g. Georgia State Finance and Investment Commission, where he was involved in financial decision making for government projects in the State of Georgia) and private companies (e.g. Nortel Networks, where he contributed into finding global technology solutions for their Information Technology Department). His research interests are in the security of information systems and databases, privacy issues, vulnerability and risk assessment of information systems, and cost-benefit analysis of information technology investments, particularly in the context of security and control measures. Dr. Farahmand is a Fellow of the Institution for Information Infrastructure Protection (I3P) and has received many awards for scholarship and education.

Mischel Kwon
Deputy Director for IT Security Staff (ITSS), DOJ

As the Acting Deputy Director of IT Security and the Chief IT Security Technologist, Mischel Kwon is responsible for operational, defensive and technical security projects for the Department of Justice, as well as oversight of security policy and standards and certification and accreditation (C&A) and is the Department project manager for the Trusted Internet Connections (TIC) project.
Priority projects include the Department-wide Justice Security Operations Center, DOJCERT, Vulnerability Management, Technical Security SME Support, Wireless Security, and Gateway Consolidation. A former Cyber Corp Scholar, Ms. Kwon holds an MS in Computer Science and a graduate certificate in Computer Security and Information Assurance. In addition, she serves as an adjunct professor at George Washington University in Washington, DC where Ms. Kwon also runs the GW Cyber Defense Lab.

Mingsheng Hong
Cornell University

Mingsheng Hong is a Ph.D. student in the Department of Computer Science at Cornell University. Mingsheng's research interests are in the areas of data stream and complex event processing. Together with colleagues at Cornell, Mingsheng has built Cayuga, an expressive and scalable event monitoring engine. Mingsheng is also one of the founders of the CEDR event processing project at Microsoft Research, Redmond. In the past three summers at Redmond, he co-developed an expressive temporal stream computation model, a declarative event pattern query language, and a set of run-time operators with efficiency guarantee.

Jeffrey Hunker, Ph.D.
Professor of Technology and Public Policy
Carnegie Mellon Heinz School

Jeffrey Hunker joined the H. John Heinz III School of Public Policy and Management in May 2001, after serving as the Senior Director for Critical Infrastructure with the Clinton Administration. He brings to the Heinz School expertise in many vital fields of policy and management, such as information technology (specifically information infrastructure security), the environment, corporate and public finance, heavy industry management, and international relations. He has extensive experience in the public sector and has been a significant presence in Washington D.C., New York, Boston and the Silicon Valley.
Dr. Hunker attended Harvard University, having graduated Phi Beta Kappa with a bachelor's degree in engineering and applied physics in 1977, and earning his Ph.D. in 1981 in business administration with a focus on managerial economics.
He began his career in the private sector, as a consultant and case leader for The Boston Consulting Group in 1982-1987. Dr. Hunker specialized in Japanese corporations, markets and competitions, as well as reorganizing and restructuring manufacturing operations and marketing /distribution systems for industrial firms. In 1987, he went to Kidder Peabody and Co., Inc. in New York City, where he served as Vice President of Mergers and Acquisitions until 1993. He built relationships with numerous European and Japanese industrial firms; and created Kidder Peabody's Automotive Group in 1991. In 1993, Dr. Hunker's career path ventured into the public sphere, when he became the Senior Policy Advisor to the Secretary of the Department of Commerce, with responsibility for emerging economic growth issues. In 1995, he worked with the White House to organize the Regional Economic Conferences of the President and Vice President.
In 1996, Dr. Hunker became the Deputy Assistant to the Commerce Secretary and Senior Commerce Department official for environmental policy. There he reorganized the department to integrate all environmental interests, and served as the senior US official representing business interests in climate change framework talks and in negotiating with China. In 1998, Dr. Hunker became the founding director of the Critical Infrastructure Assurance Office (CIAO). CIAO is a unique, high-profile agency within the Commerce Department that was created to coordinate industry and government efforts to improve cyber-security. He established CIAO's strategy and missions as an independent and impartial coordinator of multiple competing federal and private sector interests. Dr. Hunker led CIAO to develop federal oversight, key policies, and new initiatives for cyber-security. He also assisted Congress in its cyber-security agenda, testifying before Members and working closely with them.
For his groundbreaking work in cyber-security, in 1999 Dr. Hunker was recruited by the National Security Council to become the Senior Director for Critical Infrastructure. He led White House planning and implementation of the first-ever national strategy for cyber-security. In January 2000, he produced the Presidential National Plan for Information Systems Protection, Version 1.0, which coordinated the efforts of 21 federal agencies and leading private sector companies in the high-tech, telecommunications, financial services, transportation, energy and defense sectors. Dr. Hunker organized many Presidential summits, such as the Cyber-Security Summit (February 2000), Washington Summit on Corporate Governance and Critical Infrastructure (April 2000), the Washington Legal Summit on Emerging Legal Issues in Cyber-Security (June 2000). He was also instrumental in creating many important organizations and initiatives, including the Partnership for Critical Infrastructure Security, Expert Federal Cyber-Security Team, Federal Intrusion Detection Network, Federal Cyber-Service, Institute for Information Infrastructure Protection, and Industry Cyber-Security Centers.
Dr. Hunker has written a number of articles on cyber-security policy and technology as well as being the principle author of several government reports and journal articles. He wrote Structural Change in the U.S. Automotive Industry, published by D.C. Heath and Co. in 1982. He is a lifetime member of the Council on Foreign Relations and has been a member since 1991 of the Photography Council through the Museum of Modern Art in New York City.

MacDonald Associates

Geraldine MacDonald, is currently working as an independent consultant specializing in executive management consulting, reviewing new Internet start-ups and wireless applications for venture capital firms as well as litigation support on Internet related tax cases and patent disputes. Along with a Masters in Computer Science, Ms. MacDonald has extensive experience in computing and telecommunications operations.
Previously, Ms. MacDonald was a Senior Vice President, at America Online, Inc., providing executive leadership for the construction and expansion of AOL’s access networks. She was responsible for building and operating the access networks at America Online for 10 years, connecting members worldwide to all brands of the service using narrowband and broadband technologies. To provide this connectivity to members, Ms. MacDonald operated the world's largest dial up network, as well as an IP backbone for broadband traffic. At its peak, the network supported over 3 million simultaneous member connections.
Before joining America Online, Ms. MacDonald was responsible for computing and networking at the State University of New York at Binghamton. Much of the early work that helped establish the Internet was conducted on University campuses and Ms. MacDonald served as Vice Chair of NYSERnet, the New State Education and Research Network. Ms. MacDonald has always been involved in using technology to change the way people work and communicate.
Ms. MacDonald has been named one of the Unsung Hero's of the Internet by Interactive Week, and was featured in the book “Cool Careers for Girls in Computers.” Ms. MacDonald has written numerous professional papers on Computing and Networking particularly related to supporting the infrastructure on college campuses. She has also served on the boards of EDUCOM, CAUSE, CREN, ACM SIGUCCS, SUNY Council on Educational Technology and NYSERnet.

Shari Lawrence Pfleeger, Ph.D.
I3P Executive Committee Vice Chair Emeritus and Team Leader, Insider Threat Initiative
RAND Corporation

Shari Lawrence Pfleeger is Senior Information Scientist at the RAND Corporation. She specializes in evaluating evidence to inform decisions about the effectiveness of information technology in addressing major problems, including national security and border protection. Her work has important implications for technology transfer, product and process evaluation, risk management, and prediction. Since joining RAND, Pfleeger has worked on projects supporting the U.S. Department of Homeland Security, the Department of Justice, DARPA, the US Air Force, the US Patent and Trademark Office, the Office of Science and Technology Policy, and other corporations and government agencies. For example, she has facilitated meetings of cyber security privacy experts to consider the privacy implications and software quality issues raised by a traveler screening program. She has also worked on the strategic plan for the CIO of the Justice Department, reviewed a research agenda for critical infrastructure protection, participated in a DARPA project on new ways of thinking about computer security, led an I3P project on cyber security economics, and is leading a research effort to suggest effective ways to measure cyber security.
Pfleeger is the executive committee vice chair emeritus of the Institute for Information Infrastructure Protection and heads the Institute's investigation into insider threat. She is an associate editor for IEEE Security & Privacy magazine, and she has been on the advisory board of IEEE Spectrum and associate editor-in-chief of IEEE Software. Pfleeger is also well-known for her textbooks, including Security in Computing (4th edition, with Charles P. Pfleeger, 2007, Prentice Hall), Software Engineering: Theory and Practice (3rd edition, with Joanne Atlee, 2005, Prentice Hall), Solid Software (2001, with Les Hatton and Charles Howell, Prentice Hall), and Software Metrics: A Rigorous and Practical Approach (2nd edition, with Norman Fenton, 1996, Boyd and Fraser Publishers). She was guest editor of a special issue of IEEE Security & Privacy on Managing Operational Security (May 2007) and edit's Prentice Hall's new series of books on cyber security and homeland security.
Pfleeger has a doctorate in information technology and engineering from George Mason University, a master's in planning from The Pennsylvania State University and a master's in mathematics from The Pennsylvania State University.

