Peter Wood, CEO of First Base Technologies, gave a presentation on how big data and advanced analytics can help with cybersecurity challenges. He discussed how the threat landscape has become more complex with stealth malware and targeted attacks. Traditional defenses like signatures and firewalls may be insufficient. Big data can help through improved SIEM tools with real-time updates, behavior models, and correlation to detect advanced threats. However, big data analytics requires significant investment and specialized skills that are only available to large organizations currently. Cloud-based solutions may help other organizations also gain security benefits from big data.
This document discusses the application of artificial intelligence techniques in cybersecurity. It begins by outlining the motivations for applying AI to cybersecurity, such as the growing amounts of data and connections between devices. It then provides an overview of cybersecurity challenges and common AI techniques like machine learning. The document concludes by presenting several examples of how AI is already being used to enhance cybersecurity, such as through anomaly detection, natural language processing for unstructured threat analysis, and AI-powered security analytics tools.
Enterprise immune systems use machine learning and AI to provide self-learning, self-defending networks for organizations. Darktrace's Enterprise Immune System uses unsupervised machine learning across 350+ data features to establish a "pattern of life" for every user, device, and their relationships to autonomously detect threats without predefined rules. It has detected over 63,500 in-progress threats across many organizations, completing the immune system model with real-time responses. Customers praise Darktrace for its unique ability to detect even unknown threats and insider behaviors.
The document discusses the DATAIA Institute, a convergence institute in France focused on data science, artificial intelligence, and their societal impacts. The institute brings together over 130 affiliated researchers from 14 academic institutions. It aims to address 4 overarching challenges: machine learning and AI, data and knowledge, transparency and ethics, and data protection. The institute will conduct research, training, and partnerships with industry on topics like responsible and transparent AI, algorithmic bias, and data privacy.
Algorithmic Systems Transparency and Accountability in Big Data & Cognitive EraNozha Boujemaa
1) Algorithmic systems are increasingly being used for decision support, but their lack of transparency and accountability can undermine trust.
2) Ensuring algorithmic transparency and developing methods for establishing accountability are important for building trust.
3) Responsible and ethical data management and analytics are needed to address potential biases in algorithmic systems and their real-world impacts.
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.
Guess what. It's all baloney. We have entered a state in cyber security that is, in fact, dangerous. We are blindly relying on algorithms to do the right thing. We are letting deep learning algorithms detect anomalies in our data without having a clue what that algorithm just did. In academia, they call this the lack of explainability and verifiability. But rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and in turn discover wrong insights.
In this talk I will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. I will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.
An introductory take on the ethical issues surrounding the use of algorithms and machine learning in finance, education, law enforcement and defense. This work was stimulated by, but is not a product or authorized content from the IEEE P7003 WG.
Disclaimer: This work is mine alone and does not reflect view of IEEE, IEEE 7003 WG, my employer.
Enabling the data driven enterprise v3armikkilineni
Rao Mikkilineni is introducing the concept of a "cognitive computing era" enabled by a post-hypervisor cognitive computing model. The document discusses business drivers for new information processing solutions like mobile computing and video services driving demand for high performance edge computing. It also discusses emerging technologies like cognitive computing using neural networks and composable cognitive services. The summary introduces key concepts around a cognitive control overlay and composable services to deliver intelligent, sentient, and resilient data-driven enterprises.
Peter Wood, CEO of First Base Technologies, gave a presentation on how big data and advanced analytics can help with cybersecurity challenges. He discussed how the threat landscape has become more complex with stealth malware and targeted attacks. Traditional defenses like signatures and firewalls may be insufficient. Big data can help through improved SIEM tools with real-time updates, behavior models, and correlation to detect advanced threats. However, big data analytics requires significant investment and specialized skills that are only available to large organizations currently. Cloud-based solutions may help other organizations also gain security benefits from big data.
This document discusses the application of artificial intelligence techniques in cybersecurity. It begins by outlining the motivations for applying AI to cybersecurity, such as the growing amounts of data and connections between devices. It then provides an overview of cybersecurity challenges and common AI techniques like machine learning. The document concludes by presenting several examples of how AI is already being used to enhance cybersecurity, such as through anomaly detection, natural language processing for unstructured threat analysis, and AI-powered security analytics tools.
Enterprise immune systems use machine learning and AI to provide self-learning, self-defending networks for organizations. Darktrace's Enterprise Immune System uses unsupervised machine learning across 350+ data features to establish a "pattern of life" for every user, device, and their relationships to autonomously detect threats without predefined rules. It has detected over 63,500 in-progress threats across many organizations, completing the immune system model with real-time responses. Customers praise Darktrace for its unique ability to detect even unknown threats and insider behaviors.
The document discusses the DATAIA Institute, a convergence institute in France focused on data science, artificial intelligence, and their societal impacts. The institute brings together over 130 affiliated researchers from 14 academic institutions. It aims to address 4 overarching challenges: machine learning and AI, data and knowledge, transparency and ethics, and data protection. The institute will conduct research, training, and partnerships with industry on topics like responsible and transparent AI, algorithmic bias, and data privacy.
Algorithmic Systems Transparency and Accountability in Big Data & Cognitive EraNozha Boujemaa
1) Algorithmic systems are increasingly being used for decision support, but their lack of transparency and accountability can undermine trust.
2) Ensuring algorithmic transparency and developing methods for establishing accountability are important for building trust.
3) Responsible and ethical data management and analytics are needed to address potential biases in algorithmic systems and their real-world impacts.
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.
Guess what. It's all baloney. We have entered a state in cyber security that is, in fact, dangerous. We are blindly relying on algorithms to do the right thing. We are letting deep learning algorithms detect anomalies in our data without having a clue what that algorithm just did. In academia, they call this the lack of explainability and verifiability. But rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and in turn discover wrong insights.
In this talk I will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. I will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.
An introductory take on the ethical issues surrounding the use of algorithms and machine learning in finance, education, law enforcement and defense. This work was stimulated by, but is not a product or authorized content from the IEEE P7003 WG.
Disclaimer: This work is mine alone and does not reflect view of IEEE, IEEE 7003 WG, my employer.
