Skip to main content

Home

 

Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

 ISTS logo

Securing the e-Campus 2017 - Exact time and dates TBD

Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan

 

 

 

Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George

 

Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

RIOTS logo 

Professor Sean Smith, Director of the ISTS and Bill Nisen, Associate Director, spoke at the

School House residential cluster on the Internet of Risky Things  - February 21, 2017, 5:30 PM

Craig Smith

 

 

 

You Don't Own Your Car
Craig Smith
OpenGarages
Tuesday May 10, 2016 
Carson L02 @4:15

David Safford

 

Hardware Based Security for GE's Industrial Control Systems
David Safford
GE Global Research
Tuesday May 17, 2016
Carson L02 @4:15

 

DanTentler

"It's Fine," They Said. "Just Ship It," They Said.
Dan Tentler
The Phobos Group
Tuesday April 12, 2016 
Carson L02 @4:15

Harold Thimbleby

 

 

 

The Best Way to Improve Healthcare is to Improve Computers
Harold Thimbleby
Swansea University
April 23, 2015

Craig Shue

 

 

 

Managing User-Level Compromises in Enterprise Network
Craig Shue
Worcester Polytechnic Institute
March 31, 2015

 

Newsletter 

Oct news 2015

 

ISTS Information Pamphlet


2012BrochureCover

 

Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
info.ists@dartmouth.edu

2010 Agenda

Monday, July 19.  Training Sessions 

Click here to download a .pdf of the agenda.  Click here to download presentations from the conference.

1:00 p.m.
to
4:30 p.m. 

Into the Cloud: A Hands-on Workshop Exploring the Pros and Cons of Hosting Servers in Public, Private, and Hybrid Clouds

Adam Goldstein
IT Security Engineer, Dartmouth College

Location: Haldeman Center, Room 125

1:00 p.m.
to
4:30 p.m.

Data Driven Security: A Different Approach to Determining Security Requirements

Steve Nyman
Chief Information Security Officer, Dartmouth College

Location: Haldeman Center, Room 031

Tuesday, July 20.  Presentations

8:15 a.m.

Buses Leave Courtyard by Marriott for the Dartmouth Campus

8:30 a.m.

Conference Registration and Continental Breakfast

Location: Haldeman Center, Russo Gallery

9:00 a.m.

Welcoming Remarks

Ellen Waite-Franzen
Vice President for Information Technology and Chief Information Officer, Dartmouth College 

Location: Haldeman Center, Kreindler Conference Room 041

9:10 a.m.

Picking Policy Priorities: Porn, Privacy, Procurement, P2P, or IP

Greg Jackson
Vice President for Policy & Analysis, EDUCAUSE

10:05 a.m.

So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users

Cormac Herley
Principal Researcher, Microsoft Research 

11:00 a.m.

Break

11:15 a.m.

Characterizing the Cyberthreat Landscape

Matthew Devost
Technologist, Entrepreneur, and International Security Expert

12:10 p.m.

Lunch

Location: Occom Commons, McLaughlin Cluster

1:30 p.m.

Panel Discussion: Cloud Computing - Pros and Cons

Participants: John Calkins (Northwestern), Greg Jackson (EDUCAUSE), and Sheri Stahler (Temple)

2:25 p.m.

Three Approaches to Awareness: Unified Messaging, Local Responses, and National Cybersecurity Awareness Month

Michael Kaiser
Executive Director, National Cyber Security Alliance (NCSA)

3:15 p.m.

Break

3:30 p.m.

How Should Colleges Respond to RIAA and Other File Sharing Subpoenas?

Ray Beckerman
Attorney

4:25 p.m.

American Privacy: Can a 19th Century Right Survive 21st Century Technology

Frederick Lane
Author, Attorney, Educational Consultant, Speaker, and Expert Witness

5:20 p.m.

Wrap-up

5:30 p.m.

Social at the Hanover Inn, Hayward Lounge

7:00 p.m.

Free Time for Dinner

8:30 p.m.

Buses Return to Courtyard by Marriott

Wednesday, July 21.  Break-out Sessions

8:15 a.m.

Buses Leave Courtyard by Marriott for the Dartmouth Campus

8:30 a.m.

Continental Breakfast
Location: Haldeman Center, Russo Gallery

9:00 a.m.

