Supply Chain Cyber Risk Forum
Securing Supply Chains in the Cyber Domain
The Ritz-Carlton Pentagon City, Arlington, VA
Tammy Kicker, [email protected]
About the AFEI December Cyber Series
AFEI is holding two cyber-related events back-to-back in December to address two of the critical aspects of the cyber ecosystem:
Supply Chain Cyber Risk Forum - understanding supply chain risk from cyber vulnerabilities and building trusted/assured sources of supply for defense, homeland security, critical infrastructure and economic well-being; and
Cyber Deterrence Forum - applying deterrence principles to the cyber domain.
Attend both events and receive special discount of $75 off of the Cyber Deterrence registration fee. You must contact Tammy Kicker ([email protected]) to take advantage of this offer. See Registration tab for details.
AFEI is hosting these in conjunction with the NDIA Cyber Division, which it co-chairs. For more information on the Cyber Division go to the NDIA Cyber Division web site page here.
2nd Annual Supply Chain Cyber Risk Forum
"The risk of compromise in the manufacturing process is very real and is perhaps the least understood cyber threat."
- Former Deputy Secretary of Defense William Lynn
Supply chains are critical parts of larger enterprises. Attention must be paid to all things coming into that enterprise that could, like a mosquito carrying a disease, introduce vulnerabilities.
The Defense Department, through efforts such as the Trusted Foundry program and use of standards like Common Criteria (ISO/IEC 15408), is working to reduce its supply chain vulnerability footprint. This is not a small problem. Some have recommended government measures that mandate significant and potentially onerous consequences for suppliers having inadequate cyber protections.
The House Republican Cybersecurity Task Force, however, recommends an approach based more on incentives rather than regulations.
The Cyber risks and vulnerabilities in an improperly managed supply chain, from counterfeit equipment to malware to other avenues of attack, are real and growing. Agencies and departments are developing policies to keep a more watchful eye on vendors, partners, and others in their cyber supply chains and adopt best practices for mitigating risks across their systems and processes.
The question remains: Will they be carrots or sticks?
Ms. Jennifer Bisceglie
President, Interos Solutions, Inc.
Brett B. Lambert, Deputy Assistant Secretary of Defense, Manufacturing and Industrial Base Policy, DoD
Mr. Lambert is the principle advisor to the Under Secretary of Defense for Acquisition, Technology and Logistics on all matters relating to the defense industrial base, including industrial capabilities and assessments; defense industry mergers, acquisitions and consolidation; preservation of essential industries and technologies; and other related matters.
Mr. Larry Clinton, President and CEO, Internet Security Alliance
Mr. Clinton has been featured in USA Today, the PBS News Hour, the Morning Show on CBS, Fox News, CNN’s Situation Room, C-SPAN, and CNBC and has authored numerous professional journal articles on cyber security. Mr. Clinton is regularly called upon to testify before both the U.S. House and Senate and promotes a pro-market, anti regulatory approach to cyber security as outlined in numerous publications, including the ISA Cyber Security Social Contract and the Financial Management of Cyber Security.
Understanding the Threat
Presentations from Government and Industry on the threats that supply chains face and protective measures being implemented.
Steven R. Chabinsky, Deputy Assistant Director, Cyber Division, Federal Bureau of Investigation (invited)
Mr. Chabinsky serves as Deputy Assistant Director within the FBI's Cyber Division. The Cyber Division manages all FBI domestic and international investigative and outreach efforts focused on protecting the United States from cyber attack, cyber espionage, online child exploitation, Internet fraud, intellectual property rights theft, and other high technology crimes.
|Jeffrey W. Irvine, Deputy Assistant Director, Office of Investigations, US Secret Service
Marcus H. Sachs, P.E., Vice President - National Security Policy, Verizon (invited)
Marcus is Verizon's Vice President for National Security Policy with responsibility for directing Verizon policy development and advocacy on issues ranging from critical asset protection to cyber security and emergency preparedness. He works closely with external government and business stakeholders in task forces, working groups, committees, and trade associations as part of the National Security/Emergency Preparedness (NS/EP) community in the Nation's Capital. In January 2011 he was elected to Vice Chair of the Communications Sector Coordinating Council.
I Really Need That Big Stick – Government Initiatives to Protect Supply Chains
Moderated by Don Davidson, Chief, Outreach, Science & Standards (CNCI-SCRM) Trusted Mission Systems & Networks (TMSN) Office of the DoD-CIO
Mitchell Komaroff, Director, Trusted Mission Systems and Networks, DoD CIO (invited)
Joe Jarzombek, PMP, CSSLP
Director for Software Assurance at Dept of Homeland Security (invited)
Jon Boyens, Senior Advisor, Computer Security Division at NIST
Michelle Mullins, Canada
Carrots Work Better Than Sticks – Perspectives from Industry
Moderated by Ms. Jennifer Bisceglie, Interos Solutions, Inc.
Senior representatives discuss the partnership between government and industry that is essential to achieve levels of assurance that will protect supply chains without excessive burdens on industry or government.
- Samuel Chun, Cyber Security Practice, HP
- Lawrence Hurst, Fraud & Anti-Counterfeit Program Manager, Intel (invited)
- Andras Szakal, VP and Chief Technology Officer, IBM Federal Software
- Waide Jones, Information Security Strategist, Lockheed Martin (invited)
- Steve Lipner, Microsoft, Chairman of SAFECode
Summary Panel – What did we hear, where do we go?