Enabling the data driven enterprise v3armikkilineni
Rao Mikkilineni is introducing the concept of a "cognitive computing era" enabled by a post-hypervisor cognitive computing model. The document discusses business drivers for new information processing solutions like mobile computing and video services driving demand for high performance edge computing. It also discusses emerging technologies like cognitive computing using neural networks and composable cognitive services. The summary introduces key concepts around a cognitive control overlay and composable services to deliver intelligent, sentient, and resilient data-driven enterprises.
Data Mining And Visualization of Large DatabasesCSCJournals
Data Mining and Visualization are tools that are used in databases to further analyse and understand the stored data. Data mining and visualization are knowledge discovery tools used to find hidden patterns and to visualize the data distribution. In the paper, we shall illustrate how data mining and visualization are used in large databases to find patterns and traits hidden within. In large databases where data is both large and seemingly random, mining and visualization help to find the trends found in such large sets. We shall look at the developments of data mining and visualization and what kind of application fields usage of such tools. Finally, we shall touch upon the future developments and newer trends in data mining and visualization being experimented for future use.
Data-driven enterprise requires intelligent, sentient, and resilient software systems to address information processing structures to deal with rapid fluctuations in resource demand and availability.
Communication, Collaboration and Commerce workflows at the speed of light demand always-on anti-fragile systems
Both autonomic computing and neural networks provide a next generation set of technologies to meet the needs of the data-driven enterprise at the speed of light
Crypto-Security and New Digital Asset Life-cycle Managent assures the Asset’s Confidentiality, Integrity, Availability providing Privacy & Protection of Individual Rights
Present: Our lives, as well as any field of business and society, are continuously transformed by our ability to collect meaningful data in a systematic fashion and turn that into value. We are increasingly more connected to data sources, have unprecedented distributed infrastructure capabilities and continuously improve our scientific and analytical capabilities. A new interest in an evolved field of data science has emerged as a response to the push from these advances.
Potential: The state of the art and present challenges come with many opportunities. They not only push for new and innovative capabilities in composable data management and analytical methods that can run anytime, anywhere but also require methods to bridge the gap between applications and such capabilities. However, we often lack collaborative culture and effective methodologies to translate these newest advances into impactful solution architectures that can transform science, society, and education.
Future: A Collaborative Networked World as a Part of the Data Science Process: Any solution architecture for data science today depends on the effectivity of a multi-disciplinary data science team, not only with humans but also with analytical systems and infrastructure which are inter-related parts of the solution. Focusing on collaboration and communication between people, and dynamic, predictable and programmable interfaces to systems and scalable infrastructure from the beginning of any activity is critical. This talk will provide an overview of some of our recent work on networked application architectures for dynamic data-driven wildfire modeling and smart cities. It will also explain how focusing on (1) some P’s in the planning phases of a data science activity and (2) creating a measurable process that spans multiple perspectives and success metrics was effective in making these solutions scalable. Lastly, it will introduce the PPODS methodology and family of composable tools for a team-based data science process management and training.
This document discusses securing big data as it travels and is analyzed. It outlines some of the key challenges organizations face with big data including increasing volumes of data from various sources, managing data privacy, and optimizing return on investment from big data analytics. Effective data governance is important for managing data as an asset and meeting regulatory compliance. However, many companies struggle with data governance due to short-term priorities and political issues. An iterative approach focusing on specific data sets can help companies start seeing results more quickly from data governance.
NUS-ISS Learning Day 2018-Leading conversation in IoT securityNUS-ISS
The document discusses communicating cybersecurity requirements in the context of IoT. It outlines learning outcomes around understanding IoT security needs like privacy, safety, resilience, confidentiality, authentication and integrity. It then discusses how to have a conversation about these needs using examples like smart cameras and smart lamp posts. The key is to ask what risks are being addressed, what specifically is being protected, and to involve IT/cybersecurity experts to conduct risk assessments and recommend security controls.
Microservices are an effective approach to orchestrate services in the cloud. The microservices architectural style is an approach to develop a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms ( API ).
To be more effective they need a contextual evaluation of the meaning of data of IoT generating always more data.Machine Learning can support Microservices to extract meaning from Big Data making Microservices smarter and speedier. Industries can have huge benefits from this approach.
Machine learning and artificial intelligence techniques are increasingly being used in cyber security to detect threats like malware, fraud, and intrusions. By analyzing large amounts of data, machine learning algorithms can learn patterns of both normal and anomalous behavior and make predictions about new or unseen data. This allows threats to be identified more accurately and in real-time without being explicitly programmed. Some key benefits of machine learning for cyber security include improved spam filtering, malware detection, identifying advanced threats, and detecting insider threats and data leaks. It is helping to address challenges of data overload, speed of threats, and unknown threats that traditional rule-based detection was unable to handle effectively.
This document discusses cyber resilience and provides guidance on developing a cyber resilience strategy. It defines cyber resilience as an organization's ability to continue operations despite adverse cyber events. The document recommends that organizations implement the five pillars of cyber resilience: prepare/identify, protect, detect, respond, and recover. For each pillar, it provides examples of specific activities organizations can undertake such as conducting risk assessments, implementing security controls, establishing incident response plans, and developing disaster recovery processes. The overall message is that cyber resilience requires a strategic, comprehensive approach across people, processes, and technologies to withstand various cyber threats.
Digital Technologies and a Data Driven FutureJon Whittle
In this talk, I reflect on the digital transformation brought about by COVID-19 and look at how digital technologies, such as artificial intelligence, will play a leading role in recovery from economic recession
Transforming Healthcare at GTC Silicon ValleyNVIDIA
The GPU Technology Conference (GTC) brings together the leading minds in AI and healthcare that are driving advances in the industry - from top radiology departments and medical research institutions to the hottest startups from around the world. Can't miss panels and trainings at GTC Silicon Valley
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
This document discusses successfully creating an IT service at Mercy Health to address organizational challenges and compliance needs. It describes implementing Tripwire Enterprise for change detection and monitoring to gain visibility into their IT environment, validate approved changes, and produce reports for audits. This improved governance of controls, reduced audit findings, and provided a key strategy for their security operations center and PCI compliance efforts. Going forward, Tripwire will help address other regulatory needs and expand its use for security configuration management.
