Jenny Menna

Director
Critical Infrastructure Cyber Protection and Awareness
U.S. Department of Homeland Security
National Cyber Security Division

Keynote: "Cyber Security: Federal and State Collaboration"

Ted Demopoulos

Ted Demopoulos' professional background includes over 25 years of experience in Information Technology and Business, including 15 years as an independent consultant. Ted helped start a successful information security company, was the CTO at a "textbook failure" of a software startup, and has advised several other startups. He is a frequent speaker at conferences, conventions, and other business events, author of What No One Ever Tells You About Blogging and Podcasting: Real-Life Advice from 101 People Who Successfully Leverage the Power of the Blogosphere, and coauthor of Blogging for Business. Ted conducts Leadership and Information Security Bootcamps for The SANS Institute, and is the principal of Demopoulos Associates, a consulting organization specializing in information security and new media.

---

What Should Keep You Up at Night: The Big Picture and Emerging Threats

Security is all about risk management, but it is impractical as well as impossible to handle all risks. There are many ways to look at and categorize risks, and many organizations concentrate on risks which directly affect their primary goals, risks based on validated data, as well as best practices. In this talk we look at why so many risks and opportunities for hackers exist, discuss three holistic or big picture factors that make risk management difficult, and follow up with risks from specific new hacking/attack techniques that may soon be commonplace.

Dr. Diane T. Hooie

Principal Deputy Assistant Secretary
U.S. Department of Energy

Dr. Diane T. Hooie is a Senior Advisor with the Energy Delivery Technologies Division of the Project Management Center at the Department of Energy's National Energy Technology Laboratory. She has over 35 years of experience converting new ideas and innovative technologies from the concept stage through production and to profitable marketable products. Her current responsibilities include implementing the Cyber Security for Energy Delivery Systems Program for the office of Electricity Delivery and Energy Reliability as well as developing technical collaborations with non-traditional DOE customers, such as the Department of Homeland Security and Department of Defense, and developing international programs including Russia, Kazakhstan, Egypt, and Japan in the clean energy technology areas including clean coal, electricity, turbines, fuel cells, hybrids, and fuels.

She received her BS Ceramic Engineering from Ohio State University, MS Management from Rensselaer Polytechnic Institute, and a PhD Engineering from California Coast University. During her career, Dr. Hooie has received many awards and honors and has over 100 publications and presentations, including two books and one encyclopedia article, pertaining to fuel cells, fuels, and turbines. In 1998, she was selected "Woman of the Year," and the highest honor, "Person of Distinction," for the Federal Government.

---

Working to Achieve Cybersecurity in the Energy Sector: A Public-Private Partnership Approach

Energy delivery systems are critical to the effective and reliable operation of North America's energy infrastructure (electric power generation, oil, and natural gas production, transmission, and distribution systems) provides energy for our way of life. Today's highly reliable and flexible energy infrastructure is only possible because of the energy delivery systems' ability to provide timely information to system operators and automated control over a large, dispersed network of assets and components. This vast and distributed control requires energy delivery systems to communicate with thousands of nodes and devices across multiple domains, exposing energy systems and other dependent infrastructures to potential harm from accidental and malevolent cyber attacks.

Cybersecurity is a serious security challenge for the energy sector. Energy control systems are uniquely designed and operated to control real-time physical processes that deliver continuous and reliable power to support national and economic security. As such, they require security solutions that meet unique performance requirements, design, and operational needs. Cyber threats to energy delivery systems can impact national security, public safety, and our economy. Because the private sector owns and operates most of the energy sector's critical assets and the Federal government is tasked with national security, securing North America's energy delivery systems against cyber threats cannot be achieved by either the private or public sector working alone. Cybersecurity is a shared responsibility between the public and private sector.

The Department of Energy (DOE) is working to modernize the energy sector and integrate secure control systems. A common vision and framework for achieving this vision has been developed to guide the public-private partnerships that will secure energy delivery systems. This common vision, from the Roadmap to Secure Energy Delivery Systems, is that within ten years resilient energy delivery systems will be designed, installed, operated, and maintained to survive a cyber incident with no loss of critical function. The DOE Office of Electricity Delivery and Energy Reliability, Cybersecurity for Energy Delivery System (CEDS) Program, has implemented a multi-faceted program to address long-, mid-, and near term research, development, and implementation to meet the stringent cybersecurity requirements of the energy sector. The approach to addressing the cybersecurity needs of the energy sector that is being addressed through the CEDS Program and their public-private partnerships will be discussed.

Kimberly Kiefer Peretti

Director
PricewaterhouseCooper Forensic Services

Kimberly Kiefer Peretti, J.D., LL.M., CISSP, joined PricewaterhouseCoopers in May 2010 as a Director in the Washington D.C. Forensic Services practice. Peretti, a former senior litigator for the Department of Justice's Computer Crime and Intellectual Property Section, focuses on the prevention, response and remediation of all types of data breaches, including breaches involving payment card information (PCI), personally identifiable information (PII), and personal health information (PHI). She also services a wide range of clients in matters of cyber intrusions, cyber investigations, cyber security, financial crime, fraud, and regulation, payment systems compliance and risk mitigation, economic espionage, and Intellectual Property theft.

While at the Department of Justice, Peretti led several benchmark cybercrime investigations and prosecutions, including the prosecution of the infamous TJX hacker Albert Gonzalez who is currently serving 20 years in prison for his role in the largest hacking and identity theft case ever prosecuted by the Department of Justice in which over 170 million credit and debit card numbers were stolen from over 14 major U.S. retailers. For this prosecution, Kimberly received the U.S. Attorney General's Distinguished Service Award. Peretti's law review article entitled "Data Breaches: What the Underground World of Carding Reveals," resulted in a hearing before the US House of Representatives Homeland Security Committee to consider vulnerabilities in the payment card industry. She is a frequent keynote speaker and lecturer on the topic of data breaches, cyber investigations and cyber crime, and has been recognized as an "industry pioneer" by SC Magazine in the information security industry.

Prior to her work at the Department, Peretti practiced law at Brobeck, Phleger & Harrison and Mayer, Brown & Platt, focusing on information security, privacy, technology, and financial institution regulation. She is a Certified Information Systems Security Professional (CISSP), and holds an LL.M. (Masters of Law) from the University of Munich, Germany, and a J.D. from Georgetown University Law Center (magna cum laude).

---

Cyber Criminals: Who are They? Why are They Successful? How Do We Respond?

This session will walk through recent prosecutions of sophisticated hacking rings in order to provide insight into the individuals behind these types of crimes and why they are successful. This presentation will also discuss the emerging area of cyber forensics and methods by which entities can better prevent, detect, and respond to cyber attacks on their systems.

Lieutenant General Harry D. Raduege, Jr.

Chairman, Deloitte Center for Cyber Innovation
Director, Deloitte Services LP

Lieutenant General Harry D. Raduege, Jr. (USAF, Ret) is Chairman of the Deloitte Center for Cyber Innovation, which develops cyber solutions for clients grappling with the need for increasingly interdependent information networks, spanning both the public and private sectors.

General Raduege retired after serving 35 years in the U.S. military. He worked in the areas of technology, including telecommunications, space, information, and network operations. He served more than 17 years in joint duty assignments. In his last position, he led Department of Defense net-centric operations as the Director of the Defense Information Systems Agency. In that role, he directed planning, engineering, and implementation of interoperable communications and intelligence systems serving the needs of the President, Secretary of Defense, Joint Chiefs of Staff, combatant commanders, and the military Services. Notably, he led efforts to restore communications to the Pentagon following the September 11th terrorist attacks; upgraded Presidential communications; and led the successful expansion of the Department's Global Information Grid through a $1 billion transformational communications program.

General Raduege was also appointed by the Secretary of Defense as the Commander of the Joint Task Force for Global Network Operations and Deputy Commander for Global Network Operations and Defense for the U.S. Strategic Command. In these roles, he was the first commander assigned responsibility for directing the operation and defense of the Global Information Grid to assure timely and secure net-centric capabilities across the entire Department. He also served as the Manager of the National Communications System and led our Nation's efforts to prioritize the restoration of telecommunications throughout New York City and the Pentagon following the 9/11 terrorist attacks.

