0900 – 0940

Cyber/EW Support to Multi Domain Operations

Presented By: Herm Hasken, MarkPoint Technologies

Multi Domain Operations conducted at the BCT level will require advanced sensing capabilities that provide detection and characterization of friendly, enemy, and neutral communications nodes to support information and decision dominance at the tactical level. New Cyber and EW Recon tools will be required to provide such insight to commanders. These EW/Cyber actions (Cyber Operational Preparation of the Information Environment) must take place early in the competition phase to provide enduring persistent access to adversary military communications and critical infrastructure as well as insight to the “neutral” networks and infrastructure that could be exploited for A2/AD strategies. EW/Cyber tools must be small and ubiquitous, capable of being body worn, vehicle mounted, or placed on various sizes of drones or other platforms depending on environment and targeted areas of interest. These devices must be produced in several form factors to accommodate for local environment and mission profiles. In response to such requirements, MarkPoint has created the CEMA Tactical Awareness Support Kit, or C-TASK for short. C-TASK was designed with Force Protection in mind, but also provides Tactical Situational Awareness, and delivers targeting support at the tactical and theater level.

0950 – 1030

Shift Left: Embedding Security into your DevSecOps Workflow

Presented By: Daniel Marquard, Gitlab

DevOps is a revolutionary step forward in efficient software delivery, but teams often face painful delays when releases are put through security testing. Security is critical for every digital entity, but often adds tension to a process that is already under pressure for speed and cost efficiency. For many, software delivery resembles an assembly-line style of work where employees have to constantly stop and start their work on different projects, breaking their mental flow and straining relationships between teams. How can teams solve this back-and-forth without foregoing quality? They must embed security into the development workflow. When security is embedded into the developer workflow, developers can respond to vulnerability alerts while they’re writing code.

Embedded security checks allow developers to pass off a streamlined workflow to their security peers. Security then focuses on the most important risks and threats with the typical mountain of checks reduced to a much shorter list. Shortened test times lead to much faster releases!

1040 – 1120

Ultimate App Protection - Hardening Unprotected Endpoints

Presented By: Mark S. Sincevich, Arxan Technologies

Traditional app security and network defenses cannot protect apps running in zero-trust environments. The need to access applications, systems and devices opens up vulnerabilities and multiple points of entry for attackers—against which firewalls and other security measures stand no chance. Yesterday’s insider threat has evolved into today’s threat actor with stolen credentials. Arxan code protection hardens applications with patented guarding and threat detection capabilities. Arxan obfuscates code to protect against reverse engineering and delivers the ability to self-repair attacked code, automatically disable app functionality, insert honeypots and implement other deceptive code patterns to deter and confuse threat actors when attacked. Arxan is FIPS 140-2 Certified, provides a dynamic app policy engine, code hardening, obfuscation, white-box cryptography and encryption, and threat detection. This seminar demonstrates the need for Application Protection at the binary code level and how you can use Threat Analytics, Cryptography and App Management to create an enterprise approach to your defensive cyber operations (DCO).

1130 – 1210

Increasing the Speed of DCO Tool Deployment

Presented By: Ed Sealing, Sealing Technologies

Cyber lethality is directly related to the speed of operations. Currently, developing and deploying new defensive and offensive tools is a slow process. SealingTech has conducted research in the use of containers, version-controlled repositories, and DevOps processes in Cyber Defense operations. In this talk, we will present a model for the DoD to share DCO tools in a centralized, version-controlled repository and to be able to move tools from development into operations in a secure, near-realtime process. All of our work has been provided in open-source channels (GitHub) and includes example tools (IDS, IPS, SIEM, and packet capture).

1220 – 1300

The Benefits of an Open Source Cloud Infrastructure

Presented By: Matt Ferguson, Strategic Communications

Open source cloud infrastructure, such as Linux, provides an array of benefits for IT departments. Advantages include lower support costs, enhanced security features and improved performance of software/hardware. Oracle’s Linux subscription enables IT departments to easily manage Linux servers, native Linux cloud environments, and Kernel-based virtual machines (KVMs). Discover the latest in Linux-based infrastructure implementation and support for your on-premise or cloud environment!