Information Systems for Digital TransformationYves Caseau
Keynote at "Complex Systems Design and Management"
Exponential Information Systems as the back bone for Digital Transformation. This talk adresses the goals and the challenges of transforming IS into platforms that support their company's digital ambitions.
Decision Intelligence: How AI and DI (and YOU) are Evolving to the Next LevelLorien Pratt
This document discusses the evolution of artificial intelligence and data science roles. It argues that AI/ML is maturing from a technology-centric focus to solving complex problems and making decisions. A new "Agile AI" lifecycle is proposed that focuses on decision modeling and using AI/ML to design solutions. This requires new specialist roles like Agile AI project managers, decision modelers, and technology architects. The goal is to develop data-led solutions that help manage risks and make better decisions around issues like disaster response and clean energy investment.
This document discusses artificial intelligence and machine learning. It begins with an outline covering AI revolution, methods and protocols, and a call to action. It then discusses the spectacular investment and performance acceleration in AI. Next, it provides examples of AI applications in various industries. It describes today's AI toolbox, including various machine learning techniques. It stresses the importance of data collection for AI strategies and provides recommendations for how organizations can take action and grow AI success.
Amazon recruiting tool was shut down for bias against women after it codified discriminatory practices from narrow data sets. Facial recognition tools consistently have higher error rates for darker-skinned and female faces, calling for regulation. A man was denied parole after 10 years despite low-risk assessment scores, due to commercially proprietary weighting factors in risk assessment models. China aims to have a social credit score for 1.4 billion citizens by 2020 that impacts social and economic rights based on personal behavior tracking.
The document discusses challenges and opportunities for government involvement in fostering advancement of the Internet of Things (IoT). It categorizes IoT applications and recommends different levels of government involvement for each category. For public governmental applications like Smart Cities, it recommends the government play a lead role. It identifies several technological challenges for these large-scale systems and recommends the Department of Commerce focus on contributing to Smart X applications through initiatives such as funding research, developing standards, and supporting collaboration.
Definition, architecture, general applications, and energy management specified application of expert systems - Class presentation - University of Tabriz 2019
The document discusses privacy-preserving analytics and data mining challenges at LinkedIn. It describes LinkedIn's framework called PriPeARL that uses differential privacy to enable privacy-preserving analytics. Some key aspects include generating pseudo-random noise inspired by differential privacy, ensuring consistency of results over time and across queries, and evaluating the framework on LinkedIn ad analytics data. It also discusses lessons learned from over a year of deployment across various analytics applications at LinkedIn scale.
The document provides information about Ahmed Banafa's background and experience, including extensive experience in operations and management with a research background in various techniques and analysis. It also lists that he has taught at several universities and has received several awards for his work. It provides a brief introduction to big data and defines it as large and complex structured and unstructured data that cannot be processed by traditional database tools. It also discusses some of the roots and key aspects of big data like volume, velocity, and variety.
2016 - Cyber Security for the Public SectorScott Geye
The document discusses cybersecurity topics including 2015-2016 breach reports, vulnerabilities, exploits, malware, cybercrime marketplaces, hacktivism, and cybersecurity resources. It provides an overview of recent cybersecurity trends, including a shift towards directly attacking applications and the monetization of malware. Breaches are shown to most commonly be caused by hacking and involve theft of personal data. The Texas Cybersecurity Framework and resources for local governments to improve cyber defenses are also summarized.
Presentation on the analysis of cybersecurity capacity building, finding a clear impact of capacity building on a reduction in end user problems and enhanced use by individuals, governments, and business.
Data Mining And Visualization of Large DatabasesCSCJournals
Data Mining and Visualization are tools that are used in databases to further analyse and understand the stored data. Data mining and visualization are knowledge discovery tools used to find hidden patterns and to visualize the data distribution. In the paper, we shall illustrate how data mining and visualization are used in large databases to find patterns and traits hidden within. In large databases where data is both large and seemingly random, mining and visualization help to find the trends found in such large sets. We shall look at the developments of data mining and visualization and what kind of application fields usage of such tools. Finally, we shall touch upon the future developments and newer trends in data mining and visualization being experimented for future use.
Data-driven enterprise requires intelligent, sentient, and resilient software systems to address information processing structures to deal with rapid fluctuations in resource demand and availability.
Communication, Collaboration and Commerce workflows at the speed of light demand always-on anti-fragile systems
Both autonomic computing and neural networks provide a next generation set of technologies to meet the needs of the data-driven enterprise at the speed of light
Crypto-Security and New Digital Asset Life-cycle Managent assures the Asset’s Confidentiality, Integrity, Availability providing Privacy & Protection of Individual Rights
Present: Our lives, as well as any field of business and society, are continuously transformed by our ability to collect meaningful data in a systematic fashion and turn that into value. We are increasingly more connected to data sources, have unprecedented distributed infrastructure capabilities and continuously improve our scientific and analytical capabilities. A new interest in an evolved field of data science has emerged as a response to the push from these advances.
Potential: The state of the art and present challenges come with many opportunities. They not only push for new and innovative capabilities in composable data management and analytical methods that can run anytime, anywhere but also require methods to bridge the gap between applications and such capabilities. However, we often lack collaborative culture and effective methodologies to translate these newest advances into impactful solution architectures that can transform science, society, and education.
Future: A Collaborative Networked World as a Part of the Data Science Process: Any solution architecture for data science today depends on the effectivity of a multi-disciplinary data science team, not only with humans but also with analytical systems and infrastructure which are inter-related parts of the solution. Focusing on collaboration and communication between people, and dynamic, predictable and programmable interfaces to systems and scalable infrastructure from the beginning of any activity is critical. This talk will provide an overview of some of our recent work on networked application architectures for dynamic data-driven wildfire modeling and smart cities. It will also explain how focusing on (1) some P’s in the planning phases of a data science activity and (2) creating a measurable process that spans multiple perspectives and success metrics was effective in making these solutions scalable. Lastly, it will introduce the PPODS methodology and family of composable tools for a team-based data science process management and training.
