There are three major components of Cyber security from China’s perspective: Internet information management, Civilian cyber security, and Cyber warfare.

The Chinese government worries that misinformation, dissent opinions and dissemination of rumors could cause social instability, and thus overthrow the regime. As a result, the government has taken many approaches to manage the information in cyberspace. Can the Chinese government fully control the information flow? If not, why?

China has 500 million netizens, more than any other country in the world. How do the government and companies deal with privacy and cyber crime?

Cyber attack from China is widely reported in US media. How do Chinese view US cyber warfare capability? Can "Pearl Harbor" happen in cyberspace?

A better understanding of these questions could be helpful for shaping US cyber policies on China.

Ting Wang is a postdoctoral fellow at CISAC. His research concerns on space debris problems, ASAT weapons, and cybersecurity in China. Before coming to CISAC in 2011, he was a postdoctoral fellow at the Judith Reppy Institute for Peace and Conflict Studies at Cornell University. He received a PhD at the Beihang University in China. His PhD dissertation was titled "Orbital Debris Evolution and Threat to Spacecraft." He also holds a B.A. in aerospace engineering from Beihang University and has worked at the Shanghai Institute of Satellite Engineering. He was a visiting scholar at the Union of Concerned Scientists in 2003, where he began to be interested in security issues.

In 1990, hypertext was a utopian conjecture. Since then, a hypertext system called the World Wide Web not only become the predominant medium of human communication, but also one of the primary methods for distributing software. Obviously, this transition has had implications for subjects of geopolitical interest including software security, political discourse, and the ability of states to surveil their citizens' communications and reading habits.

Because it was hard enough to build a global hypertext system in the first place, security was generally an afterthought in the design of the World Wide Web. One necessary component of a secure website is HTTPS encryption, but it is still only used correctly by a tiny fraction of websites. Any website that allows http:// as well as https:// is inherently vulnerable to network surveillance, account hijacking, and other forms of insecurity. To make matters worse, HTTPS itself has been plagued by numerous security problems and design flaws.

The Electronic Frontier Foundation has been engaged in a series of projects to encrypt the entire Web, retiring the insecure HTTP protocol, and ensuring that "HTTPS" actually delivers what it promises. These projects include HTTPS Everywhere, the SSL Observatory, Sovereign Keys, and efforts to persuade major sites to deploy HTTPS. In this talk Peter will give an overview of these projects, the significant progress they have made to date, and the work that remains to be done.

About the speaker: Peter Eckersley is Technology Projects Director for the Electronic Frontier Foundation. He keeps his eyes peeled for technologies that, by accident or design, pose a risk to computer users' freedoms—and then looks for ways to fix them. He explains gadgets to lawyers, and lawyers to gadgets. Peter's work at EFF has included privacy and security projects such as Panopticlick, HTTPS Everywhere, SSDI, and the SSL Observatory; helping to launch a movement for open wireless networks; fighting to keep modern computing platforms open; and running the first controlled tests to confirm that Comcast was using forged reset packets to interfere with P2P protocols.

Peter holds a PhD in computer science and law from the University of Melbourne; his research focused on the practicality and desirability of using alternative compensation systems to legalize P2P file sharing and similar distribution tools while still paying authors and artists for their work.

Peter will discuss work at SRI and the University of Cambridge under two projects currently funded by DARPA, relating to clean-slate architectures for hardware, software, networking, and clouds, aimed at higher-assurance security, resilience, evolvability, and other critical requirements.

Two papers provide some early views of the ongoing work:

http://www.csl.sri.com/neumann/law10.pdf 
http://www.csl.sri.com/neumann/2012resolve-cheri.pdf

Peter G. Neumann (Neumann@CSL.sri.com) has doctorates from Harvard and Darmstadt. After 10 years at Bell Labs in Murray Hill, New Jersey, in the 1960s, during which he was heavily involved in the Multics development jointly with MIT and Honeywell, he has been in SRI's Computer Science Lab since September 1971. He is concerned with computer systems and networks, trustworthiness/dependability, high assurance, security, reliability, survivability, safety, and many risks-related issues such as election-system integrity, crypto applications and policies, health care, social implications, and human needs -- especially those including privacy. He is currently PI on two DARPA projects: clean-slate trustworthy hosts for the CRASH program with new hardware and new software, and clean-slate networking for the Mission-oriented Resilient Clouds program. He moderates the ACM Risks Forum, has been responsible for CACM's Inside Risks columns monthly from 1990 to 2007, tri-annually since then, chairs the ACM Committee on Computers and Public Policy, and chairs the National Committee for Voting Integrity (http://www.votingintegrity.org). He created ACM SIGSOFT's Software Engineering Notes in 1976, was its editor for 19 years, and still contributes the RISKS section. He is on the editorial board of IEEE Security and Privacy. He has participated in four studies for the National Academies of Science: Multilevel Data Management Security (1982), Computers at Risk (1991), Cryptography's Role in Securing the Information Society (1996), and Improving Cybersecurity for the 21st Century: Rationalizing the Agenda (2007). His 1995 book, Computer-Related Risks, is still timely. He is a Fellow of the ACM, IEEE, and AAAS, and is also an SRI Fellow. He received the National Computer System Security Award in 2002 and the ACM SIGSAC Outstanding Contributions Award in 2005. He is a member of the U.S. Government Accountability Office Executive Council on Information Management and Technology, and the California Office of Privacy Protection advisory council. In 2012, he was elected to the newly created National Cybersecurity Hall of Fame as one of the first set of inductees. He co-founded People For Internet Responsibility. He has taught courses at Darmstadt, Stanford, U.C. Berkeley, and the University of Maryland. See his website (http://www.csl.sri.com/neumann) for testimonies for the U.S. Senate and House and California state Senate and Legislature, papers, bibliography, further background, etc.

Despite the enormous amount of attention that has been directed to software security in recent years, relatively little attention has been given to hardware security. More than ever, the devices that are critical to everyday life and to the larger infrastructure are dependent on increasingly sophisticated integrated circuits (ICs). As the complexity and size of these ICs continue to grow, so does the risk of “Trojan” attacks, in which malicious circuitry is hidden within a chip during the design and manufacturing process. The circuitry could be triggered to launch an attack months or years later, with very significant consequences if carried out on a large scale. This presentation will explain the increasingly global nature of the semiconductor industry, and identify technology and policy steps that can be taken to minimize the likelihood of a successful, large-scale, hardware-based cyberattack.

John Villasenor is a professor of electrical engineering at the University of California, Los Angeles and a nonresident senior fellow in Governance Studies and the Center for Technology Innovation at the Brookings Institution. His work addresses the intersection of technology, policy and the law . He holds a B.S. degree from the University of Virginia, and an M.S. and Ph.D. from Stanford University, all in electrical engineering.