Prior to his last assignments, Raduege directed command and control systems for North American Aerospace Defense Command, U.S. Space Command, and Air Force Space Command. He also served as the Chief Information Officer for all three commands, was the architect for computer network defense and attack capabilities established within the Department of Defense, and was the National spokesman for the Department during the successful "Year 2000" computer roll-over efforts.

General Raduege directed command and control communications at the U.S. Central Command for 3 years, including the relocation efforts required after the Khobar Towers bombing. Earlier, he served as the first commander of the Air Force C4 Agency and was the Joint Chiefs of Staff architect for all satellite communications supporting over 500,000 deployed military members during the Gulf War in 1991.
General Raduege is affiliated with the following organizations:

• The Cohen Group, Senior Advisor
• Center for Strategic and International Studies' (CSIS) Commission on Cyber Security for the 44th Presidency, co-chair
• EastWest Institute (EWI), Senior Cyber Security Advisor, President's Advisory Council, Honorary Chairman of the annual Worldwide Cybersecurity Summit
• Defense Science Board, advisor
• Network Centric Operations Industry Consortium (NCOIC), Executive Council & Chair Emeritus
• United Services Organization (USO), World Board of Governors
• University of Maryland University College (UMUC), Cyber 'Tiger Team' Chair
• Armed Forces Communications and Electronics Association (AFCEA) International, Board of Directors and Executive Committee
• U.S. Global Leadership Coalition (USGLC) National Security Advisory Council, member
• Air Force Association (AFA), CyberPatriots Board of Advisors
• Capital University, Columbus, Ohio, Board of Trustees and Technology Committee Chair

---

Succeeding in a Cyber World

In his presentation, "Succeeding in a Cyber World," Lieutenant General Harry Raduege broadly describes the state of the cybersecurity threat, the responses to this threat, and how to develop a "cyber mindset." Beginning with a history of significant cyber milestones, related quotes, and a summary of the cybersecurity world and its challenges, General Raduege emphasizes why cybersecurity is of paramount importance to any business or government agency. Highlighting particular threats that are of interest to the audience, the presentation underscores the importance of these threats with dramatic statistics. General Raduege also discusses the "calls to action" various groups have issued, particularly those of the President, Federal government, and the Center for Strategic and International Studies (CSIS). General Raduege has co-chaired the CSIS "Commission on Cybersecurity for the 44th President" for the past three years and speaks to the importance of shaping cyber policy and strategy.

Lieutenant Governor Robert J. Duffy

Bob Duffy was elected Lieutenant Governor in November 2010 after he and running mate Andrew Cuomo ran a successful campaign to lead New York State. Duffy had been mayor of Rochester, NY since January 1, 2006.

His time as Mayor was marked by boundless energy, an immeasurable faith in the city's potential and a commitment to transforming Rochester into "One City" where all citizens benefit from the vast wealth of its resources.

As the City's chief executive, Bob Duffy navigated the worst economic crisis since the Great Depression by reducing the cost of government, yet improving services. Under his stewardship, the value of property in Rochester has risen, while the tax rate has declined. He reduced the city workforce to its lowest level since the Truman administration, while attracting millions of dollars in private-sector investments.

Highlights of Bob Duffy's time as mayor include the successful launch of the Midtown Rising Project, which will bring the world headquarters of PAETEC Holdings Corp. to downtown Rochester as part of the most significant development to the Center City in more than four decades; the completion of the Brooks Landing development after more than 20 years of planning; construction of the ESL Federal Credit Union headquarters in downtown; and a steady stream of new business activity along the city's commercial corridors.

His mayoral accomplishments also include merging three departments into the highly efficient and effective Department of Neighborhood and Business Development; fostering government transparency and accountability through the creation of the Office of Public Integrity; adopting the 311 Call Center to give citizens immediate access to City services; and investing in public safety to bring Rochester's rate of serious crime to its lowest point in 25 years.

Born in Rochester's Tenth Ward, Duffy graduated from the Aquinas Institute, Monroe Community College and Rochester Institute of Technology. After joining the Rochester Police Department in 1976, he worked nights to earn a Master's degree from Syracuse University. He became Deputy Chief of Police in 1992 and Rochester's Chief of Police in 1998.

The youngest of three brothers, Bob Duffy and his wife Barbara are the proud parents of daughters Erin and Shannon. He enjoys spending time with his family, reading and running.