This document discusses securing big data as it travels and is analyzed. It outlines some of the key challenges organizations face with big data including increasing volumes of data from various sources, managing data privacy, and optimizing return on investment from big data analytics. Effective data governance is important for managing data as an asset and meeting regulatory compliance. However, many companies struggle with data governance due to short-term priorities and political issues. An iterative approach focusing on specific data sets can help companies start seeing results more quickly from data governance.
NUS-ISS Learning Day 2018-Leading conversation in IoT securityNUS-ISS
The document discusses communicating cybersecurity requirements in the context of IoT. It outlines learning outcomes around understanding IoT security needs like privacy, safety, resilience, confidentiality, authentication and integrity. It then discusses how to have a conversation about these needs using examples like smart cameras and smart lamp posts. The key is to ask what risks are being addressed, what specifically is being protected, and to involve IT/cybersecurity experts to conduct risk assessments and recommend security controls.
Microservices are an effective approach to orchestrate services in the cloud. The microservices architectural style is an approach to develop a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms ( API ).
To be more effective they need a contextual evaluation of the meaning of data of IoT generating always more data.Machine Learning can support Microservices to extract meaning from Big Data making Microservices smarter and speedier. Industries can have huge benefits from this approach.
Machine learning and artificial intelligence techniques are increasingly being used in cyber security to detect threats like malware, fraud, and intrusions. By analyzing large amounts of data, machine learning algorithms can learn patterns of both normal and anomalous behavior and make predictions about new or unseen data. This allows threats to be identified more accurately and in real-time without being explicitly programmed. Some key benefits of machine learning for cyber security include improved spam filtering, malware detection, identifying advanced threats, and detecting insider threats and data leaks. It is helping to address challenges of data overload, speed of threats, and unknown threats that traditional rule-based detection was unable to handle effectively.
This document discusses cyber resilience and provides guidance on developing a cyber resilience strategy. It defines cyber resilience as an organization's ability to continue operations despite adverse cyber events. The document recommends that organizations implement the five pillars of cyber resilience: prepare/identify, protect, detect, respond, and recover. For each pillar, it provides examples of specific activities organizations can undertake such as conducting risk assessments, implementing security controls, establishing incident response plans, and developing disaster recovery processes. The overall message is that cyber resilience requires a strategic, comprehensive approach across people, processes, and technologies to withstand various cyber threats.
Digital Technologies and a Data Driven FutureJon Whittle
In this talk, I reflect on the digital transformation brought about by COVID-19 and look at how digital technologies, such as artificial intelligence, will play a leading role in recovery from economic recession
Transforming Healthcare at GTC Silicon ValleyNVIDIA
The GPU Technology Conference (GTC) brings together the leading minds in AI and healthcare that are driving advances in the industry - from top radiology departments and medical research institutions to the hottest startups from around the world. Can't miss panels and trainings at GTC Silicon Valley
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
This document discusses successfully creating an IT service at Mercy Health to address organizational challenges and compliance needs. It describes implementing Tripwire Enterprise for change detection and monitoring to gain visibility into their IT environment, validate approved changes, and produce reports for audits. This improved governance of controls, reduced audit findings, and provided a key strategy for their security operations center and PCI compliance efforts. Going forward, Tripwire will help address other regulatory needs and expand its use for security configuration management.
Information Systems for Digital TransformationYves Caseau
Keynote at "Complex Systems Design and Management"
Exponential Information Systems as the back bone for Digital Transformation. This talk adresses the goals and the challenges of transforming IS into platforms that support their company's digital ambitions.
Decision Intelligence: How AI and DI (and YOU) are Evolving to the Next LevelLorien Pratt
This document discusses the evolution of artificial intelligence and data science roles. It argues that AI/ML is maturing from a technology-centric focus to solving complex problems and making decisions. A new "Agile AI" lifecycle is proposed that focuses on decision modeling and using AI/ML to design solutions. This requires new specialist roles like Agile AI project managers, decision modelers, and technology architects. The goal is to develop data-led solutions that help manage risks and make better decisions around issues like disaster response and clean energy investment.
This document discusses artificial intelligence and machine learning. It begins with an outline covering AI revolution, methods and protocols, and a call to action. It then discusses the spectacular investment and performance acceleration in AI. Next, it provides examples of AI applications in various industries. It describes today's AI toolbox, including various machine learning techniques. It stresses the importance of data collection for AI strategies and provides recommendations for how organizations can take action and grow AI success.
Amazon recruiting tool was shut down for bias against women after it codified discriminatory practices from narrow data sets. Facial recognition tools consistently have higher error rates for darker-skinned and female faces, calling for regulation. A man was denied parole after 10 years despite low-risk assessment scores, due to commercially proprietary weighting factors in risk assessment models. China aims to have a social credit score for 1.4 billion citizens by 2020 that impacts social and economic rights based on personal behavior tracking.
The document discusses challenges and opportunities for government involvement in fostering advancement of the Internet of Things (IoT). It categorizes IoT applications and recommends different levels of government involvement for each category. For public governmental applications like Smart Cities, it recommends the government play a lead role. It identifies several technological challenges for these large-scale systems and recommends the Department of Commerce focus on contributing to Smart X applications through initiatives such as funding research, developing standards, and supporting collaboration.
Definition, architecture, general applications, and energy management specified application of expert systems - Class presentation - University of Tabriz 2019
The document discusses privacy-preserving analytics and data mining challenges at LinkedIn. It describes LinkedIn's framework called PriPeARL that uses differential privacy to enable privacy-preserving analytics. Some key aspects include generating pseudo-random noise inspired by differential privacy, ensuring consistency of results over time and across queries, and evaluating the framework on LinkedIn ad analytics data. It also discusses lessons learned from over a year of deployment across various analytics applications at LinkedIn scale.
The document provides information about Ahmed Banafa's background and experience, including extensive experience in operations and management with a research background in various techniques and analysis. It also lists that he has taught at several universities and has received several awards for his work. It provides a brief introduction to big data and defines it as large and complex structured and unstructured data that cannot be processed by traditional database tools. It also discusses some of the roots and key aspects of big data like volume, velocity, and variety.
