Traditional hacking skills are only half of the equation for a threat actor trying to take over a space-based asset. Once a spacecraft or ground station is penetrated, a sophisticated attacker needs to know how to cause harm to an on-orbit system. This discussion would look at several threat surfaces and how security professionals are working to secure them.
• Data-link security – Space systems are controlled by a data link from the ground. How secure is that link?
Speaker – Howie Weiss, Security WG Chair, CCSDS
• S/C Control security – the cyber-physical nature of onboard spacecraft systems require that an attacker understand spacecraft dynamics and system interactions in order to gain control, how are onboard systems protected?
Speaker – Aerospace Crop. Cyber lead, Jandria Alexander
Moderated by Dave LaVallee - Senior Project Lead, Space Sector, Johns Hopkins University Applied Physics Laboratory
CLOSED TO PRESS.
Stakes and Consequences: Protecting Oneself From Global Threats to Mobile Communications
Presented by Elad Yoran, Executive Chairman, KoolSpan, and Adam Meyers, VP of Intelligence at CrowdStrike.
Global mobile communications systems are under attack. Technology and financial barriers to attack mobile communications are eroding quickly and the proliferation of attacks is increasing at an alarming rate. Rogue cell towers, man in the middle and other attacks are used by diverse actors to engage in corporate and private espionage and cyber‐crime campaigns globally. Business people, high net worth families, journalists, NGOs, international travelers and others must recognize wider risks to their private communications, and implement technology and behavioral defenses to resume trust in communications.
Business-critical applications running on SAP and Oracle are emerging as the next big target of attacks and the ultimate economic targets for cyberattacks. They are also the biggest blind spot for CISOs. In this session CISO’s will learn about the top attack vectors targeting SAP, how the attacks access sensitive information and the top 5 things to incorporate into an information security strategy.
Enterprises need to safeguard high-value applications handling intellectual property, financial data, big-data apps, and other regulated information while also addressing compliance mandates. Traditional security mechanisms using network constructs like VLANs, subnets, and zones with IP-based rules are cumbersome, error-prone, and even impractical in many cases.
During this session we'll discuss how enterprises are using adaptive security to continuously protect high value applications no matter where they reside–data center, public or private cloud.