Moderator: Dave Chesebrough, President, AFEI
- Ms. Jennifer Bisceglie, Interos Solutions, Inc.
- Don Davidson, Chief, Outreach, Science & Standards (CNCI-SCRM) Trusted Mission Systems & Networks (TMSN) Office of the DoD-CIO
The Ritz-Carlton, Pentagon City
1250 South Hayes Street
Arlington, VA 22202
Map & Directions
Day Valet Parking is $18/day, overnight Valet is $30/day
Parking is also available at the Fashion Centre Pentagon City
Garage parking access is available from either 15th Street or Army-Navy Street.
For more information call: 703-415-2150
0-2 hours $ 2.00
2-3 hours $ 3.00
3-4 hours $ 4.00
4-5 hours $ 5.00
5-6 hours $ 6.00
6-8 hours $ 10.00
8-10 hours $ 14.00
10-24 hours $ 16.00
- Strategic proximity to the Crystal City and Rosslyn business districts, Old town Alexandria, Capitol Hill and downtown Washington, DC
- Closest proximity hotel to The Pentagon
- Metro rail service on the Blue and Yellow line at the front door of the hotel
- Central location to world class shopping at The Fashion Centre
- Five minute drive to Ronald Reagan Washington National Airport (Two Metro stops)
- Ten minute drive from downtown Washington, D.C. (Two Metro stops)
The Ritz-Carlton, Pentagon City
1250 South Hayes Street
Arlington, VA 22202
While a room block has not been specified for this event, the hotel does offer the pervailing per diem rate based on occupancy and availabilty. When making a reservation please make mention of the event "AFEI Cyber Deterrence" for any available discount they may offer.
*The government per diem rate is available only to active duty or civilian government employees. ID will be required upon check-in. Retired military ID's do not qualify.
Attend the full Cyber Series
If you would like to attend both the Supply Chain Cyber Risk Forum and the Cyber Deterrence Forum please download this combined
event registration form.
Complete and fax the Cyber Series registration form.
A $75 discount will be applied to the Cyber Deterrence Forum fee.
Contact Tammy Kicker ([email protected]) for any assistance on how to complete the registration process and receive the discount.
DO NOT REGISTER ON-LINE.
Attend the Supply Chain Cyber Risk Forum Only
Online registration open till December 1, 2011.
Note: Online registration for AFEI events is through the NDIA customer portal. AFEI is an affiliate of NDIA.
Unfamiliar with registering for an AFEI or NDIA event?
Check out this brief tutorial.
Register Now Online!
Or you may download the Registration Form 2A06
to fill out and fax back with payment information.
( by November 23rd )
(after November 23rd)
AFEI Member NDIA Member and affiliates
*Only available for active-duty military and civilian employees of the Government. Does not apply to contractors working for the government in any capacity.
Please do not mail any registrations after November 28, 2011.
You may register online or fax a completed registration form until COB Thursday, December 1, 2011. After this date, bring your registration form with you to the conference for onsite registration.
Registrations will not be taken over the phone; payment must be made at the time of registration.
Cancellation requests received before November 23rd will receive a full refund. No refunds will be given for cancellations received after November 24th. Substitutions are welcome in lieu of cancellations as long as there is no change in the financial transaction. All substitutions and cancellations must be made in writing to Tammy Kicker at [email protected].
Sponsorships provide maximum visibility and brand recognition. You can strengthen your market position, make key contacts, showcase your products and services, and develop relationships with new customers, while reinforcing your existing customer relations. Sponsorships add a critical tool to your current marketing strategy.
Promotional Partner for $1,500
- Logo on the conference event web site
- Company name on filler slides at conference
- Recognition from the podium
- Event Signage
- 1 complimentary conference registration
Contact Betsy Lauer at [email protected] or 703-247-9473 for details on this event, or combine your sponsorship at both AFEI December cyber related events.
This symposium addresses the following questions:
- Update: What’s happened since the last seminar and what’s new in the 2012 FY that we need to be aware of?
- What policy and legislation approaches are best in addressing this problem?
- What are new policies and models for trusting suppliers, their supply chains and systems? Are current policies and those under consideration regarding suppliers and counterfeiting really going to be effective?
- Self-regulation vs government mandates – which is the more effective method?
- Do stringent requirements endanger fragile industries?
- Do half-measures provide inadequate protections?
- What are the unintended consequences of physical and cyber intersections for supply chains?
- How are real issues in this space defined and differentiated from non-issues?
The Comprehensive National Cybersecurity Initiative (CNCI) Initiative 11 recommends developing a multi-pronged approach for global supply chain risk management. This initiative should provide “a robust toolset to better manage and mitigate supply chain risk at levels commensurate with the criticality of, and risks to, their systems and networks.”
Who Should Attend?
Over one hundred and twenty five professionals in this area attended the first Cyber Supply Chain Forum. They represented a cross-section of businesses, large and small, who are participants in a supply chain and who have a stake in the outcome of debates on these topics.
Budget talks have stalled some action on this issue, but it is coming. Industry is realizing that being a "good supplier" means having adequate cyber protections, both for its own intellectual property and for the Government data it is privileged to maintain or have access to.
The time is coming when some for of auditable certification of cyber protection will be required to obtain Government business.
If you want to gain insights on what the future holds, participate in these critical discussions, be a part of the solution and not the problem, and network with others to learn what they are doing, then this event is for you.