2016 - Cyber Security for the Public SectorScott Geye
The document discusses cybersecurity topics including 2015-2016 breach reports, vulnerabilities, exploits, malware, cybercrime marketplaces, hacktivism, and cybersecurity resources. It provides an overview of recent cybersecurity trends, including a shift towards directly attacking applications and the monetization of malware. Breaches are shown to most commonly be caused by hacking and involve theft of personal data. The Texas Cybersecurity Framework and resources for local governments to improve cyber defenses are also summarized.
Presentation on the analysis of cybersecurity capacity building, finding a clear impact of capacity building on a reduction in end user problems and enhanced use by individuals, governments, and business.
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Sebastiano Panichella
Lecture entitled "Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective Test Generation and Selection" at the International Summer School
on Search- and Machine Learning-based Software Engineering
June 22-24, 2022 - Córdoba, Spain
Sebastiano Panichella and Christian Birchler
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Sebastiano Panichella
Lecture entitled "Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective Test Generation and Selection" at the International Summer School
on Search- and Machine Learning-based Software Engineering
June 22-24, 2022 - Córdoba, Spain
Sebastiano Panichella and Christian Birchler
Michael Goldsmith and I presented an overview of cybersecurity capacity building and current research findings for delegates from across the Commonwealth nations. The first section of slides introduces the Global Cyber Security Capacity Centre (GCSCC), and the second part presents a comparative analysis of the status and impact of capacity building.
Webcast outlines how IT security and operations can address top security concerns and challenges and adapt to new technologies and trends surrounding the endpoint.
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
The document discusses the need for data-centric security strategies to protect sensitive data in digital business systems. As data generation grows exponentially due to technologies like cloud computing, big data, and IoT, cybercriminals have more opportunities. A data-centric approach is needed to merge data security with productivity by controlling access, classifying data, and techniques like encryption, tokenization, and monitoring across structured and unstructured data silos. Solutions that provide centralized security policies and audit/protection of data throughout its entire flow can safely unlock the power of digital business.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
The document discusses Internet of Things (IoT) and cybersecurity challenges in manufacturing. It provides an overview of the evolving threat landscape, including common hacking techniques like spearphishing and malware. The presentation emphasizes the importance of cyber hygiene practices for manufacturers such as updating software, using strong unique passwords, training employees on security basics, and not browsing as an administrator. It promotes attending an upcoming cybersecurity forum to learn more on topics that will help protect manufacturing organizations from emerging threats.
Learn about current cybersecurity threats, what new threats are on the rise, and how to train the next generation of cyberprofessionals to help keep us secure.
Trustworthy Computational Science: A Multi-decade PerspectiveVon Welch
Trust is critical to the process of science. Two decades ago the Internet and World Wide Web fostered a new age in computational science with the emergence of accessible and high performance computing, storage, software, and networking. More recent paradigms, including virtual organizations, federated identity, big data, and global-scale operations continue to evolve the way computing for science is performed.
Advancing technologies, the need to coordinate across organizations and nations, and an evolving threat landscape are sources of ongoing challenges in maintaining the trustworthy nature of computational infrastructure and the science it supports. To address these challenges, a number of projects have focused on improving the cybersecurity and trustworthiness of scientific computing. Recent examples include the Center for Trustworthy Scientific Cyberinfrastructure funded by NSF, the Software Assurance Marketplace funded by DHS, and the Extreme Scale Identity Management for Science project funded by DOE.
This presentation will give a 20 year retrospective together with a vision for the future of cybersecurity for computational science. It will describe the state of trust and cybersecurity for scientific computing, its evolution over the past twenty years, challenges it is facing today, how the exemplar projects are addressing those challenges, and a vision of cybersecurity for research and higher education in general augmenting each other in the future.
The document outlines India's national cyber security policy and strategies. It aims to build a secure and resilient cyberspace for citizens, businesses, and government. The key objectives are to create a secure cyber ecosystem, strengthen regulatory frameworks, enhance mechanisms for information gathering and response, protect critical information infrastructure, develop indigenous security technologies, and create a cybersecurity workforce. The strategies to achieve these objectives include designating agencies to coordinate cybersecurity efforts, encouraging adoption of best practices, developing testing and certification processes, and fostering public-private partnerships and cooperation.
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaRahul Neel Mani
Internet of Things “IoT” can be defined as physical objects that connect to the internet through embedded systems and sensors, interacting with it to generate meaningful results and convenience to the end-user community. According to industry estimates, machine-to-machine communications
alone will generate approximately US$900 billion in revenues by 2020.
Cybersecurity and continuous intelligenceNISIInstituut
Welcome to the cybersecurity & continuous intelligence knowledge slidedeck of NISI (Nederlands Instituut voor de Software Industrie).
Cybersecurity & Continuous Intelligence is a broad topic, covering rules & regulation, internet, cyberwar, software, machine learning and society & trust.
This slidedeck offers you a more in-depth view of this exciting area.
Please contact us directly for more information via email info@nisi.nl or the contact on form on nisi.nl.
Nederlands Instituut voor de Software Industrie
This document is a report on managing cybersecurity threats to the smart grid. It was prepared by four Master of Public Administration students for Iberdrola USA as part of their capstone project. The report provides an overview of smart grid technology, cybersecurity threats to electric utilities, and efforts by utilities and government to prevent and mitigate those threats. It is based on a literature review and interviews with smart grid cybersecurity experts. Appendices include proposed training materials on cybersecurity for electric utility lineworkers.
Digital Security Capacity Building: Role of the UniversityNizar Ben Neji
Digital Security is one the core digital skills needed for the digital economy. What are the main issues with the digital security professions? What is the role of the university to keep pace with the fast changing digital environment?
Internet of Things (IoT) will enable dramatic society transformation. This seminar presents an introduction to the IoT and explains why IoT Security is important.
Then it presents security issues in wireless sensor networks that constitute a main ingredient of IoT.
Seminar given at Centre Tecnològic de Telecomunicacions de Catalunya (CTTC) on 28 January 2015.
Similar to Cyber security solutions for the energy industry in north america israel galvan (20)
Níteo es una asociación sin fines de lucro que busca impulsar la ciencia y tecnología a través de los programas de los veranos de la ciencia para que los jóvenes descubran si ser investigador es su vocación.