Break-out Session 1

Botnets, A Look Into Today's Malware Battle Front
Marc Evans
Umbra Data
Location: Haldeman Center, Room 124

eDiscovery: A Panel Discussion
Location: Haldeman Center, Room 125
Adam Goldstein,
IT Security Engineer, Dartmouth College
Frederick Lane
, Author, Attorney, Educational Consultant, Speaker, and Expert Witness
George Moore,
Attorney

Social Media and College Students: Understanding the Millennial Generation's Staying Connected Mindset
Davina Pruitt-Mentle
Executive Director, Educational Technology Policy, Research, and Outreach (ETPRO)
Location: Haldeman Center, Room 031

10:10 a.m.

Break-out Session 2

Botnets, A Look Into Today's Malware Battle Front
Marc Evans
Umbra Data
Location: Haldeman Center, Room 124 

Hacking Tools and the Hacker Curriculum
Sergey BratusResearch Assistant Professor, Dartmouth College
Far McKon, Software Developer & Community Wrangler
Location: Haldeman Center, Room 125

Social Media and College Students: Understanding the Millennial Generation's Staying Connected Mindset
Davina Pruitt-Mentle
Executive Director, Educational Technology Policy, Research, and Outreach (ETPRO)
Location: Haldeman Center, Room 031

11:20 a.m.

Break-out Session 3

Hacking Tools and the Hacker Curriculum
Sergey Bratus, Research Assistant Professor, Dartmouth College
Far McKon, Software Developer & Community Wrangler
Location: Haldeman Center, Room 125

eDiscovery: A Panel Discussion
Adam Goldstein,  IT Security Engineer, Dartmouth College
Frederick Lane
, Author, Attorney, Educational Consultant, Speaker, Expert Witness

George Moore, Attorney
Location: Haldeman Center, Room 124

12:30 p.m.

Lunch

Location: Dartmouth Outing Club House on Occom Pond

Bus service will be provided from the Haldeman Center to the Dartmouth Outing Club House.

1:15 p.m.

Conference Wrap-Up

Steve Nyman
Chief Information Security Officer, Dartmouth College

The Conference will conclude at 2:00 p.m. Bus service back to the Courtyard by Marriott will be provided at this time.

Training Session Abstracts

Into the Cloud: A Hands-on Workshop Exploring the Pros and Cons of Hosting Servers in Public, Private, and Hybrid Clouds
Adam Goldstein

Low cost, ease of use, and minimal infrastructure requirements are just some of the reasons that make hosting servers in the cloud an attractive proposition. However, there are many security concerns and technical limitations that institutions must consider when assessing the potential benefits of cloud server offerings. This seminar will use interactive exercises to explore these concerns and what institutions and the leading providers are doing to mitigate the security risks. These will include implementation of new security controls and the use of private and hybrid Clouds. In addition, a decision making method will be presented that will assist institutions in determining which services may be good candidates for the cloud.

Data Driven Security: A Different Approach to Determining Security Requirements
Steve Nyman

This presentation will demonstrate how to develop realistic security policy which is risk-based. Typically, organizations have narrative security policy documents which simply state the "do's and don'ts" across a myriad of security related processes, both IT and non-IT. The elements contained in these policies are not categorized by stringency of control, nor are they correlated to risk mitigation. Dartmouth's approach is based on the coupling of two critical elements:

  1. security controls, presented in a matrix format, each control rated as to its relative strength, and mapped to regulatory and industry standard (ISO 27002, HIPAA, FERPA, etc)
  2. information management models, where departments do risk assessments of the information they work with, with each information object risk-rated using a numeric scale

Policy is implemented based on a join of these two elements, which ensures that policy controls are deployed in a cost-effective, risk-based manner.

 

Talk Abstracts

Picking Policy Priorities: Porn, Privacy, Procurement, P2P, or IP?
Greg Jackson

We in higher education have limited capability to influence IT policy, and we who work in IT have limited capability to influence campus policy. So we have to choose where to spend our policy chips. But everything relates to everything else, so we can't. Simply continuing as we have won't work. The issues are becoming more numerous and complicated. I'll outline some of the challenges we face, the options for addressing them, and the choices that are emerging.

Three Approaches to Awareness: Unified Messaging, Local Responses, and National Cybersecurity Awareness Month
Michael Kaiser

We are only as cyber secure as the weakest link on any network. For people, organizations, government, colleges and universities and others engaged in education and awareness activities that poses considerable challenges. How do we build out our capability to share and disseminate messages that provide clear motivation and methods to stay safe online? How do we saturate the community of users with messages so we know they receive them? Who are the partners critical to these efforts?

This presentation will look at three efforts underway that attempt to bring some answers to these questions—a messaging campaign, a local collaboration on cybersecurity, and National Cybersecurity Awareness Month.

