"The risk of compromise in the manufacturing process is very real and is perhaps the least understood cyber threat."

- Former Deputy Secretary of Defense William Lynn

Newly Released Report

Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage

China has been acknowledged as a source for cyber intrusions as well as counterfeit micro-electronics. A newly released report prepared for the U.S.-China Economic and Security Review Commission expands on a 2009 assessment of China's evolving computer network operations capabilities and risks to the U.S. Telecommunications Supply Chain.

Download report here

The Defense Department, through efforts such as the Trusted Foundry program and use of standards like Common Criteria (ISO/IEC 15408), is working to reduce its supply chain vulnerability footprint. This is not a small problem. Some have recommended government measures that mandate significant and potentially onerous consequences for suppliers having inadequate cyber protections.

The House Republican Cybersecurity Task Force, however, recommends an approach based more on incentives rather than regulations.

The Cyber risks and vulnerabilities in an improperly managed supply chain, from counterfeit equipment to malware to other avenues of attack, are real and growing. Agencies and departments are developing policies to keep a more watchful eye on vendors, partners, and others in their cyber supply chains and adopt best practices for mitigating risks across their systems and processes.

The question remains: Will they be carrots or sticks?

Agenda

All Presentations combined

8:30 AM	Welcome Ms. Jennifer Bisceglie President, Interos Solutions, Inc.
	Keynote Address Brett B. Lambert, Deputy Assistant Secretary of Defense, Manufacturing and Industrial Base Policy, DoD Mr. Lambert is the principle advisor to the Under Secretary of Defense for Acquisition, Technology and Logistics on all matters relating to the defense industrial base, including industrial capabilities and assessments; defense industry mergers, acquisitions and consolidation; preservation of essential industries and technologies; and other related matters. Presentation not for release
9:15 AM	Mr. Larry Clinton, President and CEO, Internet Security Alliance Mr. Clinton has been featured in USA Today, the PBS News Hour, the Morning Show on CBS, Fox News, CNN’s Situation Room, C-SPAN, and CNBC and has authored numerous professional journal articles on cyber security. Mr. Clinton is regularly called upon to testify before both the U.S. House and Senate and promotes a pro-market, anti regulatory approach to cyber security as outlined in numerous publications, including the ISA Cyber Security Social Contract and the Financial Management of Cyber Security. Presentation
10:00 AM	Networking Break
10:30 AM	Understanding the Threat Chinese Microelectronics and Computing Technology Dr. Josh Alspector, Institute for Defense Analyses Presentation not for release
11:15 AM	Phil Harris, Executive, V8Logistics Services Group - Presentation
12:00 PM	Lunch
1:00 PM	Do I Really Need That Big Stick? - Government Initiatives to Protect/Manage Supply Chains Moderated by Don Davidson, Chief, Outreach, Science & Standards (CNCI-SCRM) Trusted Mission Systems & Networks (TMSN) Office of the DoD-CIO Presentation Invited Panelists: Mitchell Komaroff, Director, Trusted Mission Systems and Networks, DoD CIO Lisa Kaiser, Director, Control Systems Cybersecurity Strategic Planning, Control Systems Security Program, Department of Homeland Security Jon Boyens, Senior Advisor, Computer Security Division at NIST ** Presentations not available by panelists - contact for information
2:30 PM	Networking Break
3:00 PM	Carrots Work Better Than Sticks – Perspectives from Industry Moderated by Ms. Catherine Ortiz, Defined Business Solutions - Presentation Invited Panelists: Craig Corbin, Director, Strategic Programs, World Wide Technology - Presentation Andras Szakal, VP and Chief Technology Officer, IBM Federal Software - Presentation Steve Lipner, Microsoft, Chairman of SAFECode - Presentation Andrew Olney, Director of Reliability and Product Analysis, Analog Devices, Inc. - Presentation not for release
4:30 PM	Summary Panel – What did we hear, where do we go? Ms. Jennifer Bisceglie, Interos Solutions, Inc. Don Davidson, Chief, Outreach, Science & Standards (CNCI-SCRM) Trusted Mission Systems & Networks (TMSN) Office of the DoD-CIO Robert B. Dix, Jr., VP, Government Affairs & Critical Infrastructure Protection, Juniper Networks
5:00 PM	Adjourn