Si quieres conocer con más detalle qué hacemos en Níteo y qué resultados hemos obtenido en los últimos años te invitamos a que leas esta presentación.
El verano de investigación científica: Una puerta a tu desarrollo profesional.Israel Galvan Bobadilla
En esta presentación se aborda la problemática actual que enfrentan los recién egresados a la hora de pedir trabajo y que los empleadores requieren de experiencia. Se plantea lo que es un "Internship", pasantía o estancia, que puede contribuir a obtener experiencia antes de terminar la carrera o incluso descubrir la vocación en la ciencia y tecnología a través de los veranos de investigación científica.
¿Qué es el verano de investigación, qué es Níteo y su relación con el INEEL?Israel Galvan Bobadilla
¿Qué hacemos en Níteo?
1. Difundimos los veranos de investigación.
2. Conectamos o vinculamos la academia con la investigación y la industria.
3. Difundimos oportunidades, compartimos e intercambiamos conocimiento.
4. Damos cursos técnicos actuales y a bajo costo.
Dado que las becas de Verano de Investigación que da la academia mexicana de la ciencia o el programa Delfín son insuficientes, nosotros buscamos apoyar con al menos una o dos becas.
¿Qué queremos hacer?
Este año 2017 en particular nos gustaría dar dos becas de verano de investigación a alumnos locales (de Morelos) en centros locales de investigación (por ejemplo en el Instituto Nacional de Electricidad y Energías Limpias, INEEL). El año pasado (2016) dimos una beca por $5,000 pesos.
Pero…. ¿Qué es un verano de investigación?
Es una estancia de 7 semanas colaborando en un proyecto de investigación elegido por el alumno asesorado y un investigador reconocido de México o el extranjero.
ESTE AÑO 2017 ofrecemos estancias en:
El INEEL (periodo de la estancia)
Del 19 de Junio al 4 de Agosto
El Congreso del programa Delfin en Puerto Vallarta (periodo de la estancia)
Del 16 al 19 de Agosto
Requisitos:
- No haber participado en 2 veranos anteriores.
- Cursar al menos el 4to semestre.
- Contar con un promedio mínimo de 8.5.
Formas de participar:
- Becado por su institución.
- Con sus recursos propios.
Pasos para participar:
1) Enviar un correo a contacto@niteo.org.mx con tus datos de estudiante.
2) Consultar el catálogo de investigadores (que te haremos llegar por correo).
3) Comunicarse con el investigador de tu agrado.
4) Exponer tus motivos por los que deseas hacer una estancia.
5) Recibir carta de aceptación del investigador.
6) Obtener una carta de recomendación de un profesor.
7) Enviar al NITEO:
- Carta de aceptación del investigador.
- Carta de motivos por los que deseas hacer un verano.
- Constancia de estudios con calificaciones y promedio.
- Carta de intención.
- Copia de afiliación del seguro médico vigente.
- Copia de identificación oficial.
Fecha límite para enviar información (los 7 pasos mencionados anteriormente):
31 de Mayo de 2017
Si te interesa o deseas compartir la información, escribe a: contacto@niteo.org.mx o por Whatsapp al teléfono: (55) 42 26 55 45
También te invitamos a seguirnos en Facebook: https://www.facebook.com/niteomexico
El documento presenta los resultados de 2015 y los planes para 2016 de NITEO. En 2015, NITEO firmó su acta constitutiva, adquirió un hosting y dominio para su sitio web, desarrolló el sitio, inició el trámite de registro de marca, tuvo presencia en redes sociales, y participó en un video del Verano Científico. En 2016, NITEO planea entregar reconocimientos a sus miembros fundadores, realizar un programa de divulgación científica, ofrecer cursos y talleres gratuitos,
Sistemas de capacitación basados en Realidad Virtual para la industria energé...Israel Galvan Bobadilla
En esta presentación se presenta una breve introducción al tema de Realidad Virtual y sus aplicaciones en el campo de la capacitación. Se mencionan los distintos desarrollos que el Instituto de Investigaciones Eléctricas ha desarrollado para la Comisión Federal de Electricidad y sus beneficios identificados.
El documento describe el Programa Delfín, un programa de movilidad estudiantil en México y Colombia. Explica que el programa involucra a 90 instituciones de educación superior y opera en 24 estados de México y Colombia. El objetivo del programa es promover la investigación científica, la internacionalización de la educación superior y formar nuevos investigadores. En los últimos 20 años, el programa ha apoyado a más de 30,000 estudiantes a realizar estancias de investigación de verano.
Conoce el programa que impulsa desde hace 20 años el verano de la investigación científica en las instituciones de educación superior del pacífico. También conoce un poco de cómo nos estamos vinculando Niteo y el Instituto de Investigaciones Eléctricas (IIE) para hacer sinergia y tener mas impacto en la ciencia y tecnología de nuestro país.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
Cyber security solutions for the energy industry in north america israel galvan
1. 35 años de investigación, innovando con energía
Cyber Security Solutions for the
Energy Industry in North America
MSc. Israel Galván Bobadilla
2. 35 años de investigación, innovando con energía
Agenda
About this presentation
Facts, stats and motivation
Cyber Security in North America
Government
Frameworks
Councils
Research
Solutions
Personal thoughts and conclusions
3. 35 años de investigación, innovando con energía
About this presentation
Cybersecurity and Access Control for Utilities Reverse Trade Mission
for Mexico and Panama to the United States
April 19th – 30th, 2015
SPONSORED BY:
4. 35 años de investigación, innovando con energía
Facts, stats and motivation
5. 35 años de investigación, innovando con energía
“Security incidents has increased 66%”
Global State of Information Security® Survey 2015, PwC
Facts, stats and motivation
“83% view cyberattacks as one of top 3 threats business,
but only 38% are prepared”
Information Systems Audit and Control Association, ISACA
“Approximately 60 to 80 percent of network misuse
incidents originate from the inside network."
Computer Security Institute (CSI) in San Francisco, California
6. 35 años de investigación, innovando con energía
“Cybersecurity is not optional, is
required and mandatory”
Why?
