Despite the enormous amount of attention that has been directed to software security in recent years, relatively little attention has been given to hardware security. More than ever, the devices that are critical to everyday life and to the larger infrastructure are dependent on increasingly sophisticated integrated circuits (ICs). As the complexity and size of these ICs continue to grow, so does the risk of “Trojan” attacks, in which malicious circuitry is hidden within a chip during the design and manufacturing process. The circuitry could be triggered to launch an attack months or years later, with very significant consequences if carried out on a large scale. This presentation will explain the increasingly global nature of the semiconductor industry, and identify technology and policy steps that can be taken to minimize the likelihood of a successful, large-scale, hardware-based cyberattack.

John Villasenor is a professor of electrical engineering at the University of California, Los Angeles and a nonresident senior fellow in Governance Studies and the Center for Technology Innovation at the Brookings Institution. His work addresses the intersection of technology, policy and the law . He holds a B.S. degree from the University of Virginia, and an M.S. and Ph.D. from Stanford University, all in electrical engineering.

5:30 pm - 6:30 pm: Registration/Reception (Manning Faculty Lounge, second floor breezeway fo Stanford Law School)

6:30 pm - 8:30 pm: Panel (Room 290)

An evening panel to discuss behavioral advertising and privacy law, including:

+ Evolving legal, technology and business practices
+ What companies and individuals need to know
+ How the international landscape differs from the U.S.
+ Long term trends and developments
+ Corporate best practices

Speakers:

The advent of ubiquitous networking and computation and deepening globalization since the 1990s has eroded traditional international security architectures by multiplying conflict surfaces and empowering new actors. This talk describes research in the context of track 1.5 dialogues with Russia and China that aims to develop shared frameworks for understanding escalatory models of cyber conflict, sources of instability, and feasible approaches for risk mitigation. It will argue that cyber has made deterrence much more complex, and now, increased information assurance and new legal or normative constraints on state behavior are likely necessary for effective cross-sectoral deterrence. Finally, it suggests three tasks for cyber norms or confidence and security building measures to attenuate instability.

John Mallery is a research scientist at the Computer Science & Artificial Intelligence Laboratory at the Massachusetts Institute of Technology (MIT). He is concerned with cyber policy and has been developing advanced architectural concepts for cyber security and transformational computing for the past decade. Since 2006, he organized a series of national workshops on technical and policy aspects of cyber.

The U.S.-Japan relationship is not much in the headlines these days—and when it is the stories seem to focus on issues, such as Okinawa and beef, that have bedeviled ties seemingly for decades. But, in the midst of seismic shifts in Asia-Pacific security and global economic relations, shouldn’t the two countries be talking about something else?

Many in American industry have thought so and in 2009 the American Chamber of Commerce in Japan released a white paper calling for a new set of discussions with Japan directed at capturing the innovation and growth potential of the emerging global Internet economy. Accompanying the call were a set of over 70 specific recommendations for discussion in areas ranging from privacy, security, intellectual property, spectrum management, cyber security to competition—an agenda for the future not the past.

The paper found resonance with the new Democratic Party government in Japan and the Obama administration that were searching for a new direction and vocabulary for U.S.-Japan economic relations and were mindful that partnership with Japan in this area strengthened the U.S. hand in dealing with preemptive attempts elsewhere to define rule of the road for the Internet and “cloud computing.” 

The Dialogue was formally launched in the fall of 2010 and its third plenary session is taking place in Washington, D.C. October 16 to 19, 2012. Professor Jim Foster is participating in the Dialogue as a leading member of the U.S. private sector delegation to the talks. He will be coming to Stanford immediately following the joint industry-government meeting on October 18 (the governments will continue in closed-door session through the 19th) and will offer his analysis and insight into the discussions in Washington and their implications for future cooperation between Japan and the U.S. industry in the cloud computing field and for the two governments on challenging issues of broader Internet governance.

Jim Foster is currently a professor in the Graduate School of Media and Governance at Keio University, where he teaches and researches on U.S. foreign policy issues and global Internet policy. He is the co-director of Keio’s Internet and Society Institute. Foster worked as a U.S. diplomat from 1981 to 2006, serving in Japan, Korea, the Philippines and at the U.S. Mission to the EU. He was director for corporate affairs at Microsoft Japan from 2006 to 2011. He is a former vice president of the American Chamber of Commerce in Japan and a co-author of the ACCJ White Paper on the Internet Economy.

Industrial Control Systems (ICSs) are used throughout the industrial infrastructure and military applications. These systems are designed to be highly reliable and safe, but were not designed to be cyber secure. Moreover, many of these systems do not even have cyber logging or forensics. Consequently, these systems, which constitute the “soft underbelly” of the American economy and defense, can enable a “cyber Pearl Harbor” to occur without having the capability of even knowing the impacts were cyber-induced. Stuxnet and Aurora have demonstrated that cyber can be used as a weapon to damage or destroy engineering equipment and systems.

To date, there have been more than 225 actual control system cyber incidents worldwide affecting electric power, water, chemicals, pipelines, manufacturing, mass transit, and even aircraft. Most of the incidents have been unintentional. Selected unintentional incidents will be addressed at the ICS Cyber Security Conference (http://www.icscybersecurityconference.com/). However, there have been a number of targeted cyber attacks. The Stanford presentation will focus on Stuxnet and Aurora. It will address the lack of air-gaps, insecureable legacy ICSs, lack of cyber forensics, and cultural issues between IT and Operations that can enable these attacks to occur and evade detection.

Joseph Weiss is an industry expert on control systems and electronic security of control systems, with more than 35 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems. As Technical Manager, Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry's critical infrastructure protection (CIP) program. He was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications.