5:30 pm - 6:30 pm: Registration/Reception (Manning Faculty Lounge, second floor breezeway fo Stanford Law School)

6:30 pm - 8:30 pm: Panel (Room 290)

An evening panel to discuss behavioral advertising and privacy law, including:

+ Evolving legal, technology and business practices
+ What companies and individuals need to know
+ How the international landscape differs from the U.S.
+ Long term trends and developments
+ Corporate best practices

Speakers:

The advent of ubiquitous networking and computation and deepening globalization since the 1990s has eroded traditional international security architectures by multiplying conflict surfaces and empowering new actors. This talk describes research in the context of track 1.5 dialogues with Russia and China that aims to develop shared frameworks for understanding escalatory models of cyber conflict, sources of instability, and feasible approaches for risk mitigation. It will argue that cyber has made deterrence much more complex, and now, increased information assurance and new legal or normative constraints on state behavior are likely necessary for effective cross-sectoral deterrence. Finally, it suggests three tasks for cyber norms or confidence and security building measures to attenuate instability.

John Mallery is a research scientist at the Computer Science & Artificial Intelligence Laboratory at the Massachusetts Institute of Technology (MIT). He is concerned with cyber policy and has been developing advanced architectural concepts for cyber security and transformational computing for the past decade. Since 2006, he organized a series of national workshops on technical and policy aspects of cyber.

The U.S.-Japan relationship is not much in the headlines these days—and when it is the stories seem to focus on issues, such as Okinawa and beef, that have bedeviled ties seemingly for decades. But, in the midst of seismic shifts in Asia-Pacific security and global economic relations, shouldn’t the two countries be talking about something else?

Many in American industry have thought so and in 2009 the American Chamber of Commerce in Japan released a white paper calling for a new set of discussions with Japan directed at capturing the innovation and growth potential of the emerging global Internet economy. Accompanying the call were a set of over 70 specific recommendations for discussion in areas ranging from privacy, security, intellectual property, spectrum management, cyber security to competition—an agenda for the future not the past.

The paper found resonance with the new Democratic Party government in Japan and the Obama administration that were searching for a new direction and vocabulary for U.S.-Japan economic relations and were mindful that partnership with Japan in this area strengthened the U.S. hand in dealing with preemptive attempts elsewhere to define rule of the road for the Internet and “cloud computing.” 

The Dialogue was formally launched in the fall of 2010 and its third plenary session is taking place in Washington, D.C. October 16 to 19, 2012. Professor Jim Foster is participating in the Dialogue as a leading member of the U.S. private sector delegation to the talks. He will be coming to Stanford immediately following the joint industry-government meeting on October 18 (the governments will continue in closed-door session through the 19th) and will offer his analysis and insight into the discussions in Washington and their implications for future cooperation between Japan and the U.S. industry in the cloud computing field and for the two governments on challenging issues of broader Internet governance.

Jim Foster is currently a professor in the Graduate School of Media and Governance at Keio University, where he teaches and researches on U.S. foreign policy issues and global Internet policy. He is the co-director of Keio’s Internet and Society Institute. Foster worked as a U.S. diplomat from 1981 to 2006, serving in Japan, Korea, the Philippines and at the U.S. Mission to the EU. He was director for corporate affairs at Microsoft Japan from 2006 to 2011. He is a former vice president of the American Chamber of Commerce in Japan and a co-author of the ACCJ White Paper on the Internet Economy.

Industrial Control Systems (ICSs) are used throughout the industrial infrastructure and military applications. These systems are designed to be highly reliable and safe, but were not designed to be cyber secure. Moreover, many of these systems do not even have cyber logging or forensics. Consequently, these systems, which constitute the “soft underbelly” of the American economy and defense, can enable a “cyber Pearl Harbor” to occur without having the capability of even knowing the impacts were cyber-induced. Stuxnet and Aurora have demonstrated that cyber can be used as a weapon to damage or destroy engineering equipment and systems.

To date, there have been more than 225 actual control system cyber incidents worldwide affecting electric power, water, chemicals, pipelines, manufacturing, mass transit, and even aircraft. Most of the incidents have been unintentional. Selected unintentional incidents will be addressed at the ICS Cyber Security Conference (http://www.icscybersecurityconference.com/). However, there have been a number of targeted cyber attacks. The Stanford presentation will focus on Stuxnet and Aurora. It will address the lack of air-gaps, insecureable legacy ICSs, lack of cyber forensics, and cultural issues between IT and Operations that can enable these attacks to occur and evade detection.

Joseph Weiss is an industry expert on control systems and electronic security of control systems, with more than 35 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems. As Technical Manager, Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry's critical infrastructure protection (CIP) program. He was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications.

Location-based services from are quickly gaining popularity. Many such services track the user's location and make use of it as needed. While tracking raises privacy concerns, it is believed to be unavoidable if users want the benefits of location-based services. In this talk I will give several examples of services that provide location-based functionality without learning the user's location. Our goal is to show that privacy and functionality are not always in conflict. We will also discuss our experiences with deploying these mechanisms in the real world. This is joint work with Arvind Narayanan, Mike Hamburg, and Narendran Thiagarajan.

About the speaker: Dr. Boneh heads the applied crypto group at the Computer Science
department at Stanford University. Dr. Boneh's research focuses on applications of cryptography to computer security. His work includes cryptosystems with novel properties, security for mobile devices, web security, digital copyright protection, and cryptanalysis. He is the author of over a hundred technical publications in the field and a recipient of the Packard Award, the Alfred P. Sloan Award, the RSA award, and the Terman Award.

The Stuxnet computer worm is perhaps the most complicated piece of malicious software ever built - roughly 50 times the size of the typical computer virus. This threat leveraged a huge array of new techniques to spread itself, conceal itself and to attack Iranian nuclear enrichment centrifuges. This talk will provide a detailed dissection of the Stuxnet worm, answering such questions as how it spread, how it evaded detection, what it did once it found its target, and ultimately, how successful it was.

About the speaker: Carey Nachenberg is a Fellow and Chief Architect at Symantec corporation, the world's largest computer security provider. As Chief Architect, Mr. Nachenberg drives the technical strategy for all of Symantec’s core security technologies and security content, which in total protect hundreds of millions of customers around the world. During his time at Symantec, Mr. Nachenberg has led the design and development of Symantec’s core antivirus, intrusion prevention and reputation-based security technologies; his work in these areas have garnered over fifty United States patents.

He holds BS and MS degrees in Computer Science and Engineering from University of California at Los Angeles, where he continues to serve as an Adjunct Assistant Professor of Computer Science and a member of UCLA’s Computer Science Alumni Advisory Board.