Characterizing the Cyberthreat Landscape
Matthew Devost

Are we currently in a state of dynamic cyberconflict or is the threat overhyped? While it may be difficult to discern the truth based on current political discourse and media coverage, the truth currently lies somewhere in the middle. This presentation will provide an overview of the current threat landscape, how it is changing and how that will impact technology-dependent organizations in the future.

So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users
Cormac Herley

It is often suggested that users are hopelessly lazy and unmotivated on security questions. They chose weak passwords, ignore security warnings, and are oblivious to certificates errors. We argue that users' rejection of the security advice they receive is entirely rational from an economic perspective. The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort.

Looking at various examples of security advice, we find that the advice is complex and growing, but the benefit is largely speculative or moot. For example, much of the advice concerning passwords is outdated and does little to address actual threats, and fully 100% of certificate error warnings appear to be false positives. Further, if users spent even a minute a day reading URLs to avoid phishing, the cost (in terms of user time) would be two orders of magnitude greater than all phishing losses. Thus we find that most security advice simply offers a poor cost-benefit tradeoff to users and is rejected. Security advice is a daily burden, applied to the whole population, while an upper bound on the benefit is the harm suffered by the fraction that become victims annually. When that fraction is small, designing security advice that is beneficial is very hard. For example, it makes little sense to burden all users with a daily task to spare 0.01% of them a modest annual pain.

How Should Colleges Respond to RIAA and Other File Sharing Subpoenas? 
Ray Beckerman 

  1. Colleges should not assume the RIAA's lawyers, or the Courts, know what they are doing; this is all a new, untested landscape where almost no normal litigation has taken place to carve out meaningful precedent
  2. Legal departments & student legal affairs should be fully engaged to protect students' legal rights 
  3. IT departments should be fully engaged to ensure that, in the event an enforceable subpoena must be answered, the information supplied is technically accurate

American Privacy: Can a 19th Century Right Survive 21st Century Technology?
Frederick Lane

The right to privacy holds a unique position in American law and society. Unlike most of our other familiar rights, the right to privacy has no roots in the nation's founding documents. Instead, it owes its existence to judicial interpretations of state common law and the underlying intent of the Bill of Rights. The tenuous nature of the right to privacy makes it particularly susceptible to erosion by technological advances, a process that each of us in our own way has accelerated. Our love affair with digital technology -- from the mainframe computer to smartphones -- is in constant tension with our belief in a right to privacy. Can the two concepts co-exist, or will we be forced to choose between processors or privacy?

 

Break-out Session Abstracts 

Botnets, A Look Into Today's Malware Battle Front
Marc Evans

As malware and the internet have evolved, botnets have become core functionality for a large number of malicious actors. This presentation will provide an overview of botnet concepts and then explore a more detailed look at recent trends of both malicious actors and methods being attempted to minimize botnet effectiveness.

Social Media and College Students: Understanding the Millennial Generation's Staying Connected Mindset
Davina Pruitt-Mentle

As the first generation to come of age since 2000, the Millennial Generation, or those born after 1980, is often distinguished by the integration of technology throughout their lives. It is well documented that their lifestyles include a plethora of gadgets which include wireless technology and the creation of self-designed media. Several research studies highlight the Millennials' fusion of technology into their social lives.

This session will present an overview of the latest research findings regarding Millennials' use of social networking sites such as Facebook, Twitter, Prezis, and formspring.me, but also note sharing, book rentals and other tools used by students. We will discuss the do's and don'ts for college students when using these sites, and concerns for students, faculty, and administrators alike.

Hacking Tools and the Hacker Curriculum
Sergey Bratus and Far McKon

As network and internet connections have become more vital to research, business, and day to day life, many institutions have responded by discouraging student exploration and 'play' on university networks. At the same time global competition and the new reliance on networks make it more important than ever that students develop a rich understanding of technology. Students need the room to develop their passion, and learn from mistakes without causing (much) trouble.

Private VPN, 'Capture The Box' networks, and technologies like Agora Link can give students a space to hack for good or bad, and learn voraciously about network infrastructure while ameliorating concerns about collateral network damage from their exploration. Students can also augment existing college IT departments, and through their experience they can develop their skills, and extend IT capabilities.

This talk will give a short background on the link between students & hacking, offer some ideas and suggestions for giving students freedom to hack and play within a academic network, and give some insight into related projects under development in the hackerspace community. We will also suggest some good outlines for getting student IT collaborations started.

 

 

 

 

Last Updated: 10/6/14