“The more people,
processes and
technologies are involved,
the more risk we will
have…”
Facts, stats and motivation
7. 35 años de investigación, innovando con energía
Government
They provide information about how to:
Invest in physical and cyber risk management products and plans
Educate employees about critical infrastructure security and resilience
Plan for business continuity
Share threat and incident information
Report suspicious activity
Prepare for all hazards at home and at work
Identifies 16 Critical Infrastructure (CI)
sectors, and one of them is: Energy Sector.
They provide Assessment Resources such as:
Computer-Based Assessment Tool (CBAT)
Cyber Security Evaluation Tool (CSET®)
On site support
Critical Infrastructure Cyber Community C³ Voluntary Program
“Adversaries are
getting
sophisticated”
8. 35 años de investigación, innovando con energía
Government
“Invest in People as well as processes and
technology”
MITIGATION BASICS:
ICSJWG 2015 Spring Meeting
The Industrial Control Systems Joint Working Group invites you to
Washington, DC June 23 - 24, 2015
9. 35 años de investigación, innovando con energía
Framework s
NIST worked with stakeholders to develop a voluntary framework – based on
existing standards, guidelines, and practices - for reducing cyber risks to
critical infrastructure.
10. 35 años de investigación, innovando con energía
Government
USTDA also linked us to:
Available resources
for cybersecurity
Cybersecurity Capability Maturity Model
(C2M2)
Electricity Subsector
(ES-C2M2)
11. 35 años de investigación, innovando con energía
Government
12. 35 años de investigación, innovando con energía
Councils
Is a global trade association dedicated to creating
a favorable business, regulatory, and
technological environment for companies that
own, manage, or provide critical
telecommunications systems in support of their
core business.
UTC provides information, products and services that help members:
Manage their telecommunications and information technology more
effectively and efficiently;
Voice their concerns to legislators and regulators;
Identify and capitalize on opportunities linked to deregulation worldwide;
and
Network with other telecom and IT professionals.
13. 35 años de investigación, innovando con energía
Research
“The Health approach, anomalies &
Context-Based Analytics”
INSTITUTE FOR
ELECTRONIC
GOVERNMENT
14. 35 años de investigación, innovando con energía
Solutions
The BIG picture
15. 35 años de investigación, innovando con energía
“One Size DOES NOT fit all..”
Personal thoughts
“Invest more money on technology for humans…”
“Cybersecurity culture is still being an issue,
evangelization is needed...”
“There is a lack of cybersecurity specialists and
there is a lot of job that must be done...”
“Education and awareness are key elements ...”
“The visibility dilemma:
‘You can’t hack/protect what you can’t see’… ”
16. 35 años de investigación, innovando con energía
EU has a lot of solutions for advanced cybersecurity problems
for the short and medium term.
This solutions should be tested and evaluated, in order to
identify where they fit better in our smartgrids.
There is a lot of best practices, lessons learned, successful
policies and models from FERC-NERC, NIST, Homeland
Security that we should adopt and maybe adapt to Mexico’s
needs.
LATAM is still facing old security problems and new problems!
There are no small players on cybersecurity, safety and
resilience is everybody responsibility.
Conclusions
17. 35 años de investigación, innovando con energía
MSc. Israel Galván Bobadilla
ELECTRICAL RESEARCH INSTITUTE
Enabling Technologies Division
Information Technology Department
igalvan@iie.org.mx
+52 (777) 3 62 38 11 Ext. 7526
Thank you!
“We are not in the contest era, we are on the
collaboration era… A great era by the way…”
18. 35 años de investigación, innovando con energía
Just in case
Extra slides
19. 35 años de investigación, innovando con energía
Solutions
Cybersecurity “Big Data” analytics, policy, planning, implementation
and emergency preparedness.
A cloud-based, open architecture
analytical platform for harnessing
data. Provides customizable
methodologies for solving the
complex analytic challenges of
managing “Big Data” in most data
formats.
FEATURES:
Intelligent linkages among disparate data
sources
Web-enabled, infrastructure independent
Flexible and extensible tools for analysis and
relationship mapping
Data type independent and open source access
Quick and easy to deploy
Intuitive, with little user training required
Delivered at a fraction of the cost of legacy,
monolithic data analysis toolsets
20. 35 años de investigación, innovando con energía
Solutions
Incident management and monitoring systems, video surveillance and
sensors, Cybersecurity risk management, preparedness and
integration services, Biometric, electronic badge, smart card and
proximity sensor technologies.
“You Can’t Hack What You Can’t See”
21. 35 años de investigación, innovando con energía
Solutions
Incident management and monitoring systems, video surveillance and
sensors, Cybersecurity risk management, preparedness and
integration services, Biometric, electronic badge, smart card and
proximity sensor technologies.
“You Can’t Hack What You Can’t See”
22. 35 años de investigación, innovando con energía
Solutions
Provides an open infrastructure
to connect sensor-based data,
operations and people to enable
real-time intelligence.
PI System, enables your business
to capture and leverage sensor-
based data across the enterprise
to improve efficiency,
sustainability, quality and safety.
Editor's Notes
254 incidents reported on 2015: 9% natural gas, 9% Petroleum, 11% Electricity
Training on: Operational Security for control systems & cybersecurity
C3: Cybersecurity Education & Awarness (CE&A), Centers of Academic Excellence (CAE), Integrated Cybersecurity Education Communities (ICEC), National Cybersecurity workforce Framework, Cyber Information sharing and collaboration
They have a knowledge base and a Joint Working Group (1,700 members, bi-annual meetings, webinars)
ICS-CERT coordinates control systems-related security incidents and information sharing with Federal, State, and local agencies and organizations, the intelligence community, and private sector constituents, including vendors, owners and operators, and international and private sector CERTs. The focus on control systems cybersecurity provides a direct path for coordination of activities among all members of the critical infrastructure stakeholder community.
Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.
The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
The Department of Homeland Security's Critical Infrastructure Cyber Community C³ Voluntary Program helps align critical infrastructure owners and operators with existing resources that will assist their efforts to adopt the Cybersecurity Framework and manage their cyber risks. Learn more about the C³ Voluntary Program by visiting the C3 Web site.