Location

Hilton Crystal City
Crystal City at National Airport
2399 Jefferson Davis Hwy
Arlington, VA 22202
703-418-6800

Map & Directions

Complimentary hotel airport shuttle service is provided to and from Ronald Reagan Washington National Airport (DCA) and the Crystal City Metro station. The Crystal City Metro Station is 3 blocks away.
www.crystalcitynationalairport.hilton.com

Parking

The Hotel offers Self Parking only in a Security Enclosed Parking Facility directly beneath the hotel, based on availability. The fee is $24.00 based on 3 or more hours.

Registration

On-line registration will close COB, Friday, March 9. You may still register for the event. Please download, complete the registration form with payment, and bring with you on site to the conference. Registration Form

For information or assistance, please contact Betsy Lauer at (703) 247-9473 or [email protected]

Registration	Regular Fee (thru February 29)	Onsite Fee (after March 1st)
Government*/ Academia	$179	$279
Industry Member (NDIA Member and Affiliates)	$259	$359
Industry Non-member	$399	$399

*Only available for active-duty military and civilian employees of the Government. Does not apply to contractors working for the government in any capacity.

Registration Policy

Deadline to register online or by fax is by COB Friday, March 9, 2012.

A registration form may be downloaded, completed, and brought to the conference for onsite registration. Please do not mail any registration forms after February 24th. Registrations will not be taken over the phone; payment must be made at the time of registration.

Cancellation Policy

Cancellations received by Wednesday, February 29, 2012 will receive a full refund. No refunds will be given for cancellations after February 29th. Substitutions are welcome in lieu of cancellations, as long as there is no financial transaction. All substitutions and cancellations must be made in writing to [email protected].

Value:

Sponsorships provide maximum visibility and brand recognition. You can strengthen your market position, make key contacts, showcase your products and services, and develop relationships with new customers, while reinforcing your existing customer relations. Sponsorships add a critical tool to your current marketing strategy.

Promotional Partner for $1,500

Benefits include:

Logo on the conference event web site
Company name on filler slides at conference
Recognition from the podium
Event Signage
1 complimentary conference registration

Contact Betsy Lauer at [email protected] or 703-247-9473 for details on this event, or combine your sponsorship at both AFEI December cyber related events.

For Attendees

This symposium addresses the following questions:

Update: What’s happened since the last seminar and what’s new in the 2012 FY that we need to be aware of?
What policy and legislation approaches are best in addressing this problem?
What are new policies and models for trusting suppliers, their supply chains and systems? Are current policies and those under consideration regarding suppliers and counterfeiting really going to be effective?
Self-regulation vs government mandates – which is the more effective method?
Do stringent requirements endanger fragile industries?
Do half-measures provide inadequate protections?
What are the unintended consequences of physical and cyber intersections for supply chains?
How are real issues in this space defined and differentiated from non-issues?

The Comprehensive National Cybersecurity Initiative (CNCI) Initiative 11 recommends developing a multi-pronged approach for global supply chain risk management. This initiative should provide “a robust toolset to better manage and mitigate supply chain risk at levels commensurate with the criticality of, and risks to, their systems and networks.”

Who Should Attend?

Over one hundred and twenty five professionals in this area attended the first Cyber Supply Chain Forum. They represented a cross-section of businesses, large and small, who are participants in a supply chain and who have a stake in the outcome of debates on these topics.

Budget talks have stalled some action on this issue, but it is coming. Industry is realizing that being a "good supplier" means having adequate cyber protections, both for its own intellectual property and for the Government data it is privileged to maintain or have access to.

The time is coming when some for of auditable certification of cyber protection will be required to obtain Government business.

If you want to gain insights on what the future holds, participate in these critical discussions, be a part of the solution and not the problem, and network with others to learn what they are doing, then this event is for you.

Home | Site Map

Supply Chain Risk 2012