Foy Shiver
Deputy Secretary-General
Anti-Phishing Working Group, Woodstock Clinical Data Systems

Foy Shiver serves as Deputy Secretary-General for the Anti-Phishing Working Group (APWG) while working as President and CEO of Woodstock Clinical Data Systems. Mr. Shiver took over operations of the then new non-profit APWG in November 2003. He has helped develop this organization into a global industry, law enforcement and research group dedicated to countering the growing threat of electronic crime. In 2005 Mr. Shiver accepted an appointment as Deputy Secretary-General of the APWG for which he is charged with cultivating the membership base around research to fight internet crimeware and fraud. This role includes cultivation of the APWG's eCrime Researchers Summit. The annual event works with academia and industry partners to focus projects in the electronic crime area through publication and scholarship monies.
Mr. Shiver left a successful career in Lotus/IBM in 2000 to pursue development of new applications in the clinical software field. He was recruited to join KafkaAdaptive, Ltd., a venture-funded UK start-up, as a member of the board of directors and Director of Development. After partial development of some clinical data logistics systems, the UK venture fund dissolved KafkaAdaptive and appointed Mr. Shiver as President and CEO of the successor company, Woodstock Clinical Data Systems. In this role he continues to develop web-driven study enrollment platforms dedicated to automate study cohort formation.
Currently Mr. Shiver also serves on the Board of Directors for the ACRET Institute, an NGO research and educational alliance developing innovative response capabilities for combating electronic crime and fraud. Meanwhile, Mr. Shiver retains a seat on the technical advisory board of Facultech, a developer of cognitive reasoning skills tests for schoolchildren based on handheld microcomputers.

Prof. Sean Smith
Associate Professor
Dartmouth College

Prof. Sean Smith has been working in information security---attacks and defenses, for industry and government---since before there was a Web. In graduate school, he worked with the US Postal Inspection Service on postal meter fraud; as a post-doc and staff member at Los Alamos National Laboratory, he performed security reviews, designs, analyses, and briefings for a wide variety of public-sector clients; at IBM T.J. Watson Research Center, he designed the security architecture for (and helped code and test) the IBM 4758 secure coprocessor, and then led the formal modeling and verification work that earned it the world's first FIPS 140-1 Level 4 security validation. Dr. Smith has published numerous refereed papers; given numerous invited talks; and been granted over ten patents. His security architecture is used in thousands of financial, e-commerce, and rights managements installations world-wide.
In July 2000, Sean left IBM for Dartmouth, since he was convinced that the academic education and research environment is a better venue for changing the world. His current work, as PI of the Dartmouth PKI Lab, investigates how to build trustworthy systems in the real world. His book Trusted Computing Platforms: Design and Applications (Springer, 2005) provides a deeper presentation of this research journey. At Dartmouth, his courses---on Operating Systems, Security, and Theory---have all been named "favorite classes" by graduating seniors.
Dr. Smith was educated at Princeton and CMU, and is a member of Phi Beta Kappa and Sigma Xi.

Salvatore J. Stolfo
Columbia University

Salvatore J. Stolfo is Professor of Computer Science at Columbia University. He received his Ph.D. from NYU Courant Institute in 1979 and has been on the faculty of Columbia ever since. He has published well over 160 formal scientific papers in the areas of parallel computing, AI knowledge-based systems, data mining, computer security and intrusion and anomaly detection systems. His most recent research has been devoted to distributed data mining systems with applications to fraud and intrusion detection in network information systems. (See http://www.cs.columbia.edu/ids for complete details.) He has been awarded 15 patents (one joint with Citicorp) in the areas of parallel computing and database inference, internet privacy, intrusion detection and computer security.
He served as the Chairman of the Computer Science Department and the Director of the Center for Advanced Technology at Columbia University. He recently co-chaired several workshops in data mining, intrusion detection and the Digital Government and co-chaired the program committee of the ACM SIGKDD 2000 Conference and organized two recent workshops sponsored by NSF, ARO and the Department of the Treasury in the area of computer security and insider attack threats. He is a member of three editorial boards and a reviewer for many of the most prestigious journals in computer security, as well as a member of several program committees for the top conferences in the area. He was also an expert witness in the DOJ versus Microsoft "browser wars" case. He was a member the Congressional Internet Caucus Advisory Committee, and Visa 3D Secure Authenticated Internet Payments Vendor Program. He was a consultant to the CTO of Citicorp for several years, and helped organize the Financial Services Technology Consortium. He is a board member and treasurer of a private organization of Professionals for Cyber Defense.
Recently, he has participated in a DARPA ISAT study and served as a consultant to the director of the DARPA IPTO office as a member of the DARPA Futures Panel.

XiaoFeng Wang, Ph.D.
Assistant Professor of Informatics
Indiana University School of Informatics

Prof. Wang received his Ph.D. in Computer Engineering from Carnegie Mellon University in 2004. He joined Indiana University at Bloomington as an assistant professor in 2004.
His research interests span all areas of computer and communication security. Particularly, he is carrying out active research on system and network security (including malware detection and containment, countermeasures to denial of service attacks), privacy-preserving techniques and their application to critical information systems (such as medical information systems), and incentive engineering in information security.