NIST is also pleased to issue a companion Roadmap that discusses NIST's next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.
USTDA releases Major Infrastructure Projects in Mexico resource guide, providing valuable insight for U.S. industry on priority infrastructure projects throughout Mexico. - See more at: http://www.ustda.gov/news/pressreleases/2014/LAC/Mexico/MexicoResourceGuide_103114.asp#sthash.oSuEx0cR.dpuf
The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Version 1.1, which allows electric utilities and grid operators to assess their cybersecurity capabilities and prioritize their actions and investments to improve cybersecurity, combines elements from existing cybersecurity efforts into a common tool that can be used consistently across the industry. The Maturity Model was developed as part of a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS) and involved close collaboration with industry, other Federal agencies, and other stakeholders.
If you operate any entity within the bulk electric system (BES), you have become aware of the many regulatory changes in recent years. The standards proposed by the North American Electric Reliability Corporation (NERC), accepted and regulated by the Federal Energy Regulatory Commission (FERC), are intended to ensure the security and reliability of systems within the generation, transmission, and distribution of electric power throughout North America. A thorough knowledge of how FERC and NERC operate and enforce these standards will help you to provide a reliable utility service while avoiding millions of dollars in fines for non-compliance.
Definitions: The Difference Between FERC and NERC
FERC is an independent government agency that regulates the transmission of electric and fossil-based power utilities between states. In addition to oversight of wholesale and corporate transactions, FERC is responsible for ensuring safety and reliability in the distribution and transportation of electricity, oil, and natural gas. The agency may enforce its regulatory standards through various means, including civil penalties of millions of dollars per day, per violation.
NERC is a non-profit organization that seeks to ensure the reliability and security of the bulk power system. Overseen by FERC as well as authorities in Canada and part of Mexico, NERC identifies and addresses risks in the power system in order to promote reliability through education and proposed standards for a more secure system.
FERC and NERC have worked together to create the set of Security and Reliability Standards that all entities in the bulk electric system must comply with. These standards are intended to protect utilities from a wide variety of industrial accidents and attacks to the hardware and information systems of power utility companies. In an age of technological advancement, these regulations are constantly being updated to meet the needs of the industry and its consumers.
http://versify.com/FERC_And_NERC.html
We expect our electricity (for heat, air conditioning, and lights), water, and other utilities to be available whenever we want them. But our everyday essentials have become the target of our adversaries. Exacerbating the situation, when a part of the grid fails, we don’t know whether it is from natural causes or the actions of bad actors. Regardless, the failure needs to be fixed.Despite our diligence in the creation of new electric grid standards, these standards are not sufficient to address the urgent cyber threats and challenges that critical infrastructures now face.
The lack of electric grid standard granularity can result in a failure. There are also several other factors at play:
Complexity and sophistication of a smart grid
Large number of electric grid components
Wide variety of involved actors
Lack of time stamp standardization among grid components
An assortment of smart grid standards, such as the International Electrotechnical Commission (IEC) and the Institute of Electrical and Electronics Engineers (IEEE), allow a viable approach vector to insert disinformation into the grid via a myriad of threat vectors.
Innovative analytic approaches are required for the detection of one type of threat, known as misinformation or disinformation or astroturfing. This paper proposes a strategy that combines contextual analytics for version verification (current component state, component history, graphical knowledge of grid connectedness, a decay function for impact of other components), predictive modeling, and a computing model assessment using edge computing.
This IBM® Redguide™ publication describes the various issues that can impact the energy grid and provides examples of grid failures. It discusses the value and possibilities of a smart grid and how analytics can play a key role in the overall solution. It also introduces the combination of Irwin technology from Mehta Tech, Inc. and the IBM Watson™ cognitive system, which form a technology stack to monitor the electric grid.
The Aveshka Homeland Security team serves as a bridge between the public and private sectors in the development of homeland security solutions and provides hypothesis-driven, fact-based analysis coupled with strategic advice based on deep experience in the Homeland Security Enterprise. Since its inception, Aveshka has provided support to both U.S. and international Government departments and agencies, and to private sector entities seeking policy, strategy, implementation, and operational support. Currently, Aveshka supports numerous components of the Department of Homeland Security, including the Federal Emergency Management Agency, the Office of Critical Infrastructure Protection, the Office of Policy, and the Office of Cybersecurity and Communications, as well as components of the Departments of Defense and Justice.
Aveshka homeland security personnel previously held a variety of senior roles in Federal, State, and local governments and are well-recognized experts in a broad set of homeland security disciplines, including emergency management, public safety, critical infrastructure protection, cybersecurity, border and transportation security, public health, counterterrorism, and CBRNE. Our exceptional team of subject matter experts provides services in the following primary areas: policy development; strategic planning; program management; organizational design; exercise design, conduct, and evaluation; risk analysis, assessment, and research; and cybersecurity and information technology.
The Unisys Stealth Solution Suite helps organizations address a growing number of cybersecurity attacks and hacker incidents. These solutions use patented and patent pending security techniques designed to cloak data communication end points, such as end user devices, data center servers and applications, to become invisible on the network and therefore removed as targets for hackers.
The Unisys Stealth Solution Suite helps organizations address a growing number of cybersecurity attacks and hacker incidents. These solutions use patented and patent pending security techniques designed to cloak data communication end points, such as end user devices, data center servers and applications, to become invisible on the network and therefore removed as targets for hackers.
“Trust are the bits on your computer” (integrity) His software is based on the Microsoft Best Secure Coding Practices
“Data is a Business asset”
Unleash Your Infrastructure
Sensors are everywhere and the availability of process data across operations is critical to drive operational excellence. Hidden in the data are insights to help improve quality, energy efficiency, asset health, regulatory compliance, safety, and process efficiencies. To unlock the potential requires an infrastructure to empower data, assets, people, and decisions.
The Power of Connection
The physical and digital worlds are colliding every second, creating an imperative within the operational organization to connect people and systems to create awareness and intelligence. Data is the empowering thread - creating the digital infrastructure for a city, establishing context to data with geospatial mapping and real-time events, and sharing of data both within organizations and beyond traditional boundaries in real-time so every individual can make informed decision.